Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
-  High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
- [$500]  Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
- [$1000]  High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
- [$1000]  High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
-  High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk / Gynvael Coldwind of the Google Security Team.
-  Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
- [$1000]  High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
-  Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
- [$500]  Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
-  Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
- [$500]  Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek.
- [$1337]  High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla.
- [$1000]  High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.
More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.