Google Chrome 3.0.195.24

(2009.09.30)

3.0.195.24 has been promoted to the stable channel. There are no additional fixes or changes in this release.

Security Fixes:

CVE-2009-0689 dtoa() error parsing long floating point numbers

The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.

Mitigations:
* A victim would need to visit a page under an attacker's control.
* Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

-DOWNLOAD-
Google Chrome 3.0.195.24 (Windows)