Version history for Google Chrome for Mac OS X
Changes for v11.0.696.71 - v12.0.742.91
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Improved screen reader support
- New warning when hitting Command-Q on Mac
- Removal of Google Gears
Changes for v11.0.696.68 - v11.0.696.71
-  Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva.
- [$1000]  High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella.
-  Critical CVE-2011-1806: Memory corruption in GPU command buffer. Credit to Google Chrome Security Team (Cris Neckar).
-  Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.
Changes for v11.0.696.57 - v11.0.696.65
- After deleting bookmarks on the Bookmark managers, the bookmark bar doesn't display properly with existing bookmarks. (Issue 80580).
- About Google Chrome window shows unknown channel for 11.0.696.57 (Issue 80683).
- Chrome/Mac seems to clobber focus when uploading attachments to Gmail with the flash-based uploader (Issue 77172).
- Also included is an updated version of Flash Player 10.2.
Changes for v10.0.648.133 - v11.0.696.57
-  High CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella.
-  Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva.
- [Linux / Mac only]  Medium CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community.
- [$500]  Medium CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin.
-  Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass.
- [Linux only]  Low CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz.
- [$1000]  High CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz.
- [$1000]  High CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc.
- [Linux only]  High CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team.
- [$1000]  High CVE-2011-1440: Use-after-free with tag and CSS. Credit to Jose A. Vazquez.
- [$500]  High CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths.
- [$1000]  High CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509.
- [$1000]  High CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella.
- [$500] [Linux only]  High CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg.
-  Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509.
- [$3000]    High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc.
- [$1000]  High CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz.
- [$1000]  High CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509.
- [$1000]  High CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski.
-  Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc.
- [$2000]  High CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov.
- [$500]  Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel.
- [$1500]  High CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov.
-  Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF. Credit to Eric Roman of the Chromium development community.
-  High CVE-2011-1456: Stale pointers with PDF forms. Credit to Eric Roman of the Chromium development community.
Changes for v10.0.648.127 - v10.0.648.133
- Security fixes and rewards:
- Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1337] CVE-2011-1290  High Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI.