Lets take a look at the feature updates and additions first. Chrome Stable now supports 3D CS and launching apps from the Chrome address bar by simply typing in their name. Apps are web apps that are installed at the Chrome web store.

Probably more interesting than those two features is the ability to delete Flash cookies directly from within the browser, by clearing the browsing history. This was previously not possible and improves the privacy of the user significantly.

Another new security related feature is the new safe browsing protection that protects the user better from downloading malicious files.

The data synchronization service Google Sync is now integrated into the Chrome settings page, which users can access by clicking on the wrench icon and selecting options from the context menu.

• [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling.
• [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
• [75643] Low CVE-2011-1810: Visit history information leak in CSS.
• [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
• [77026] Medium CVE-2011-1812: Extensions permission bypass.
• [78516] High CVE-2011-1813: Stale pointer in extension framework.
• [79362] Medium CVE-2011-1814: Read from uninitialized pointer.
• [79862] Low CVE-2011-1815: Extension script injection into new tab page.
• [80358] Medium CVE-2011-1816: Use-after-free in developer tools.
• [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion.
• [81949] High CVE-2011-1818: Use-after-free in image loader.
• [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
• [83275] High CVE-2011-2332: Same origin bypass in v8.
• [83743] High CVE-2011-2342: Same origin bypass in DOM.

All information about the stable channel update is available over at the Chrome blog. Chrome should already pick up the new release. New users can download Chrome 12 from the official Chrome project website.

Both security issues that have been fixed by the developers have received a rating of high, the second highest severity rating available.

• [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue.
• [80608] High CVE-2011-1800: Integer overflows in SVG filters.

The new Chrome stable version additionally contains Adobe’s Flash Player 10.3, which has been updated to that version. While it is not explicitly mentioned on the Google Chrome Releases blog, it seems as if that version is a final build of Adobe Flash Player 10.3 and not the release candidate.

The final version has not yet been officially released by Adobe. It would not be the first time that Google, thanks to the direct tie-in of Flash Player in Chrome, managed to update Flash Player ahead of time.

The long awaited Flash Player 10.3 adds several new features to the popular software, most noticeably an option to delete so called Flash cookies from within the browser.

Google Chrome Stable users should get update notifications soon, if they have not already. Users who prefer to download Chrome from the official website can do that as well. The browser can be updated by running the installer after the download has finished.

The update is available for all supported operating systems (Microsoft Windows, Linux and Apple Macintosh) as well as Chrome Frame, a plugin for Microsoft’s Internet Explorer that allows Internet Explorer users to utilize Chrome’s rendering engine in the Microsoft browser.

A total of six security issues have been fixed in the new version of Google Chrome, of which all have received a severity rating of high, the second highest rating.

• CVE-2011-1291: Buffer error in base string handling.
• CVE-2011-1292: Use-after-free in the frame loader.
• CVE-2011-1293: Use-after-free in HTMLCollection.
• CVE-2011-1294: Stale pointer in CSS handling.
• CVE-2011-1295: DOM tree corruption with broken node parentage.
• CVE-2011-1296: Stale pointer in SVG text handling.

The update has been rolled out for the stable channel of the browser, but it is likely that the security fixes have been fixed in beta, dev and canary builds as well previously.

Some Chrome users are reporting crashes related to the Flash plugin on sites such as Gmail or the Irish RTE. (via)

In other news: The Chrome Dev channel has been updated as well to version 12.0.712.0 on all supported operating systems. The update is not a security update though. It adds multi-tab selection to the browser and updates the V8 rendering engine to 3.2.3.1. Mac users get “new and improved bookmark bar animations”. (via)

The Google Chrome Releases blog lists a total of nine security vulnerabilities that have been fixed in the latest stable release of the web browser.

High Race conditions and pointer errors in the sandbox infrastructure.Credit to Mark Dowd, under contract to Google Chrome Security Team.

Low Delete persisted metadata such as Web Databases and STS.Credit to Google Chrome Security Team (Chris Evans) and RSnake of ha.ckers.org.

Medium HTTP headers processed before SafeBrowsing check.Credit to Mike Dougherty of dotSyntax, LLC.

High Memory error with malformed SVG.Credit to wushi of team509.

High Integer overflows in WebKit JavaScript objects.Credit to Sergey Glazunov.

Medium HTTP basic auth dialog URL truncation.Credit to Google Chrome Security Team (Inferno).

Medium Bypass of download warning dialog.Credit to kuzzcc.

High Cross-origin bypass.Credit to kuzzcc.

High Memory error with empty SVG element.Credit to Aki Helin of OUSPG.

Google is still running the monetary compensation program for developers who find security vulnerabilities in the web browser.

The developers have also disabled the experimental anti-reflected-XSS feature called “XSS Auditor” in this release as it caused serious performance issues in some rare cases.

The latest version of Google Chrome can be downloaded directly from the official Google website.

ChromPass can be started from any location including removable drives which makes it an excellent password recovery tool. It will automatically fetch the information upon startup and display them in a list. Included in these information are the username, password, url and even the time the entry has been created.

The login details can be exported in various formats including html, csv or xml file.

The password recovery tool comes with an additional option to load the passwords from another user of the local computer, the logon password has to be supplied though to make this possible. One of the greatest security weaknesses is the lack of a master password. It would be impossible to use a tool like ChromePass if a master password would have been set.