The update fixes five “high-risk” bugs: A heap overflow in the Ogg Vorbis decoder, a double free issue in the Theora decoder and a memory corruption regression in VP8 decoding, as well as a use-after-free error and a buffer overflow in shader variable mapping.
The company also patched up two medium-risk out of bounds reads in MKV and Ogg vorbis media handlers, and a low-risk issue that caused JRE7 to fail to ask for permission to run applets. Further details of the vulnerabilities remain undisclosed until “a majority of users are up-to-date with the fix”.
More information about the update is on a post on the Google Chrome Releases blog. Chrome 15.0.874.120 for Windows, Mac OS X, Linux and Chrome Frame is available to download from google.com/chrome. Users who currently have Chrome installed can use the built-in update function.