18.104.22.168 has been promoted to the stable channel. There are no additional fixes or changes in this release. Security Fixes: CVE-2009-0689dtoa() error parsing long floating point numbers The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component. Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox. Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected. Mitigations:
A victim would need to visit a page under an attacker's control.
Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.