This release fixes several of the most common crashes and the following issues:
- Network requests fail randomly (Issue 27401).
- Fix issues with CFInstall.js to better detect compatible OS and browser versions, allow users to cancel the installation frame, and not cache the isAvailable result (Issues 22738, 23057, and 23132).
- Don't use Google Chrome Frame for frames or iframes (Issue 22989).
- Follow redirects properly (Issue 25643).
- IE8 freezing intermittently (Issue 24007).
- Remove data directories on uninstall (Issue 27483).
Google Chrome Frame 18.104.22.168 and earlier versions were vulnerable to a cross-origin bypass.
Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue.
Credit: Thanks to Billy Rios and Microsoft Vulnerability Research (MSVR) and also to Lostmon for finding and reporting this vulnerability responsibly.
-- Mark Larson, Google Chrome Team