EDIT 23-Mar-10 (mal): Remove " Medium HTTP headers processed before SafeBrowsing check" from security issues fixed. This is not fixed in this release.
The stable channel has been updated to 220.127.116.116 for Windows, and includes the following features and security fixes (since 4.0):
- Translate infobar.
- Disabling experimental new anti-reflected-XSS feature called "XSS Auditor". The feature is still experimental, and we're disabling it while we look into some serious performance issues in rare cases. Please see this post for more details about what the XSS Auditor is.
Please see this feature announcment post for more info about translate and privacy.
Security Fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Congratulations to Sergey Glazunov on receiving the first $1337 Chromium Security Reward for bug 35724.
-   High Race conditions and pointer errors in the sandbox infrastructure. Credit to Mark Dowd, under contract to Google Chrome Security Team.
-   Low Delete persisted metadata such as Web Databases and STS. Credit to Google Chrome Security Team (Chris Evans) and RSnake of ha.ckers.org.
- [$500]  High Memory error with malformed SVG. Credit to wushi of team509.
-  Medium HTTP basic auth dialog URL truncation.Credit to Google Chrome Security Team (Inferno).
-  Medium Bypass of download warning dialog. Credit to kuzzcc.
- [$1000]  High Cross-origin bypass. Credit to kuzzcc.
- [$500] [Affected BETA only]  High Memory error with empty SVG Credit to Aki Helin of OUSPG.
List of all changes: http://build.chromium.org/buildbot/perf/dashboard/ui/changelog.html?url=/branches/249/src&range=38071:41527&mode=html
- Orit Mazor, Google Chrome Team