June 7, 2011
Google today made another new release of its Chrome browser, version 12·0·742·91, for all platforms (Linux, Mac OS X, Windows, and Chrome Frame); just yesterday, Google made a Chrome release to update the embedded Flash Player. This new release incorporates fixes for 15 identified security vulnerabilities. It also includes a number of new features, which are detailed, along with the security fixes, in the announcement on the Chrome Releases blog. There is also a discussion of the new features on the Official Chrome blog.
I recommend installing this update as soon as you conveniently can. Windows users can obtain the new version via the built-in update mechanism (Help / About Google Chrome). Linux users should be able to get the new version using standard package update tools (e.g., apt-get, synaptic).
June 7, 2011
As announced last week, Oracle today released a new version of the Java SE environment, version 6 update 26, for Windows, Solaris, and Linux. Oracle has designated this as a Critical Patch Update; it includes fixes for 17 identified security vulnerabilities; five of the patches apply to both client and server installations, one applies to server installations only, and eleven apply only to client installations. Nine of the vulnerabilities receive the most serious possible CVSS score of 10.0; all should be considered serious. Oracle notes that:
All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Further details are given in the Critical Patch Update Advisory.
If you have Java installed on your system, I recommend that you install the new version as quickly as you conveniently can. Windows users can use the built-in automatic update mechanism; alternatively, the new version can be downloaded here. Mac users should note that Apple provides its own version of Java for OS X; it usually takes some time for a new release from Oracle to be available for Mac.