Google Updates Chrome Again, to 17·0·963·78

Google has released a new stable version, 17·0·963·78, of its Chrome browser, for Windows, Linux, Mac OS X, and Chrome Frame.   The new version fixes some problems with Flash content, and also fixes a Critical security vulnerability.  Further details are in the Release Announcement.

The security flaw was disclosed yesterday as part of a hacking contest, sponsored by Google, at the CanSecWest security conference being held in Vancouver.  The new release announcement confirms that The discoverer of the bug, Sergey Glazunov. will receive $60,000 under Google’s “bug bounty” program.  Kudos to Google for getting a fix out so quickly.

Windows and Mac users should get the new version via the built-in update mechanism.  Linux users should get the updated package from their distributions’ repositories, using their standard package maintenance tools.

Update Friday, 9 March, 21:45 EST

Ars Technica has an article that gives a bit more background on this update.

Microsoft Patch Tuesday Preview, March 2012

Today,  in keeping with its usual schedule,  Microsoft released its Security Bulletin Advanced Notification for March, previewing the security fixes it intends to release next Tuesday, March 13.   Microsoft plans to release six security bulletins this month; four are for Windows and its components, and there are also patches for Microsoft’s  Visual Studio and Expression Design development tools.  One Windows patch has a maximum severity rating of Critical, two are rated Important, and one Moderate.   All  supported versions of Windows are affected.   The table below shows the breakdown of patches by Windows version and severity:

Windows Version	Critical	Important	Moderate
Windows XP+SP3	1	1	—
Windows Vista	1	1	—
Windows Server 2003	1	2	—
Windows Server 2008	1	2	1
Windows 7	1	1	1
Windows Server 2008 R2	1	2	1

The development tool patches have an Important severity rating.

According to Microsoft, three of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.