Since the release of Apple’s latest operating system, Snow Leopard (10.6), there have been two main patches. These have both been relatively minor in terms of fixes and changes, though the latest update, 10.6.3, aims to be a bit more substantial when it comes to upgrades.
As discovered by Hardmac forums, the beta of the 10.6.3 update includes OpenGL 3.0 support, bringing many more graphical capabilities to the operating system. As AppleInsider noted, graphics cards found in Mac computers support OpenGL 3.0, so the only step now is to improve the software somewhat; a step being taken in the latest update. So far, 22 out of 23 extensions are now supported, though the majority of the associated OpenGL 3.0-specific functions are yet to have support in 10.6.3.
Backwards compatibility is said to be there in 10.6.3, as one would expect; in addition to that, support for OpenGL 3.1 is at 12 percent, whereas OpenGL 3.2 is a bit further, sitting currently on 33 percent. If you’re a Mac user, the latest update will hopefully become available soon, as Apple seems to be progressing quickly with it.
The stable channel has been updated to 3.0.195.32, and includes the following security and stability fixes:
- Resolved a history issue that affected going back from queries in Google Maps. (Issue: 21353)
- Fixed issue with Adobe Acrobat Reader 9.2, where no content would be displayed. (Issue: 24883)
- Fixed an infinite loop in AAC decoding. (Webkit Issue: 27239)
- Fixed a top crasher. (Issue: 22205)
- Fix issues where setInterval sometimes eats 100% CPU. (Issue: 25892)
Security Fixes:
CVE-2009-XXXX User not warned for some file types that can execute JavaScript
The user was not warned about certain possibly dangerous file types such as SVG, MHT and XML files. In some browsers, JavaScript can execute within these types of files. Because the JavaScript runs in the local context, it may be able to access local resources.
More info: http://code.google.com/p/chromium/issues/detail?id=23979
(This issue will be made public once a majority of users are up to date with the fix.)
Severity: Medium
Credit:Inferno of SecureThoughts.com
Mitigations:
- A victim would need to visit a page under an attacker’s control.
- The victim would furthermore need to open a malicious file.
CVE-2009-XXXX Possible memory corruption in the Gears plugin
A malicious site could use the Gears SQL API to put SQL metadata into a bad state, which could cause a subsequent memory corruption. This may lead to a Gears plugin crash or possibly arbitrary code execution.
More info: http://code.google.com/p/chromium/issues/detail?id=26179
(This issue will be made public once a majority of users are up to date with the fix.)
Severity: High
Credit:This issue was found by the Google Chrome security team.
Mitigations:
- A victim would need to visit a page under an attacker’s control.
- The victim would furthermore need to “click-through” the Gears dialog confirming that they trust the attacker’s evil page.
Anthony Laforge
Google Chrome Program Manager
Download: Google Chrome 3.0.195.32
