Google has released a new version of its Chrome browser, fixing just a small handful of vulnerabilities in the process. All three of the bugs fixed in Chrome were rated high.

The release by Google is a pretty small one by the company's standards. Often, new versions of Chrome will include fixes for 12 or 15 or more vulnerabilities, many of them rated critical. However, version 16.0.912.75 includes just three patches. As part of its reward program, Google paid out just $2,000 in bug bounties to two researchers who reported bugs fixed in this release. The third vulnerability was found by someone on the Google Chrome Security Team.

Interestingly, one of the vulnerabilities was discovered and reported by someone from Mozilla.

The fixes in Chrome include:

[$1000] [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla.
[$1000] [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla.
[108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar).