[$500][351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis 

As usual, our ongoing internal security work responsible for a wide range of fixes:

  • [367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.
  • [359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.

Many of the above bugs were detected using AddressSanitizer.

This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.

Daniel Xie
Google Chrome

Share on Twitter Share on Facebook

Share on Twitter Share on Facebook

Share on Twitter Share on Facebook

This update includes 31 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$5000][354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
[$5000][353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
[$3000][348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.
[$3000][343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.
[$2000][356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
[$2000][330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
[$1500][337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.
[$1000][327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.
[351815High CVE-2014-1709: IPC message injection. Credit to geohot.
[$3000][357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous
[$1000][346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
[$1000][342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.

As usual, our ongoing internal security work responsible for a wide range of fixes:
Many of the above bugs were detected using AddressSanitizer.

As we’ve previously discussed, Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the priority of constituencies, and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields.

A partial list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Daniel Xie
Google Chrome
Share on Twitter Share on Facebook

Share on Twitter Share on Facebook

Share on Twitter Share on Facebook