This update includes 23 security fixes.Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
[$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
[$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
[$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.
[$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
[$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.
[358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.
This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.
371464 - Sign-in/Sign-out failing after two attempts, but works after that.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).
