[143439] High CVE-2012-2889: UXSS in frame handling. Credit to
Sergey Glazunov.
[143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey
Glazunov.
[139814] High CVE-2012-2881: DOM tree corruption with plug-ins.
Credit to Chamal de Silva.
[135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
Credit to Atte Kettunen of OUSPG.
[140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to
Atte Kettunen of OUSPG.
[143609] High CVE-2012-2887: Use-after-free in onclick handling.
Credit to Atte Kettunen of OUSPG.
[143656] High CVE-2012-2888: Use-after-free in SVG text references.
Credit to miaubiz.
[144899] High CVE-2012-2894: Crash in graphics context handling.
Credit to Slawomir Blazek.
[137707] Medium CVE-2012-2877: Browser crash with extensions and
modal dialogs. Credit to Nir Moshe.
[139168] Low CVE-2012-2879: DOM topology corruption. Credit to
pawlkt.
[141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit
to Atte Kettunen of OUSPG.
[132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to
Google Chrome Security Team (Inferno).
[134955] [135488] [137106] [137288] [137302] [137547] [137556]
[137606] [137635] [137880] [137928] [144579] [145079] [145121]
[145163] [146462] Medium CVE-2012-2875: Various lower severity
issues in the PDF viewer. Credit to Mateusz Jurczyk of Google
Security Team, with contributions by Gynvael Coldwind of Google
Security Team.
[137852] High CVE-2012-2878: Use-after-free in plug-in handling.
Credit to Fermin Serna of Google Security Team.
[139462] Medium CVE-2012-2880: Race condition in plug-in paint
buffer. Credit to Google Chrome Security Team (Cris Neckar).
[140647] High CVE-2012-2882: Wild pointer in OGG container
handling. Credit to Google Chrome Security Team (Inferno).
[142310] Medium CVE-2012-2885: Possible double free on exit. Credit
to the Chromium development community.
[143798] [144072] [147402] High CVE-2012-2890: Use-after-free in
PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with
contributions by Gynvael Coldwind of Google Security Team.
[144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei
Zhang of the Chromium development community.
[144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google
Chrome Security Team (Cris Neckar).
[144799] High CVE-2012-2893: Double free in XSL transforms. Credit
to Google Chrome Security Team (Cris Neckar).
[145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes
in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team,
with contributions by Gynvael Coldwind of Google Security Team.