Google Chrome Releases reports:
48 security fixes in this release, including:
- [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to
Pinkie Pie xisigr of Tencent's Xuanwu Lab
- [613949] High CVE-2016-1708: Use-after-free in Extensions.
Credit to Adam Varsan
- [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly.
Credit to ChenQin of Topsec Security Team
- [616907] High CVE-2016-1710: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
- [617495] High CVE-2016-1711: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
- [618237] High CVE-2016-5127: Use-after-free in Blink. Credit
to cloudfuzzer
- [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit
to Anonymous
- [620553] High CVE-2016-5129: Memory corruption in V8. Credit to
Jeonghoon Shin
- [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih
Matar
- [623378] High CVE-2016-5131: Use-after-free in libxml. Credit
to Nick Wellnhofer
- [607543] Medium CVE-2016-5132: Limited same-origin bypass in
Service Workers. Credit to Ben Kelly
- [613626] Medium CVE-2016-5133: Origin confusion in proxy
authentication. Credit to Patch Eudor
- [593759] Medium CVE-2016-5134: URL leakage via PAC script.
Credit to Paul Stone
- [605451] Medium CVE-2016-5135: Content-Security-Policy bypass.
Credit to kingxwy
- [625393] Medium CVE-2016-5136: Use after free in extensions.
Credit to Rob Wu
- [625945] Medium CVE-2016-5137: History sniffing with HSTS and
CSP. Credit to Xiaoyin Liu
- [629852] CVE-2016-1705: Various fixes from internal audits,
fuzzing and other initiatives.