Chrome Releases reports:
51 security fixes in this release, including:
- [456516] High CVE-2015-1212: Out-of-bounds write in media.
Credit to anonymous.
- [448423] High CVE-2015-1213: Out-of-bounds write in skia
filters. Credit to cloudfuzzer.
- [445810] High CVE-2015-1214: Out-of-bounds write in skia
filters. Credit to cloudfuzzer.
- [445809] High CVE-2015-1215: Out-of-bounds write in skia
filters. Credit to cloudfuzzer.
- [454954] High CVE-2015-1216: Use-after-free in v8 bindings.
Credit to anonymous.
- [456192] High CVE-2015-1217: Type confusion in v8 bindings.
Credit to anonymous.
- [456059] High CVE-2015-1218: Use-after-free in dom.
Credit to cloudfuzzer.
- [446164] High CVE-2015-1219: Integer overflow in webgl.
Credit to Chen Zhang (demi6od) of NSFOCUS Security Team.
- [437651] High CVE-2015-1220: Use-after-free in gif decoder.
Credit to Aki Helin of OUSPG.
- [455368] High CVE-2015-1221: Use-after-free in web databases.
Credit to Collin Payne.
- [448082] High CVE-2015-1222: Use-after-free in service workers.
Credit to Collin Payne.
- [454231] High CVE-2015-1223: Use-after-free in dom.
Credit to Maksymillian Motyl.
- High CVE-2015-1230: Type confusion in v8.
Credit to Skylined working with HP's Zero Day Initiative.
- [449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder.
Credit to Aki Helin of OUSPG.
- [446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium.
Credit to cloudfuzzer.
- [456841] Medium CVE-2015-1226: Validation issue in debugger.
Credit to Rob Wu.
- [450389] Medium CVE-2015-1227: Uninitialized value in blink.
Credit to Christoph Diehl.
- [444707] Medium CVE-2015-1228: Uninitialized value in rendering.
Credit to miaubiz.
- [431504] Medium CVE-2015-1229: Cookie injection via proxies.
Credit to iliwoy.
- [463349] CVE-2015-1231: Various fixes from internal audits,
fuzzing, and other initiatives.