Google Chrome Releases reports:
31 vulnerabilities fixed in this release, including:
- [354123] High CVE-2014-1716: UXSS in V8. Credit to
Anonymous.
- [353004] High CVE-2014-1717: OOB access in V8. Credit to
Anonymous.
- [348332] High CVE-2014-1718: Integer overflow in compositor.
Credit to Aaron Staple.
- [343661] High CVE-2014-1719: Use-after-free in web workers.
Credit to Collin Payne.
- [356095] High CVE-2014-1720: Use-after-free in DOM. Credit to
cloudfuzzer.
- [350434] High CVE-2014-1721: Memory corruption in V8. Credit to
Christian Holler.
- [330626] High CVE-2014-1722: Use-after-free in rendering.
Credit to miaubiz.
- [337746] High CVE-2014-1723: Url confusion with RTL characters.
Credit to George McBay.
- [327295] High CVE-2014-1724: Use-after-free in speech. Credit
to Atte Kettunen of OUSPG.
- [357332] Medium CVE-2014-1725: OOB read with window property.
Credit to Anonymous
- [346135] Medium CVE-2014-1726: Local cross-origin bypass.
Credit to Jann Horn.
- [342735] Medium CVE-2014-1727: Use-after-free in forms. Credit
to Khalil Zhani.
- [360298] CVE-2014-1728: Various fixes from internal audits,
fuzzing and other initiatives.
- [345820, 347262, 348319, 350863, 352982, 355586, 358059]
CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
3.24.35.22.