Google Chrome Releases reports:
28 security fixes in this release, including:
- [334897] High CVE-2013-6652: Issue with relative paths in
Windows sandbox named pipe policy. Credit to tyranid.
- [331790] High CVE-2013-6653: Use-after-free related to web
contents. Credit to Khalil Zhani.
- [333176] High CVE-2013-6654: Bad cast in SVG. Credit to
TheShow3511.
- [293534] High CVE-2013-6655: Use-after-free in layout. Credit
to cloudfuzzer.
- [331725] High CVE-2013-6656: Information leak in XSS auditor.
Credit to NeexEmil.
- [331060] Medium CVE-2013-6657: Information leak in XSS auditor.
Credit to NeexEmil.
- [322891] Medium CVE-2013-6658: Use-after-free in layout. Credit
to cloudfuzzer.
- [306959] Medium CVE-2013-6659: Issue with certificates
validation in TLS handshake. Credit to Antoine Delignat-Lavaud
and Karthikeyan Bhargavan from Prosecco, Inria Paris.
- [332579] Low CVE-2013-6660: Information leak in drag and drop.
Credit to bishopjeffreys.
- [344876] Low-High CVE-2013-6661: Various fixes from internal
audits, fuzzing and other initiatives. Of these, seven are fixes
for issues that could have allowed for sandbox escapes from
compromised renderers.