Google Chrome Releases reports:
37 security fixes in this release, including:
- [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit
to anonymous.
- [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit
to anonymous.
- [444927] High CVE-2015-1254: Cross-origin bypass in Editing.
Credit to armin@rawsec.net.
- [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit
to Khalil Zhani.
- [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to
Atte Kettunen of OUSPG.
- [481015] High CVE-2015-1251: Use-after-free in Speech. Credit
to SkyLined working with HP's Zero Day Initiative.
- [468519] Medium CVE-2015-1257: Container-overflow in SVG.
Credit to miaubiz.
- [450939] Medium CVE-2015-1258: Negative-size parameter in
libvpx. Credit to cloudfuzzer
- [468167] Medium CVE-2015-1259: Uninitialized value in PDFium.
Credit to Atte Kettunen of OUSPG
- [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit
to Khalil Zhani.
- [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho
Nurminen.
- [476647] Medium CVE-2015-1262: Uninitialized value in Blink.
Credit to miaubiz.
- [479162] Low CVE-2015-1263: Insecure download of spellcheck
dictionary. Credit to Mike Ruddy.
- [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.
Credit to K0r3Ph1L.
- [489518] CVE-2015-1265: Various fixes from internal audits,
fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3
branch (currently 4.3.61.21).