Google Chrome Releases reports:
159 security fixes in this release, including 113 found using
MemorySanitizer:
- [416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla
for a combination of V8 and IPC bugs that can lead to remote code
execution outside of the sandbox.
- [398384] High CVE-2014-3189: Out-of-bounds read in PDFium.
Credit to cloudfuzzer.
- [400476] High CVE-2014-3190: Use-after-free in Events. Credit
to cloudfuzzer.
- [402407] High CVE-2014-3191: Use-after-free in Rendering.
Credit to cloudfuzzer.
- [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
cloudfuzzer.
- [399655] High CVE-2014-3193: Type confusion in Session Management.
Credit to miaubiz.
- [401115] High CVE-2014-3194: Use-after-free in Web Workers.
Credit to Collin Payne.
- [403409] Medium CVE-2014-3195: Information Leak in V8. Credit
to Jüri Aedla.
- [338538] Medium CVE-2014-3196: Permissions bypass in Windows
Sandbox. Credit to James Forshaw.
- [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
Credit to Takeshi Terada.
- [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium.
Credit to Atte Kettunen of OUSPG.
- [395411] Low CVE-2014-3199: Release Assert in V8 bindings.
Credit to Collin Payne.
- [420899] CVE-2014-3200: Various fixes from internal audits,
fuzzing and other initiatives (Chrome 38).
- Multiple vulnerabilities in V8 fixed at the tip of the 3.28
branch (currently 3.28.71.15).