Google Chrome Releases reports:
42 security fixes in this release, including:
- [389734] High CVE-2014-7899: Address bar spoofing. Credit to
Eli Grey.
- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit
to Atte Kettunen from OUSPG.
- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit
to cloudfuzzer.
- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit
to cloudfuzzer.
- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit
to cloudfuzzer.
- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to
Atte Kettunen from OUSPG.
- [421817] High CVE-2014-7905: Flaw allowing navigation to
intents that do not have the BROWSABLE category. Credit to
WangTao(neobyte) of Baidu X-Team.
- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.
Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
- [423703] High CVE-2014-0574: Double-free in Flash. Credit to
biloulehibou.
- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to
Chen Zhang (demi6od) of the NSFOCUS Security Team.
- [425980] High CVE-2014-7908: Integer overflow in media. Credit
to Christoph Diehl.
- [391001] Medium CVE-2014-7909: Uninitialized memory read in
Skia. Credit to miaubiz.
- CVE-2014-7910: Various fixes from internal audits, fuzzing and
other initiatives.