The Stable Channel has been updated to 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows.

Security Fixes and Rewards

Congratulations to VUPEN and an Anonymous submission for winning the Pwn2Own competition.
  • [$100,000] [352369] Code execution outside sandbox. Credit to VUPEN.
    • [352374] High CVE-2014-1713: Use-after-free in Blink bindings
    • [352395] High CVE-2014-1714: Windows clipboard vulnerability
  • [$60,000] [352420] Code execution outside sandbox. Credit to Anonymous.
    • [351787] High CVE-2014-1705: Memory corruption in V8
    • [352429] High CVE-2014-1715: Directory traversal issue

We’re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future.

Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome