Stable Channel Update
Thursday, April 24, 2014
The Stable Channel has been updated to 34.0.1847.131 for Windows, Mac, and 34.0.1847.132 for Linux.
This release also contains a Flash Player update, to version 13.0.0.206.
Security Fixes and Rewards
This update includes 9 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$5000][354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.
[$1500][349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.
[359802] High CVE-2014-1736: Integer overflow in V8. Credit to SkyLined working with HP's Zero Day Initiative
As usual, our ongoing internal security work responsible for a wide range of fixes:
Many of the above bugs were detected using AddressSanitizer.
This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.
Daniel Xie
Google Chrome
This release also contains a Flash Player update, to version 13.0.0.206.
Security Fixes and Rewards
This update includes 9 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$5000][354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.
[$1500][349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.
[359802] High CVE-2014-1736: Integer overflow in V8. Credit to SkyLined working with HP's Zero Day Initiative
[$1000][352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani
[$500][351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis As usual, our ongoing internal security work responsible for a wide range of fixes:
- [367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.
- [359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.
Many of the above bugs were detected using AddressSanitizer.
This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.
Daniel Xie
Google Chrome