Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative.
Universal XSS in extension bindings. Credit to anonymous.
Out-of-bounds write in V8. Credit to Choongwoo Han.
Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
Use-after-free related to extensions. Credit to Rob Wu.
Address bar spoofing. Credit to Luan Herrera.
Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.
Various fixes from internal audits, fuzzing and other initiatives.