Stable Channel Update for Chrome OS

The Stable channel has been updated to 26.0.1410.57 (Platform version: 3701.81.2) for all Chrome OS devices. This build contains some security improvements. Machines will be receiving updates over the next several days.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [227197] Medium CVE-2013-2832: Uninitialized memory left in buffer in O3D plug-in. Credit to Ralf-Philipp Weinmann.
• [227181] High CVE-2013-2833: Use-after-free in O3D plug-in. Credit to Ralf-Philipp Weinmann.
• [227158] High CVE-2013-2834: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Ralf-Philipp Weinmann.
• [196456] High CVE-2013-2835: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Google Chrome Security Team (Chris Evans).
  We're pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe.

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using 'Report an issue…' in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Ben Henry

Google Chrome