Stable Channel Update

The Chrome Team is excited to announce the promotion of Chrome 35 to the Stable channel for Windows, Mac, and Linux. Chrome 35.0.1916.114 contains a number of fixes and improvements, including:

• More developer control over touch input
• New JavaScript features
• Unprefixed Shadow DOM
• A number of new apps/extension APIs
• Lots of under the hood changes for stability and performance

Security Fixes and Rewards

This update includes 23 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.

[$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.

[$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.

[$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.

[$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.

[$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.

As usual, our ongoing internal security work responsible for a wide range of fixes:

• [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.

• [358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

Many of the above bugs were detected using AddressSanitizer.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grünberg
Google Chrome