Chrome Stable Update

The stable channel has been updated to 43.0.2357.130 for Windows, Mac, and Linux. A partial list of changes is available in the log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

Below, we highlight 4 fixes that were contributed by external researchers. Please see the Chromium security page for more information.

[$5000][464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
[TBD][494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[TBD][497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
[TBD][461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Are you a project manager, with a technical background, who is passionate about Chrome and moving the web forward? We are hiring!

Anthony Laforge
Google Chrome