Stable Channel Update for Chrome OS

The Stable channel has been updated to 40.0.2214.114 (Platform version: 6457.94.0). Systems will be automatically updated over the next few days. This build contains a number of security updates and stability fixes.

Some highlights of these changes are:

• PPAPI Flash updated to 16.0.0.305-r1
  Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.

• [$TBD][447906] High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian Motyl.
• [$TBD][453979] High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous.
• [$TBD][453982] High CVE-2015-1211: Privilege escalation using service workers. Credit to anonymous.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using 'Report an issue…' in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Josafat Garcia
Google Chrome