7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.5%
The Stable Channel has been updated to 35.0.1916.153 for Windows, Mac and Linux.
This release contains a Flash Player update.
Security Fixes and Rewards
This update includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$1000][369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
[$1000][369539] High CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook.
[$500][369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen of OUSPG.
As usual, our ongoing internal security work was responsible for the following fix:
Many of the above bugs were detected using AddressSanitizer.
This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.
Karen GrΓΌnberg
Google Chrome
CPE | Name | Operator | Version |
---|---|---|---|
google chrome | lt | 35.0.1916.153 |