Stable Channel Update

The Stable Channel has been updated to 33.0.1750.149 for Windows, Mac, and Linux.

This release also contains a Flash Player update, to version 12.0.0.77.

Security Fixes and Rewards

This update includes 7 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$4000][344881] HighCVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
[$3000][342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs.
[$1000][333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne.

As usual, our ongoing internal security work responsible for a wide range of fixes:

[338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets.
[328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18.

Many of the above bugs were detected using AddressSanitizer.

This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome