Google Chrome Releases reports:
20 security fixes in this release, including:
 High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.  High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.  Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative.  Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.  Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.  Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.  Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.  Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.  CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives.