chromium -- multiple vulnerabilities

Google Chrome Releases reports:

48 security fixes in this release, including:

[610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to
Pinkie Pie xisigr of Tencent’s Xuanwu Lab
[613949] High CVE-2016-1708: Use-after-free in Extensions.
Credit to Adam Varsan
[614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly.
Credit to ChenQin of Topsec Security Team
[616907] High CVE-2016-1710: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
[617495] High CVE-2016-1711: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
[618237] High CVE-2016-5127: Use-after-free in Blink. Credit
to cloudfuzzer
[619166] High CVE-2016-5128: Same-origin bypass in V8. Credit
to Anonymous
[620553] High CVE-2016-5129: Memory corruption in V8. Credit to
Jeonghoon Shin
[623319] High CVE-2016-5130: URL spoofing. Credit to Wadih
Matar
[623378] High CVE-2016-5131: Use-after-free in libxml. Credit
to Nick Wellnhofer
[607543] Medium CVE-2016-5132: Limited same-origin bypass in
Service Workers. Credit to Ben Kelly
[613626] Medium CVE-2016-5133: Origin confusion in proxy
authentication. Credit to Patch Eudor
[593759] Medium CVE-2016-5134: URL leakage via PAC script.
Credit to Paul Stone
[605451] Medium CVE-2016-5135: Content-Security-Policy bypass.
Credit to kingxwy
[625393] Medium CVE-2016-5136: Use after free in extensions.
Credit to Rob Wu
[625945] Medium CVE-2016-5137: History sniffing with HSTS and
CSP. Credit to Xiaoyin Liu
[629852] CVE-2016-1705: Various fixes from internal audits,
fuzzing and other initiatives.