The Stable channel has been updated to 28.0.1500.95 for Chrome Frame, Linux, Mac, and Windows.



Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. This commonly occurs if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.





This update includes 11 security fixes . Below, we highlight some fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.





[$ 500 ] [ 257748 ] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan.

[$ 1000 ] [ 260106 ] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.

[$ 1000 ] [ 260165 ] High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer.

[ 248950 ] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team .

[ 249640 ] [ 257353 ] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team .





In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:

[ 261701 ] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.





Full details about what changes are in this build are available in the SVN revision log . Interested in switching release channels? Find out how . If you find a new issue, please let us know by filing a bug .





Anthony Laforge