



Security Fixes and Rewards

This update includes 23 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$ 3000 ] [ 356653 ] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.

[$ 3000 ] [ 359454 ] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.

[$ 1000 ] [ 346192 ] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.

[$ 1000 ] [ 364065 ] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.

[$ 1000 ] [ 330663 ] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.

[$ 500 ][ 331168 ] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.

As usual, our ongoing internal security work responsible for a wide range of fixes:

[ 374649 ] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.

[ 358057 ] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

Many of the above bugs were detected using

AddressSanitizer

.