The Stable channel has been updated to 27.0.1453.110 for Windows, Macintosh, Linux and Chrome Frame platforms.





Security fixes and rewards:





Please see the Chromium security page for more information. (Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.)





This automatic update includes security fixes. We’d like to highlight the following fixes for various reasons (crediting external researchers, issuing rewards, or highlighting particularly interesting issues):





[Windows only] [$ 2000 ] [ 243339 ] High CVE-2013-2854: Bad handle passed to renderer. Credit to Collin Payne .

[$ 500 ] [ 242322 ] Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to “daniel.zulla” .

[$ 1000 ] [ 242224 ] High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz .

[$ 1000 ] [ 240124 ] High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz.

[$ 500 ] [ 239897 ] High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to “cdel921” .

[$ 1500 ] [ 237022 ] High CVE-2013-2859: Cross-origin namespace pollution. Credit to “bobbyholley” .

[$ 1 3 3 7 ] [ 225546 ] High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne .

[$ 1000 ] [ 209604 ] High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz.

[$ 1000 ] [ 161077 ] High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG.

[ 232633 ] Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastien Marchand of the Chromium development community.

[ 239134 ] High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.





In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:





[ 246389 ] High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives.







Karen Grunberg

Google Chrome