Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,
allowing remote attackers to cause DoS to application or have
unspecified other impact. These functions failed to check for an
out-of-range palette when reading or writing PNG files with a bit_depth
less than 8. Some applications might read the bit depth from the IHDR
chunk and allocate memory for a 2^N entry palette, while libpng can
return a palette with up to 256 entries even when the bit depth is less
than 8.
Same-origin bypass in Blink. Credit to Mariusz Mlynski.
Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
Bad cast in Extensions.
Use-after-free in Blink. Credit to cloudfuzzer.
Use-after-free in Blink. Credit to Rob Wu.
SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan.
Information Leak in Skia. Credit to Keve Nagy.
WebAPI Bypass. Credit to Rob Wu.
Use-after-free in WebRTC. Credit to Khalil Zhani.
Origin confusion in Extensions UI. Credit to Luan Herrera.
Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
Various fixes from internal audits, fuzzing and other initiatives.
googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html
access.redhat.com/security/cve/CVE-2015-8126
access.redhat.com/security/cve/CVE-2016-1630
access.redhat.com/security/cve/CVE-2016-1631
access.redhat.com/security/cve/CVE-2016-1632
access.redhat.com/security/cve/CVE-2016-1633
access.redhat.com/security/cve/CVE-2016-1634
access.redhat.com/security/cve/CVE-2016-1635
access.redhat.com/security/cve/CVE-2016-1636
access.redhat.com/security/cve/CVE-2016-1637
access.redhat.com/security/cve/CVE-2016-1638
access.redhat.com/security/cve/CVE-2016-1639
access.redhat.com/security/cve/CVE-2016-1640
access.redhat.com/security/cve/CVE-2016-1641
access.redhat.com/security/cve/CVE-2016-1642