Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
Cross-origin bypass in extension bindings. Credit to Rob Wu.
Type confusion in V8. Credit to Guang Gong of Qihoo 360.
Heap overflow in V8. Credit to Christian Holler.
Heap use-after-free in V8 bindings. Credit to Rob Wu.
Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
CSP bypass for ServiceWorker. Credit to KingstonTime.
Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
Integer overflow in libxslt. Credit to Nicolas Gregoire.
Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
Information leak in extensions. Credit to Rob Wu.
Out-of-bounds read in V8. Credit to Max Korenko.
Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
Heap use-after-free in Autofill. Credit to Rob Wu.
Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant
Zadegan.
Various fixes from internal audits, fuzzing and other initiatives.
googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html
access.redhat.com/security/cve/CVE-2016-1672
access.redhat.com/security/cve/CVE-2016-1673
access.redhat.com/security/cve/CVE-2016-1674
access.redhat.com/security/cve/CVE-2016-1675
access.redhat.com/security/cve/CVE-2016-1676
access.redhat.com/security/cve/CVE-2016-1677
access.redhat.com/security/cve/CVE-2016-1678
access.redhat.com/security/cve/CVE-2016-1679
access.redhat.com/security/cve/CVE-2016-1680
access.redhat.com/security/cve/CVE-2016-1681
access.redhat.com/security/cve/CVE-2016-1682
access.redhat.com/security/cve/CVE-2016-1683
access.redhat.com/security/cve/CVE-2016-1684
access.redhat.com/security/cve/CVE-2016-1685
access.redhat.com/security/cve/CVE-2016-1686
access.redhat.com/security/cve/CVE-2016-1687
access.redhat.com/security/cve/CVE-2016-1688
access.redhat.com/security/cve/CVE-2016-1689
access.redhat.com/security/cve/CVE-2016-1690
access.redhat.com/security/cve/CVE-2016-1691
access.redhat.com/security/cve/CVE-2016-1692
access.redhat.com/security/cve/CVE-2016-1693
access.redhat.com/security/cve/CVE-2016-1694
access.redhat.com/security/cve/CVE-2016-1695