Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG.
Memory corruption in cross-process frames. Credit to Wadih Matar.
Use-after-free in extensions. Credit to Rob Wu.
Use-after-free in Blink’s V8 bindings. Credit to anonymous.
Address bar spoofing. Credit to Wadih Matar.
Information leak in V8. Credit to HyungSeok Han.
Various fixes from internal audits, fuzzing and other initiatives.
googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html
access.redhat.com/security/cve/CVE-2016-1660
access.redhat.com/security/cve/CVE-2016-1661
access.redhat.com/security/cve/CVE-2016-1662
access.redhat.com/security/cve/CVE-2016-1663
access.redhat.com/security/cve/CVE-2016-1664
access.redhat.com/security/cve/CVE-2016-1665
access.redhat.com/security/cve/CVE-2016-1666