CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
89.3%
The Stable channel has been updated to 28.0.1500.95 for Chrome Frame, Linux, Mac, and Windows.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. This commonly occurs if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.
This update includes 11 security fixes. Below, we highlight some fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$500] [257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan.
[$1000] [260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.
[$1000] [260165] High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer.
[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team.
[249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team.
In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Anthony Laforge
Google Chrome Team