Stable Channel Update

The Stable channel has been updated to 28.0.1500.95 for Chrome Frame, Linux, Mac, and Windows.

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. This commonly occurs if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

This update includes 11 security fixes. Below, we highlight some fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$500] [257748] Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan.

[$1000] [260106] High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.

[$1000] [260165] High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer.

[248950] High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team.

[249640] [257353] High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team.

In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:

• [261701] High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives.

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge

Google Chrome Team