The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
rhn.redhat.com/errata/RHSA-2016-1905.html
www.debian.org/security/2016/dsa-3667
www.securityfocus.com/bid/92942
www.securitytracker.com/id/1036826
codereview.chromium.org/2077283004
crbug.com/616386
googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
security.gentoo.org/glsa/201610-09