Google Chrome Releases reports:
21 security fixes in this release, including:
- [645211] High CVE-2016-5181: Universal XSS in Blink. Credit to
Anonymous
- [638615] High CVE-2016-5182: Heap overflow in Blink. Credit to
Giwan Go of STEALIEN
- [645122] High CVE-2016-5183: Use after free in PDFium. Credit
to Anonymous
- [630654] High CVE-2016-5184: Use after free in PDFium. Credit
to Anonymous
- [621360] High CVE-2016-5185: Use after free in Blink. Credit to
cloudfuzzer
- [639702] High CVE-2016-5187: URL spoofing. Credit to Luan
Herrera
- [565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan
Herrera
- [633885] Medium CVE-2016-5192: Cross-origin bypass in Blink.
Credit to haojunhou@gmail.com
- [646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr
of Tencent's Xuanwu Lab
- [644963] Medium CVE-2016-5186: Out of bounds read in DevTools.
Credit to Abdulrahman Alqabandi (@qab)
- [639126] Medium CVE-2016-5191: Universal XSS in Bookmarks.
Credit to Gareth Hughes
- [642067] Medium CVE-2016-5190: Use after free in Internals.
Credit to Atte Kettunen of OUSPG
- [639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang
ZHOU (martinzhou96)
- [654782] CVE-2016-5194: Various fixes from internal audits,
fuzzing and other initiatives