The Stable Channel has been updated to 34.0.1847.131 for Windows, Mac, and 34.0.1847.132 for Linux.
This release also contains a
Flash Player update, to version 13.0.0.206.
Security Fixes and Rewards
This update includes
9 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the
Chromium security page for more information.
[
$5000][
354967]
High CVE-2014-1730: Type confusion in V8.
Credit to Anonymous.
[
$1500][
349903]
High CVE-2014-1731: Type confusion in DOM.
Credit to John Butler.
[
359802]
High CVE-2014-1736: Integer overflow in V8.
Credit to SkyLined working with HP's Zero Day Initiative
[
$1000][
352851]
Medium CVE-2014-1732: Use-after-free in Speech Recognition.
Credit to Khalil Zhani
[
$500][
351103]
Medium CVE-2014-1733: Compiler bug in Seccomp-BPF.
Credit to Jed Davis
As usual, our ongoing internal security work responsible for a wide range of fixes:
- [367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.
- [359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.
Many of the above bugs were detected using
AddressSanitizer.
This release fixes a number of crashes and other bugs. A full list of changes is available in the
SVN log. If you find a new issue, please let us know by
filing a bug.
Daniel Xie
Google Chrome