Google today released Chrome version 35 for Windows, Minux and Mac.

google_chrome
Chrome 35.0.1916.114 contains a number of fixes and improvements like more developer control over touch input, new JavaScript features, unprefixed shadow DOM, number of new apps/extension APIs and a lots of under the hood changes for stability and performance.

Chrome 35 addresses 23 security issues which Google chose to highlight. here is the following.

  • [$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to
    cloudfuzzer.
  • [$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to
    Aaron Staple.
  • [$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen
    of OUSPG.
  • [$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters.
    Credit to Holger Fuhrmannek.
  • [$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file.
    Credit to packagesu.
  • [$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar.
    Credit to Jordan Milne.
  • [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and
    other initiatives.
  • [358057] CVE-2014-3152: Integer underflow in V8 fixed in
    version 3.25.28.16.

Google spent near $9,500 in bug bounties this release.

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •