Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
-  Low Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
-  Medium Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR).
-  Low Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno).
-  Low Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl).
- [$500]  High Use after free in history handling. Credit to Stefan Troger.
- [Linux / Mac]  Medium Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team.
-  Low Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel.
-  Medium Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR).
- [$1000]  High Crash due to bad indexing with malformed video. Credit to miaubiz.
-  Medium Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc.
- [$1000]  High Use after free with SVG animations. Credit to Sławomir Błażek.
- [$500]  Medium Use after free in mouse dragging event handling. Credit to kuzzcc.
- [$1000]  High Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
Full details about the changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.