Sandbox escape in Chrome.
Cross-origin bypass in DOM.
Cross-origin bypass in Editing.
Use-after-free in WebAudio.
Use-after-free in SVG.
Use-after-free in Speech.
Container-overflow in SVG.
Negative-size parameter in Libvpx.
Uninitialized value in PDFium.
Use-after-free in WebRTC.
URL bar spoofing.
Uninitialized value in Blink.
Insecure download of spellcheck dictionary.
Cross-site scripting in bookmarks.
Various fixes from internal audits, fuzzing and other initiatives.
Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
43 security fixes, including
Heap-buffer-overflow in pdfium
Heap-buffer-overflow in pdfium
Settings allowed executable files to run immediately after download
UXSS in Chrome for Android
Use-after-free in IndexedDB
Heap-buffer-overflow in pdfium
Memory corruption in skia
CSP bypass
Use-after-free in pdfium
Heap-buffer-overflow in expat
Use-after-free in blink
UXSS in blink
SOP bypass with CSS
Uninitialized memory read in ICU
Use-after-free related to unexpected GPU process termination
Use-after-free in accessibility
URL spoofing using PDF files
Information leak in XSS auditor
Spell checking dictionaries fetched over HTTP.
Fixes
Cross-origin bypass in Blink
Use-after-free in PDFium
Use-after-free in ServiceWorker
Bad-cast in PDFium
Information leakage in LocalStorage
Improper error handling in libANGLE
Memory corruption in FFMpeg
CORS bypass via CSS fonts
Various fixes from internal audits, fuzzing and other initiatives.
Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).