e2d067d760
Overview of updated versions: stable: 50.0.2661.102 -> 51.0.2704.63 beta: 51.0.2704.47 -> 51.0.2704.63 I tried to update dev, but couldn't get it to compile, it was failing with a "'isnan' was not declared in this scope. As far as I can tell, at the moment the beta and stable channels are on the same version. The stable update addresses the following security issues: * High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. * High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. * High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. * High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. * Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360. * High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. * High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. * High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG. * High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos. * Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. * Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. * Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. * Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. * Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. * Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG. * Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. * Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG. * Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. * Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. * Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan. See: http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html |
||
---|---|---|
.. | ||
applications | ||
build-support | ||
data | ||
desktops | ||
development | ||
games | ||
misc | ||
os-specific | ||
servers | ||
shells | ||
stdenv | ||
test | ||
tools | ||
top-level |