Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities.
Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system
Here are the fixes that were contributed by external researchers:
- High – CVE-2015-1271: Heap-buffer-overflow in pdfium.
- High – CVE-2015-1273: Heap-buffer-overflow in pdfium.
- High – CVE-2015-1274: Settings allowed executable files to run immediately after download.
- High – CVE-2015-1275: UXSS in Chrome for Android.
- High – CVE-2015-1276: Use-after-free in IndexedDB.
- High – CVE-2015-1279: Heap-buffer-overflow in pdfium.
- High – CVE-2015-1280: Memory corruption in skia.
- High – CVE-2015-1281: CSP bypass.
- High – CVE-2015-1282: Use-after-free in pdfium.
- High – CVE-2015-1283: Heap-buffer-overflow in expat.
- High – CVE-2015-1284: Use-after-free in blink.
- High – CVE-2015-1286: UXSS in blink.
- Medium – CVE-2015-1287: SOP bypass with CSS.
- Medium – CVE-2015-1270: Uninitialized memory read in ICU.
- Medium – CVE-2015-1272: Use-after-free related to unexpected GPU process termination.
- Medium – CVE-2015-1277: Use-after-free in accessibility.
- Medium – CVE-2015-1278: URL spoofing using pdf files.
- Medium – CVE-2015-1285: Information leak in XSS auditor.
- Low – CVE-2015-1288: Spell checking dictionaries fetched over HTTP.