Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3.
Among the fixes in Google Chrome version 39 are a number of patches for high-risk vulnerabilities, including several buffer overflows, use-after-frees and integer overflows.
Highlight fixes below:
Please see the Chromium security page for more information.
[$500] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
[$1500] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
[$1000] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
[$1000] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
[$3000] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
[$2000] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
[$2000] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
[$500] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$7500] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
[$5000] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$500] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
[$500] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.
Source: Chrome Release Dev Channel Blog