62.0.3202.62
security fix 35
[762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
[749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
[760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
[765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
[765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
[765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
[718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
[722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
[744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
[762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
[752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-08-03
[756040] Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
[756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs on 2017-08-17
[739621] Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-07-06
[750239] Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
[598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
[714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
[732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
[745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
[759457] Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman (johberlvi@) on 2017-08-28