Chrome for Android Update
Wednesday, February 4, 2015
Chrome for Android has been updated to 40.0.2214.109 and will be available in Google Play over the next few days. This release contains a fix for some Samsung devices seeing a permissions error, as well as the security fixes noted below.
Security Fixes and Rewards
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.
This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
A partial list of other changes in this build are available in the Git log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.
Jason Kersey
Google Chrome
This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- [$TBD][447906] High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian Motyl.
- [$TBD][453979] High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous.
- [$TBD][453982] High CVE-2015-1211: Privilege escalation using service workers. Credit to anonymous.
- [455225] CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives.
A partial list of other changes in this build are available in the Git log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.
Jason Kersey
Google Chrome