Thursday, February 18, 2016
Stable Channel Update
The stable channel has been updated to 48.0.2564.116 for Windows, Mac, and Linux.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes the following security fix contributed by an external researcher. Please see the Chromium security page for more information.
[$25,633.7] Critical CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. Credit to anonymous.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer or Control Flow Integrity.
A list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Not sure how I overlooked this last week; working on it now.
chromium 48.0.2564.116 has been added to the gentoo repo. Stabilize at will.
Arches please stabilize:
Stable targets: amd64 x86
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Added to existing GLSA.
This issue was resolved and addressed in
GLSA 201603-09 at https://security.gentoo.org/glsa/201603-09
by GLSA coordinator Kristian Fiskerstrand (K_F).