Software Update: Google Chrome 42.0.2311.90

Google has released version 42 of its Chrome web browser. Google Chrome is available for Windows, Linux, and OS X. There are also versions for Android and iOS, but they follow a slightly different release schedule. Version 42 includes several new app and extension APIs and 45 security vulnerabilities have been fixed. Furthermore, Google has the answer to the ultimate question about Life, the Universe and Everything found it† The release notes for this release are as follows:

Stable Channel Update

The Chrome team is overjoyed to announce the promotion of Chrome 42 to the stable channel for Windows, Mac and Linux. Chrome 42.0.2311.90 contains a number of fixes and improvements, including:

• A number of new apps, extension and Web Platform APIs (including the Push API†
• Lots of under the hood changes for stability and performance
• The answer to life, the universe and everything

A list of changes is available in the log†

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 45 security fixes† Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.

• [456518] High CVE-2015-1235: Cross-origin bypass in HTML parser.
• [313939] Medium CVE-2015-1236: Cross-origin bypass in Blink.
• [461191] High CVE-2015-1237: Use after free in IPC.
• [445808] High CVE-2015-1238: Out-of-bounds write in Skia.
• [463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL.
• [418402] Medium CVE-2015-1241: Tap Jacking.
• [460917] High CVE-2015-1242: Type confusion in V8.
• [455215] Medium CVE-2015-1244: HSTS bypass in WebSockets.
• [444957] Medium CVE-2015-1245: Use after free in PDFium.
• [437399] Medium CVE-2015-1246: Out-of-bounds read in Blink.
• [429838] Medium CVE-2015-1247: Scheme issues in OpenSearch.
• [380663] Medium CVE-2015-1248: SafeBrowsing Bypass.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

• [476786] CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives.
• Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14).