Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
-  High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar).
- [$1000]  High Memory corruption with enormous text area. Credit to wushi of team509.
- [$1000]  High Bad cast with the SVG use element. Credit to the kuzzcc.
- [$1000]  High Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com).
- [$500]  High Use-after-free in text control selections. Credit to “vkouchna”.
- [$1000] [Linux only]  High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
- [$1000]  High Memory corruption in libvpx. Credit to Christoph Diehl.
- [$500]  High Bad use of destroyed frame object. Credit to various developers, including “gundlach”.
- [$500]    High Type confusions with event objects. Credit to “fam.lam” and Google Chrome Security Team (Inferno).
- [$1000]  High Out-of-bounds array access in SVG handling. Credit to wushi of team509.