Download Google Chrome 40.0.2214.91

Google has released version 40 of its Chrome web browser. Google Chrome is available for Windows, Linux, and OS X. There are also versions for Android and iOS, but they follow a slightly different release schedule. New in version 40 includes a new information screen for Chrome app and a notification is generated when the clock is ahead or behind. Furthermore, a large number of mainly minor but also a few serious security problems have been fixed.

Stable Channel Update
The Chrome team is delighted to announce the promotion of Chrome 40 to the stable channel for Windows, Mac and Linux. Chrome 40.0.2214.91 contains a number of fixes and improvements, including:

• Updated info dialog for Chrome app on Windows and Linux.
• A new clock behind/ahead error message.

A partial list of changes is available in the log.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.

• [430353] high CVE-2014-7923: Memory corruption in ICU.
• [435880] high CVE-2014-7924: Use after free in IndexedDB.
• [434136] high CVE-2014-7925: Use after free in WebAudio.
• [422824] high CVE-2014-7926: Memory corruption in ICU.
• [444695] high CVE-2014-7927: Memory corruption in V8.
• [435073] high CVE-2014-7928: Memory corruption in V8.
• [442806] high CVE-2014-7930: Use after free in DOM.
• [442710] high CVE-2014-7931: Memory corruption in V8.
• [443115] high CVE-2014-7929: Use after free in DOM.
• [429666] high CVE-2014-7932: Use after free in DOM.
• [427266] high CVE-2014-7933: Use after free in FFmpeg.
• [427249] high CVE-2014-7934: Use after free in DOM.
• [402957] high CVE-2014-7935: Use after free in Speech.
• [428561] high CVE-2014-7936: Use after free in Views.
• [419060] high CVE-2014-7937: Use after free in FFmpeg.
• [416323] high CVE-2014-7938: Memory corruption in Fonts.
• [399951] high CVE-2014-7939: Same-origin bypass in V8.
• [433866] Medium CVE-2014-7940: Uninitialized value in ICU.
• [428557] Medium CVE-2014-7941: Out-of-bounds read in UI.
• [426762] Medium CVE-2014-7942: Unitialized Value in Fonts.
• [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia.
• [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium.
• [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium.
• [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts.
• [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium.
• [414026] Medium CVE-2014-7948: Caching error in AppCache.

As usual, our ongoing internal security work was responsible for a wide range of fixes

• [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives.
• Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch (currently 3.30.33.15).