– a buffer overflow vulnerability in handling long filenames that display in the Save As… dialog. This is a critical risk that could lead to execution of arbitrary code.- a buffer overflow vulnerability in handling link targets displayed in the status area when the user hovers over a link. This is a critical risk that could lead to execution of arbitrary code.
The Friday update also includes fixes for several other bugs, rated less important by Google:
– an out-of-bounds memory read when parsing URLs ending with :%. This is a low risk that can be used to crash the entire browser, possibly causing loss of data in the current session.
– ensure that Desktop cannot be the default downloads directory, thus eliminating the risk of malicious cluttering of the desktop with unwanted downloads, which can lead to executing unwanted files.
– a couple of data transfer issues with the Safe Browsing service causing unnecessary traffic.
– a JavaScript bug that affected facebook.com. The fix properly handles negative indicies when using for…in.
More details on the update can be found here.