Ubuntu Security Notice 2860-1 - A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. An issue was discovered with the page serializer in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to inject arbitrary script or HTML. Various other issues were also addressed.
90d02e34904669776ec78df314db01a39141e3276465cd38e2e12e48a812ff8b