Google patched its Chrome browser this week, fixing 12 vulnerabilities including a serious information disclosure bug and a use-after-free vulnerability that could let users obtain potentially sensitive information and execute arbitrary code. French security researcher Antoine Delignat-Lavaud discovered the information disclosure problem (CVE-2014-3166) in SPDY, an open networking protocol that transports web content. If they wanted to, attackers looking to leverage the bug to impersonate universal servers could execute it remotely and without any form of authentication.
Source: https://threatpost.com/google-fixes-12-vulnerabilities-in-chrome-36/107777/