Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

• [$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
• [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
• [$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
• [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
• [$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
• [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
• [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
• [$2000] [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov.
• [$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:

• [108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach.