Ten of the addressed vulnerabilities were reported by external researchers. Of these, eight are rated “high severity” and two “medium severity.”
Six of the externally reported security holes are use-after-free bugs, which in some cases can lead to code execution. Five of them have a severity rating of “high.”
The remaining issues that were reported by external researchers include inappropriate implementations, insufficient policy enforcement, and a type confusion in the V8 engine, Google notes in its advisory.