From the Debian advisory:
CVE-2013-2853: The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline).
CVE-2013-2867: Chrome does not properly prevent pop-under windows.
CVE-2013-2868: common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting.
CVE-2013-2869: Denial of service (out-of-bounds read) via a crafted JPEG2000 image.
CVE-2013-2870: Use-after-free vulnerability in network sockets.
CVE-2013-2871: Use-after-free vulnerability in input handling.
CVE-2013-2873: Use-after-free vulnerability in resource loading.
CVE-2013-2875: Out-of-bounds read in SVG file handling.
CVE-2013-2876: Chrome does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits.
CVE-2013-2878: Out-of-bounds read in text handling.
CVE-2013-2879: The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked.
CVE-2013-2880: The chrome 28 development team found various issues from internal fuzzing, audits, and other studies. | 