Google Chrome is a
browser that combines a minimal design with sophisticated technology to
make the web faster, safer, and easier. Google Chrome comes with a full
range of competitive features, and is among the most standards-compliant
and fastest browsers available. Chrome's minimalist interface, fast
page-load times, and support for extensions make the browser appealing
to the average user as well as to Google fanatics.
(Click link above, wait 5 seconds, then klik SKIP AD)
The Chrome team is excited to announce the promotion of Chrome 25 to the Stable Channel. Chrome 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac contain a number of new items including:
- Improvements in managing and securing your extensions
- Better support for HTML5 time/date inputs
- Better WebGL error handling
- And lots of other features for developers
Stable Channel Update
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000]  High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva.
- [$1000]  High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to “chromium.khalil”.
- [$2000]   High CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG.
- [$1000]  High CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG.
-  High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla).
-  Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community.
-  Medium CVE-2013-0908: Incorrect handling of bindings for extension processes.
-  Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov.
-  Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans).
-  High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla).
We’ve also resolved a high severity security issue by disabling MathML in this release. The WebKit MathML implementation isn’t quite ready for prime time yet but we are excited to enable it again in a future release once the security issues have been addressed.
Many of the above bugs were detected using AddressSanitizer.
We’d also like to thank Christian Holler, miaubiz and Atte Kettunen for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.