Google Chrome 24.0 Released to Stable Channel

Google Chrome Stable Channel Update (January 10, 2013)
Google Chrome 24.0.1312.52 (also available on the Beta channel) has been updated to the Stable channel for Windows, Mac, Linux, and Chrome Frame platforms. This is the first Stable release with support for MathML. This release also contains an update to Flash Player (11.5.31.137) as well as improvements in speed and stability.

More details about Flash Player (11.5.31.137) can be found here.

What's new in Google Chrome 24.0?
Google Chrome 24.0 is mostly about developer features. It contains datalist support in date and time that allows you to specify a list of suggested dates and times for input elements, and MathML that enables you to write mathematical content in MathML and expect it to be consistently beautiful across the web.

In addition, Google Chrome 24.0 includes an Un-prefixed APIs, CSS custom filters (landed behind a flag), along with other new features. Take a look at the Official Chrome Blog for more info.

Download Google Chrome Stable
Google Chrome 24.0 Stable is available here: http://www.google.com/chrome

Google Chrome 24.0.1312.52 Stable

If you’re running the Windows 8, you’ll be able to try Chrome in Metro mode by setting it as your default browser.

Google Chrome 24.0.1312.52 Stable Modern UI (Running on Windows 8)

What's new in Google Chrome 24.0.1312.52 Stable?
This release contains the following updates:
  • Add support for MathML.
  • A new version of Adobe Flash Player. (11.5.31.137)

Security fixes:
  • [$1000] [162494] CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. (High)
  • [$4000] [165622] CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. (High)
  • [$1000] [165864] CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez. (High)
  • [167122] CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). (Medium)
  • [166795] CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). (High)
  • [165601] CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). (High)
  • [165538] CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. (High)
  • [165430] CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). (Medium)
  • [164565] CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. (High)
  • [Windows only] [164490] CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans). (Low)
  • [Mac only] [163208] CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes). (Medium)
  • [162778] CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. (High)
  • [162776] [162156] CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. (Medium)
  • [162153] CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. (High)
  • [162114] CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla). (High)
  • [Windows only] [162066] CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh). (Low)
  • [161836] CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). (Low)
  • [160380] CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). (Medium)
  • [154485] CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). (Medium)
  • [154283] CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). (Medium)
  • [152921] CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. (Low)
  • [150545] CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). (High)
  • [145363] CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. (Medium)
  • [Linux only] [143859] CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer). (Low)

Note:
  • Many of the above bugs were detected using AddressSanitizer.
  • The security issues in V8 have been fixed in v8-3.14.5.3.

You can find the full details about changes that are in this version of Chrome 24 from svn revision log.

References:
Google Chrome Stable Update
Speedy Chrome delivery

No comments: