Google Chrome 25 Stable Available for Download

Google today released Google Chrome version 25 for Windows, Mac, and Linux. Google Chrome 25.0.1364.97 has been updated for Windows and Linux, and 25.0.1364.99 for Mac. Google Chrome 25 will automatically disable some extensions installed by third party programs using external extension deployment options. This build also includes new JavaScript Web Speech API that enables speech-to-text on the desktop web.

Google Chrome 25 new features
Notable changes in Google Chrome 25:

New JavaScript Web Speech API
With the inclusion of the Web Speech API for developers, users can start enjoying new, interactive experiences with web apps. With this new JavaScript API, developers can integrate speech recognition into their web apps. So, in the near future you’ll be able to talk apps into doing all sorts of things.

No more silent extension installs
To make sure your Chrome installation isn’t being slowed down, Google Chrome 25 will automatically disable some extensions on Windows that may have been added by third party programs without proper acknowledgement from users. The original intent was to give people an option to add useful extensions when installing applications, but unfortunately this feature has been widely abused by third parties who added extensions without user consent. A notification will appear with the option to re-enable the affected extensions.

Unprefixed support for Content Security Policy
Content Security Policy (CSP) helps you reduce the risk of cross-site scripting and other content injection attacks. With Google Chrome 25, you can use the unprefixed Content-Security-Policy HTTP header to define a whitelist of trusted content sources. The browser will only execute or render resources from those sources.

Prefixed support for Shadow DOM
Web Components is a set of cutting edge standards that will make it possible to build reusable widgets for the web. Shadow DOM is a key part of Web Components that enables DOM tree encapsulation. Without it, idgets may inadvertently break pages by using conflicting CSS selectors, class or id names, or JavaScript variables.

Download Google Chrome Stable Channel (February 21, 2013)
Google Chrome 25.0 Stable is available here: http://www.google.com/chrome

Google Chrome 25.0.1364.97 Stable

If you’re running the Windows 8, you’ll be able to try Chrome in Metro mode by setting it as your default browser.

New in Google Chrome 25.0.1364.97 Stable
This build contains the following updates:
  • Improvements in managing and securing your extensions.
  • Better support for HTML5 time/date inputs.
  • Javascript speech API support.
  • Better WebGL error handling.
  • And lots of other features for developers.

Security fixes:
  • [$1000] [172243] CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. (High)
  • [$1000] [171951] CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. (High)
  • [$500] [167069] CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG. (Medium)
  • [$500] [165432] CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan. (High)
  • [$500] [142169] CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG. (Medium)
  • [172984] CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans). (Low)
  • [172369] CVE-2013-0885: Too many API permissions granted to web store. (Medium)
  • [Mac only] [171569] CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community. (Medium)
  • [171065] [170836] CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. (Low)
  • [170666] CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). (Medium)
  • [170569] CVE-2013-0889: Tighten user gesture check for dangerous file downloads. (Low)
  • [169973] [169966] CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). (High)
  • [169685] CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla). (High)
  • [169295] [168710] [166493] [165836] [165747] [164958] [164946] CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). (Medium)
  • [168570] CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community. (Medium)
  • [168473] CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno). (High)
  • [Linux / Mac] [167840] CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla). (High)
  • [166708] CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar). (High)
  • [165537] CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. (Low)
  • [164643] CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community. (High)
  • [160480] CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla). (Low)
  • [152442] CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno). (Medium)

Note:
  • Many of the above bugs were detected using AddressSanitizer.

You can find the full details about changes that are in this version of Chrome 25 from svn revision log.

References:
Chrome 25 Beta: Content Security Policy and Shadow DOM
Google Chrome Stable Update

No comments: