Note: These release notes also apply to the version 25.0.1364.152 for Mac that was released last Friday.
Overview
Google Chrome 25 will automatically disable some extensions installed by third party programs using external extension deployment options. This build also includes new JavaScript Web Speech API that enables speech-to-text on the desktop web.
Google Chrome 25 new features
Notable changes in Google Chrome 25:
New JavaScript Web Speech API
With the inclusion of the Web Speech API for developers, users can start enjoying new, interactive experiences with web apps. With this new JavaScript API, developers can integrate speech recognition into their web apps. So, in the near future you’ll be able to talk apps into doing all sorts of things.
No more silent extension installs
To make sure your Chrome installation isn’t being slowed down, Google Chrome 25 will automatically disable some extensions on Windows that may have been added by third party programs without proper acknowledgement from users. The original intent was to give people an option to add useful extensions when installing applications, but unfortunately this feature has been widely abused by third parties who added extensions without user consent. A notification will appear with the option to re-enable the affected extensions.
Unprefixed support for Content Security Policy
Content Security Policy (CSP) helps you reduce the risk of cross-site scripting and other content injection attacks. With Google Chrome 25, you can use the unprefixed Content-Security-Policy HTTP header to define a whitelist of trusted content sources. The browser will only execute or render resources from those sources.
Prefixed support for Shadow DOM
Web Components is a set of cutting edge standards that will make it possible to build reusable widgets for the web. Shadow DOM is a key part of Web Components that enables DOM tree encapsulation. Without it, idgets may inadvertently break pages by using conflicting CSS selectors, class or id names, or JavaScript variables.
Download Google Chrome Stable Channel (March 4, 2013)
Google Chrome 25.0.1364.152 Stable is available here: http://www.google.com/chrome
If you’re running the Windows 8, you’ll be able to try Chrome in Metro mode by setting it as your default browser.
Google Chrome 25.0.1364.152 Stable
New in Google Chrome 25.0.1364.152 Stable
This build contains the following updates:
- Stability improvements.
- Fixes a number of issues, including a crash when typing in the Omnibox.
Security fixes:
- [$1000] [176882] CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. (High)
- [$1000] [176252] CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". (High)
- [$2000] [172926] [172331] CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG. (High)
- [$1000] [168982] CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG. (High)
- [174895] CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla). (High)
- [174150] CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community. (Medium)
- [174059] CVE-2013-0908: Incorrect handling of bindings for extension processes. (Medium)
- [173906] CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov. (Low)
- [172573] CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans). (Medium)
- [172264] CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla). (High)
You can find the full details about changes that are in this version of Chrome 25 from svn revision log.
References:
Chrome 25 Beta: Content Security Policy and Shadow DOM
Google Chrome Stable Update
No comments:
Post a Comment