This build also includes chrome.syncFileSystem API and a new version of Adobe Flash Player (11.7.700.203). Additionally, this build fixes 10 high-risk security vulnerabilities and 2 medium-risk security vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
*Google Chrome 27.0.1453.93 also available on the Beta channel.
Download Google Chrome Stable Channel (May 21, 2013)
Google Chrome 27.0.1453.93 Stable is available here: http://www.google.com/chrome
Google Chrome 27.0.1453.93
What's new in Google Chrome 27.0.1453.93?
This build contains the following new features and updates:
- Web pages load 5% faster on average.
- chrome.syncFileSystem API.
- Improved ranking of predictions, improved spell correction, and numerous fundamental improvements for Omnibox predictions.
- Updated Pepper Flash to 11.7.700.203 for Windows and Mac.
Pepper Flash 11.7.700.203
See the following Google website for more details: Chrome 27 Beta: A Speedier Web and New HTML5 Forms
Security fixes:
- [$1000] [235638] CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. (High)
- [$500] [235311] CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. (Medium)
- [$1500] [230176] CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. (High)
- [$1000] [230117] CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. (High)
- [$1000] [227350] CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. (High)
- [$2000] [226696] CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. (High)
- [$1000] [222000] CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. (High)
- [$1000] [196393] CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). (High)
- [$3133.7] [188092] [179522] [222136] [188092] CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. (High)
- [$1000] [177620] CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. (High)
- [$1000] [176692] CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. (High)
- [$500] [176137] CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. (Medium)
- [171392] CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. (Low)
Additional fixes:
- [241595] CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives. (High)
Note:
- Many of the above bugs were detected using AddressSanitizer.
Reference:
Google Chrome Stable Update
No comments:
Post a Comment