Chrome 28 features a rich notifications center that send immediate alerts to users about important events as they happen. It can enable users to act directly on these notifications and show rich content like lists and images.
Chrome 28 also includes a new version of Adobe Flash Player (11.8.800.97). Additionally, this build fixes 1 critical-risk vulnerability, 4 high-risk security vulnerabilities and 7 medium-risk security vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
What's new in Chrome 28?
Chrome 28 contains a number of new improvements and updates, including:
Faster page loads
Starting in Chrome 28, your apps get a free speed boost from Blink’s new threaded HTML parser. It has two under-the-hood performance benefits:
- Reduced jankiness by moving work off the main JavaScript thread
- Improved page loading speed through pipelining.
Compared to the normal HTML parser, it loads DOM content about 10% faster and reduces the maximum stop time due to parsing by 40%.
Deprecated features
The prefixed version of the Content Security Policy HTTP header is now deprecated, so please use Content-Security-Policy instead of X-WebKit-CSP. The prefixed version will still work for now, but future releases may not support it.
Other developer features in this release
- You can now use CSS @supports conditional blocks to test whether Chromium supports certain property:value pairs.
- The :unresolved CSS pseudoclass lets you style a Custom Element that hasn’t been registered in the browser yet. Custom Elements are part of Web Components.
- As part of V8's continuing quest to make all JavaScript as fast as possible, recent optimizations have made the asm.js benchmarks more than twice as fast as prior versions of Chrome.
- Chrome Apps and Extensions developers can now use rich notifications to proactively engage with users.
See the following Google website for more details: Chrome 28 Beta: A more immersive web, everywhere
Download Google Chrome Stable Channel
Google Chrome 28.0.1500.71 Stable is available here: http://www.google.com/chrome
Google Chrome 28.0.1500.71
Security fixes:
- [$21,500] A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.
- [252216] CVE-2013-2867: Block pop-unders in various scenarios. (Low)
- [252062] CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. (High)
- [252034] CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. (Medium)
- [245153] CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. (Medium)
- [$6267.4] [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. (Critical)
- [$3133.7] [244260] CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. (Medium)
- [$2000] [243991] [243818] CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. (High)
- [Mac only] [242702] CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla. (Low)
- [$1000] [241139] CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. (High)
- [Windows + NVIDIA only] [$500] [237611] CVE-2013-2874: Screen data leak with GL textures. Credit to “danguafer”. (Medium)
- [$500] [233848] CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. (Medium)
- [229504] CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. (Medium)
- [229019] CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. (Low)
- [196636] None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson.
- [177197] CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG. (Medium)
Additional fixes:
- [256985] CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives (Chrome 28). (High)
References:
Google Chrome Stable Update
The Chromium Blog - Rich Notifications in Chrome
No comments:
Post a Comment