Wednesday, March 27, 2013

[Gd] Stable Channel Update

| More

Chrome Releases: Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 26 to the Stable Channel. Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame contains number of new items including:
  • "Ask Google for suggestions" spell checking feature improvements (e.g. grammar and homonym checking)
  • Desktop shortcuts for multiple users (profiles) on Windows
  • Asynchronous DNS resolver on Mac and Linux

Security fixes and rewards:

Please see the Chromium security page for more information. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.
  • [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).
  • [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.
  • [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).
  • [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
  • [174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.
  • [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”.
  • [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
  • [169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.
  • [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.
  • [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).
A full list of changes in this build is available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html

No comments: