Google has released the latest stable release of Chrome, version 25. This release boasts support for the Web Speech API and improved extensions security.
The major new feature to Google Chrome is support for the Web Speech API which allows websites to integrate speech recognition capabilities. Google has provided a web demo of this new feature. Further web standards support has been improved in version 25 with, improved support for HTML5 time/date inputs and better error handling with WebGL.
Security has been main focus for this release. Silent installs of Chrome extensions has now been disabled, all extensions now need approval of user before install. Support for Content Security Policy has been included, preventing cross-site scripting and other content injection attacks. Finally, omnibox search is now encrypted using HTTPS.
Google’s open web media format, VP8, has been updated in version 25. VP9 provides better video compression while maintain the same quality of video as VP8.
Chrome 25 also features a slue of security updates, making your browsing experience even more secure!
- [172243] High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
- [171951] High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
- [167069] Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
- [165432] High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
- [142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
- [172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
- [172369] Medium CVE-2013-0885: Too many API permissions granted to web store.
- [Mac only] [171569] Medium CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
- [171065] [170836] Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
- [170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
- [170569] Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
- [169973] [169966] High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
- [169685] High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
- [169295] [168710] [166493] [165836] [165747] [164958] [164946] Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
- [168570] Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
- [168473] High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
- [Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
- [166708] High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
- [165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
- [164643] High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
- [160480] Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
- [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
Finally, Webkit has been updated to version 537.22 and V8 has been updated to version 3.15.11.5