Submit A Tip Alternative Tip Form

Google Chrome hits 25

Google has released the latest stable release of Chrome, version 25. This release boasts support for the Web Speech API and improved extensions security.

Google has released the latest stable release of Chrome, version 25. This release boasts support for the Web Speech API and improved extensions security.

The major new feature to Google Chrome is support for the Web Speech API which allows websites to integrate speech recognition capabilities. Google has provided a web demo of this new feature. Further web standards support has been improved in version 25 with, improved support for HTML5 time/date inputs and better error handling with WebGL.

Security has been main focus for this release. Silent installs of Chrome extensions has now been disabled, all extensions now need approval of user before install. Support for Content Security Policy has been included, preventing cross-site scripting and other content injection attacks. Finally, omnibox search is now encrypted using HTTPS. 

Google’s open web media format, VP8, has been updated in version 25. VP9 provides better video compression while maintain the same quality of video as VP8.

Chrome 25 also features a slue of security updates, making your browsing experience even more secure!

  • [172243High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
  • [171951High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
  • [167069Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
  • [165432High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
  • [142169Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
  • [172984Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
  • [172369Medium CVE-2013-0885: Too many API permissions granted to web store.
  • [Mac only] [171569Medium CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
  • [171065] [170836Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
  • [170666Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
  • [170569Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
  • [169973] [169966High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
  • [169685High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
  • [169295] [168710] [166493] [165836] [165747] [164958] [164946Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
  • [168570Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
  • [168473High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
  • [Linux / Mac] [167840High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
  • [166708High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [165537Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
  • [164643High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
  • [160480Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
  • [152442Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).

Finally, Webkit has been updated to version 537.22 and V8 has been updated to version 3.15.11.5

  • Javier Bastardo

    Can’t wait to see what comes out of this!