Stable Channel Update
Tuesday, March 26, 2013
The Chrome team is excited to announce the promotion of Chrome 26 to the Stable Channel. Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame contains number of new items including:
Please see the Chromium security page for more information. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Dharani Govindan
Google Chrome
- "Ask Google for suggestions" spell checking feature improvements (e.g. grammar and homonym checking)
- Desktop shortcuts for multiple users (profiles) on Windows
- Asynchronous DNS resolver on Mac and Linux
Security fixes and rewards:
Please see the Chromium security page for more information. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.
- [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).
- [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.
- [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.
- [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”.
- [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.
- [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.
- [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).
Dharani Govindan
Google Chrome