Stable Channel Update
Thursday, February 21, 2013
The Chrome team is excited to announce the promotion of Chrome 25 to the Stable Channel. Chrome 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac contain a number of new items including:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Many of the above bugs were detected using AddressSanitizer.
We’d also like to thank Christian Holler, miaubiz and Atte Kettunen for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.
A full list of changes in this build is available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Jason Kersey
Google Chrome
- Improvements in managing and securing your extensions
- Better support for HTML5 time/date inputs
- JavaScript Web Speech API support
- Better WebGL error handling
- And lots of other features for developers
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [172243] High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
- [$1000] [171951] High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
- [$500] [167069] Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
- [$500] [165432] High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
- [$500] [142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
- [172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
- [172369] Medium CVE-2013-0885: Too many API permissions granted to web store.
- [Mac only] [171569] Medium CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
- [171065] [170836] Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
- [170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
- [170569] Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
- [169973] [169966] High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
- [169685] High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
- [169295] [168710] [166493] [165836] [165747] [164958] [164946] Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
- [168570] Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
- [168473] High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
- [Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
- [166708] High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
- [165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
- [164643] High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
- [160480] Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
- [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
Many of the above bugs were detected using AddressSanitizer.
We’d also like to thank Christian Holler, miaubiz and Atte Kettunen for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.
A full list of changes in this build is available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Jason Kersey
Google Chrome