Chrome Releases
Release updates from the Chrome team
Stable Channel Update
Thursday, February 21, 2013
The Chrome team is excited to announce the promotion of
Chrome 25 to the Stable Channel
. Chrome 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac contain a number of new items including:
Improvements in managing and securing your extensions
Better support for HTML5 time/date inputs
JavaScript Web Speech API
support
Better WebGL error handling
And
lots of other features for developers
Security fixes and rewards:
Please see
the Chromium security page
for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[
$1000
] [
172243
]
High
CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
[
$1000
] [
171951
]
High
CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
[
$500
] [
167069
]
Medium
CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
[
$500
] [
165432
]
High
CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
[
$500
] [
142169
]
Medium
CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
[
172984
]
Low
CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
[
172369
]
Medium
CVE-2013-0885: Too many API permissions granted to web store.
[Mac only] [
171569
]
Medium
CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
[
171065
] [
170836
]
Low
CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
[
170666
]
Medium
CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
[
170569
]
Low
CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
[
169973
] [
169966
]
High
CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
[
169685
]
High
CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
[
169295
] [
168710
] [
166493
] [
165836
]
[
165747
] [
164958
]
[
164946
]
Medium
CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
[
168570
]
Medium
CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
[
168473
]
High
CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
[Linux / Mac] [
167840
]
High
CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
[
166708
]
High
CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
[
165537
]
Low
CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
[
164643
]
High
CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
[
160480
]
Low
CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
[
152442
]
Medium
CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
We’ve also resolved a high severity security issue by disabling MathML in this release. The WebKit MathML implementation isn’t quite ready for prime time yet but we are excited to enable it again in a future release once the security issues have been addressed.
Many of the above bugs were detected using
AddressSanitizer
.
We’d also like to thank Christian Holler, miaubiz and Atte Kettunen for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.
A full list of changes in this build is available in the
SVN revision log
. Interested in switching release channels?
Find out how
. If you find a new issue, please let us know by
filing a bug
.
Jason Kersey
Google Chrome
Labels
Admin Console
43
Android WebView
19
Beta
21
Beta update
4
Beta updates
2024
chrome
15
Chrome Dev for Android
131
Chrome for Android
952
Chrome for iOS
381
Chrome for Meetings
5
Chrome OS
1149
Chrome OS Flex
22
Chrome OS Management
12
Chromecast Update
6
ChromeOS
211
ChromeOS Flex
208
Desktop Update
1118
dev update
266
Dev updates
1510
Early Stable Updates
49
Extended Stable updates
130
Flash Player update
5
Flex
1
Hangouts Meet hardware
5
LTS
88
stable
11
Stable updates
1247
Archive
2024
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2023
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2022
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Give us feedback in our
Product Forums
.