Google released Chrome 25 today and we just installed it to our cloud browser platform. It's now available to all customers for testing.
Try Chrome 25 in Browserling now!
Chrome 25 Changes
- Added support for Opus audio
- Added support for VP9 video.
- Silent installs of external extensions are now disabled by default.
- Added Web Speech API.
- Omnibox search is now encrypted via https.
- Native Client on ARM.
- Disabled MathML support for the time being.
- Audio now continues to play while Chrome is in the background (Android).
- Support for pausing audio in Chrome when phone is in use (Android).
Chrome 25 Developer Changes
- CSS Gradients - Gradients provide a method to, over a customizable amount of space, transition from one color to another.
- Resource Timing API - Performance improvement that allows web applications to access timing information related to HTML elements.
- User Timing API - Helps web developers measure the performance of their applications by giving them access to high precision timestamps.
- Web Speech API (input) - Multimedia improvement that enables web developers to incorporate speech recognition into their web pages.
Chrome 25 Security Fixes
- CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
- CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
- CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
- CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
- CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
- CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
- CVE-2013-0885: Too many API permissions granted to web store.
- CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
- CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
- CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
- CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
- CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
- CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Juri Aedla).
- CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
- CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
- CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
- CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Juri Aedla).
- CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
- CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
- CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
- CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Juri Aedla).
- CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
Happy cross-browser testing in Chrome 25!
Email this blog post to your friends or yourself!