Google yesterday released Chrome version 25 for Windows, Mac, and Linux. Chrome 25 is all about features, including voice recognition support via the newly added Web Speech API and the blocking of silent extension installation.
Here is what Google listed as new in Chrome version 25, according to its changelog notes on the previous beta and dev updates (added in chronological order, the full SVN revision log has more details):
- Stability fixes and memory fixes.
- Improvements in managing and securing your extensions.
- Better support for HTML5 time/date inputs.
- Better WebGL error handling.
- And lots of other features for developers.
Google and Mozilla earlier this month showed off how they teamed up to make their respective browsers talk to each other with the addition of WebRTC support, an open source project that provides Internet users with the ability to communicate in real-time via voice and video by simply using a Real-Time Communications (RTC) compatible browser. The technology, which enables Web app developers to include real-time video calling and data sharing capabilities in their products, was added to Mozilla’s browser in Firefox 18 (preliminary support) and the Chrome 25 beta.
Today’s release means Chrome is the first stable browser to include full support; after you install it, you can try the feature out yourself here: Web Speech API Demonstration.
Google detailed it would be disabling external extension deployment options on Windows by default as of Chrome 25, and retroactively removing all extensions previously installed using them. Here’s what will happen when you launch Chrome 25 for the first time and you have previously-silently-installed extensions: Chrome 25 will give you a list of the extensions it is disabling. If you want to keep some of them, you can click on “Extension Settings.” Otherwise, you can click on “OK, Great.”
Chrome 25 addresses 22 security holes (nine rated High, eight marked Medium, and five considered Low):
- [$1000]  High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
- [$1000]  High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
- [$500]  Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
- [$500]  High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
- [$500]  Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
-  Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
-  Medium CVE-2013-0885: Too many API permissions granted to web store.
- [Mac only]  Medium CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
-   Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
-  b>Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
-  Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
-   High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
-  High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
-        Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
-  Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
-  High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
- [Linux / Mac]  High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
-  High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
-  Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
-  High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
-  Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
-  Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
Google thus spent a total of $3,500 in bug bounties this release. As always, these issues alone should be enough to get you to upgrade to Chrome 25.
Source: The Next Web