Google today released the latest instalment of Chrome, the Chrome 26 to the Stable Channel. The Chrome 26.0.1410.43 for Windows, Mac, Linux and Chrome Frame brings in number of new features along with security fixes. The new Chrome brings in “Ask Google for suggestions” spell checking feature improvements, Desktop shortcuts for multiple users (profiles) on Windows and Asynchronous DNS resolver on Mac and Linux. You can either update your Chrome browser to the latest release using the browser’s built-in silent updater or download it directly from google.com/chrome.
Here are the security fixes and rewards:
- [$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.
- [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).
- [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.
- [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.
- [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”.
- [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.
- [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.
- [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).
