Chrome 24 fixes two dozen bugs. Promising a faster Chrome.

Google’s latest browser update landed today with little fanfare from Mountain View– just a tiny blog post proclaiming a faster, more stable Chrome. Diving into the build’s change notes, however, reveal Flash updates, bug fixes and support for MathML. Not a lot in the way of consumer facing features — though Bookmarks are now searchable, via the Chrome omnibox. Not as fancy as the last release, but we never to scoff at stability and speed. Check it out at the source link below.

The biggest improvement on the user side of things is the speed increase. Google’s own Octane JavaScript test shows that this is the fastest Chrome release yet. When the beta came out in November, the company was touting that Chrome had become 26 percent faster on Octane than it was last year. Now it’s even faster.

On the developer side, Google has made sure the HTML 5 datalist element now supports suggesting a date and time and has also added support for MathML. Datalist allows you to specify a list of suggested dates and times for input elements while MathML lets you write mathematical content in a consistent way. Other additions include experimental support for CSS Custom Filters.

Aside from the usual bug fixes, speed enhancements, a new version of V8 and Webkit, here is what Google listed as being new in Chrome version 24, according to its changelog notes on the previous beta and dev updates (added in chronological order):

  • Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. Example: if there is a bookmark with a title of “Doglettes & Catlettes” typing any of the following into the omnibox will likely present the bookmark as a suggestion:: “dog”, “cat”, “cat dog”, “dog cat”, “dogle”, etc. Typing “ogle” or “lettes” will not match.

That’s right; there was only one new feature mentioned as this appears to be largely a cleanup and stability release. We did see, however, a huge number of notes on what issues have been addressed. Bugs related to Flash, speech input, YouTube, the omnibox, bookmark sync, installing extensions, memory leaks, JavaScript rendering, scrolling, and ones specific to Windows 8 have all been squashed. The full SVN revision loghas more details.

browser-features

On the security side, Chrome 24 coincidentally addresses 24 security holes (11 rated High, 8 marked Medium, and 5 considered Low):

  • [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.
  • [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyenger, both of Facebook.
  • [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
  • [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).
  • [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).
  • [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.
  • [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).
  • [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).
  • [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).
  • [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).
  • [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).
  • [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
  • [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).
  • [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
  • [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).

Google thus spent a total of $6,000 in bug bounties this release. These issues alone should be enough to get you to upgrade to Chrome 24

Capture

If you have any doubts, post them here.

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s