Chrome Stable channel updated

Well, after all, this is a stable channel update thread.
Perhaps the question deserves and is better suited for its own thread.

 

This release (25.0.1364.172) contains stability improvements, and a new version of Adobe Flash. Full details about what changes are in this build are available in the SVN revision log.

 

Have you tried searching (using your favourite search engine) for google chrome font rendering and see if you get some useful tips from others? It may be worth trying.

 

The Chrome team is excited to announce the promotion of Chrome 26 to the Stable Channel. Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame contains number of new items including:

"Ask Google for suggestions" spell checking feature improvements (e.g. grammar and homonym checking)

Desktop shortcuts for multiple users (profiles) on Windows

Asynchronous DNS resolver on Mac and Linux

Security fixes and rewards:

Please see the Chromium security page for more information. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.
[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).
[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.
[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).
[177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
[174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.
[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”.
[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
[169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.
[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.
[112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).

A full list of changes in this build is available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

 

I'm seeing a little key icon in fields where I would enter a password. Did Chrome add this at some point, or is ChromeIPass doing it?

 

Flash Player has been updated to 11.7.700.169 so we Chrome users should be getting an update very soon.

http://www.adobe.com/products/flashplayer/distribution3.html

Later...

 

Oh great, another flash update.

 

The Stable channel has been updated to 26.0.1410.63 for Mac and Linux; 26.0.1410.64 for Windows and Chrome Frame. This release contains stability improvements, and a new version of Adobe Flash.

 

Got it...thanks

 

Is anybody having a problem with Flash not loading? This just started today, and from looking at their forum, others have had it (also starting today). A common "fix" is to disable the internal pepper Flash and keep the one from Adobe, or just either one of them. But, I don't install Flash separately so I only have the bundled plugin. I hope this gets sorted out before I have to use Adobe's installer.

Edit: there was a new version of Flash released today (11.7.700.202), so I guess that's the problem. I didn't realize it would update Flash without updating the Chrome version. It's still 26.0.1410.64.

 

What I discovered on my setup to overcome flash not playing

PPAPI flash is updated in user data folder. So you end up with the old flashplayer in Chrome program directory and the new one in user directory.

What I do: move newest 'ppapi flash dll' from user folder to programs folder, start chrome with this switch --ppapi-flash-path, see example https://www.wilderssecurity.com/showpost.php?p=2229023&postcount=3

I have a SRP deny, so dll is blocked by Windows OS when in user folder

 

=

.

 

It seems chrome is back to putting PepperFlash in user space again...even on the Enterprise version. If you delete it from user space chrome will shortly copy it back there. If running SRP you'll need to create an unrestricted rule for it in Additional Rules or PepperFlash will not be able to load.

Later...

 

Thx, back to Chromium with --ppapi-flash-path="[PATH]\pepflashplayer.dll" and the hassle with downloading updated Chrome portable, getting pepflashplayer and pdf dll out of it and moving it to Chromium folder

 

Well, why don't you automate that process? Sounds like a fun project.

 

Wow, it looks like I may have to set the folder to unrestricted. I tried the path thing, and it doesn't work unless I delete the files from the folder in Users. That works for a few minutes until Chrome puts them back. Sheesh.

 

I'm on Win 8 Pro 64 bit. Here's my Additional Rules entry for PepperFlash...

C:\Users\user-name-here\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll

This works fine. You could use...

C:\Users\user-name-here\AppData\Local\Google\Chrome\User Data\PepperFlash

with unrestricted rights, I suppose.

Later...

 

Oh, by "path thing" I actually meant the shortcut with the specified path for Flash. But thanks anyway.

 

What a mess. But I suppose the next Chrome release will also contain the most updated pepperflash.

 

I just copied the pepflashplayer.dll + manifest.json from my User folder to Program Files \ Goog..\Chr..\Appl..\Pepperflash folder and flash works. I didn't need to use the special path instruction that was recommended.

-edit : darn. Chrome downloads this file again to my user folder and I have to manually delete it. The path solution doesn't work neither does allowing the pepflashplayer.dll in my SRP settings.

 

The Chrome team is excited to announce the promotion of Chrome 27 to the Stable Channel. Chrome 27.0.1453.93 for Windows, Mac, Linux, and Chrome Frame contains number of new items including:

Web pages load 5% faster on average
chrome.syncFileSystem API
Improved ranking of predictions, improved spell correction, and numerous fundamental improvements for Omnibox predictions. Please see the Help Center for more information on our updated policies.
Security fixes and rewards:
Please see the Chromium security page for more information. (Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.)


This automatic update includes security fixes. We’d like to highlight the following fixes for various reasons (crediting external researchers, issuing rewards, or highlighting particularly interesting issues):


[$1000] [235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek.
[$500] [235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler.
[$1500] [230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity.
[$1000] [230117] High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity.
[$1000] [227350] High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva.
[$2000] [226696] High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux.
[$1000] [222000] High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani.
[$1000] [196393] High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul).
[$3133.7] [188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG.
[$1000] [177620] High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva.
[$1000] [176692] High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne.
[$500] [176137] Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov.
[171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich.


In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:

[241595] High CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives.


Many of the above bugs were detected using AddressSanitizer.

This build also contains a new Adobe Flash build. You can find more information here.

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

 

Thanks for heads up.
I wonder in which stable no. version Chrome introduce Blink.

 

That could be a while yet, but maybe not too much longer since Opera has officially released their mobile browser with Blink.

Edit: That's incorrect and I apologize. Opera released its Webkit mobile browser, Blink is not in yet. I misread somewhere or got info jumbled in my head.

 

per theNextWeb - Google is set to integrate Blink with v28. But i'm doubtful how much perf. improvements it would make with that release with this change alone..

 

It won't make any real difference for a while I don't think. As for Apple, Google ought to just pull their browser from iOS instead of dealing with the stupidity of Apple forcing everyone to do precisely what they say, no questions asked. Let iOS users have Safari.