Chrome Updates

Maxthon for Mac is based on Chromium 21.0.1180.75.
And now we are planning to upgrade to Chromium 25.0.1364.99.
Let’s look at what they have improved.

25.0.1364.99

• Improvements in managing and securing your extensions
• Better support for HTML5 time/date inputs
• JavaScript Web Speech API support
• Better WebGL error handling
• And lots of other features for developers

Security fixes and rewards:

• [172243] High CVE-2013-0879: Memory corruption with web audio node.
• [171951] High CVE-2013-0880: Use-after-free in database handling.
• [167069] Medium CVE-2013-0881: Bad read in Matroska handling.
• [165432] High CVE-2013-0882: Bad memory access with excessive SVG parameters.
• [142169] Medium CVE-2013-0883: Bad read in Skia.
• [172984] Low CVE-2013-0884: Inappropriate load of NaCl.
• [172369] Medium CVE-2013-0885: Too many API permissions granted to web store.
• [Mac only] [171569] Medium CVE-2013-0886: Incorrect NaCl signal handling.
• [171065] [170836] Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
• [170666] Medium CVE-2013-0888: Out-of-bounds read in Skia.
• [170569] Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
• [169973] [169966] High CVE-2013-0890: Memory safety issues across the IPC layer.
• [169685] High CVE-2013-0891: Integer overflow in blob handling.
• [169295] [168710] [166493] [165836] [165747] [164958] [164946] Medium CVE-2013-0892: Lower severity issues across the IPC layer.
• [168570] Medium CVE-2013-0893: Race condition in media handling.
• [168473] High CVE-2013-0894: Buffer overflow in vorbis decoding.
• [Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling in file copying.
• [166708] High CVE-2013-0896: Memory management issues in plug-in message handling.
• [165537] Low CVE-2013-0897: Off-by-one read in PDF.
• [164643] High CVE-2013-0898: Use-after-free in URL handling.
• [160480] Low CVE-2013-0899: Integer overflow in Opus handling.
• [152442] Medium CVE-2013-0900: Race condition in ICU.

24.0.1312.57

• Mac: r177690 Fix renderer crashes when using certain IMEs. (Issue 152566)
• Mac: r178517 Fix microphone input dropout with Pepper Flash. (Issue 168859)
• Chrome Frame: r178591 Fix renderer exiting in certain cases when opening a new Window from Chrome Frame. (Issue 171877)

24.0.1312.56

• Fixed performance of mouse wheel scrolling. [Issue: 160122]
• Fixed visited links regression. [Issue: 160025]
• Fixed windows installation when installed as admin. [Issue: 166473]

Security fixes and rewards:

• [151008] High CVE-2013-0839: Use-after-free in canvas font handling.
• [170532] Medium CVE-2013-0840: Missing URL validation when opening new windows.
• [169770] High CVE-2013-0841: Unchecked array index in content blocking.
• [166867] Medium CVE-2013-0842: Problems with NULL characters embedded in paths.
• [Mac only] [166523] High CVE-2013-0843: Crash with unsupported RTC sampling rate.

24.0.1312.52

This is the first Stable release with support for MathML

Security fixes and rewards:

• [162494] High CVE-2012-5145: Use-after-free in SVG layout.
• [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL.
• [165864] High CVE-2012-5147: Use-after-free in DOM handling.
• [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support.
• [166795] High CVE-2012-5149: Integer overflow in audio IPC handling.
• [165601] High CVE-2012-5150: Use-after-free when seeking video.
• [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript.
• [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video.
• [164565] High CVE-2012-5153: Out-of-bounds stack access in v8.
• [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation.
• [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes.
• [162778] High CVE-2012-5156: Use-after-free in PDF fields.
• [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling.
• [162153] High CVE-2013-0828: Bad cast in PDF root handling.
• [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access.
• [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC.
• [161836] Low CVE-2013-0831: Possible path traversal from extension process.
• [160380] Medium CVE-2013-0832: Use-after-free with printing.
• [154485] Medium CVE-2013-0833: Out-of-bounds read with printing.
• [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling.
• [152921] Low CVE-2013-0835: Browser crash with geolocation.
• [150545] High CVE-2013-0836: Crash in v8 garbage collection.
• [145363] Medium CVE-2013-0837: Crash in extension tab handling.
• [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments.

23.0.1271.101

A bug with sound distortion with microphone input: 157613.

23.0.1271.101

• Some texts in a Website Settings popup are trimmed (Issue: 159156)
• Linux: selection renders white text on white bg in apps (Issue: 158422)
• some plugins stopped working (Issue: 159896)
• Windows8: Unable to launch system level chrome after self destructing user-level chrome (Issue: 158632)

Security fixes and rewards:

• [$1500] [158204] High CVE-2012-5139: Use-after-free with visibility events.
• [$1000] [159429] High CVE-2012-5140: Use-after-free in URL loader.
• [160456] Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation.
• [160803] Critical CVE-2012-5142: Crash in history navigation.
• [160926] Medium CVE-2012-5143: Integer overflow in PPAPI image buffers.
• [$2000] [161639] High CVE-2012-5144: Stack corruption in AAC decoding.

23.0.1271.95

• [161564] High CVE-2012-5138: Incorrect file path handling.
• [$7331] [162835] High CVE-2012-5137: Use-after-free in media source handling.

23.0.1271.91

• No audio from Flash content when speaker configuration is set to Quadraphonic (Issue: 159924)
• Aw, Snap renderer crash on Windows Server 2003 (Issue: 160559)

23.0.1271.91

Security fixes and rewards:

• [$1000] [152746] High CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs.
• [$1000] [156567] High CVE-2012-5133: Use-after-free in SVG filters.
• [$500] [148638] Medium CVE-2012-5130: Out-of-bounds read in Skia.
• [155711] Low CVE-2012-5132: Browser crash with chunked encoding.
• [158249] High CVE-2012-5134: Buffer underflow in libxml.
• [159165] Medium CVE-2012-5135: Use-after-free with printing.
• [159829] Medium CVE-2012-5136: Bad cast in input element handling.

23.0.1271.64

Chrome 23 contains a number of new features including GPU accelerated video decoding on Windows and easier website permissions.

• [Mac OS only] [$1000] [149904] High CVE-2012-5115: Defend against wild writes in buggy graphics drivers.
• [$3500] [157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling.
• [Linux 64-bit only] [$1500] [150729] Medium CVE-2012-5120: Out-of-bounds array access in v8.
• [$1000] [143761] High CVE-2012-5116: Use-after-free in SVG filter handling.
• [Mac OS only] [$1000] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers.
• [$1000] [154055] High CVE-2012-5121: Use-after-free in video layout.
• [145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context.
• [149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling.
• [154465] Medium CVE-2012-5122: Bad cast in input handling.
• [154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia.
• [155323] High CVE-2012-5124: Memory corruption in texture handling.
• [156051] Medium CVE-2012-5125: Use-after-free in extension tab handling.
• [156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling.
• [157124] High CVE-2012-5128: Bad write in v8.

22.0.1229.94

• [$60,000][154983][154987] Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write.

22.0.1229.92

This update contains a number of stability fixes, including an issue with multiple profiles on Mac OS X 10.8.2.  It also contains a fix for text display on the Mac, as well as the security updates listed below.

• [$1000] [138208] High CVE-2012-2900: Crash in Skia text rendering.
• [$3133.7] [147499] Critical CVE-2012-5108: Race condition in audio device handling.
• [$500] [148692] Medium CVE-2012-5109: OOB read in ICU regex.
• [151449] Medium CVE-2012-5110: Out-of-bounds read in compositor.
• [151895] Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins.

22.0.1229.79

• Mouse Lock API availability for Javascript
• Additional Windows 8 enhancements
• Continued polish for users of HiDPI/Retina screens

Security fixes and rewards:

• [$5000] [146254] Critical CVE-2012-2897: Windows kernel memory corruption.
• [$10000] [143439] High CVE-2012-2889: UXSS in frame handling.
• [$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings.
• [$2000] [139814] High CVE-2012-2881: DOM tree corruption with plug-ins.
• [$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
• [$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia.
• [$1000] [143609] High CVE-2012-2887: Use-after-free in onclick handling.
• [$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text references.
• [$1000] [144899] High CVE-2012-2894: Crash in graphics context handling.
• [Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in WebGL.
• [$500] [137707] Medium CVE-2012-2877: Browser crash with extensions and modal dialogs.
• [$500] [139168] Low CVE-2012-2879: DOM topology corruption.
• [$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia.
• [132398] High CVE-2012-2874: Out-of-bounds write in Skia.
• [134955] [135488] [137106] [137288] [137302] [137547] [137556] [137606] [137635] [137880] [137928] [144579] [145079] [145121] [145163] [146462] Medium CVE-2012-2875: Various lower severity issues in the PDF viewer.
• [137852] High CVE-2012-2878: Use-after-free in plug-in handling.
• [139462] Medium CVE-2012-2880: Race condition in plug-in paint buffer.
• [140647] High CVE-2012-2882: Wild pointer in OGG container handling.
• [142310] Medium CVE-2012-2885: Possible double free on exit.
• [143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF viewer.
• [144051] Low CVE-2012-2891: Address leak over IPC.
• [144704] Low CVE-2012-2892: Pop-up block bypass.
• [144799] High CVE-2012-2893: Double free in XSL transforms.
• [145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in PDF viewer.

References：googlechromereleases.blogspot.com