Google heeft versie 31 van zijn webbrowser Chrome uitgebracht. Google Chrome is beschikbaar in drie verschillende uitvoeringen: stable, beta en dev, en ditmaal is de stabiele uitvoering bijgewerkt. In versie 31 zijn geen nieuwe mogelijkheden toegevoegd, maar zijn er wel weer een groot aantal beveiligingsupdates doorgevoerd. Het volledige changelog van deze release is hieronder te vinden.
Stable Channel Update
Chrome has been updated to 31.0.1650.48 for Windows, Mac, Linux and Chrome Frame. Flash Player has been updated to 11.9.900.152, which is included w/ this release.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 25 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
We would also like to thank miaubiz and Atte Kettunen of OUSPG for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work responsible for a wide range of fixes:
-  Medium CVE-2013-6621: Use after free related to speech input elements.
-  High CVE-2013-6622: Use after free related to media elements.
-  High CVE-2013-6623: Out of bounds read in SVG.
-  High CVE-2013-6624: Use after free related to “id” attribute strings.
-  High CVE-2013-6625: Use after free in DOM ranges.
-  Low CVE-2013-6626: Address bar spoofing related to interstitial warnings.
-  High CVE-2013-6627: Out of bounds read in HTTP parsing.
-  Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.
Many of the above bugs were detected using AddressSanitizer.
-  Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
-  Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
-  Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
-  High CVE-2013-6631: Use after free in libjingle.
A full list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.