Chrome

The Dev channel has been updated to 28.0.1500.20 (Platform versions: 4100.17.0) for all platforms except Google Chromebook Pixel. This build contains a number of stability improvements.Release Highlights: Fixed several audio level issues (240455, 239128) Creation of recovery images using imageburner is now fixed (239330) Fixed layout issues with File Manager (239155, 238702) Known Issues: On Acer C7 Chromebooks, docked mode has been disabled when connecting to an external monitor. Users connecting via slower 3G connections may be unable to login when creating a new user. Workaround: login as guest or as an existing user. (239139) Logging in via a captive portal access point does not show a login screen. Workaround: Connect to a different network or login as guest. (237214) If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).Danielle DrewGoogle Chrome

Chrome for Android, improved search and fullscreen browsing Today’s Chrome for Android stable update, now available on Google Play, makes searching on the go even simpler. You can now see your search queries in the omnibox instead of the long search URL, so you can easily refine them and view more results. To make browsing the mobile web even easier, web pages also display in fullscreen on phones. As you scroll, the top toolbar disappears so you can immerse yourself in the web page content. When you scroll up, the toolbar returns so you can get on to the next thing. Chrome for iPhone and iPad, with voice search (coming soon) Over the coming days, we’re rolling out an update for iPhone and iPad as well. You can now speak your searches into the omnibox. Touch the microphone, say your search query aloud and see your results (in some cases spoken back to you), all without typing a single letter. Try these queries with the update (coming soon to the App Store): “How many miles from San Antonio to Dallas?” “What’s the weather in Rome?” “Who stars in The Internship?” This update also enables faster reloading of web pages by using the cache more efficiently when the network is slow, which is especially useful when you’re on the go. Finally, other iOS apps can now give you the option to open links in Chrome and then return to the app with just one tap. We look forward to your feedback on the latest versions of Chrome for Android and iOS. Posted by Yusuf Ozuysal and Milan Broum, Minimalist & Vocal Software Engineers

The Chrome team is excited to announce the promotion of Chrome 27 to the Stable channel. Chrome for Android 27.0.1453.90 contains a number of improvments including: Fullscreen on phones - Scroll down the page and the toolbar will disappear. Simpler searching - Searching from the omnibox will keep your search query visible in the omnibox, making it easier to edit, and show more on your search result page. Client-side certificate support - You can now access sites that require you to use a certificate and Chrome will allow you to select an installed certificate Tab history on tablets - Long press the browser back button to view your tab history And a ton of stability and performance fixes A partial list of changes in this build is available in the SVN revision log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.Jason KerseyGoogle Chrome

The wait is out! Google has just released the 27th version of its Chrome browser for Windows, Linux and Mac users. True to the legacy of the previous updates, the latest version also comes with slight improvements including an average of 5% faster page loading time. According to Google, the speed enhancement owes to the [...]

The Dev channel has been updated to 28.0.1500.20 for Chrome Frame, Mac, Linux, and Windows This build addresses some known regressions and stability issues. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. Anthony Laforge Google Chrome

The Chrome team is excited to announce the promotion of Chrome 27 to the Stable Channel. Chrome 27.0.1453.93 for Windows, Mac, Linux, and Chrome Frame contains number of new items including: Web pages load 5% faster on average chrome.syncFileSystem API Improved ranking of predictions, improved spell correction, and numerous fundamental improvements for Omnibox predictions. Please see the Help Center for more information on our updated policies. Security fixes and rewards: Please see the Chromium security page for more information. (Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.) This automatic update includes security fixes. We’d like to highlight the following fixes for various reasons (crediting external researchers, issuing rewards, or highlighting particularly interesting issues): [$1000] [235638] High CVE-2013-2837: Use-after-free in SVG. Credit to S?awomir B?a?ek. [$500] [235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. [$1500] [230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. [$1000] [230117] High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. [$1000] [227350] High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. [$2000] [226696] High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. [$1000] [222000] High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. [$1000] [196393] High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). [$3133.7] [188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. [$1000] [177620] High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. [$1000] [176692] High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. [$500] [176137] Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. [171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. In addition, our ongoing internal security work was as usual responsible for a wide range of fixes: [241595] High CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives. Many of the above bugs were detected using AddressSanitizer. This build also contains a new Adobe Flash build. You can find more information here. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. Karen GrunbergGoogle Chrome

Last month’s Chrome Beta release contained optimizations so that web pages load 5% faster on average. We’ve included those optimizations in today’s Chrome Stable release so all users will enjoy a faster browsing experience. A 5% improvement may not seem like much by itself, but our estimates show that when you add up those saved seconds across all Chrome users, it totals to more than 510 years of people’s time saved every week. Want to make that number even bigger? Download Chrome today. Posted by James Simonsen, Software Engineer and Saver of Split Seconds

Would it not have been great if you had the ability to remember all the passwords that you enter in all of the websites you sign up to? Google has just made it possible by releasing a useful extension for its Chrome browser that can safely be used on personal computers. Known as “Show Password [...]

The Beta channel has been updated to 27.0.1453.103 (Platform version: 3912.79.0) for all Chrome OS devices. This build contains a number of bug fixes and stability improvements. Release Highlights: Pepper Flash updated to 11.7.700.202 Stability Fixes If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).Josafat GarciaGoogle Chrome

AddressSanitizer (ASAN) is a tool for finding memory problems and has been used to find thousands of memory errors in Chromium over the last two years. These kinds of errors will typically lead to heap or data corruption and subsequent crashes in random, unrelated code, which make them quite challenging to find and fix without tools like ASAN. However, ASAN is built using LLVM/Clang and is limited to Mac and Linux builds of Chromium. To address the lack of coverage for Windows-only code, we built SyzyASAN. SyzyASAN is built on top of the Syzygy toolchain and is an instrumentation-based clone of ASAN for detecting heap errors. It consists of three parts: An instrumenter that injects instrumentation into binaries produced by the Microsoft Visual Studio toolchain.A run-time library that replaces malloc, free, et al.An RPC-based logging server that receives information about detected errors. This lets us get information safely out of sandboxed processes, like Chromium’s renderer.SyzyASAN operates nearly identically to ASAN, finding errors in the same manner and producing similar reports. SyzyASAN finds some of the hardest-to-locate memory bugs like use-after-free, buffer overruns, and underruns. Focusing on very common memory errors allows SyzyASAN to be relatively efficient. Although Chrome with SyzyASAN is very usable, the penalties in speed - 4.7x on CPU intensive operations - and memory - a 25% increase plus a fixed 256MB increase in each process - are noticeable so we’ll confine these releases to our Canary channel for now. We’ve been releasing SyzyASAN-instrumented builds to the Windows Canary channel one day each week recently. One day with a little slowdown on the Canary channel gives us plenty of great data. In the last three weeks, we’ve found 150 new bugs in Chromium, several of which could lead to security vulnerabilities. We’ve put together some instructions for instrumenting your local build and debugging issues. Try it out and help us squash more memory bugs. The Syzygy source code and binaries can be downloaded from our code site, and instructions for how to use it are on our wiki. If you have any questions, suggestions or contributions, feel free to contact syzygy-team@chromium.org. If you’re using Syzygy or SyzyASAN with your project we’d love to hear about it! Posted by Chris Hamilton, Sanitation Engineer