Google today released Chrome version 23.0.1271.64 for Windows, Mac, and Linux. You can update to the latest release now using the browser’s built-in silent updater, or you can download it directly from google.com/chrome.
Arguably the biggest addition in Chrome 23 is the support of the Do Not Track (DNT) protocol. Microsoft was the first to announce support for the DNT mechanism in Internet Explorer 9, followed by Mozilla’s Firefox, Apple’s Safari, and Opera. Microsoft is still pushing forward on DNT support, as it is the first to enable the option by default in IE10, while Chrome 23 only now has an option to enable it. Nevertheless, Google giving the green light for DNT in Chrome means all five major browsers now support the standard.
New York, meet the world’s tech scene
5,000 Tech leaders are coming to NYC this November to learn and do business. This is your chance to join them.
Yet Google wants something better than DNT, as the company hints in its announcement:
This latest release also includes an option to send a “do not track” request to websites and web services. The effectiveness of such requests is dependent on how websites and services respond, so Google is working with others on a common way to respond to these requests in the future.
Google also underlined performance improvements in this release. The company has enabled GPU-accelerated video decoding for Chrome on Windows, meaning GPU-accelerated video decoding while watching videos can increase battery life significantly since dedicated graphics chips draw far less power than CPUs.
The company tested battery life on a Lenovo T400 laptop running Windows 7 when playing a 1080p h.264 video at 30fps and found that the laptop lasted 25 percent longer when GPU-accelerated video decoding was enabled. Your mileage will of course vary.
Chrome 23 also makes it easier for you to view and control any website’s permissions for capabilities such as geolocation, pop-ups, and camera/microphone access. Instead of having to dig through settings pages to find these permissions, you can click on the page/lock icon next to a website’s address in the omnibox to see a list of permissions and tweak them as you wish:
Chrome now also includes the PeerConnection API (allows developers to create Web apps with real-time audio and video calling sans plugins), track support for HTML5 video (provides a standard way to add subtitles, captions, descriptions, chapters, and metadata to videos), as well as the MediaSource API (provides a video playback solution which adapts video quality to changing computer and network conditions with the aim of reducing buffering). That last one is what I’m really looking forward to, although I honestly wish it meant fixing Flash so YouTube would stop being such a POS.
Aside from the usual bug fixes, speed enhancements, a new version of V8 and Webkit, here is what Google listed as being new in Chrome version 23, according to its changelog notes on the previous beta and dev updates (added in chronological order):
- SessionStorage is now persisted on disk; it’s stored and restored by the session restore system.
- Packaged Apps can now request access to local media folders.
- Linux: Make the new sandbox more robust when denying socket calls.
- Media Galleries Extension API should work on all platforms, though permission format has changed.
- Chrome will automatically check for captive portals when showing SSL interstitials or when an HTTP server responds to an HTTPS request.
- Windows: Now Chrome on Windows 8 uses a single profile regardless if running on desktop or metro mode. A new menu item has been added to switch mode which cause a relaunch.
If you check the full SVN revision log, you’ll see there are also several Windows 8 specific enhancements and fixes, and some crashing problems have been addressed. The four-year-old browser has also received its usual dose of security fixes, including a new version of Adobe Flash.
More specifically, Chrome 23 addresses 14 security holes (seven rated High and seven marked Medium):
- [Mac OS only] [$1000]  High CVE-2012-5115: Defend against wild writes in buggy graphics drivers. Credit to miaubiz.
- [$3500]  Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.
- [Linux 64-bit only] [$1500]  Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG.
- [$1000]  High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz.
- [Mac OS only] [$1000]  High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz.
- [$1000]  High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.
-  Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team.
-  Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.
-  Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).
-   Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno).
-  High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community.
-  Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.
-  Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).
-  High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).
Google thus spent a total of $9,000 in bug bounties this release. These issues alone should be enough to get you to upgrade to Chrome 23.
Image credit: Half Cut