Google on Thursday released Chrome version 25 for Windows, Mac, and Linux. While Chrome 24 was largely a stability release, Chrome 25 is all about features, including voice recognition support via the newly added Web Speech API and the blocking of silent extension installation. You can update to the latest release now using the browser’s built-in silent updater, or download it directly from google.com/chrome.
Earlier this month, Google and Mozilla showed off how they teamed up to make their respective browsers talk to each other with the addition of WebRTC support, an open source project that provides Internet users with the ability to communicate in real-time via voice and video by simply using a Real-Time Communications (RTC) compatible browser. The technology, which enables Web app developers to include real-time video calling and data sharing capabilities in their products, was added to Mozilla’s browser in Firefox 18 (preliminary support) and the Chrome 25 beta.
Since the functionality is built into the browser, users don’t have to install anything while developers can deploy their apps much more easily. Today’s release means Chrome is the first stable browser to include full support; after you install it, you can try the feature out yourself here: Web Speech API Demonstration.
Two months ago, Google detailed it would be disabling external extension deployment options on Windows by default as of Chrome 25, and retroactively removing all extensions previously installed using them. Here’s what will happen when you launch Chrome 25 for the first time and you have previously-silently-installed extensions:
Chrome 25 will give you a list of the extensions it is disabling. If you want to keep some of them, you can click on “Extension Settings.” Otherwise, you can click on “OK, Great.”
Although many users install extensions strictly from the Chrome Web Store, some have extensions that were silently installed without their knowledge, and the feature was “widely abused by third parties” according to Google. The company also told Windows application developers they should ask users to install Chrome extensions from within the browser; the best way of doing so is to use inline installation.
Also two months ago, Google began experimenting with a search box in the browser’s tab page as well as keeping queries in the omnibox after a search is performed. The new tab page features the user’s default search provider, not just Google Search, but that’s probably what most will use, and here’s how it looks.
While this was in the Chrome 25 beta, it doesn’t appear to have made the cut for the final release; here’s what it’s supposed to look like (if you spot it, let us know):
Aside from the usual bug fixes, speed enhancements, a new version of V8 and Webkit, here is what Google listed as new in Chrome version 25, according to its changelog notes on the previous beta and dev updates (added in chronological order, the full SVN revision log has more details):
- Stability fixes and memory fixes.
- Improvements in managing and securing your extensions.
- Better support for HTML5 time/date inputs.
- Better WebGL error handling.
- And lots of other features for developers.
Interestingly, one of the things not listed until today is that the company decided to disable MathML in this release due to “a high severity security issue.” MathML was added in Chrome 24, but Google says the WebKit MathML implementation “isn’t quite ready for prime time yet” and it will be added back once the security issues have been addressed.
Speaking of security, Chrome 25 addresses 22 security holes (nine rated High, eight marked Medium, and five considered Low):
- [$1000]  High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
- [$1000]  High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
- [$500]  Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
- [$500]  High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
- [$500]  Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.
-  Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).
-  Medium CVE-2013-0885: Too many API permissions granted to web store.
- [Mac only]  Medium CVE-2013-0886: Incorrect NaCl signal handling. Credit to Mark Seaborn of the Chromium development community.
-   Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
-  b>Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
-  Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
-   High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
-  High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla).
-      Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).
-  Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community.
-  High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno).
- [Linux / Mac]  High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla).
-  High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).
-  Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.
-  High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.
-  Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla).
-  Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
Google thus spent a total of $3,500 in bug bounties this release. As always, these issues alone should be enough to get you to upgrade to Chrome 25.
Image credit: casasroger/Flickr