2013, has started off on an innovative and upgradation note for Google. Launching Google+ Communities and then keeping the users wanting for more has been the recent trend of this search giant. Thursday, 10th of January, 2013 witnessed yet another upgradation from Google’s end.

Yes, a faster Chrome browser termed as Chrome 24. The term has been coined because it plugs 24 security holes and has incorporated MathML in the latest version. Google has gone ahead and introduced it for Windows, Mac and Linux.

There are no major leaps taken by the giant, though. Speed improvements and a host of security fixes are the only issues adhered to in this version. Upgrading to the latest release can be done with the help of a built-in silent updater. Or by downloading it directly from google.com/chrome.

Speed issues have been taken care of and that’s the respite offered. Google’s tested it on its own Octane JavaScript and has concluded that this version is the fastest Chrome release ever. It is even touted to be faster than Chrome Beta.

From the developer’s side, Google has ensured that the HTML5 datalist element is supported, which suggests a date and time. Additional support is provided in the form of MathML. The Datalist feature enables you to make a specification of a list of suggested dates and times for inputs, whereas the MathML lets you keep on writing mathematical content in a systematic manner. Some more features like experimental support for CSS Custom Filters is also included.

Fixing the usual bugs, enhancing the speed, a new version of V8 and Webkit are the changes that are brought about in this release. But, here’s Google’s listed features that are new to the version. According to the changelog notes on the previous beta and dev updates in chronological order.

Google States:

Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. Example: if there is a bookmark with a title of “Doglettes & Catlettes” typing any of the following into the omnibox will likely present the bookmark as a suggestion:: “dog”, “cat”, “cat dog”, “dog cat”, “dogle”, etc. Typing “ogle” or “lettes” will not match

This new version basically seems to be a cleanup drive with stabilisation provided to the users. However, a number of bug related issues have also been looked into. The ones related to Flash, speech input, Youtube, omnibox, bookmark sync,installing extensions, memory leaks, JavaScript rendering, scrolling and the ones pertaining to Windows 8 have all been fixed and addessed. There is a presence of a SVN revision log that gives you a detailed insight.

Looking from the security point of view, the 24 security holes that have been fixed are enlisted below. Out of these 11 are rated High, 8 are marked Medium and the rest 5 are Low.

  • [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.
  • [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyenger, both of Facebook.

  • [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.

  • [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).

  • [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).

  • [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).

  • [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

  • [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).

  • [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.

  • [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).

  • [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).

  • [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

  • [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

  • [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

  • [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).

  • [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).

  • [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).

  • [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).

  • [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).

  • [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).

  • [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.

  • [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).

  • [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.

  • [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments.

Credit to Google Chrome Security Team (Chris Palmer).

A bounty of ‘ bug removing’ has been spent upon, by Google. The total amount stands at $6000. So, get going, get upgraded.