Download Google Chrome 24.0.1312.52

Google has released version 24 of its Chrome web browser. Google Chrome is available in three different versions: stable, beta and dev, and this time the stable version has been updated. New in version 24 includes support for MathML, which can display mathematical notation. There are also improvements in stability and speed, the necessary security updates have been made and this version contains a newer version of the Flash player. The full changelog for this release can be found below.

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 24 to the stable channel. Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame.

This is the first Stable release with support for MathMLthanks to WebKit volunteer Dave Barton. This release also contains an update to Flash (11.5.31.137) as well as improvements in speed and stability. You can find out more about Chrome 24 on the Official Chrome Blog and the Official Chromium Blog.

Security fixes and rewards:

please see the Chromium security pagefor more details. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [162494] High CVE-2012-5145: Use after free in SVG layout.
• [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL.
• [165864] High CVE-2012-5147: Use after free in DOM handling.
• [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support.
• [166795] High CVE-2012-5149: Integer overflow in audio IPC handling.
• [165601] High CVE-2012-5150: Use after free when seeking video.
• [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript.
• [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video.
• [164565] High CVE-2012-5153: Out-of-bounds stack access in v8.
• [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation.
• [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes.
• [162778] High CVE-2012-5156: Use after free in PDF fields.
• [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling.
• [162153] High CVE-2013-0828: Bad cast in PDF root handling.
• [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access.
• [Windows only] [162066] Low CVE-2013-0830: Missing ZERO termination in IPC.
• [161836] Low CVE-2013-0831: Possible path traversal from extension process.
• [160380] Medium CVE-2013-0832: Use-after-free with printing.
• [154485] Medium CVE-2013-0833: Out-of-bounds read with printing.
• [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling.
• [152921] Low CVE-2013-0835: Browser crash with geolocation.
• [150545] High CVE-2013-0836: Crash in v8 garbage collection.
• [145363] Medium CVE-2013-0837: Crash in extension tab handling.
• [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments.

Many of the above bugs were detected using AddressSanitizer .

The security issues in V8 have been fixed in v8-3.14.5.3.

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.