Google has released a newer version of Chrome browser and marked v28.0.1500.72 as the stable channel for Windows, Mac and Chrome Frame. The release addresses the security fixes including the new Flash Player v11.8.800.97 and improved pop-ups.
Revamped and rich pop-ups now features text and images and lets users to respond to notification without leaving the window. The feature is available now for Windows only. Moreover, Chrome 28 aids support for Blink — a new web rendering engine that replaced WebKit.
Here’s the list of security fixes addressed in this release:
- CVE-2013-2867: Block pop-unders in various scenarios.
- CVE-2013-2879: Confusion setting up sign-in and sync.
- CVE-2013-2868: Incorrect sync of NPAPI extension component.
- CVE-2013-2869: Out-of-bounds read in JPEG2000 handling.
- CVE-2013-2870: Use-after-free with network sockets.
- CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL.
- CVE-2013-2871: Use-after-free in input handling.
- CVE-2013-2872: Possible lack of entropy in renderers.
- CVE-2013-2873: Use-after-free in resource loading.
- CVE-2013-2874: Screen data leak with GL textures.
- CVE-2013-2875: Out-of-bounds-read in SVG.
- CVE-2013-2876: Extensions permissions confusion with interstitials.
- CVE-2013-2877: Out-of-bounds read in XML parsing.
- CVE-2013-2878: Out-of-bounds read in text handling.
- CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives (Chrome 28).
You can read detailed changes and security fixes on Google Chrome Releases Blog. Google Chrome is available in three variants of installers, and you can opt as per your requirements.
Google Chrome 28 Web Installer google.com/chrome/eula.html
Google Chrome 28 Offline Installer google.com/chrome/eula.html?standalone=1
Google Chrome 28 MSI Installer google.com/chrome/eula.html?msi=true