Chrome 31 Now Available – Includes Web Payments, Portable Native Code and Plenty of Fixes


This afternoon, Google released a new version of Google Chrome to the stable channel on Windows, Mac and Linux. This new version does bring a few new features, but more importantly, it brings a lot of bug and security fixes which are always important. You are able to update to Chrome 31 now using the browser's built-in silent updater, or you can just download it directly from Simple as that.

This first new feature is a pretty cool one. It means that you can fill out online forms with even less effort. Web developers now have programmatic access to the browsers autocomplete information, by using a new function named requestAutocomplete(). Users will be able to pick an existing payment data set stored in the browser or enter new details through a browser-provided interface, which developers can continue with their existing payment processor. The web payments feature has been available on Android for a little bit now, and is coming to Windows, Chrome OS and Mac in a future release. Google hasn't said exactly when the Mac version will get it though. I'd expect it to be very soon so it stays on par with the Windows, Chrome OS and Linux versions of the browser.


There's also another new feature in Chrome 31 which Google is using to push performance of apps even further with the Portable Native Client (PNaCI).


Additionally, Chrome 31 for Android is hitting Google Play soon and has gained application shortcuts.It basically allows you to go to ahead and website shortcuts to your home screen that will open in a normal Chrome Android window. So nothing too exciting in the Android version, but still nice to see it's there.


Now the bug and security fixes, there's over 25 of them fixed in this update, which Google Chose to highlight a few of them:

  • [$500][268565] Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani.
  • [$2000][272786] High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer.
  • [$500][282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
  • [$1000][290566] High CVE-2013-6624: Use after free related to "id" attribute strings. Credit to Jon Butler.
  • [$2000][295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer.
  • [295695] Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva.
  • [$4000][299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined.
  • [$1000][306959] Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris.
  • [315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
  • [258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google.
  • [299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google.
  • [296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik H¶glund of the Chromium project.

As always with security releases, make sure you update to the latest version of Chrome as soon as possible.