Chrome 26 Arrives with Spell Checking Improvements, Multiple-User Desktop Shortcuts on Windows, and More

  Google on Tuesday released Chrome version 26 for Windows, Mac, and Linux. The new version features “Ask Google for suggestions” spell checking feature improvements, desktop shortcuts for multiple users(profiles) on Windows, and an asynchronous DNS resolver on Mac and Linux. You can update to the latest release now using the browser’s built-in silent updater, or download it directly from google.com/chrome. The improved spell checking includes a refresh of Chrome’s default dictionaries as well as added support for three languages: Korean, Tamil, and Albanian. Furthermore, if you sync your settings in Chrome and Chrome OS, you’ll now notice custom dictionary are shared across devices as well. At the same time, Google has also started rolling out support for grammar, homonym, and context-sensitive spell checking in English for users who have enabled the “Ask Google for suggestions” spell check feature. These technologies are already used in Google search (and Google Docs as of March 2012), meaning you can expect that support for additional languages is on the way. Here’s what these improvements look like on Windows, Linux, and Chrome OS (rolling out in the coming weeks, Mac support coming later): Aside from the usual bug fixes, speed enhancements, a new version of V8 and Webkit, here is what Google listed as new in Chrome version 26.0.1410.43, according to its changelog notes on the previous beta and dev updates (added in chronological order, the full SVN revision log has more details): Forced compositing mode and threaded compositing on Mac. Updated UI styling of menus on Windows. Chrome 26 addresses 11 security holes (two rated High, four marked Medium, and five considered Low): [$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar). [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community. [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer). [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer). [174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes. [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”. [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer). [169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community. [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google. [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com). Google thus spent just $1,000 in bug bounties this release and fixed half the security holes of the last release. This is likely due to company prepping for the Pwn2Own browser security contest: Chrome 25 was updated multiple times in the hopes to stop hackers from breaking into Chrome. All major browsers were hacked despite Google’s and other browser vendors’ efforts.