Google upgraded Chrome to version 27, touting it as 5% faster as it patched 13 vulnerabilities.
Tuesday’s upgrade was the first since March 26, when Google plumped Chrome 26 into the release channel, the most polished of its three public builds.
Google touted just a pair of changes in the browser: a modest performance increase and an API (application programming interface) that Web app developers can call for synchronizing Google Drive storage space.
The speed improvement was meager, according to Google, which cited a 5% speed increase overall, with even smaller boosts for tasks like printing. To get the gains, Chrome now pre-loads images earlier in the rendering process, and more aggressively utilizes idle network time.
Also new to Chrome 27 is the chrome.syncFileSystem API, which Web app makers can use to sync a file system through Google Drive, the search giant’s online storage service. The API could, for example, be used by a writing tool running within Chrome to save and sync documents. The goal, said Google, is to provide “app-specific syncable storage for offline and caching usage so that the same data can be available across different clients.”
In other words, the documents created by the hypothetical Web app would be accessible to and remain synchronized in Chrome on any platform, whether Mac or Windows, desktop or mobile.
Chrome 27 also patched 13 vulnerabilities, 10 of them labeled “high,” the company’s second-most-serious threat rating, two as “medium,” and one as “low.” The majority were “use-after-free” flaws—a type of memory allocation vulnerability—discovered by the Google-built AddressSanitizer fuzzing tool, which the company’s security team has used to sniff out bugs in other browsers, including Apple’s Safari and Mozilla’s Firefox.
Twelve of the 13 vulnerabilities were reported to Google by 10 outside researchers, who received $14,633 for their work. So far this year, Google has paid out more than $200,000 from its Chrome bug bounty program or as prizes during hacking contests like Pwn2Own and Pwnium.
Chrome 27 also featured a non-security update of Adobe Flash, which Google bundles with its browser. The Flash fix addressed a problem maintaining connections with audio streams that affected only Macs. The bug had disrupted services such as SiriusXM’s Internet-based radio for more than a week.
Although Google has already announced that it will replace Chrome’s WebKit engine with its own Blink, Chrome 27 still relies on WebKit, according to its agent string.
Users can download Chrome 27 from Google’s website. Active users can simply let the automatic updater retrieve the new edition.