Posted by January 1, 2015
on Today Google Chrome team released the new Chrome 40 stable version for Windows, Mac and Linux. We just deployed the new Chrome 40 to all our servers. It's now available to all our paying and free customers.
Try Chrome 40 in Browserling now!
Significant changes in Chrome 40:
- Disabled SSLv3 support by default.
- The minimum SSL/TLS version can now be set through about:flags.
- Updated info dialog for Chrome app on Windows and Linux.
- A new clock behind/ahead error message.
Significant changes in Android version of Chrome 40:
- Updated page info and content settings UI.
- Number of bug fixes and performance improvements.
Significant changes in iOS version of Chrome 40:
- New look with Material Design bringing bold graphics, fluid motion, and tactile surfaces.
- iOS 8 optimizations and support for bigger phones.
- Support handoff from Chrome to your default browser on OS X.
- Stability improvements and bug fixes.
Chrome 40 adds the following new features:
- Content Security Policy Level 2 - An evolution of the Content Security Policy specification, allowing developers to create a whitelist of sources of trusted content, and instructing the browser to only execute or render resources from those sources.
- Service ServiceWorkers - Formerly Navigation Controllers are a new system that provides event-driven scripts that run independent of web pages. They are similar to SharedWorkers except that their lifetime is different and they have access to domain-wide events such as network fetches. Use cases: offline, reducing perceived page load latency and will eventually power notification/push/sync use cases.
- Changed WebAudio PannerNode default behavior - The HRTF panner uses significant memory for the responses and requires a fair amount of processing to implement. For low-end mobile devices, this can be an issue. Since the default panner model is HRTF, the creation of the panner can cause the responses to be loaded. The default has been changed to equalpower, which doesn't consume significant memory and is much less intensive in processing power.
- minlength attribute - minlength attribute declares a lower bound on the number of characters a user can input.
- reportValidity() for form controls - reportValidity() invokes built-in form validation UI programatically.
The new release fixes 62 security issues. In no particular order some of the most critical security fixes include:
- CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
- CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
- CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer@booktrack.com.
- CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
- CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
- CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
- CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
- CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
- CVE-2014-7933: Use-after-free in FFmpeg. Credit to Aki Helin of OUSPG.
- CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
- CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
- CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
- CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
- CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
- CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
- CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
- CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
- CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
- CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
- CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
- CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
- CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
- CVE-2014-7948: Caching error in AppCache. Credit to Yaoqi Jia.
Happy cross-browser testing!
Email this blog post to your friends or yourself!
Try Browserling!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!