Posted by September 9, 2015
on Earlier today Google Chrome team released Chrome version 45 for Windows, Mac and Linux. We just uploaded Chrome 45 to all our OS platforms. You can cross-browser test your apps in Chrome 45 already!
Try Chrome 45 in Browserling now!
Significant changes in Chrome 45:
- Support for NPAPI plugins permanently disabled.
- A number of fixes and improvements.
Significant changes in Android version of Chrome 45:
- A number of fixes for a whole bunch of performance/stability/other issues.
Chrome 45 implements the following new features and updates:
- MediaStream.label, MediaStream.ended and MediaStream.stop() - These parts of the MediaStream API have been removed from the spec.
- Arrow functions (ES6) - The arrow (
=>
) takes the place of the function keyword. - Attr child nodes - Attr should not have any child nodes per the DOM spec and should not inherit from Node. This entry covers the child node aspect only.
- Audio Output Devices API - This feature will incorporate a set of JavaScript APIs that let a Web application direct the audio output of a media element to authorized devices other than the system or user agent default.
- CSP2: Exclude 'blob:' and 'filesystem:' from the 'self' source expression. - In CSP2, the
'self'
source expression explicitly excludesblob:
andfilesystem:
. This means that developers will need to add those schemes explicitly to their directives if they wish to include content at those URLs. - CSS Multi-column (new implementation) - Ship the flow thread based multicol implementation, so that we eventually can bring Blink's multicol support to a level that matches other engines' (Presto and Trident).
- CSSGroupingRule - The CSSGroupingRule interface represents an at-rule that contains other rules nested inside itself. Per spec, CSSMediaRule and CSSPageRule inherit from CSSGroupingRule.
- CSSKeyframesRule.insertRule() - Replaced by CSSKeyframesRule.appendRule().
- CSSUnknownRule - The CSSUnknownRule interface represents an at-rule not supported by this user agent.
- Client.id - Client.id is a GUID allowing the ServiceWorker to track client objects between SW termination & restart.
- Client.postMessage and ServiceWorkerMessageEvent - Before Chrome 45, a Service Worker sending a message via Client.postMessage() results in a MessageEvent fired on the Client's global scope (e.g., window). Since Chrome 45, the event is a ServiceWorkerMessageEvent fired on navigator.serviceWorker rather than window. Until Chrome 45, Client.postMessage displayed an "experimental, may change" deprecation warning.
- Deprecate Multiple Shadow Roots - Dropping this feature from the spec is the resolution at Web Components f2f meeting (https://www.w3.org/wiki/Webapps/WebComponentsApril2015Meeting).
- Deprecate SMIL - We intend to deprecate SMIL in favor of CSS animations and Web animations.
- Document's "first-party" takes ancestors into account - was made a small change to the definition of "first-party" that had been using for third-party cookie blocking: when determining the first-party origin for a request, only top-level origin is being used.
- Document.charset setter - Document.charset is a non-standard IDL attribute supported by all engines except Gecko, with a proposal to standardize it. In order to simplify standardization, Document.charset has been made readonly, as a simple alias of Document.characterSet.
- ES6 Array methods - Additional static methods on Array and instance methods on Array.prototype: Array.from, Array.of, Array.prototype.copyWithin, Array.prototype.fill, Array.prototype.find, Array.prototype.findIndex.
- ES6 TypedArray methods - Additional static methods on concrete TypedArray subclasses (Int8Array, Float32Array, etc) and instance methods on their prototypes. Includes most of the existing Array methods, as well as those added in ES6.
- IndexedDB getAll() methods - Indexed DB "batched get" APIs and two other methods that have been implemented in FF for some time: IDBObjectStore.getAll(), IDBObjectStore.getAllKeys(), IDBIndex.getAll(), IDBIndex.getAllKeys(), IDBObjectStore.openKeyCursor(), IDBTransaction.objectStoreNames().
- NPAPI plug-in support - NPAPIs 90s-era architecture has become a leading cause of hangs, crashes, security incidents, and code complexity in Chrome. Because of this, Chrome will be phasing out NPAPI support in 2013.
- Navigator.mediaDevices - Navigator.mediaDevices has an enumerateDevices function, which provides the same functionality as MediaStreamTrack.getSources and adds audio output devices to the list, and an ondevicechange event to notify when the set of devices available have changed.
- NotificationOptions.vibrate - The vibrate member of the NotificationOptions dictionary allows web developers to specify a vibration pattern for a notification.
- Object.assign() - The Object.assign() method is used to copy the values of all enumerable own properties from one or more source objects to a target object. It will return the target object.
- Push API: PushSubscription.subscriptionId - Deprecated in Chrome 44, removed in Chrome 45] The Push API previously exposed two properties identifying the subscription: {endpoint, subscriptionId}. These will be merged to be only a single property: endpoint. Developers can update their implementation by only considering endpoint if it considers the contents of subscriptionId.
- Push API: gcm_user_visible_only deprecation - [Deprecated in Chrome 44, removed in Chrome 45] We asked developers to indicate their intent to only send push messages that result in user visible UI - Web Notifications, by including the "gcm_user_visible_only" key in their Manifest. We are now removing this key in favor of the specified solution: userVisibleOnly. The subscribe() method should be updated like this: serviceWorkerRegistration.pushManager.subscribe({ userVisibleOnly: true }).then(...).
- Range.compareNode() and Range.expand() - These are non-standard extensions to the Range interface introduced in 2006 and 2009 respectively.
- Remove filterRes attribute - We plan to remove the filterRes attribute to align with the spec (http://www.w3.org/TR/filter-effects/#element-attrdef-filter-filterres).
- ServiceWorkerContainer.getRegistrations() - Returns all Service Worker registrations for the current origin.
- ServiceWorkerRegistration.update() - update() pings the server for an updated version of this Service Worker registration without consulting caches.
- Shadow-Piercing descendant combinator, '/deep/' (aka '>>>') - When a >>> combinator (or shadow-piercing descendant combinator) is encountered in a selector, replace every element in the selector match list with every element reachable from the original element by traversing any number of child lists or shadow trees.
- Stop sending mouse position updates during scrolling - While scrolling via trackpad or mousewheel, previously mouse position updated every 100ms. On pages with heavy mouse handlers or :hover styles, this could cause significant amounts of scroll jank. Sending a mouse position update includes updating :hover styles, and dispatching mousemove, mouseover, mouseenter, mouseleave, and mouseout events. It is being planned to stop sending mouse position updates while scrolling. Instead, this behavior will be triggered 100ms after scrolling ends.
- Subresource Integrity - Subresource Integrity defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. In a nutshell, metadata inlined into HTML elements allows the browser to determine whether the resource that was downloaded matches the resource the page's author expected to download. This implementation covers only the two elements outlined in the spec: <script> and <link rel="stylesheet"> elements.
- Touch.rotationAngle - The rotation angle, in degrees, of the contact area ellipse defined by Touch.radiusX and Touch.radiusY.
- Web Bluetooth - Access user-selected Bluetooth devices over GATT.
The new release also includes 29 security fixes. Chrome team highlighted fixes that were discovered by external security researchers:
- CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
- CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
- CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
- CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
- CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
- CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
- CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
- CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
- CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.
- CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.5 branch (currently 4.5.103.29).
Happy cross-browser testing in Chrome 45!
Email this blog post to your friends or yourself!
Try Browserling!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!