Google just announced Chrome 45, the next version of it’s popular web browser. The Browser is launched for all Windows, Android, Linux, and Mac operating systems. Chrome is arguably more than a browser: With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with its regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available. You can update to the latest version now using the browser’s built-in silent updater or Google Chrome 45 is available to download here: https://www.google.com/chrome/
Developer features in this release include :
- Sites can now customize the vibration triggered when showing a notification on Android.
- Chrome’s implementation of the Push API has undergone several minor breaking changes to keep up-to-date with the evolving specification.
- Sites using promoted add to home screen can now programmatically control the timing of the banner.
- The rotationAngle attribute of Touch objects is no longer prefixed, making it easier for sites to understand the geometry of the user’s touch with cross-browser code.
- To improve scroll performance on pages with heavy mouse handlers or hover styles, Chrome no longer sends mouse position updates when the user is scrolling with a trackpad or scroll wheel.
- Chrome now immediately prefetches all HTML imports referenced by a page instead of waiting for scripts included higher in the document to finish executing, thereby improving performance.
- To reduce the risk of certain types of attack, the ‘self’ source defined by Content Security Policy now excludes blob and filesystem URLs.
- The logjam attack is fixed in this release by deprecating the use of keys smaller than 1024 bits in Diffie-Hellman key exchanges, which may require developers to update their server’s TLS configuration.
- To improve cross-browser compatibility and specification compliance, CSSUnknownRule and CSSKeyframesRule.insertRule() are now deprecated, with the latter now replaced by CSSKeyframesRule.appendRule().
- Sites using SMIL will now trigger deprecation warnings in the console, encouraging them to migrate to CSS Animations and Web Animations.
- This release deprecates both multiple shadow roots and shadow-piercing deep selectors following a unanimous decision by browser vendors at the Web Components April 2015 meeting.
- The MediaStream attributes “label” and “ended” are now deprecated in favor of “id” and “active,” while the stop() method is deprecated in favor of MediaStreamTrack.stop().
Chrome 45 also includes 29 security fixes, of which Google chose to highlight the following :
- [$7500] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
- [$7500] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
- [$7500] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- [$5000] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
- [$3000] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
- [$1000] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
- [$3000] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
- [$3000] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
- [$2000] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
- [$1000] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.
-  CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.5 branch (currently 188.8.131.52).
If you add all those up, you’ll see Google spent at least $40,500 in bug bounties for this release (there are additional bounties that still don’t have a reward amount set). The security improvements alone should be enough incentive for you to upgrade to Chrome 45.
Learn more about Google Chrome 45 new features :