Earlier this week Google Chrome team released the stable version of Chrome 47 on Windows, Mac and Linux. We just deployed Chrome 47 to all our OS platforms and it's now available to all our paying customers and free users.
Try Chrome 47 in Browserling now!
Chrome 47 implements the following new features and updates:
- MediaStream.label, MediaStream.ended and MediaStream.stop() - These parts of the MediaStream API have been removed from the spec.
- Array.prototype.includes - Method to determine whether an array includes a given element.
- Cache.matchAll() -
matchAll()returns a promise to be resolved with an array of all matched responses in the Cache object.
- EXT_disjoint_timer_query WebGL extension - This WebGL extension, exposing the underlying OpenGL ES functionality, allows developers to measure the duration of the commands they submit to the graphics processor. This will allow the development of additional tools to help developers make their WebGL code run faster.
- Fetch API: RequestInit.referrer - This feature enables users to specifying request's referrer as a construct argument. Note this is different from Request.referrer which was already introduced. In service workers, a captured request had the service worker's referrer (i.e. the service worker's script URL), but with this feature the request keeps the original referrer.
- High Resolution Time Stamp for Events - Change Event.timeStamp to be a DOMHighResTimeStamp which is a high resolution monotonic time with microseconds resolution instead DOMTimeStamp which is an epoch time with millisecond resolution. For input events, the timestamp value will represent the underlying OS timestamp for the event. High resolution monotonic timestamp for input events enables new functionality such as accurate measurement of pointer velocity, simple input latency measurements, and etc.
- MouseEvent.getModifierState - MouseEvent.getModifierState is unimplemented. KeyboardEvent.getModifierState is implemented; but the action on the MouseEvent isn't. To be consistent in APIs this is a simple change to bring matching spec behavior (http://www.w3.org/TR/DOM-Level-3-Events/#widl-MouseEvent-getModifierState).
- Navigator.mediaDevices - Navigator.mediaDevices has an enumerateDevices function, which provides the same functionality as MediaStreamTrack.getSources and adds audio output devices to the list, and it also has an ondevicechange event to notify when the set of devices available have changed. Note: currently, only the enumerateDevices() function is implemented.
- NotificationOptions.requireInteraction, and auto-minimize timeout - Support for the NotificationOptions.requireInteraction property, letting authors hint that a notification should remain readily available until the user clicks or dismisses it. When omitted, Chrome desktop will start to auto-minimize notifications to the notification center after ~8 seconds (rather than the toast remaining permamently on-screen); Chrome for Android will be unaffected, since the platform requires that notifications are always minimized there.
- Rest parameters (ES6) - Allows representation of an indefinite number of arguments as an array.
- SVG hasExtension() methods - The hasExtension() methods have been removed in SVG2. As implemented in Blink they always returned false and were thus of no use.
- SVGSVGElement.pixelUnitToMillimeterX and friends - These were in SVG 1.1 put have been removed: http://www.w3.org/TR/SVG11/struct.html#InterfaceSVGSVGElement; http://www.w3.org/TR/SVG2/struct.html#InterfaceSVGSVGElement. These properties all return the constant 0.2645833194255829 on all platforms, so they don't do what their names suggest.
- Service Worker: Change the fetch API request flags (mode, credentials and redirect) for navigation requests. - The flags of request objects which are passed to the service worker's Fetch Event handler for navigation requests will be changed. Current: mode="no-cors", credentials="same-origin", redirect="follow" (available since in M46); From M47: mode="same-origin", credentials="include", redirect="manual".
- UIEvent.sourceCapabilities & InputDeviceCapabilities.firesTouchEvents - The InputDeviceCapabilities API provides capabilities details about the physical device responsible for generating an event. InputDeviceCapabilities.firesTouchEvents returns whether this device dispatches touch events. All types of UIEvent now have their own sourceCapabilities attribute which returns the InputDeviceCapabilities associated with the physical device responsible for them.
- requestIdleCallback - An API which allows posting of tasks which are scheduled during periods when the browser is idle, and are passed a deadline when called which is calculated based on how long the browser expects to remain idle. This enables developers to perform background work on the main event loop, without impacting latency-critical events such as animation and input response.
The new release also includes 41 security fixes. Chrome team highlighted the following fixes that were contributed by external researchers:
- CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.
- CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous.
- CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous.
- CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski.
- CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2015-6771: Out of bounds access in v8. Credit to anonymous.
- CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.
- CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer.
- CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous.
- CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.
- CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Bock.
- CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.
- CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski.
- CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich.
- CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani.
- CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz.
- CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera.
- CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski.
- CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire.
- CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.
- CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.
- CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 184.108.40.206).
Happy cross-browser testing in Chrome 47!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!