Yesterday Google Chrome team released the stable version of Chrome 38 on Windows, Mac and Linux. We just deployed Chrome 38 to all our OS platforms and it's now available to all our paying customers and free users.
Try Chrome 38 in Browserling now!
Significant changes in Chrome 38:
- A number of new apps/extension APIs.
- Support for logging into sites using FIDO U2F Security Key (a USB or smartcard security token) as a factor in 2-factor authentication.
- Under-the-hood changes for stability and performance.
Significant changes in Android version of Chrome 38:
- Support for Battery Status and Screen orientation APIs.
- Additional Material Design updates.
- Bug fixes and performance improvements.
Significant changes in iOS version of Chrome 38:
- Better support for iPhone 6 and 6+.
- Download and open files in Google Drive.
- Stability improvements and bug fixes.
- Security fixes.
Chrome 38 implements the following new features and updates:
- <picture> Element - Enable a responsive images solution by declaring multiple resources for an image using CSS media queries.
- Battery Status API - Allows access to see the battery level of the device's battery.
- Encoding API - Script API to allow encoding/decoding of strings from binary data. Common scenario: decoding a binary data file fetched via XHR into an ArrayBuffer that contains strings encoded as UTF-8.
- File constructor - A programmatic method of constructing File objects, very similar to how Blob objects are built.
- JS iterators (i.e. the for-of feature) (ES6) - Iterates over iterable objects (including arrays, array-like objects, iterators and generators), invoking a custom iteration hook with statements to be executed for the value of each distinct property.
- Map (ES6) - Map objects are simple key/value maps.
- Math functions (ES6) - Math related functions - sign, trunc, sinh, cosh, tanh, asinh, acosh, atanh, log10, log2, hypot, fround, clz32, cbrt, log1p, expm1 (as Math.sign(...), Math.trunc(...) and so on).
- SVG (1.1) Fonts - Use the SVG based font format (that non WebKit based browsers never implemented) as a @font-face web font.
- Screen Orientation API - Gives ability to read the screen orientation and lock it.
- Set (ES6) - Set objects let you store unique values of any type, whether primitive values or object references.
- Symbols (ES6) - Allows properties to be added to existing objects without the possibility of interference with the existing properties, unintended visibility, or with other uncoordinated additions by any other code.
The new release also includes 159 security fixes. Chrome team highlighted the following fixes that were contributed by external researchers:
- CVE-2014-3188: A special thanks to Juri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
- CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
- CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang (demi6od) of NSFOCUS Security Team.
- CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
- CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
- CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
- CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
- CVE-2014-3195: Information Leak in V8. Credit to Juri Aedla.
- CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
- CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
- CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
- CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.
Happy cross-browser testing in Chrome 38!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!