Just a few hours ago Google Chrome team released the stable version of Chrome 42 on Windows, Mac and Linux. We got a notification of the new release and 20 minutes later added Chrome 42 to Browserling. The new Chrome 42 browser is now available to all our paying and free customers.

Cross-browser testing in Chrome 42

Try Chrome 42 in Browserling now!

The biggest change in Chrome 42 is that it disables NPAPI support. The existing extensions requiring NPAPI plugins will be unpublished from the Chrome Web Store. All NPAPI plugins will appear as if they are not installed. They will not appear in the navigator.plugins list nor will they be instantiated (even as a placeholder). Although plugin vendors are working hard to move to alternate technologies, a small number of users still rely on plugins that haven't completed the transition yet. Google provides an override for advanced users (via chrome://flags/#enable-npapi) and enterprises (via Enterprise Policy) to temporarily re-enable NPAPI (via the page action UI) while they wait for mission-critical plugins to make the transition. In addition, setting any of the plugin Enterprise policies (e.g. EnabledPlugins, PluginsAllowedForUrls) will temporarily re-enable NPAPI.

Other significant changes in Chrome 42:

  • A number of new apps, extension and Web Platform APIs (including the Push API).
  • Add Bookmark is now redesigned.
  • Lots of under the hood changes for stability and performance.

Significant changes in Android version of Chrome 42:

  • Getting the latest updates from sites with notifications.
  • Adding your favorite sites to your homescreen is now even easier.
  • Bug fixes and speedy performance improvements.

Chrome 42 implements the following new features and updates:

  • JavaScript ES6 Classes - Add language support for ES6 classes.
  • JavaScript ES6 Extended Object Literals - Allows concise methods and property shorthands in object literals.
  • Encrypted Media Extensions (EME) - Defines a common API that may be used to discover, select and interact with Digital Rights Management systems for use with HTMLMediaElement.
  • Fetch API - Fetch API is a new API for loading resources in web applications. It's intended to supersede XMLHttpRequest. Fetch API is already available in ServiceWorker scope. This entry is for announcing its availability in window scope.
  • Push API - Push API provides webapps with scripted access to server-sent messages, for simplicity referred to here as push messages, as delivered by push services. A push service allows an application server to send messages to a webapp, regardless of whether the webapp is currently active on the user agent. The push message will be delivered to a Service Worker, which could then store the message's data or display a notification to the user.
  • Remove darker composite operator - Deprecate darker composite operator because Compositing spec doesn't contain "darker" composite operator.
  • Web Notifications using Service Workers - Web Notifications have an in-page event delivery model by default, which means that notifications cannot reliably outlive the page's lifetime. Allowing event delivery to be routed to a page's Service Worker provides a solid solution.
  • Web/native app install banners - Chrome 42 for Android will encourage users to add high quality sites they visit frequently to their home screen. In the future it will support the same for native apps. This entry is for the visual aspect, not the API surface.
  • WebAudio: Deprecate setting AudioBufferSourceNode.buffer more than once - Setting AudioBufferSourceNode.buffer more than once is deprecated. A deprecation message is displayed if the buffer attribute is assigned more than once.
  • WebAudio: OfflineAudioContext.startRendering() returns a promise - The startRendering() method for an OfflineAudioContext now returns a promise that is resolved with the rendered audio when rendering is done.
  • showModalDialog - The global showModalDialog() method displays a modal dialog box containing a specified HTML document. This feature has an incredibly high cost in terms of code complexity since it requires us to run an event loop on top of an arbitrary JavaScript stack. It also complicates the web platform by making task dispatch reentrant and hard to reason about. In Chrome 37 it was disabled and in Chrome 43 it is removed.

The new release also includes 45 security fixes. Chrome team highlighted the following fixes that were contributed by external researchers:

  • CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
  • CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
  • CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
  • CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
  • CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
  • CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
  • CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
  • CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
  • CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
  • CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
  • CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
  • CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).

Happy cross-browser testing in Chrome 42!