Yesterday Google Chrome team released the stable version of Chrome 43 on Windows, Mac and Linux. We just deployed Chrome 43 to all our OS platforms and it's now available to all our paying customers and free users.
Try Chrome 43 in Browserling now!
Significant changes in Chrome 43:
- Numerous bug fixes and security fixes.
Significant changes in Android version of Chrome 43:
- Faster Checkout – Quickly and securely complete checkout forms with data from Google Wallet.
- Touch to Search – Learn more about words and phrases by touching them on your screen.
- Bug fixes and speedy performance improvements.
- No longer supports Android 4.0 (Ice Cream Sandwich).
Chrome 43 implements the following new features and updates:
- Allow JS-triggered copy/cut with a user gesture -
execCommand("cut")should be allowed to modify the system clipboard in the context of a user gesture (the spec uses the language "allowed to show a popup").
- Attr child nodes - Attr should not have any child nodes per the DOM spec and should not inherit from Node. This entry covers the child node aspect only.
- Cache API (global scope) - The Cache API allows authors to fully and conveniently manage their content caches for offline use. An origin can have multiple, named Cache objects. This API is already available in a Service Worker context. This entry is to make it available globally (=> accessible from a document context).
- Fetch API: streaming response body - Addition of the
response.bodyproperty to the Fetch API.
response.bodyis a ReadableStream from the Streams Standard.
- Move DOM attributes to prototype chains - Blink has placed DOM attributes on instances instead of prototypes. However, the Web IDL spec requires that DOM attributes must be placed on prototype chains (except for a few exceptions such as static attributes and [Unforgeable].) We move DOM attributes on instances to prototype chains following the spec.
- Permissions API - The Permissions API allows a web application to be aware of the status of a given permission, to know whether it is granted, denied or if the user will be asked whether the permission should be granted. The purpose of the API is to improve general UX with regards to permissions on the Web, allowing developers to be aware of what is going to happen will enable better flow.
- Unprefixed CSS Animations - CSS Animations without the -webkit- prefix.
- Upgrade insecure requests - We encourage authors to transition their sites and applications away from insecure transport, and onto encrypted and authenticated connections, but mixed content checking causes headaches. This feature allows authors to ask the user agent to transparently upgrade HTTP resources to HTTPS to ease the migration burden.
- Web MIDI API - Defines an API supporting the MIDI protocol, enabling web applications to enumerate and select MIDI input and output devices on the client system and send and receive MIDI messages.
- WebAudio: Allow developers to close an AudioContext explicitly - An AudioContext can now be explicitly closed, thereby releasing any hardware resources associated with the AudioContext. Without this, developers had to depend on garbage collection of the AudioContext to release hardware resources.
- WebAudio: AudioBuffer copyFromChannel and copyToChannel - Support the
copyToChannelmethods on a WebAudio AudioBuffer.
- WebAudio: Selective Disconnection on AudioNode.disconnect() - Currently
AudioNode.disconnect()disconnects all existing connections from output(s) of the AudioNode. This is to support disconnecting only one connection. There have been numerous requests to support selective disconnection with disconnect() method and Audio WG agreed to change the spec to accommodate the feature request. With this change, it is possible to disconnect a signal path out of multiple connections to AudioNode input or AudioParam.
- autocapitalize - Enables web pages to give hint with regards to the autocapitalization behaviour to use on text fields.
- overflowchanged event - The overflowchanged event and the OverflowEvent interface have been removed.
The new release also includes 37 security fixes. Chrome team highlighted the following fixes that were contributed by external researchers:
- CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
- CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
- CVE-2015-1254: Cross-origin bypass in Editing. Credit to Armin Razmdjou.
- CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
- CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
- CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative
- CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
- CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
- CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
- CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
- CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
- CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
- CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
- CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.
Happy cross-browser testing in Chrome 43!
Email this blog post to your friends or yourself!
Enter a URL to test, choose platform, browser and version, and you'll get a live interactive browser in 5 seconds!