Google today launched Chrome 51 for Windows and Mac, promising that the Linux version will “ship shortly.” This release includes the usual slew of developer features, but users should benefit from some of the improvements right away. You can update to the latest version now using the browser’s built-in silent updater, or download it directly from google.com/chrome.

Chrome is arguably more than a browser: With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with its regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available.

First up, Google has added the Credential Management API to Chrome. In short, the new API allows developers to use Chrome’s credential managers more extensively than just for storing a saved password. Custom login flows, remembering federated identity preferences, and general interaction to improve the login experience for users is now possible. Users can sign in with one tap and automatically sign back in when returning to the site.

chrome_credential_management_api

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Next up, the Intersection Observer API allows sites to detect element intersections as an asynchronous event. Sites can receive a callback whenever any element intersects a watched element or its children. Providing viewability information in this more efficient way eliminates the need for costly document monitoring. In short, sites no longer need to implement this functionality with custom JavaScript, and they gain the benefits of improved page load and scroll performance.

Google has also reduced the overhead of offscreen rendering. Chrome no longer runs the rendering pipeline or requestAnimationFrame() callbacks for cross-origin frames that are offscreen. This eliminates unnecessary work and also reduces power consumption by up to 30 percent, according to Google’s own tests on several popular mobile sites. This essentially means that embedded content like videos, social widgets, and ads no longer create overhead that slow down the page.

Lastly, SPDY and NPN support have been removed (a little later than promised) in favor of the standards-based HTTP/2 protocol and ALPN. SPDY, which is not an acronym but just a short version of the word “speedy,” is a protocol — developed primarily at Google — to improve browsing by forcing SSL encryption for all sites and speeding up page loads. The TLS extension NPN allows servers to negotiate SPDY and HTTP/2 connections with clients, but ALPN is more secure.

Other developer features in this release include:

Chrome 51 also includes 42 security fixes, of which Google chose to highlight the following:

  • [$7500][590118]High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
  • [$7500][597532]High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][598165]High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
  • [$7500][600182]High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][604901]High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
  • [$4000][602970]Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
  • [$3500][595259]High CVE-2016-1678: Heap overflow in V8. Credit to Christoph Diehl.
  • [$3500][606390]High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  • [$3000][589848]High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
  • [$3000][613160]High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
  • [$1000][579801]Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to kingstonmailbox.
  • [$1000][583156]Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
  • [$1000][583171]Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
  • [$1000][601362]Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603518]Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603748]Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  • [$1000][604897]Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  • [$1000][606185]Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
  • [$1000][608100]Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  • [$500][597926]Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
  • [$500][598077]Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
  • [$500][598752]Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to jackwillzac.
  • [$500][603682]Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester.
  • [614767] CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives.

If you add all those up, you’ll see Google spent a massive $65,500 in bug bounties. The security fixes alone should be enough incentive for you to upgrade to Chrome 51.

Chrome 51 for Android and iOS are also on their way, but Google has not shared exactly when they will ship. Chrome 52 will arrive in early July.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More