Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":2009185,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"bots,business,dev,security,","session":"A"}']

Chrome 52 arrives with new developer features and removes the app launcher

Google today launched Chrome 52 for Windows, Mac, and Linux. This release is mainly focused on developers, but users should benefit from some of the improvements right away. You can update to the latest version now using the browser’s built-in silent updater, or download it directly from google.com/chrome.

Chrome is arguably more than a browser: With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with its regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":2009185,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"bots,business,dev,security,","session":"A"}']

As promised, in this release Google has removed the last instances of the Chrome app launcher. The tool, which let users launch Chrome apps even if the browser is not running, will continue to live on in Chrome OS.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Next, the new CSS contain property allows developers to prevent an element’s children from displaying outside of its bounds. When an element updates, Chrome can ignore any element outside the parent node during rendering. The goal is faster rendering times — Chrome uses heuristics to determine which parts of a page have changed and should be updated, but because elements can display outside the bounds of their parents, changes to one element can affect elements anywhere else in the document. CSS Containment lets Chrome consider fewer elements while rendering.

The PerformanceObserver API allows sites to collect real-user measurement (RUM) at runtime by declaring which metrics they’re interested in. Instead of polling for updates, the browser simply notifies the site when new data points for those metrics become available. This is superior to Chrome’s DevTools local site testing as it can be used to determine how a site performs for real users with varied devices.

Service workers have gained streaming support. Sites can now use the Streams API to gain obvious speed benefits:

https://www.youtube.com/watch?v=Byvwbo1YyEU

Lastly, Chrome now supports VAPID, an open standard for authenticating a site’s server with a push service. Sites are given a Firebase Cloud Messaging endpoint that supports the cross-browser web push protocol.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":2009185,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"bots,business,dev,security,","session":"A"}']

Other developer features in this release include:

Chrome 52 also includes 48 security fixes, of which Google chose to highlight the following:

  • [$15000][610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie
  • [$3000][622183] High CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent’s Xuanwu Lab
  • [$TBD][613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
  • [$TBD][614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team
  • [$TBD][616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
  • [$TBD][617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
  • [$TBD][618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
  • [$TBD][619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
  • [$TBD][620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
  • [$TBD][623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar
  • [$TBD][623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
  • [$1000][607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly
  • [$1000][613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor
  • [$500][593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone
  • [$500][605451] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to kingxwy
  • [$TBD][625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
  • [$TBD][625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu
  • [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.

If you add all those up, you’ll see Google spent just $21,000 in bug bounties this time around — but that number is lowballing it given all the rewards that have yet to be decided. As always, the security fixes alone should be enough incentive for you to upgrade.

Chrome 52 for Android and iOS are also on their way, but Google has not shared exactly when they will ship. Chrome 53 will arrive in September.

[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":2009185,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"bots,business,dev,security,","session":"A"}']

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More