Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":1795330,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"dev,security,","session":"D"}']

Chrome 45 launches with new developer features, automatically pauses less important Flash content, like ads

Google today launched Chrome 45 for Windows, Mac, Linux, and Android, with some expected changes and new developer tools. You can update to the latest version now using the browser’s built-in silent updater or download it directly from google.com/chrome.

Chrome is arguably more than a browser: With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with its regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1795330,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"dev,security,","session":"D"}']

First and foremost, Chrome now automatically pauses less-important Flash content (rolling out gradually, so be patient). This feature has been a long time coming from both Google and Adobe. With the goal of making Flash content more power-efficient in Chrome, in March, a setting was introduced to play less Flash content on the page, but it wasn’t turned on by default. In June, the option was enabled in the browser’s beta channel. Now it’s being turned on for everyone.

Here’s how the feature works. Chrome will automatically pause Flash content that isn’t “central to the webpage,” while keeping central content playing without interruption. For example, the video you’re watching will be unaffected, while animations on the side will be paused. If Chrome pauses something you’re interested in, you can resume playback by just clicking on it.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Over the last few months, Google has admitted that the feature would pause a lot of plugin content, including “many Flash ads.” The goal, according to the company, is to increase page-load speed and reduce power consumption, though it hasn’t shared any hard data on what kind of improvements users can expect.

Next, Chrome has gained new JavaScript features — defined in the ES2015 specification (formerly known as ES6). More specifically, developers can now use arrow functions and new array methods (samples here).

Google has also implemented Subresource Integrity, which can help mitigate the risk of a compromised server and make sure only the expected resource is used (as opposed to any resource at a given URL). The security risk is further mitigated by using a hash (sample).

It has become a new custom for Google Developers to explain all of the above in a nerdy video with code examples (watch out for the compromised “server”):

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1795330,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"dev,security,","session":"D"}']

Other developer features in this release include:

Chrome 45 also includes 29 security fixes, of which Google chose to highlight the following:

  • [$7500][516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
  • [$7500][522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
  • [$7500][524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [$5000][492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
  • [$3000][502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
  • [$1000][421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
  • [$3000][510802] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
  • [$3000][518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
  • [$2000][416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
  • [$1000][511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.
  • [526825] CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.5 branch (currently 4.5.103.29).

If you add all those up, you’ll see Google spent at least $40,500 in bug bounties for this release (there are additional bounties that still don’t have a reward amount set). The security improvements alone should be enough incentive for you to upgrade to Chrome 45.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More