Update Your Chrome Before it’s Too Late
Chrome rolled out a major security update i.e version 54. Here is why you should update your chrome ASAP!
The Chrome group is enchanted to declare the advancement of Chrome 54 to the steady channel – 54.0.2840.59 for Windows, Mac, and Linux. This will take off over the coming days/weeks.
Chrome 54.0.2840.59 contains various fixes and enhancements – a rundown of changes is accessible in the log. Keep an eye out for upcoming Chrome and Chromium blog posts about new features and enormous endeavors conveyed in 54.
This release is mainly focused on developers, but the improvements to how the browser handles YouTube embeds are also noteworthy. You can update to the latest version now using the browser’s built-in silent updater, or download it directly from google.com/chrome.
Chrome 54 changes YouTube Flash players to utilize the YouTube HTML5 embed style. YouTube jettisoned Flash for HTML5 in January 2015, yet the old embeds still exist everywhere throughout the web. Google says the change enhances both execution and security for its desktop browser.
The developer features in this release include:
- Navigations initiated in an unload handler will be blocked, and any prior navigation will continue.
- The imageSmoothingQuality attribute for CanvasRenderingContext2D allows developers to balance performance and image quality by adjusting resolution when scaling.
- Sites can use Node.getRootNode(options) to obtain the root for a given node.
- Using PushSubscription.options, sites can track applicationServerKeyswithout having to store them offline.
- The Resource Timing API now supports transfer, encoded, and decoded size attributes, allowing developers to measure cache hit rates and byte usage.
- The user-select property enables developers to specify which elements can be selected by the user and how.
- Foreign Fetch and WebUSB are available for experimentation as origin trials.
- The text-size-adjust property allows sites to control whether font size automatically scales on mobile devices.
- CacheQueryOptions now conforms to spec across all CacheStorage methods.
- initTouchEvent has been removed in favor of the new TouchEvent()constructor.
- SVGZoomEvent has been removed, as it is no longer part of the SVG 2.0 spec.
- SVGSVGElement.currentView, SVGSVGElement.useCurrentView, SVGViewSpec interface, and SVGSVGElement.viewport have been removed, as they are no longer part of the SVG 2.0 spec.
- SVGTests.requiredFeatures attribute has been deprecated, since it no longer provides useful functionality in the SVG 2.0 spec.
- SVGElement now supports the dataset property.
- The KeyEvent.keyIdentifier field has been removed in favor of theKeyboardEvent.key field.
- window.external.IsSearchProviderInstalled() and AddSearchProvider() are now no-ops, since they are unsupported in most other browsers.
Chrome 54 also implements 21 security fixes, of which Google chose to highlight the following:
- [$7500][645211] High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
- [$5500][638615] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN
- [$3000][645122] High CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
- [$3000][630654] High CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
- [$3000][621360] High CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
- [$1000][639702] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera
- [$3133.7][565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera
- [$1000][633885] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com
- [$500][646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of Tencent’s Xuanwu Lab
- [$500][644963] Medium CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi (@qab)
- [$500][639126] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
- [$N/A][642067] Medium CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen of OUSPG
- [$500][639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU (martinzhou96)
- [654782] CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives
I hope these components are sufficient for you to acknowledge worth of Google. As usual, the security alters alone ought to be sufficient motivation for you to upgrade.