Wednesday 7 March 2018
0 comments

Google Chrome 65 Released For Mac, Windows And Linux OS With New Security Features

Google Chrome 65 Update


Google Chrome 65 Released For Mac, Windows And Linux OS With New Security Features.

Chrome 65.0.3325.146 contains a number of fixes and improvements.


The Chrome team is delighted to announce the promotion of Chrome 65 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Google is adding support for a Web Authentication API to allow the creation ans use of strong, attested, cryptographic scoped credentials by web Applications. This feature is to improve strong authenticating users. You can be enabled via flag.

The chrome browser now supports draft-23 of the TLS 1.3 protocol responsible for secure communication on the web.

New in Chrome 65 

CSS Paint API -

The CSS Paint API allows you to programmatically generate an image for CSS properties like background-image or border-image.

Instead of referencing an image, you can use the new paint function to draw the image - much like a canvas element.

<style>
  .myElem { background-image: paint(checkerboard); }
</style>
<script>
  CSS.paintWorklet.addModule('checkerboard.js');
</script>

For example, instead of adding extra DOM elements to create the ripple effect on a material styled button, you could use the paint API.

It’s also a powerful method of polyfilling CSS features that aren’t supported in a browser yet.

Server Timing API

Hopefully you’re using the navigation and resource timing APIs to track the performance of your site for real users. Until now, there hasn’t been an easy way for the server to report it’s performance timing.

The new Server Timing API allows your server to pass timing information to the browser; giving you a better picture of your overall performance.

You can track as many metrics as you want: database read times, start-up time, or whatever is important to you, by adding a Server-Timing header to your response:

'Server-Timing': 'su=42;"Start-up",db-read=142;"Database Read"'

They’re shown in Chrome DevTools, or you can pull them out of the response header and save them with your other performance analytics.

There are 45 security issues have been fixed including:


  • Flash errors
  • XSS in interstitials.
  • Mark-of-the-Web bypass. 
  • Heap buffer overflow in Skia
  • Stack buffer overflow in Skia
  • Same Origin Bypass via canvas.
  • CSP bypass through extensions.
  • URL Spoof in OmniBox.
  • Overly permissive cross origin downloads.
  • Information disclosure via texture data in WebGL.
  • Incorrect handling of URL fragment identifiers in Blink.


Google announces Chrome 64 for Android and Chrome OS will be available soon.

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

 
Toggle Footer
Top