Chrome 54 Brings 21 Security Fixes To Stable Channel

Advertisement
Advertisement

Google's Chrome browser gets more feature-rich and secure with each update, and Chrome 54 is no exception. Hanging around on the unstable channels since last month, the update brings a few cool new features, but the main focus is on security fixes. The newest version of Chrome to hit the stable channel, Chrome 54 is ready for primetime for Mac, Linux, and Windows users, and boasts 21 new security fixes from outside researchers, as well as a few new features that mostly affect developers, though users will start to notice a difference soon enough, once these new APIs and features begin seeing wide implementation.

On the new feature front, Chrome 54 features a move up to Custom Elements V1, while most browsers and sites still use V0. Custom Elements, in short, allows site authors to create their own HTML tags and other programming miscellany, then implement their creation in Java. The whole affair sticks to a rough syntax rule set, and V1 allows a wider range of actions and API calls than V0. Chrome will continue to support V0, but has not supported V1 until Chrome 54. The new update also implements a new API that allows open tabs and windows in Chrome to communicate between one another autonomously. Finally, Chrome 54 allows media to switch to full screen based on a user gesture or a flip of the orientation on mobile, and also allows background media playback, and can even let a developer know whether video is being played in the background.

As with any other Chrome release, Google's internal development team implemented a huge number of security fixes and performance tweaks, all of which can be found in the official changelog. 21 security fixes from outside efforts made their way into the stable version of the build, and most of them are fairly major hacks that could result in things like control-seizing buffer overflows and privilege escalations. The smallest payout of $500 was awarded to martinzhou96, while an anonymous white hat hacker claimed the build's largest payout of $7,500 for patching up a universal XSS error in Chrome's Blink core web engine, which means that the vulnerability could have been enacted on any page and through any object, so long as it interfaced with the core of the program.

Advertisement