Planet Chromium

April 25, 2017

Google Chrome

Chrome Product Manager

We're adding neural machine translations to Chrome for nine more languages, for a total of more than 20. The result is higher-quality, full-page translations that are more accurate and easier to read.

by Yana Yushkina at April 25, 2017 06:30 PM

Google Chrome Releases

Dev Channel Update for Desktop

The dev channel has been updated to 59.0.3071.25/.26 for Windows and 59.0.3071.25 for Mac and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at April 25, 2017 12:39 PM

Chrome for Android Update

Good news, everyone!  Chrome 58 (58.0.3029.83) for Android has been released and will be available on Google Play over the course of the next week.  This release contains performance and stability fixes, as well as a few new features:
  • View and manage in-progress downloads on the Downloads page
  • View and clear your browsing data more easily on the redesigned History page
  • Long-press a link to open it in a new Chrome tab (from Chrome Custom Tabs)
A partial list of the changes in this build is available in the Git log.

If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Alex Mineer
Google Chrome

by Alex Mineer (noreply@blogger.com) at April 25, 2017 11:46 AM

Stable Channel Updates for Chrome OS

The Stable channel has been updated to 57.0.2987.146, 57.0.2987.148, 57.0.2987.154 (Platform version: 9202.64.0, 9202.66.0, 9202.71.0) for all Chrome OS devices. This build contains a number of bug fixes, security updates, and feature enhancements. A list of changes can be found hereSystems will be receiving updates over the next several days.

Security Fixes:
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).


Ketaki Deshpande
Google Chrome

by Ketaki Deshpande (noreply@blogger.com) at April 25, 2017 10:41 AM

April 20, 2017

Google Chrome Releases

Dev Channel Update for Desktop

The dev channel has been updated to 59.0.3071.15/.16 for Windows and 59.0.3071.15 for Mac and Linux.



A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at April 20, 2017 01:36 PM

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 58 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.


Chrome 58.0.3029.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 58.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 29 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$3000][695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
[$2000][694382] High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
[$N/A][684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative
[$2000][683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
[$2000][672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
[$1500][702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
[$1000][700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
[$1000][693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
[$500][704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
[$500][690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)
[$500][648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
[$N/A][691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [713205] Various fixes from internal audits, fuzzing and other initiatives


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer.


Interested in switching release channels? Find out how.  If you find a new issue, please let us know by filing a bug.  The community help forum is also a great place to reach out for help or learn about common issues.


Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at April 20, 2017 11:53 AM

Beta Channel Update for Chrome OS

The Beta channel has been updated to 58.0.3029.78 (Platform version: 9334.52.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days. 

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser). 

Bernie Thompson
Google Chrome

by Bernie Thompson (noreply@blogger.com) at April 20, 2017 11:44 AM

April 19, 2017

Google Chrome Releases

Beta Channel Update for Desktop

The beta channel has been updated to 58.0.3029.81 for Windows, Mac, and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at April 19, 2017 12:06 PM

April 18, 2017

Google Chrome Releases

Dev Channel Update for Desktop

The dev channel has been updated to 59.0.3071.9/.10 for Windows and 59.0.3071.9 for Mac and Linux.



A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at April 18, 2017 03:31 PM

April 17, 2017

Google Chrome

Product Manager and Chrome Security Sorceress

You shouldn’t need to be a security expert to use the web safely, so we built Chrome to be secure by default. Here's a quick refresher on how Chrome keeps you safe.

by Emily Schechter at April 17, 2017 04:00 PM

April 13, 2017

Google Chrome Releases

Beta Channel Update for Chrome OS

The Beta channel has been updated to 58.0.3029.68 (Platform version: 9334.42.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days. 

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser). 

Bernie Thompson
Google Chrome

by Bernie Thompson (noreply@blogger.com) at April 13, 2017 11:34 AM

April 12, 2017

Google Chrome

Creative Technologist

We’ve created a showcase of the amazing VR experiences developers are building on the web. To play with them, all you need is a browser.

by Jonas Jongejan at April 12, 2017 04:00 PM

Chromium Blog

Real-world JavaScript performance

The V8 JavaScript engine is a cornerstone of fast browsing in Chrome. Over the course of the past year, the V8 team has developed a new method for measuring performance against snapshots of real web pages. Using insights from real-world measurements, the V8 team improved the speed of the average page load in Chrome by 10-20% over the course of the past year.


Historically, JavaScript engines such as V8 used benchmarks like Octane to improve the “peak” performance of JavaScript, or the performance of CPU-intensive script in hot loops. At the beginning of last year, the V8 team started to measure performance with higher fidelity by instrumenting snapshots of popular web pages such as Reddit, Twitter, Facebook, and Wikipedia. This analysis revealed that while peak performance benefits certain types of large web applications, browsing typical websites relies more on “startup” performance, or the speed it takes to start running script. Using insights gleaned from this real-world performance data, the V8 team implemented optimizations which improved mean page load between Chrome 49 and Chrome 56 by 10-20%, depending on CPU architecture.


The web page snapshots also enabled analysis of the differences between various benchmarks and real web workloads. Although no benchmark can be a representative proxy for all sites, the Speedometer benchmark is an approximation of many sites due to its inclusion of real web frameworks including React, Angular, Ember, and jQuery. This similarity can be seen in the startup optimizations above, which also yielded a 25-35% improvement in Chrome’s Speedometer score. Conversely, comparing page snapshots to Octane revealed that Octane was a poor approximation of most websites. Given the plateau of Octane scores across web browsers and the over-optimization of peak performance, we decided to retire the benchmark as a general-purpose measure of real-world JavaScript performance.

V8 performance optimizations improved Chrome's Speedometer score by 25-35% over the past year


Going forward, we plan to ship more JavaScript performance improvements for new patterns of script appearing on the web, including modern libraries, frameworks, and ES2015+ language features. By measuring real-world websites rather than traditional benchmarks, we can better optimize JavaScript patterns that matter most to users and developers. Stay tuned for updates about our new engine architecture, designed for real-world performance.


Posted by Seth Thompson, V8 Track Commentator

by Chrome Blog (noreply@blogger.com) at April 12, 2017 12:54 PM

Google Chrome Releases

Dev Channel Update for Chrome OS

The Dev channel has been updated to 59.0.3065.0 (Platform version: 

9449.0.0) for all Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.


If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser). 

Grace Kihumba
Google Chrome

by Grace Kihumba (noreply@blogger.com) at April 12, 2017 12:21 PM

V8 JavaScript Engine

Retiring Octane

The genesis of Octane

The history of JavaScript benchmarks is a story of constant evolution. As the web expanded from simple documents to dynamic client-side applications, new JavaScript benchmarks were created to measure workloads that became important for new use cases. This constant change has given individual benchmarks finite lifespans. As web browser and virtual machine (VM) implementations begin to over-optimize for specific test cases, benchmarks themselves cease to become effective proxies for their original use cases. One of the first JavaScript benchmarks, SunSpider, provided early incentives for shipping fast optimizing compilers. However, as VM engineers uncovered the limitations of microbenchmarks and found new ways to optimize around SunSpider’s limitations, the browser community retired SunSpider as a recommended benchmark.

Designed to mitigate some of the weaknesses of early microbenchmarks, the Octane benchmark suite was first released in 2012. It evolved from an earlier set of simple V8 test cases and became a common benchmark for general web performance. Octane consists of 17 different tests, which were designed to cover a variety of different workloads, ranging from Martin Richards’ kernel simulation test to a version of Microsoft’s TypeScript compiler compiling itself. The contents of Octane represented the prevailing wisdom around measuring JavaScript performance at the time of its creation.

Diminishing returns and over-optimization

In the first few years after its release, Octane provided a unique value to the JavaScript VM ecosystem. It allowed engines, including V8, to optimize their performance for a class of applications that stressed peak performance. These CPU-intensive workloads were initially underserviced by VM implementations. Octane helped engine developers deliver optimizations that allowed computationally-heavy applications to reach speeds that made JavaScript a viable alternative to C++ or Java. In addition, Octane drove improvements in garbage collection which helped web browsers avoid long or unpredictable pauses.

By 2015, however, most JavaScript implementations had implemented the compiler optimizations needed to achieve high scores on Octane. Striving for even higher benchmark scores on Octane translated into increasingly-marginal improvements in the performance of real web pages. Investigations into the execution profile of running Octane versus loading common websites (such as Facebook, Twitter, or Wikipedia) revealed that the benchmark doesn’t exercise V8’s parser or the browser loading stack the way real-world code does. Moreover, the style of Octane’s JavaScript doesn’t match the idioms and patterns employed by most modern frameworks and libraries (not to mention transpiled code or newer ES2015+ language features). This means that using Octane to measure V8 performance didn’t capture important use cases for the modern web, such as loading frameworks quickly, supporting large applications with new patterns of state management, or ensuring that ES2015+ features are as fast as their ES5 equivalents.

In addition, we began to notice that JavaScript optimizations which eked out higher Octane scores often had a detrimental effect on real-world scenarios. Octane encourages aggressive inlining to minimize the overhead of function calls, but inlining strategies that are tailored to Octane have led to regressions from increased compilation costs and higher memory usage in real-world use cases. Even when an optimization may be genuinely useful in the real-world, as is the case with dynamic pretenuring, chasing higher Octane scores can result in developing overly-specific heuristics which have little effect or even degrade performance in more generic cases. We found that Octane-derived pretenuring heuristics led to performance degradations in modern frameworks such as Ember. The `instanceof` operator was another example of an optimization tailored to a narrow set of Octane-specific cases that led to significant regressions in Node.js applications.

Another problem is that over time, small bugs in Octane become a target for optimizations themselves. For example, in the Box2DWeb benchmark, taking advantage of a bug where two objects were compared using the `<` and `>=` operators gave a ~15% performance boost on Octane. Unfortunately, this optimization had no effect in the real world and complicates more general types of comparison optimizations. Octane sometimes even negatively penalizes real-world optimizations: engineers working on other VMs have noticed that Octane seems to penalize lazy parsing, a technique that helps most real websites load faster given the amount of dead code frequently found in the wild.

Beyond Octane and other synthetic benchmarks

These examples are just some of the many optimizations which increased Octane scores to the detriment of running real websites. Unfortunately, similar issues exist in other static or synthetic benchmarks, including Kraken and JetStream. Simply put, such benchmarks are insufficient methods of measuring real-world speed and create incentives for VM engineers to over-optimize narrow use cases and under-optimize generic cases, slowing down JavaScript code in the wild.

Given the plateau in scores across most JS VMs and the increasing conflict between optimizing for specific Octane benchmarks rather than implementing speedups for a broader range of real-world code, we believe that it is time to retire Octane as a recommended benchmark.

Octane enabled the JS ecosystem to make large gains in computationally-expensive JavaScript. The next frontier, however, is improving the performance of real web pages, modern libraries, frameworks, ES2015+ language features, new patterns of state management, immutable object allocation, and module bundling. Since V8 runs in many environments, including server side in Node.js, we are also investing time in understanding real-world Node applications and measuring server-side JavaScript performance through workloads such as AcmeAir.

Check back here for more posts about improvements in our measurement methodology and new workloads that better represent real-world performance. We are excited to continue pursuing the performance that matters most to users and developers!

Posted by the V8 team

by Seth Thompson (noreply@blogger.com) at April 12, 2017 12:03 PM

Google Chrome Releases

Beta Channel Update for Desktop

The beta channel has been updated to 58.0.3029.68 for Windows, Mac, and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at April 12, 2017 11:55 AM

April 11, 2017

Google Chrome

Creative Technologist

AutoDraw is a new A.I. Experiment, built by Google Creative Lab, which uses machine learning and artists’ drawings, to help everyone create anything visual, fast.

by Dan Motzenbecker at April 11, 2017 05:15 PM

“The Unbouncer”

The latest update to Chrome introduces scroll anchoring, which locks the content you’re currently looking at to the screen so you can keep reading easily.

by Steve Kobes at April 11, 2017 04:00 PM

Google Chrome Releases

Dev Channel Update for Desktop

The dev channel has been updated to 59.0.3067.6/.9 for Windows and 59.0.3067.0 for Mac and Linux.



A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at April 11, 2017 03:41 PM

Chromium Blog

Scroll anchoring for web developers

One of the strengths of the web is progressive loading, which means that there is no install step and users can start consuming content almost immediately while the site keeps loading. But progressive loading can also result in annoyances, such as an unexpected page jump when offscreen content loads and pushes down what’s currently on the screen. This can be even worse on mobile devices, since smaller screens mean more content is offscreen and page jumps are more likely.



Since its early days, Chrome has taken a stand against bad or abusive content. For instance, Safe Browsing warns users before they visit malicious websites, and visual indicators on tabs allow our users to quickly track down the source of unexpected noise. Similar to other features designed to protect our users from bad experiences, starting in version 56 Chrome prevents these unexpected page jumps with a new feature called scroll anchoring. This feature works by locking the scroll position on an on-screen element to keep our users in the same spot even as offscreen content continues to load.


Side by side comparison of a web page with scroll anchoring disabled (left) and enabled (right).



Due to the expressiveness of the web, there might be some content for which scroll anchoring is either unwanted or misbehaving. For this reason, this feature ships alongside the ”overflow-anchor” CSS property to override the functionality. To further minimize potential issues, scroll anchoring is disabled on complex interactive layouts via suppression triggers, and on back/forward navigations to allow for scroll restoration.



Today, scroll anchoring is preventing about three page jumps per page-view, but with your help it could be even better. Get involved by participating in the scroll anchoring Web Platform Incubator Community Group, submitting feedback via g.co/reportbadreflow, and designing your websites or services with a no-reflow mindset.


Posted by Steve Kobes, “The Unbouncer”

by Chrome Blog (noreply@blogger.com) at April 11, 2017 09:00 AM

April 06, 2017

Google Chrome Releases

Dev Channel Update for Desktop

The dev channel has been updated to 59.0.3063.4/.5 for Windows and 59.0.3063.4 for Mac and Linux.



A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at April 06, 2017 07:09 PM

April 05, 2017

Google Chrome Releases

Beta Channel Update for Desktop

The beta channel has been updated to 58.0.3029.54 for Windows, Mac, and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at April 05, 2017 12:06 PM

Beta Channel Update for Chrome OS

The Beta channel has been updated to 58.0.3029.51 (Platform version: 9334.33.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days. 

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser). 

Bernie Thompson
Google Chrome

by Bernie Thompson (noreply@blogger.com) at April 05, 2017 09:43 AM