

Chrome 14 released - AshleysBrain
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

======
samstokes
This release includes another significant change that, for some reason,
neither the submitted article nor the higher-level announcement [1] mentions:
if an HTTPS page loads a script over HTTP, the script is now blocked from
executing. There's a popup which warns you that "This page has insecure
content", and you can opt to ignore the warning and unblock.

[1] [http://chrome.blogspot.com/2011/09/new-stable-release-of-
chr...](http://chrome.blogspot.com/2011/09/new-stable-release-of-chrome-
expanding.html)

~~~
stanleydrew
This was covered a little while back. [1][2]

Still worthy of mention though. I personally love this change. I am on the dev
channel (15.0.874.5) and I think insecure content is just blocked by default,
without a dialog.

[1] <http://news.ycombinator.com/item?id=2662694> [2]
<http://news.ycombinator.com/item?id=2698378>

~~~
samstokes
It was covered as a future change, but as it breaks apps, it's important to
note that this release brings it into the mainstream.

~~~
stanleydrew
Agreed, although you could argue that apps were already broken. Chrome just
isn't as kind to broken apps anymore.

------
sho_hn
BTW, has anyone actually seen an extension using the experimental sidebar API
in the wild?

[http://code.google.com/chrome/extensions/experimental.sideba...](http://code.google.com/chrome/extensions/experimental.sidebar.html)

I've been waiting for a bookmarks sidebar (which I habitually use as a reading
queue in other browsers).

~~~
MatthewPhillips
You're not allowed to submit extensions/apps that use the experimental APIs.

~~~
sho_hn
Right, but what's to stop you from publishing one on your personal blog? I
googled for people playing around with it and came up more or less empty-
handed. Or is extension install non-trivial if you're not going through the
web catalog? How do extension authors test their work?

~~~
MatthewPhillips
I've written only apps for Chrome, not extensions, but the process is nearly
identical. If you go to Wrench > Tools > Extensions you can load the directory
you're working in. I suppose you can self-publish extensions with the
experimental APIs but I doubt many people play around with
chrome.experimental. I played around with chrome.experimental.tts a bit, but
not knowing if the feature will be killed or promoted is reason enough not to
waste too much of your time.

------
nextparadigms
How come they didn't mention it includes Native Client and the Web Audio API?
That is very newsworthy.

[http://www.readwriteweb.com/archives/new_chrome_blurs_the_li...](http://www.readwriteweb.com/archives/new_chrome_blurs_the_line_between_web_and_native_a.php)

------
stanleydrew
Does anybody have more details about this bug or the fix. The Google code link
403s for me:

[$2337] [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.

[93906] <http://code.google.com/p/chromium/issues/detail?id=93906>

~~~
aboodman
I think the release managers usually unlock security bugs for a release once
most of the population has been updated. So check back in a few days to a
week.

~~~
simonbrown
The blog posts mention that the bugs are only kept private until most people
are up to date, but some never seem to be made public. For example:

[http://googlechromereleases.blogspot.com/2011/01/chrome-
stab...](http://googlechromereleases.blogspot.com/2011/01/chrome-stable-
release.html)

Some of the bugs (e.g. 66560) still give me a 403 (although some are
accessible).

~~~
aboodman
Of the 15 bugs there, 9 are open now. I'll poke someone more knowledgable and
ask them to explain why the others have not been opened.

I could imagine that it's that the process for unlocking them is manual and
easy to forget, or it could be that other instances of those bugs were
uncovered so it still isn't safe to open them.

~~~
aboodman
aayra (who replied to great-grandparent) works on Chrome security team. It
looks like all the bugs that are still closed are WebKit bugs (css, svg, etc),
and we don't open them until the other WebKit clients are updated.

------
cultureulterior
Which only means all the bugs get a "MovedFrom-14" tag.

------
stock_toaster
looks like full-screen is back in lion, and actually works!

------
0xABADC0DA
Big fan of Firefox nightly here. It's only 5% slower than Chrome dev channel
on Kracken, has a better garbage collector (fewer pauses, less overhead), is
more configurable (UI, better extensions), about the same compositing, scales
to any number of open tabs.

~~~
joenathan
I can't wait until the new download manager lands, the current download window
feels archaic.

~~~
mixmastamyk
Try download status bar, been using it for years.

------
sixothree
I don't understand why security-minded people seem to use Chrome more than
Chromium. Does anyone understand this?

~~~
untog
What do you mean "security-minded"? Chrome doesn't include HTTPS or XSS
vulnerabilities that Chromium does not. Both browsers are as 'secure' as each
other.

I assume you really mean "people who don't like sharing personal data".
They're different things.

~~~
sixothree
Correct, I meant privacy-minded.

------
imrehg
Well, I'm happily running 16.0.878.0 now :) (newer builds break, but only a
matter of days till it will be fixed, most likely)

------
natmaster
And people complain about the new Firefox release cycles. At least they ship
improvements to the browser every release, instead of just shipping fast.

~~~
aboodman
What?

Firstly, there are several improvements:

[http://chrome.blogspot.com/2011/09/new-stable-release-of-
chr...](http://chrome.blogspot.com/2011/09/new-stable-release-of-chrome-
expanding.html)

Secondly, Firefox's new release is the same as Chrome's. Every six weeks, like
clockwork. More releases, less big features in each release.

~~~
natmaster
Like I said, same release cycle, but barely shipping anything. Please try to
read comments before you reply to them. Thanks!

~~~
ary
Please try to know your history before posting. Thanks!

The Chrome release cycle is meant to make sure not only _features_ , but
critical _updates_ make it out to users on a timely basis. Every release isn't
guaranteed to be feature-packed because that isn't the goal.

Ultimately it's about keeping the project on a steady rhythm of development
which sees features and fixes out the door _as soon as they're ready_.

~~~
natmaster
I'm not complaining about Chrome's release cycle. I'm pointing out the double
standard.

Don't assume things!

