This article was published on July 9, 2013

Chrome 28 arrives with Blink, rich notifications for apps and extensions on Windows; Mac and Linux coming soon


Chrome 28 arrives with Blink, rich notifications for apps and extensions on Windows; Mac and Linux coming soon

Google today released Chrome version 28 for Windows and Mac. The new version features a notification center, although it’s only available on Windows (in addition to Chrome OS of course, which has had it for a while now). You can update to the latest release now using the browser’s built-in silent updater, or download it directly from google.com/chrome.

This is also the first release of Chrome that ships with Blink instead of WebKit. You can check the Blink ID yourself tag by navigating to chrome://version/.

If you’re wondering about Chrome for Linux, it actually hit version 28 before the other two desktop platforms: on June 17. The minimum requirements were updated to the following Linux distribution version: Ubuntu 12.04+, Debian 7+, OpenSuSE 12.2+, and Fedora Linux 17+.

chrome_28

“We’ve designed these notifications to be beautiful, useful and engaging,” Google says. Notifications from apps and extensions can be formatted to display text and images, as well as include actions directly inside the pop-up.

Here’s an example:

5xHEAF_Ri1UWJATLBoPXhLOctYEW0af4SatVcJCX7UwVBdsOzPM8yxPOIpc7jG5VNw=s2000

Both Chrome and Chrome OS already support basic Web notifications, but rich notifications for Chrome packaged apps and extensions significantly change the game since not only can they display content like lists and images, but users can act directly on them. Furthermore, notifications now live in a center outside the browser, which allows users to receive notifications even when the browser isn’t open.

We’ve heard about the notification center on Windows since at least January. Chrome Canary for Windows received it in March, solidifying the speculation.

Yet a lot has changed since then. Here are what the notifications look like on Windows in the latest version of Chrome:

blog_post_pic

Mac will likely be the next platform to get the notification center. In May, it showed up in Chromium for Mac and the Chrome blog today specifically said “Mac is coming soon” (although Google has been talking about Mac and Linux support for months).

Many believe the notification center is key to bringing Google Now to the desktop, which has also showed up in pre-release builds of Chrome as well as in Chromium. Yet Google hasn’t enabled Google Now in Chrome yet, though it has been working with other app and extension makers to build rich notifications into their projects.

If you’re a developer, you can start building your own rich notifications into your app or extension too. Google has a Notify Test App and documenation for you to peruse over. The company is also taking feedback and offering support over at Stack Overflow, its mailing list, and issue tracker.

Google previously also offered the following details for developers:

Apart from the basic notification type shown above, you can use other formats like image to show a preview of an image within the notification or list to coalesce multiple notifications from your app into a single one. For example, a mail app could show multiple unread emails within a single notification using the list type. You can also specify different priorities for notifications that determine how long they stay on the screen before moving into the notification center where they continue to live until dismissed by the app or user.

As in previous releases, Google also included the usual bug fixes, a new version of V8, and so on in Chrome version 28.0.1500.71. For more details, you can check out the full SVN revision log.

Last but certainly not least, Chrome 28 also addresses 16 security issues (one Critical, four rated High, seven marked Medium, and three considered Low):

  • [252216] Low CVE-2013-2867: Block pop-unders in various scenarios.
  • [252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets.
  • [252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. [$21,500] A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.
  • [245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team.
  • [$6267.4] [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne.
  • [$3133.7] [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris.
  • [$2000] [243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.
  • [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla.
  • [$1000] [241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz.
  • [Windows + NVIDIA only] [$500] [237611] Medium CVE-2013-2874: Screen data leak with GL textures. Credit to “danguafer”.
  • [$500] [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.
  • [229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe.
  • [229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.
  • [196636] None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson.
  • [177197] Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG.
  • [256985] High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives (Chrome 28).

Google thus spent a whopping $34,901.1 in bug bounties this release and plugged two more security holes compared to the previous Chrome release. These fixes alone should push Chrome users to upgrade as soon as possible.

Top Image Credit: casasroger/Flickr

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with