Google today released Chrome version 35 for Windows, Mac, and Linux (Update: Android as well). The new version is mainly for developers, especially those building Web content and apps for mobile devices – this release doesn’t appear to have any new features targeted at the end user. You can update to the latest release now using the browser’s built-in silent updater, or download it directly from google.com/chrome.
Update: It’s worth adding that aside from the developer additions, this release also enables “Ok Google” voice search, which was previously added in Chrome 34 beta, for all users. Visit Google.com, or open a tab if Google is your default search engine, and say “Ok Google” to get going.
At the time, Google said the feature was limited to US English users and that support for additional languages was “coming soon.” Unfortunately, “soon” hasn’t arrived yet and only Americans have access to this feature.
Here’s the Chrome version 35.0.1847.116 changelog provided by Google:
- More developer control over touch input.
- Unprefixed Shadow DOM.
- A number of new apps/extension APIs.
- Lots of under the hood changes for stability and performance.
First up, Google is promising more developer control over touch and zoom input. The touch-action CSS property lets developers use a declarative mechanism to selectively disable touch scrolling, pinch-zooming, or double-tap-zooming on parts of their Web content. Unfortunately, this was in Chrome 35 beta but appears to have been delayed. Meanwhile, Web content on desktop computers will now receive mouse scroll wheel events with the ctrlKey modifier set, which lets developers do something different than simply default to triggering browser zoom (Google offers the example of being able to zoom in Google Maps, as opposed to zooming on the whole webpage).
- Promise, a value that may not be available yet but will be known at some point in future, and is meant to help writing cleaner asynchronous code.
- WeakMaps and WeakSets allow developers to create efficient, garbage-collected data structures. In both, references to objects are held weakly: if there is no other reference to an object stored in the WeakSet, it can be garbage collected. This helps avoid memory leaks.
Google has also added support for unprefixed Shadow DOM; the prefixed implementation of Shadow DOM was made available with the release of Chrome 25. The addition brings reliable composition of user interface elements by allowing developers to scope their HTML markup, CSS, and hide the implementation details of complex components, as well as build their own first-class elements and APIs with Custom Elements.
Last but certainly not least, Chrome 35 also addresses 23 security issues, of which Google chose to highlight the following:
- [$3000] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
- [$3000] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
- [$1000] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
- [$1000] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.
- [$1000] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
- [$500] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.
-  CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.
-  CVE-2014-3152: Integer underflow in V8 fixed in version 184.108.40.206.
Google thus spent at least $9,500 in bug bounties this release. These fixes alone should push Chrome users to upgrade as soon as possible.