Here is a quick overview what’s changes:
- Lower memory consumption.
- New ECMAScript engine functions.
- Chrome now allows to disable audio for individual pages (that’s good!)
- Async generator functions updates, developers can now create custom async iterators through async iterator factories.
- Site isolation.
The rest of the changes
- To improve interoperability, a TypeError is now thrown for EventTarget.addEventListener and removeEventListener when the callback passed is not an EventListener, null, or undefined.
- Developers can now make pixel-level adjustments using the new Q length unit, which is especially useful on small viewports.
- Developers can now prevent apps from using Chrome’s pull-to-refresh feature or create custom effects using overscroll-behavior, which allows changing the browser’s behavior once the scroller has reached its full extent.
- font-variant-east-asian is now supported, allowing developers to control the usage of alternate glyphs for East Asian languages like Japanese and Chinese.
- To improve interoperability, Chrome will fire beforeprint and afterprint events as part of the printing standard, allowing developers to to annotate the printed copy and edit the annotation after the printing command is done executing.
- Using Promise.prototype.finally, a callback can now be registered to be invoked after a Promise has been fulfilled or rejected.
- The Intl.PluralRules API allows developers to build applications that understand pluralization of a given language by indicating which plural form applies for a given number and language.
- MediaStreamTrack.applyConstraints() is now supported for local video MediaStreamTracks, including tracks obtained from getUserMedia(), capture from media elements or screen capture.
- Version 2 of NT LAN Manager (NTLM) API is now shipped, enabling applications to authenticate remote users and provide session security when requested by the application.
- Thanks to contributors from engineers at Intel, an Origin Trial is now available that exposes the following sensors via the new Generic Sensors API syntax: Accelerometer, LinearAccelerationSensor, Gyroscope, AbsoluteOrientationSensor, and RelativeOrientationSensor.
- The localStorage and sessionStorage APIs now use getItem() rather than an anonymous getter, so attempting to access a key using getItem() will now return null rather than undefined. Thanks to Intel for the contribution!
- To improve developer experience, the methods on sessionStorage and localStorage such as getItem(), removeItem(), and clear() are now enumerable. Thanks to Intel for making this happen!
- display: minimal-ui is now supported by Chrome on Android, enabling developers to display a UI similar to Chrome Custom Tabs for users.
- To improve interoperability, instance properties with a Promise type now return a rejected promise instead of throwing an exception.
- The /deep/ or >>> selector, as well as ::shadow, are now removed from CSS dynamic profile, following their deprecation in Chrome 45.
- To improve interoperability, HTMLAllCollection, HTMLCollection, HTMLFormControlsCollection, and HTMLOptionsCollection are no longer enumerable, so they are now left out of calls to Object.keys() or for-in loops.
For what’s new in the browser’s DevTools, check out the entire release notes.
- [$10500] Critical CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson on 2017-10-26
- [$6337] High CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu of Tencent’s Xuanwu LAB on 2017-09-06
- [$5000] High CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous on 2017-09-11
- [$5000] High CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-16
- [$5000] High CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-29
- [$3500] High CVE-2017-15412: Use after free in libXML. Reported by Nick Wellnhofer on 2017-05-27
- [$500] High CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan(@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-09-19
- [$3337] Medium CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange of Microsoft Offensive Security Research Team on 2017-09-15
- [$2500] Medium CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson on 2017-10-28
- [$2000] Medium CVE-2017-15417: Cross origin information disclosure in Skia . Reported by Max May on 2017-03-07
- [$1000] Medium CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs on 2017-09-15
- [$1000] Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-10-31
- [$500] Medium CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-23
- [$TBD] Medium CVE-2017-15422: Integer overflow in ICU. Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-10-13
- [$500] Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson on 2017-10-25
- [$N/A] Low CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani on 2017-08-16
- [$N/A] Low CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-08-17
- [$N/A] Low CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-08-18
-  Various fixes from internal audits, fuzzing and other initiatives
At the end of the day it sounds like a normal update but the audio muting feature might be interesting especially for people who having a lots of tabs opening the same time e.g. YouTubers, sound artists or just some which watching and listening to a lot of different sources.
- Stable Channel Update for Desktop (Google Blog)