Software Update: Google Chrome 56.0.2924.76

Google has released version 56 of its Chrome web browser. Google Chrome is available for Windows, Linux and macOS. There are also versions for Android and iOS, but they follow a slightly different release schedule. Since version 50, support for older versions of Windows and macOS has been dropped. New in version 56 is, among other things, that the browser shows a warning when a login page does not use a secure connection and the browser can now communicate with Bluetooth Low Energy devices. In addition, several smaller improvements have been made and the necessary bug fixes have been implemented. The most important improvements are listed for you below.

“Not Secure” warning for HTTP password and credit card pages
To help users browse safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labeled HTTP connections as non-secure. Starting in version 56, Chrome will mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure. The feature will roll out gradually over the next few weeks.
To avoid being labeled insecure, sites should secure their traffic with HTTPS and follow general security guidelines.
Chrome ‘Not Secure’ warning appearing in the URL bar for a site with an HTTP connection

Web Bluetooth
Sites can now interact with Bluetooth Low Energy (BLE) devices using the Web Bluetooth API On AndrOid, ChrOme Osand Mac. The Web Bluetooth API uses the GATT protocolwhich enables web developers to connect to bluetooth devices such as printers and LED displays with just a few lines of JavaScript. Web Bluetooth can also be combined with Physical Web beacons to discover and control nearby devices. To get started, check out these samples and demos on GitHub.
An Android device connecting to a BLE-enabled heart rate monitor via the web (source)

CSS position: sticky
Chrome now supports CSS position: sticky, a new way to position elements. A position: sticky element is relatively-positioned, but becomes position: fixed after the user reaches a certain scroll position.
Previously, building content headers that scrolled normally until sticking to the top of the viewport required listening to scroll events and switching an element’s position from relative to fixed at a specified threshold. This solution was difficult to synchronize, resulting in small visual jumps. Now, users can achieve the desired effect by simply positioning their elements as sticky.

Other features in this release

• The new Remote Playback API on Android enables sites to initiate and control playback of an HTMLMediaElement on smart TVs and speakers.
• the WebVR API is available on Android as an origin trialallowing developers to create virtual reality experiences on the web.
• the WebGL 2.0 API is enabled by default on desktop platforms, providing OpenGL ES 3.0 level rendering capabilities via the element.
• Support for Adobe Flash will no longer be advertised in navigator.plugins and navigator.mimetypes if the user has not substantially interacted with a site, though users can re-enable Flash experiences on a per-site basis.
• Sites can now experiment with taking photos and configuring camera settings like zoom using the Image Capture origin trial.
• When content changes above the viewport, Chrome now automatically adjusts the scroll position to keep content in the viewport fixed unless the CSS overflow-anchor property is set.
• the Notifications API now allows sites to include an image in notifications by setting the image property.
• the PaymentRequest API has a variety of new features including requestPayerName and JSON serialization.
• Showing and hiding the URL bar on mobile no longer resizes the initial containing block or elements sized with viewport units such as vh.
• Text input elements such as now have spell-checking enabled by default on Android devices with at least 512 MB of memory and a system dictionary.
• The generic font family used to fit content within the UI has been standardized and renamed as system-ui on all platforms.
• The new Referrer Policy HTTP header allows sites to forward site traffic by URL without leaking the user’s session identifier or other private information.
• KeyboardEvent.isComposing() allows sites to determine if the user is typing based on recent KeyboardEvents, without monitoring keyboard events directly.
• Chrome for Android now sets the default preload attribute for videos to metadata on cellular connections, showing a preview image and time information to match other mobile browsers.
• Chrome now supports TLS 1.3 and includes 1-RTT based on draft-18.
• Sites can use ImageBitmapRenderingContext to reduce memory consumption and compositing overhead by rendering pixel data in the form of an ImageBitmap.
• Sites can respond to pinch gestures using the pinch-zoom CSS touch-action property.
• ConstantSourceNode is a new audio source node that produces a constant output mixed with an AudioParam.
• Two Web Audio ChannelSplitterNode Interface attributes are now read-only: channelCount, which is defined by numberOfOutputs in createChannelSplitter()and channelCountMode, which is set to explicit.
• PannerNode.rolloffFactor now clamps to the nominal range of a PannerNodes distance model to describe the volume reduction rate as the source moves away from the listener.
• window.prompt() will no longer focus its parent tab if the page is not currently in the foreground, and the dialog will be automatically dismissed.
• To match behavior on Windows, Chrome Extensions can now override default search, startup, and homepage settings on Mac with the Chrome Settings Overrides API.
• Support for FLAC is enabled within the FLAC and Ogg containers for the
• OPUS can now be used with decodeAudioData()expanding the variety of audio codecs supported by the WebAudio API.

Deprecations and interoperability improvements

• The WebAudio API no longer includes the deprecated Doppler API, including speedOfSound, dopplerFactor, and setVelocity.
• To improve standards conformance, RTCPeerConnection now accepts iceTransportPolicy as an RTCConfiguration parameter as well as iceTransports.
• RTCPeerConnection is now available without a webkit prefix, though webkitRTCPeerConnection still remains.
• Non-whitespace unicode control characters will now be rendered according to the specificationrather than being ignored.
• The reflected-xss directive has been removed from Content Security Policy 2 since it was solely a wrapper for the X-XSS-Protection header and provided no additional functionality.
• Support for the MediaStreamTrack.getSources() method has been removed in favor of MediaDevices.enumerateDevices().
• The CSP referrer directive is no longer supported in favor of the new Referrer-Policy header.
• ShadowDOMs slot change events bubble, but no longer re-fires, at a slot’s assignedSlot.
• Legacy CBC Fashion ECDSA cipher suites ECDHE_ECDSA_WITH_AES_128_CBC_SHA and ECDHE_ECDSA_WITH_AES_256_CBC_SHA have been removed in favor of modern ciphers such as ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.
• ECDSA with both SHA-1 and SHA-512 have been removed to reduce dependencies on SHA-1 and align with TLS 1.3’s new ECDSA handling.
• Chrome no longer allows opening of pop-ups during inputs which represent a touch scroll, such as touchstart and touchmove.
• Sites will no longer initiate fetches for scripts with invalid type or language attributes, such as type=”python”, unless triggered by declarative fetches using link preload.
• MIDIMessageEvent.receivedTime has been deprecated in favor of Event.timeStamp, since Event.timeStamp now supports high-resolution monotonic time instead of epoch time.