Chrome 48 Released With Custom Notification Buttons, Removes RC4 Cipher

Google today released Chrome 48 for Windows, Mac, and Linux. Chrome 48 adds custom notification buttons and removes support for unsecure RC4 encryption. If you have Google Chrome installed, your browser should have silently updated already. You can confirm it by looking at the version number displayed in the About window. You can also manually check for update using the same. Chrome’s built-in updater will start updating your browser if it has not done it yet. You can also download Chrome directly from

Chrome 48

Chrome apps and extensions have supported push notifications on desktop since May 2010 (first added in Chrome 5). More recently, webpages gained the ability to send push notifications to users with the release of Chrome 42 while the desktop notification center was removed in Chrome 47. My Technology Guide uses Chrome notifications to update its readers about latest post updates. You can subscribe to our notifications if you do not have yet.

According to Google, Chrome now delivers more than 350 million push notifications every day. This is a huge number so with Chrome 48, Google takes this a step further by allowing websites to add custom buttons to notifications. This will help users complete various tasks entirely within the notification without going anywhere.

Chrome 48 no longer supports the RC4 cipher over HTTPS connections. RC4 stream cipher was designed in 1987 and since has been widely supported across multiple browsers for encryption. The days of RC4 is over with the discovery of multiple vulnerabilities over the years. This has made it a very bad choice for encryption of data as it is now possible to crack within days or even hours.

After new attacks on RC4 emerged in February 2015, the Internet Engineering Task Force (IETFprohibited the use of RC4 with TLS. All three major browser developer companies, Google, Microsoft, and Mozilla promised to drop RC4 support in their respective browsers this year. Chrome seems to be the first one to drop support for RC4. The drop of RC4 support by Chrome will surely now push admins managing websites still using the outdated cipher to beef up their security. From now on, in Chrome 48, if you try to visit any website that uses the unsecure RC4 cipher, you will get the following error:

RC4 Error In Chrome 48

For developers, Chrome 48 now lets use of NetworkInformation.downlinkMax event handler to detect a device’s maximum bandwidth and NetworkInformation.onChange event handler to respond to connection speed changes. Using these information, developers can now send optimal resources for the given connection. Other features included for developers in Chrome 48 includes:

  • New DevTools security panel: Enables developers to understand the security state of a page. This will help them migrate their websites to HTTPS.
  • Developers can now build websites using FontFaceSet for more flexibly with several new iteration methods.
  • WebRTC now supports the VP9 video codec, and can serve HD video at almost half the bandwidth of VP8 or H264.
  • Web Audio JavaScript syntax can now be shortened and simplified with method chaining for AudioNode.connect() and AudioParam.connect() automation methods.
  • The MediaStreamTrack.remote attribute allows sites to detect if a media stream is from a remote source.
  • Sites can now detect key presses from a user without worrying about browser type or operating system using the KeyboardEvent.code attribute.
  • Developers can now leverage JavaScript language behaviors not before exposed in ES5 or below using the well-known symbols@@isConcatSpreadable, @@toPrimitive, and @@toStringTag.
  • min-width:auto and min-height:auto now work for flex items without flex-basis:auto.
  • Several getAll() methods have been added to IndexedDB to simplify bulk interactions.
  • ServiceWorkerRegistration.update() no longer bypasses the cache for update checks within 24 hours, improving spec compliance.
  • The error attribute on IDBRequest and IDBTransaction will now returnDOMException instead of DOMError to improve Chrome’s spec compliance.
  • The MediaStreamTrack.getSources() method has been deprecated in favor of MediaDevices.enumerateDevices().
  • SVGGraphicsElement.getTransformToElement has been removed to match the SVG spec.
  • getSVGDocument() has been removed from HTMLFrameElement.prototype to match the SVG spec.
  • SVG glyph-orientation-horizontal and glyph-orientation-vertical properties have been removed in favor of the CSS text-orientation property.
  • SVGElement.offset* properties and SVGPathSeg interfaces have been removed to improve spec compliance.
  • The CSS plus-darker composite operator has been removed to increase spec compliance.
  • The item() method has been removed from TextTrackList and TextTrackCueList to improve spec compliance.
  • Developers can now build robust RTL text experiences using CSS Writing Modes Level 3 without prefixes.
  • CSS font-feature-settings are no longer prefixed.

Chrome 48 also includes 37 security fixes, of which Google chose to highlight the following:

  • High CVE-2016-1612: Bad cast in V8.
  • High CVE-2016-1613: Use-after-free in PDFium.
  • Medium CVE-2016-1614: Information leak in Blink.
  • Medium CVE-2016-1615: Origin confusion in Omnibox.
  • Medium CVE-2016-1616: URL Spoofing.
  • Medium CVE-2016-1617: History sniffing with HSTS and CSP.
  • Medium CVE-2016-1618: Weak random number generator in Blink.
  • Medium CVE-2016-1619: Out-of-bounds read in PDFium.
  • CVE-2016-1620: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (

Chrome for Android and iOS are soon going to get updated to Chrome 48, but no release date is yet available.

You may also like...