Google today launched Chrome 64 for Windows, Mac, and Linux. Additions in this release include a stronger pop-up blocker and a slew of developer features. You can update to the latest version now using the browser’s built-in silent updater or download it directly from google.com/chrome.

Chrome is arguably more than a browser. With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with Chrome’s regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available.

First up, Chrome 64 has a stronger pop-up blocker that prevents sites with abusive experiences from opening new tabs or windows. These include third-party websites disguised as play buttons, other site controls, or even transparent overlays on websites that capture all clicks. If you’re a site owner, you can use the Abusive Experiences Report in the Google Search Console to see if your site has been found with abusive experiences.

Chrome 64 also brings support for the Resize Observer API, which gives web applications finer control over changes to sizes of elements on a page. Responsive web apps currently use CSS media queries or window.onresize to build responsive components that adapt to different viewport sizes, but these are both global signals and require the overall viewport to change in order for the site to respond accordingly.

Chrome now also supports the import.meta property within JavaScript modules that expose the module URL via import.meta.url. This is useful to developers writing JavaScript modules who want access to host-specific metadata about the current module or library authors who want to access the URL of the module being bundled into the library.

Developers will also want to know that Chrome 64 includes an update to the V8 JavaScript engine: version 6.4. You can expect the usual speed and memory improvements, plus new ECMAScript language features. Check out the summary of API changes for more information.

Chrome 64 was supposed to stop sites from autoplaying content with sound. We tested this and it appears the feature has not been turned on, even though it does work in non-stable versions.

Chrome 63 was supposed to include an option to completely disable audio for whole sites. It didn’t make it into that version, but it is available in Chrome 64, so it’s possible Google might simply be running behind schedule. Presumably by Chrome 65, if not sooner, Google’s browser will disable all autoplaying content with sound.

Other developer features in this release (some are mobile-specific):

Chrome 64 also implements 53 security fixes. The following ones were found by external researchers:

[$3000][780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01

[$2000][787103] High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20

[$1000][793620] High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09

[$4000][784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12

[$2500][797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23

[$2000][789952] Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK’s National Cyber Security Centre (NCSC) on 2017-11-30

[$1000][753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09

[$1000][774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12

[$1000][775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17

[$1000][778658] Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-26

[$500][760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29

[$500][773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12

[$500][785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16

[$TBD][797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23

[$TBD][798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31

[$TBD][799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08

[$500][763194] Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08

[$500][771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05

[$500][774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-13

[$500][774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15

[$N/a][441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11

[$N/A][615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28

[$N/A][758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23

[$N/A][797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24

[805285] Various fixes from internal audits, fuzzing and other initiatives

Google thus spent at least $22,000 in bug bounties for this release. As always, the security fixes alone should be enough incentive for you to upgrade.

Google releases a new version of its browser every six weeks or so. Chrome 65 will arrive by early March.

In related news, Google released Chrome 64 for Android yesterday. In addition to the usual performance and stability improvements, this version has the same stronger ad blocker as the desktop version that prevents sites with abusive ad experiences from opening new windows or tabs.