Chrome 56 is being rolled out to Windows, Linux, and Mac users and should be available to everyone over the next few days. Along with 56 security updates, this new version comes with quite a few goodies such as HTML5 by default, support for the Sticky position attribute, and the Web Bluetooth API.
HTML5 by default means that Chrome should be disabling Flash on web sites that I have not visited before. Unfortunately, this feature didn't seem to work when I tested it on sites I have not visited before as Flash worked perfectly without prompting me. Maybe I did something wrong.
Last, but definitely not least, this update also includes 56 security updates, with 4 of them being XSS vulnerabilities. The full list of security updates are described below:
|Bounty||Bug ID||Severity||CVE Identifier||Credits|
|$8,837||671102||High||CVE-2017-5007||Universal XSS in Blink. Credit to Mariusz Mlynski|
|$8,000||673170||High||CVE-2017-5006||Universal XSS in Blink. Credit to Mariusz Mlynski|
|$8,000||668552||High||CVE-2017-5008||Universal XSS in Blink. Credit to Mariusz Mlynski|
|$7,500||663476||High||CVE-2017-5010||Universal XSS in Blink. Credit to Mariusz Mlynski|
|$3,000||662859||High||CVE-2017-5011||Unauthorised file access in Devtools. Credit to Khalil Zhani|
|$3,000||667504||High||CVE-2017-5009||Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford|
|$5,500||681843||High||CVE-2017-5012||Heap overflow in V8. Credit to Gergely Nagy (Tresorit)|
|$2,000||677716||Medium||CVE-2017-5013||Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)|
|$2,000||675332||Medium||CVE-2017-5014||Heap overflow in Skia. Credit to sweetchip|
|$2,000||673971||Medium||CVE-2017-5015||Address spoofing in Omnibox. Credit to Armin Razmdjou|
|$2,000||666714||Medium||CVE-2017-5019||Use after free in Renderer. Credit to Wadih Matar|
|$1,000||673163||Medium||CVE-2017-5016||UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah)|
|$500||676975||Medium||CVE-2017-5017||Uninitialised memory access in webm video. Credit to danberm|
|$500||668665||Medium||CVE-2017-5018||Universal XSS in chrome apps. Credit to Rob Wu|
|$TBD||668653||Medium||CVE-2017-5020||Universal XSS in chrome downloads. Credit to Rob Wu|
|$N/A||663726||Low||CVE-2017-5021||Use after free in Extensions. Credit to Rob Wu|
|$N/A||663620||Low||CVE-2017-5022||Bypass of Content Security Policy in Blink. Credit to 李普君 of 无声信息技术PKAV Team|
|$N/A||651443||Low||CVE-2017-5023||Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC)|
|N/A||643951||Low||CVE-2017-5024||Heap overflow in FFmpeg. Credit to Paul Mehta|
|N/A||643950||Low||CVE-2017-5025||Heap overflow in FFmpeg. Credit to Paul Mehta|
|$500||634108||Low||CVE-2017-5026||UI spoofing. Credit to Ronni Skansing|
The following fixes were resolved internally by Google:
 Various fixes from internal audits, fuzzing and other initiatives
It is strongly advised that everyone update Chrome as soon as possible.
To update Chrome, simply click on the Settings menu button (), click on Help, and then select About Chrome. Chrome will then check for updates and install them. A restart of Chrome will be required to fully finish the upgrade.