NW.js v0.28.0 Released with Chromium 64 Upgrade, Node.js 9.4.0 and Mitigations for Spectre Attacks


We're excited to announce NW.js 0.28.0 with Chromium 64 stable upgrade, security updates within it and Node.js 9.4.0. This new major version has new features and important changes regarding Spectre attacks. You need to read it through if you load any 3rd party contents in your application, or care about the performance implications from it.

Mitigations for Spectre Attacks

Spectre attacks impact browsers too. After Chromium upstream announced actions required to mitigate Speculative Side-Channel Attack techniques, we took all the changes from upstream into NW.js to protect applications of our developers and end users. However, the upstream fix has a performance impact that can lead to 15% degradation on extreme computational workloads. Since NW.js application code is trusted in many cases, we've made changes so your applications are not impacted in such cases:

New Features and Important Fixes

Thanks to Jefry Tedjokusumo, transparency clickthrough feature is fixed on macOS 10.13.

What's New in Chromium 64

Chromium 64 contains usual under-the-hood performance and stability tweaks, but there are also some cool new features to explore. It supports Resize Observer, import meta and many more. Please check upstream information for details, as well as the Chrome status page.

We've made the 0.28 branch ready soon after Chromium beta bumps to 64. Thanks to the testers for their valuable feedback and bug reports. We've been working on 3 branches simultaneously: a released branch on current Chromium stable, a beta branch on Chromium beta and a 0.14 branch for legacy OS support.

For more information on the new milestone 0.13 and later versions, please see our blog "What's New in 0.13" for a better introduction.


Full ChangeLog: https://github.com/nwjs/nw.js/blob/nw28/CHANGELOG.md


SDK build:

Binary for other platforms: https://dl.nwjs.io/v0.28.0/

There are 2 builds for each platform - normal build, and SDK build. Normal build doesn't have devtools, only SDK build does. lt can be opened by pressing F12 (Cmd-Alt-I on OSX). SDK packages also have more development tools to be exposed in the following releases, as well as the NaCl support.

Our build infrastructure enables live binary build from git tip so you can access to the latest binary from https://dl.nwjs.io/live-build/

Known issues



See our mailing list to discuss on this release: https://groups.google.com/d/msg/nwjs-general/y9ZyE8jMRX4/xbwHAjxAAgAJ