API Deprecations and Removals in Chrome 55

Joe Medley
Joe Medley

In nearly every version of Chrome, we see a significant number of updates and improvements to the product, its performance, and also capabilities of the Web Platform. This article describes the deprecations and removals in Chrome 55, which is in beta as of October 21. This list is subject to change at any time.

Resources with non-script MIME types can no longer be executed

Previous versions of Chrome allowed content to with several non-script MIME types to be executed as script. In addition to the obvious security vulnerability, this problem also reduces the value of content security policy settings like script-src 'self'.

For example, a site might lock down same-origin JavaScript, yet still allow users to upload images that are served from that origin. Malicious users might upload JavaScript embedded within a specially-crafted image file, and that JavaScript had the potential to be served from that origin and executed. As of Chrome 55 will no longer execute content loaded with the following MIME types:

  • audio/*
  • image/*
  • video/*
  • text/csv

Intent to Remove| Chromestatus Tracker | Chromium Bug

Remove SVGSVGElement.viewPort

The implementation of SVGSVGElement.viewPort has not worked in Chrome since 2012. The attribute is not present at all in other browsers and it has been removed from the specification. For these reasons the property was deprecated in Chrome 54 and has now been removed.

Intent to Remove| Chromestatus Tracker| Chromium Bug