The subject of this test is authenticated symmetric encryption. For libraries that support modes with integrated authentication, such as AES-GCM or AES-CCM, these modes are used*. Otherwise the non-authenticated mode AES-CBC is used along with HMAC for authentication.
* Although asmcrypto supports AES-GCM, performance is significantly worse than AES-CBC + HMAC. The WebCrypto standard supports AES-GCM, but it is not implemented in WebKit based browsers. Therefore, AES-CBC + HMAC is tested for compatibility reasons.
The performance advantage would be even greater if not for the lack of WebCrypto AES-GCM support in WebKit based browsers. While performance of AES-CGM and the non-authenticated AES-CBC is comparable, requiring authentication results in five times faster encryption and three times faster decryption with AES-GCM than with AES-CBC-HMAC-256.
AES-GCM is not hardware accelerated on the current Apple CPUs and not supported in CommonCrypto, the iOS/OSX low level cryptography library. Therefore it is unlikely that fast AES-GCM implementation will be added to WebKit in the near future and, in my opinion, any applications that require compatibility with WebKit based browsers and/or iOS devices should use AES-CBC-HMAC.
Edit: I was asked about emscripten compiled crypto performance. Emscripten compiled NaCl Xsalsa20-Poly1305 does about 8MB/sec on Chrome i5–4200U. While the comparison is not exactly apples to apples, performance is poor compared to WebCrypto.
Note: WebKit bug previously mentioned in this article has been fixed. Many thanks to Scott V.