ProHoster > Blog > internet news > Chrome Release 100

Chrome Release 100

Google has unveiled the release of the Chrome 100 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser is distinguished by the use of Google logos, the presence of a system for sending notifications in the event of a crash, modules for playing copy-protected video content (DRM), an automatic update system, and transmission when searching for RLZ parameters. The next release of Chrome 101 is scheduled for April 26th.

Key changes in Chrome 100:

  • Due to the browser reaching the version number 100, which consists of three digits instead of two, it is possible that there will be violations in the work of some sites that use incorrect libraries to parse the User-Agent value. In case of problems, there is a setting "chrome://flags##force-major-version-to-minor" that allows you to return the output in the User-Agent version 99 header when version 100 is actually used.
  • Chrome 100 is marked as the latest version with full User-Agent content. In the next release, we will start stripping the information in the User-Agent HTTP header and JavaScript parameters navigator.userAgent, navigator.appVersion and navigator.platform. Only the browser name, major browser version, platform, and device type (mobile phone, PC, tablet) will be left in the header. You will need to use the User Agent Client Hints API to obtain additional data, such as exact version and extended platform data. For sites that do not have enough new information and are not yet ready to switch to User Agent Client Hints, until May 2023, the opportunity to return the full User-Agent is provided.
  • An experimental feature has been added to show the downloads indicator in the address bar panel, which, when clicked, shows the status of downloaded and downloaded files, similar to the chrome://downloads page. To activate the indicator, the "chrome://flags#download-bubble" setting is provided.
    Chrome Release 100
  • The ability to mute the sound when clicking on the playback indicator shown on the tab button has been returned (previously, the sound could be turned off by calling the context menu). To enable this feature, the "chrome://flags#enable-tab-audio-muting" setting has been added.
    Chrome Release 100
  • Added setting "chrome://flags/#enable-lens-standalone" to disable the use of the Google Lens service for image search ("Find image" item in the context menu).
  • When sharing a tab (tab-sharing), the blue frame now highlights not the entire tab, but only the part with the content being broadcast to another user.
  • The browser logo has been changed. The new logo differs from the 2014 version with a slightly larger circle in the middle, brighter colors and no shadows on the borders between colors.
    Chrome Release 100
  • Changes in Android version:
    • Support for the "Lite" traffic saving mode, which reduced the bitrate when downloading video and applied additional image compression, has been discontinued. It is noted that the mode has been removed due to the reduction in the cost of tariffs in mobile networks and the development of other methods to reduce traffic.
    • Added the ability to perform actions with the browser from the address bar. For example, you can type "delete history" and the browser will prompt you to go to the form for clearing the history of movements or "edit passwords" and the browser will open the password manager. For desktop systems, this feature was implemented in version 87 of Chrome.
    • Implemented support for logging into a Google account by scanning a QR code shown on the screen of another device.
    • The operation confirmation dialog is displayed when trying to close all tabs at once.
    • On the page for opening a new tab, there is a switch between viewing RSS subscriptions (Following) and recommended content (Discover).
    • Removed the ability to use TLS 1.0/1.1 protocols in the Android WebView component. In the browser itself, support for TLS 1.0/1.1 was removed in the release of Chrome 98. In the current version, a similar change has been applied to mobile applications using the WebView component, which will now be unable to connect to a server that does not support TLS 1.2 or TLS 1.3.
  • When verifying certificates using the Certificate Transparency mechanism, certificate validation now requires signed SCT records (signed certificate timestamp) in any two logs maintained by different operators (previously, a record was required in the Google log and the log of any other operator). Certificate Transparency maintains independent public logs of all issued and revoked certificates, which make it possible to independently audit all changes and actions of certification authorities, and allow you to track any attempts to covertly create fake records.

    For users who have enabled Safe Browsing, auditing of SCT records used in Certificate Transparency logs is enabled by default. This change will send additional requests to Google to confirm that the log is working correctly. Verification requests are sent very infrequently, about once every 10000 TLS connections. If problems are identified, data on the problematic chain of certificates and SCTs will be transferred to Google (only already publicly distributed data on certificates and SCTs is transferred).

  • When you enable Enhanced Safe Browsing and sign in to your Google account, the incident data sent to Google's servers now includes the tokens associated with your Google account, allowing you to improve protection against phishing, malicious activity, and more. threats on the web. For incognito sessions, no such data is transmitted.
  • The desktop version of Chrome provides an option to dismiss warnings about the use of compromised passwords.
  • The Multi-Screen Window Placement API has been added, through which you can get information about the monitors connected to the computer and organize the placement of windows on specified screens. Using the new API, you can also fine-tune the position of windows that are displayed and detect the transition to full screen mode initiated using the Element.requestFullscreen() method. Examples of how to use the new API include presentation applications (projecting and displaying notes on a laptop screen), financial applications and monitoring systems (placing graphs on different screens), medical applications (displaying images on separate screens with high resolution), games , image editors, and other types of multi-window applications.
  • In the Origin Trials mode (experimental features that require separate activation), support for accessing Media Source Extensions from dedicated workers is implemented, which can be used, for example, to improve the performance of buffered playback of multimedia data by creating a MediaSource object in a separate worker and broadcasting the results its working in HTMLMediaElement in the main thread. Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
  • The Digital Goods API, designed to simplify the organization of purchases from web applications, has been stabilized and offered to everyone. Provides binding to product distribution services, in Android provides binding over the Android Play Billing API.
  • The AbortSignal.throwIfAborted() method has been added to handle the abort of the signal execution, taking into account the state of the signal and the reason for its abort.
  • A forget() method has been added to the HIDDevice object to revoke user-granted access to the input device.
  • Added support for the "plus-lighter" value to highlight the intersections of two elements that share pixels in the mix-blend-mode CSS property, which defines the blending method when elements overlap.
  • The makeReadOnly() method has been added to the NDEFReader object to allow NFC tags to be used in read-only mode.
  • Added the serverCertificateHashes option to the WebTransport API for sending and receiving data between a browser and a server to authenticate the connection to the server using a certificate hash without using Web PKI (for example, when connecting to a server or virtual machine not on a public network).
  • Improvements have been made to tools for web developers. The capabilities of the Recorder panel have been expanded, with which you can record, play back and analyze user actions on the page. When viewing code while debugging, property values ​​are displayed when you hover over classes or functions with the mouse. In the list of emulated devices, the User-Agent for iPhone has been updated to version 13_2_3. In the navigation panel for CSS styles, the ability to view and edit the "@supports" rules is implemented.
    Chrome Release 100

In addition to innovations and bug fixes, 28 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the vulnerabilities cash reward program for the current release, Google paid out 20 awards worth $51 (one $16000 award, two $7000 awards, three $5000 awards, and one each of $3000, $2000, and $1000. Amount of 11 awards not defined yet.

Source: opennet.ru

Add a comment