🥇Chrome 103 release

Google has unveiled the release of the Chrome 103 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser differs from Chromium in the use of Google logos, the presence of a system for sending notifications in case of a crash, modules for playing copy-protected video content (DRM), an automatic update system, the constant inclusion of Sandbox isolation, the supply of keys to the Google API and transmission when searching for RLZ- parameters. For those who need more time to update, the Extended Stable branch is supported separately, followed by 8 weeks. The next release of Chrome 104 is scheduled for August 2nd.

Key changes in Chrome 103:

Added an experimental image editor called for editing page screenshots. The editor provides features such as cropping, area selection, brush painting, color selection, adding text labels, and displaying common shapes and primitives such as lines, rectangles, circles, and arrows. To enable the editor, you need to activate the settings "chrome://flags/#sharing-desktop-screenshots" and "chrome://flags/#sharing-desktop-screenshots-edit". After taking a screenshot via the Share menu in the address bar, you can access the editor by clicking the "Edit" button on the screenshot preview page.
Added in Chrome 101, the prerender mechanism for recommendation content in the Omnibox address bar has been enhanced. Proactive rendering complements the previously available ability to load the most likely to click recommendations without waiting for a user click. In addition to loading, the content of pages associated with recommendations can now be buffered (including script execution and DOM tree formation), which allows for immediate display of recommendations after a click . The settings "chrome://flags/#enable-prerender2", "chrome://flags/#omnibox-trigger-for-prerender2" and "chrome://flags/#search-suggestion-for- prerender2".
Chrome 103 for Android added the Speculations Rules API, which allows site authors to provide the browser with information about the most likely pages a user might visit. The browser uses this information to proactively load and render page content.
The Android version features a new password manager that offers the same unified password management interface that is used for Android apps.
The Android version adds support for the "With Google" service, which allows the user to express gratitude to their favorite sites that have registered with the service by transferring paid or free digital stickers. The service is currently only available to US users.
Improved autocompletion of fields with credit and debit payment card numbers, which now supports cards saved via Google Pay.
The Windows version uses the built-in DNS client by default, which is also used by the macOS, Android, and Chrome OS versions.
The Local Font Access API has been stabilized and offered to everyone, with which you can determine and use the fonts installed in the system, as well as manipulate fonts at a low level (for example, filter and transform glyphs).
Added support for HTTP response code 103, which allows you to inform the client about the content of some HTTP headers immediately after the request, without waiting for the server to perform all the operations associated with the request and start serving the content. Similarly, you can provide hints about elements associated with the rendered page that can be preloaded (for example, links to the css and javascript used on the page can be provided). Having received information about such resources, the browser can start downloading them without waiting for the end of the return of the main page, which reduces the total processing time of the request.
In the Origin Trials mode (experimental features that require separate activation), so far only in builds for the Android platform has begun testing the Federated Credential Management (FedCM) API, which allows you to create federated identity services that ensure privacy and work without cross-site tracking mechanisms, such as handling third-party cookies . Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
The Client Hints API, which is being developed as a replacement for the User-Agent header and allows you to selectively return data about specific browser and system parameters (version, platform, etc.) only after a request by the server, has added the ability to substitute fictitious names in the list of browser identifiers, according to analogies with the GREASE (Generate Random Extensions And Sustain Extensibility) mechanism used in TLS. For example, in addition to '"Chrome"; v="103"' and '"Chromium"; v=”103″' a random identifier of a non-existent browser '”(Not;Browser”; v=”12″') can be added to the list. pretend to be other popular browsers to bypass valid browser checks.
Files in the AVIF image format have been added to the list of allowed sharing via the iWeb Share API.
Added support for the "deflate-raw" compression format, which allows accessing a raw compressed stream without headers and service final blocks, which can be used, for example, to read and write zip files.
For web form elements, the ability to use the "rel" attribute is provided, which allows you to apply the "rel=noreferrer" parameter to navigation through web forms to disable the transfer of the Referer header or "rel=noopener" to disable setting the Window.opener property and deny access to the context from which the jump was made.
The implementation of the popstate event has been brought in line with the behavior of Firefox. The popstate event is now fired immediately after a URL change without waiting for the load event to fire.
For pages opened without HTTPS and from iframe blocks, access to the Gampepad API and the Battery Status API is prohibited.
A forget() method has been added to the SerialPort object to revoke the permissions previously granted by the user to access the serial port.
The visual-box attribute has been added to the overflow-clip-margin CSS property, which determines where to start clipping content that has gone beyond the border of the area (it can take the values content-box, padding-box and border-box).
Calling external protocols and launching external handler applications is prohibited in iframe blocks with the sandbox attribute. To override the restriction, use the allow-popups, allow-top-navigation, and allow-top-navigation-with-user-activation properties.
Element deprecated , which lost its meaning after plugin support ended.
Improvements have been made to tools for web developers. For example, in the Styles panel, it became possible to define the color of a point outside the browser window. Improved preview of parameter values in the debugger. Added the ability to change the order of panels in the Elements interface.

In addition to innovations and bug fixes, 14 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. One of the issues (CVE-2022-2156) has been assigned a critical severity level, which implies the ability to bypass all browser protection levels and execute code on the system outside the sandbox environment. Details on this vulnerability have not yet been disclosed, it is only known that it is caused by accessing a freed memory block (use-after-free).

As part of the vulnerability bounty program for the current release, Google has paid out 9 awards worth $44 (one $20000 award, one $7500 award, one $7000 award, two $3000 awards, and one each of $2000, $1000, and $500). ). The amount of reward for a critical vulnerability has not yet been determined.

Source: opennet.ru

Chrome Release 103

Add a comment Отменить ответ