ProHoster > Blog > internet news > Chrome Release 107

Chrome Release 107

Google has unveiled the release of the Chrome 107 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser differs from Chromium in the use of Google logos, the presence of a system for sending notifications in case of a crash, modules for playing copy-protected video content (DRM), an automatic update system, the constant inclusion of Sandbox isolation, the supply of keys to the Google API and transmission when searching for RLZ- parameters. For those who need more time to update, the Extended Stable branch is supported separately, followed by 8 weeks. The next release of Chrome 108 is scheduled for November 29th.

Key changes in Chrome 107:

  • Added support for the ECH (Encrypted Client Hello) mechanism, which continues the development of ESNI (Encrypted Server Name Indication) and is used to encrypt information about TLS session parameters, such as the requested domain name. The key difference between ECH and ESNI is that in ECH, instead of encryption at the level of individual fields, the entire TLS ClientHello message is encrypted, which allows you to block leaks through fields that are not covered by ESNI, for example, the PSK (Pre-Shared Key) field. ECH also uses an HTTPSSVC DNS record instead of a TXT record to convey public key information, and uses authenticated end-to-end encryption based on the Hybrid Public Key Encryption (HPKE) mechanism to obtain and encrypt the key. To control whether ECH is enabled, the "chrome://flags#encrypted-client-hello" setting is suggested.
  • Enabled support for hardware accelerated video decoding in H.265 (HEVC) format.
  • The fifth stage of trimming information in the User-Agent HTTP header and JavaScript parameters navigator.userAgent, navigator.appVersion, and navigator.platform has been enabled to reduce information that can be used to passively identify a user. In Chrome 107, the user-agent string has been reduced in platform and processor information for desktop users, and the contents of the navigator.platform JavaScript parameter have been frozen. The change is only noticeable in versions for the Windows platform, for which the specific platform version is changed to "Windows NT 10.0". On Linux, the platform content in the User-Agent has not changed.

    Previously, the MINOR.BUILD.PATCH numbers that made up the browser version have been replaced with 0.0.0. Going forward, the header will contain only information about the browser name, major browser version, platform, and device type (mobile phone, PC, tablet). For additional data, such as exact version and extended platform data, you must use the User Agent Client Hints API. For sites that do not have enough new information and are not yet ready to switch to User Agent Client Hints, until May 2023, the opportunity to return the full User-Agent is provided.

  • The Android version no longer supports the Android 6.0 platform, the browser now requires at least Android 7.0.
  • Changed the design of the interface for tracking the status of downloads. Instead of the bottom line with data on the download progress, a new indicator has been added to the panel with the address bar, when clicked, the progress of downloading files and a history with a list of already downloaded files are shown. Unlike the bottom bar, the button is permanently displayed on the bar and allows you to quickly access your download history. The new interface has so far been offered by default only to some users and will be extended to all if there are no problems.
    Chrome Release 107
  • For desktop users, the ability to import passwords saved in a file in CSV format is provided. Previously, passwords from a file to the browser could only be transferred through the passwords.google.com service, but now it can be done through the password manager built into the browser (Google Password Manager).
  • After the user has created a new profile, a prompt is provided prompting you to enable synchronization and go to the settings through which you can change the profile name and select a color theme.
  • The version for the Android platform offers a new interface for selecting media files for uploading photos and videos (instead of its own implementation, the standard Android Media Picker interface is used).
    Chrome Release 107
  • Enabled automatic revocation of permission to display notifications for sites caught sending notifications and messages that interfere with the user. Moreover, for such sites, requests for obtaining permissions to send notifications are suspended.
  • New properties have been added to the Screen Capture API related to screen sharing - selfBrowserSurface (allows you to exclude the current tab when calling getDisplayMedia()), surfaceSwitching (allows you to hide the button to switch tabs), and displaySurface (allows you to restrict sharing to a tab, window, or screen).
  • Added the renderBlockingStatus property to the Performance API to identify resources that are causing page rendering to be paused until they have finished loading.
  • Several new APIs have been added to the Origin Trials mode (experimental features that require separate activation). Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
    • A declarative PendingBeacon API that allows you to control the sending of data that does not require a response (beacon) to the server. The new API allows you to delegate the sending of such data to the browser, without the need to call send operations at a specific time, for example, to organize the transmission of telemetry after the user closes the page.
    • The Permissions-Policy (Feature Policy) HTTP header, which is used to delegate permissions and enable advanced features, now supports the "unload" value, which can be used to disable "unload" event handlers on the page.
  • To tag added support for the β€œrel” attribute, which allows you to apply the β€œrel=noreferrer” parameter to navigation through web forms to disable the transfer of the Referer header or β€œrel=noopener” to disable setting the Window.opener property and deny access to the context from which the transition was made .
  • CSS Grid adds support for interpolating the grid-template-columns and grid-template-rows properties to provide a smooth transition between different grid states.
  • Improvements have been made to tools for web developers. Added the ability to customize hotkeys. Improved memory inspection of C/C++ application objects converted to WebAssembly format.

In addition to innovations and bug fixes, 14 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the vulnerability bounty program for the current release, Google paid out 10 awards worth $57 (one each of $20000, $17000, and $7000, two $3000 awards, three $2000 awards, and one $1000 award). The amount of one reward has not yet been determined.

Source: opennet.ru

Add a comment