Chrome Release 113

Google has unveiled the release of the Chrome 113 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser differs from Chromium in the use of Google logos, the presence of a system for sending notifications in case of a crash, modules for playing copy-protected video content (DRM), an automatic update system, the constant inclusion of Sandbox isolation, the supply of keys to the Google API and transmission when searching for RLZ- parameters. For those who need more time to update, the Extended Stable branch is supported separately, followed by 8 weeks. The next release of Chrome 114 is scheduled for May 30th.

Key changes in Chrome 113:

• Support for the WebGPU graphics API and WGSL (WebGPU Shading Language) is enabled by default. WebGPU provides a API similar to Vulkan, Metal, and Direct3D 12 for performing GPU-side operations such as rendering and computation, and also allows you to use a shader language to write GPU-side programs. WebGPU support is only enabled in builds for ChromeOS, macOS, and Windows for now, and will be enabled for Linux and Android at a later date.
• Work continued on performance optimization. Relative to branch 112, the speed of passing the Speedometer 2.1 test has increased by 5%.
• For users, the gradual inclusion of storage sharding mode, Service Workers, and communication APIs has begun, which, when processing a page, are separated in relation to domains, which isolates third-party handlers. The mode allows you to block methods of tracking user movements between sites based on storing identifiers in shared storage and areas not intended for permanent storage of information ("Supercookies"), for example, working through the assessment of the presence of certain data in browser caches. Initially, when processing a page, all resources were stored in a common namespace (same-origin), regardless of the origin domain, which allowed one site to determine the loading of resources from another site through manipulations with local storage, the IndexedDB API, or checking for data in the cache.

  Sharding attaches a separate tag to the key used to retrieve objects from the cache and browser stores, which determines the binding to the primary domain from which the main page is opened, which limits the scope for motion tracking scripts, for example, loaded via an iframe from another site. To force the activation of segmentation without waiting for the regular inclusion, you can use the "chrome://flags/#third-party-storage-partitioning" setting.

  

• The mechanism of First-Party Sets (FPS) is proposed, which allows to determine the relationship between different sites of the same organization or project for the general processing of Cookies between them. This feature is useful when the same site is accessible through different domains (for example, opennet.ru and opennet.me). Cookies for such domains are completely separated, but with the help of FPS they can now be linked into a common storage. To enable FPS, you can use the "chrome://flags/enable-first-party-sets" flag.
• A significant optimization of the software implementation of the AV1 video encoder (libaom) has been carried out, which has improved the performance of web applications using WebRTC, such as video conferencing systems. Added new speed mode 10, suitable for devices with limited CPU resources. When testing the Google Meet application on a channel with a bandwidth of 40 kbps, AV1 Speed ​​10 compared to VP9 speed 7 resulted in a 12% increase in quality and a 25% increase in performance.
• When advanced browser protection is enabled (Safe Browsing > Enhanced protection), in order to detect malicious activity on the Google side, add-ons collect telemetry about the operation of browser add-ons that are not installed from the Chrome Store catalog. Data such as the hashes of the add-on files and the contents of manifest.json are sent.
• Some users have enabled additional options for auto-filling forms, aimed at quickly filling in the delivery address and payment details when making purchases in some online stores.
• The menu displayed by clicking on the icon "three dots" has been restructured. The menu items "Extensions" and "Chrome Web Store" have been moved to the first level of the menu.
• Added the ability to translate into another language only the selected fragment of the page, and not just the entire page (translation is initiated from the context menu). To control the inclusion of partial translation, the setting "chrome://flags/#desktop-partial-translate" is proposed.
• On the page shown when opening a new tab, added the ability to resume interrupted work ("Journey"), for example, you can continue the search from the interrupted position.
• In the Android version, a new service page "chrome://policy/logs" has been implemented for debugging by the administrator of the centralized management policies set for users.
• In the build for the Android platform, the ability to show more personalized content in the section of the recommended content (Discover) has been implemented. In addition, the ability to customize the preferred types of recommendations displayed (for example, you can hide content from some sources) for users who are not connected to a Google account has been added.
• The version for the Android platform offers a new interface for selecting media files for uploading photos and videos (instead of its own implementation, the standard Android Media Picker interface is used).
• CSS implements a standard syntax for the image-set() function, which allows you to select an image from a set of options with different resolutions that is most suitable for the current screen settings and network connection bandwidth. The previously supported -webkit-image-set() prefix call, which offered a Chrome-specific syntax, has now been replaced with the standard image-set.
• CSS has added support for new media queries (@media) overflow-inline and overflow-block , which allow you to determine how the content will be handled if the content goes beyond the original block boundaries.
• An update media query has been added to the CSS to allow styles to be defined when printed or displayed on slow (e.g. e-book screens) and fast (regular monitors) screens.
• The linear() function has been added to CSS to apply linear interpolation between a given number of points, which can be used to create complex animations such as bouncing and stretching effects.
• The Headers.getSetCookie() method implements the ability to extract values ​​from multiple Set-Cookie headers passed in a single request without concatenating them.
• The largeBlob extension has been added to the WebAuthn API to store large binary data associated with credentials.
• Enabled the Private State Token API to separate users without using cross-site identifiers.
• Sites are not allowed to set the document.domain property to apply same-origin conditions to resources loaded from different subdomains. If you need to establish a communication channel between subdomains, use the postMessage() function or the Channel Messaging API.
• Improvements have been made to tools for web developers. The Network Activity Inspection panel now has the ability to override or create new HTTP response headers returned by the web server (Network > Headers > Response Headers). Additionally, it is possible to edit all overrides in one place by editing the .headers file in the Sources > Overrides section and creating replacements by mask. Improved debugging of applications using the Nuxt, Vite and Rollup web frameworks. Improved diagnostics of problems with CSS in the Styles panel (errors in property names and assigned values ​​are noted separately). In the web console, added the ability to display autocomplete recommendations when pressing Enter (and not just when pressing tab or right arrow).

In addition to innovations and bug fixes, 15 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the program for the payment of cash rewards for the discovery of vulnerabilities for the current release, Google paid 10 awards in the amount of 30.5 thousand US dollars (one award of $7500, $5000 and $4000, two awards of $3000, three awards of $2000 and two awards of $1000).

Source: opennet.ru