ProHoster > Blog > internet news > Chrome Release 119

Chrome Release 119

Google has published the release of the Chrome 119 web browser. At the same time, a stable release of the free Chromium project, which serves as the basis of Chrome, is available. The Chrome browser differs from Chromium in the use of Google logos, the presence of a system for sending notifications in case of a crash, modules for playing copy-protected video content (DRM), a system for automatically installing updates, permanently enabling Sandbox isolation, supplying keys to the Google API and transmitting RLZ- when searching. parameters. For those who need more time to update, the Extended Stable branch is separately supported, followed by 8 weeks. The next release of Chrome 120 is scheduled for December 5th.

Key changes in Chrome 119:

  • The release generation cycle has been shortened, in which the time between the creation of a new branch and the start of beta testing has been reduced - the beta version is now formed two days after the creation of the branch, and not after 8 days. Stabilization of the beta version, as before, is carried out within 4 weeks. Thus, the preparation cycle for new releases has become shorter by a week.
  • The ability to save groups of tabs is provided. The user can now save the group and close the tabs included in it so that they do not take up resources. Later, when the need arises, tabs from the saved group can be returned and also opened on other devices participating in tab synchronization. The feature is enabled for some users; to enable it forcefully, the “chrome://flags/#tab-groups-save” setting is provided.
  • The interface has changed the wording of operations and settings related to data deletion and loss. Instead of the term “clearing”, the word “delete” is now used in such operations, since the word “clearing” was not perceived by individual users as a sign of irretrievable data loss.
  • URL autocompletion now takes into account any keyword previously used to search for a site, and not just words that match the beginning of the address. For example, autocompletion of the address “https://www.google.com/travel/flights” will work not only when you enter the word “google”, but also when you enter “flights”.
    Chrome Release 119
  • Automatic correction of typos when entering a site address has been implemented and relevant hints have been displayed, the formation of which takes into account sites previously opened by the current user. For example, typing "youtube" will prompt you to open YouTube.com.
    Chrome Release 119
  • It is possible to search in bookmark sections through the address bar. For example, you can add the name of a bookmarks section as you type, and Chrome will suggest links from that section that match the entered keyword. For example, typing “trips 2023 New” will suggest links from the trip 2023 bookmarks section related to New York.
    Chrome Release 119
  • Implemented the display of recommendations for popular sites, even if the user has not visited them before or made a mistake when entering the URL. For example, when, following someone's recommendation to open Google Earth, the user begins to type “googleear” without knowing the exact address, the browser will offer to go to earth.google.com.
    Chrome Release 119
  • Chrome for desktop has improved the readability of information in the address bar and made the interface more responsive - results are now displayed immediately after you start typing in the address bar.
  • In accordance with the change to the Fetch API specification, the Authorization HTTP header is removed when redirecting to another domain (cross origin).
  • In the notification and location settings, an option has been added to enable the auto-suppression service for requests for confirmation of authority (Permission Suggestions Service). The following modes are available to choose from:
    • Always show permission requests for notifications and location access;
    • automatically ignore spam requests for permissions using the Permission Suggestions Service mechanism;
    • always ignore all requests to display notifications;
    • Always block all requests for notification and location permissions.
  • In builds for the Android platform, when standard browser protection is enabled (Safe Browsing > Standard protection), a real-time security check of open URLs is implemented, based on the transfer of partial hashes from the URLs opened by the user to Google servers. To avoid matching the user's IP address and hash, data is transmitted through an intermediate proxy. Previously, verification was performed by downloading a local copy of the list of unsafe URLs to the user's system. The new scheme allows you to block malicious URLs more quickly. For desktop systems, a similar mode was enabled in the last release.
  • Escape of non-alphabetic characters in the hostname when calling a URL function has been brought into line with the updated specification. For example, calling the function 'URL("http://exa(mple.com;")' previously returned 'http://exa%28mple.com/', but will now result in the error "Invalid URL".
    Chrome Release 119
  • All previously stored Cookies have a lifetime limitation applied to them similar to what has been applied since the release of Chrome 104 for new and updated Cookies. Existing Cookies will have their lifetime reduced to 400 days relative to the release of Chrome 119.
  • CSS introduces new pseudo-classes ":user-valid" and ":user-invalid" that represent form elements whose values ​​pass or fail validation. Unlike ":valid" and ":invalid", the new pseudo-classes only fire after user interaction with the form element.
  • When setting colors in CSS, you are allowed to define values ​​that are calculated relative to other color parameters. For example, specifying "oklab(from magenta calc(l * 0.8) ab)" will produce a color that is 80% lighter than magenta.
  • The clip-path CSS property, which allows you to limit the visibility of an element to a specific area, now supports the value to specify a custom area for cropping. It is also possible to use the xywh() and rect() functions to simplify the definition of rectangular or rounded areas.
  • Support for the WebSQL API has been disabled, and it is recommended to use the Web Storage and Indexed Database APIs instead. The WebSQL engine is based on SQLite library code. The WebSQL API was not supported in other browsers, tied to an external library API, and increased the risk of security problems (WebSQL could be used by attackers to exploit vulnerabilities in SQLite). To bring back WebSQL support for enterprise users, the WebSQLAccess policy has been retained and will be removed in Chrome 123.
  • Temporarily removed the HTML Sanitizer API, which allows you to cut out elements from the content that affect display and execution when output via the setHTML() method. The API was designed to strip HTML tags that can be used to perform XSS attacks. The reason for removal is the incompleteness of the specification, which has changed significantly since the addition of Sanitizer to Chrome. Once the specification is ready, the API will be returned.
  • The non-standard shadowRoot attribute has been removed, which allows native elements to access their own separate root in the Shadow DOM, regardless of state. Instead of shadowRoot, the shadowRootMode attribute was proposed in Chrome 111, which was included in the web standard.
  • Improved implementation of the HTML element " ", which is similar to an "iframe" and also allows you to embed third-party content on a page. The differences come down to limiting the interaction of embedded content with page content at the DOM and attribute level. For example, a news.example page that has an ad block embedded in it using a fencedframe, loaded from shoes.example, cannot access the shoes.example data, and in turn, the code from the shoes.example site cannot access the data associated from news.example. The new version adds support for macro substitutions for the ad unit size that appeared in the Protected Audience API, for example, “https://ad.com?width={/%AD_WIDTH%}&height={/%AD_HEIGHT%}”.
  • Added a monitorTypeSurfaces parameter to the getDisplayMedia() method that can be used to prevent sharing of the entire screen.
  • An experimental (origin trial) fullscreen parameter has been added to the window.open() method, allowing you to open the window immediately in full screen mode.
  • Added a "bitrateMode" flag to the AudioEncoderConfig API to select between constant and variable bitrate.
  • TLS includes an implementation of the key encapsulation mechanism (KEM, Key Encapsulation Mechanism), using the X25519Kyber768 hybrid algorithm, resistant to selection on quantum computers. To create session keys used to encrypt data within TLS connections, a combination of the X25519 elliptic curve key exchange mechanism, now used in TLS, with the Kyber-768 algorithm, which uses cryptography methods based on solving lattice theory problems, can now be used , the solution time of which does not differ on conventional and quantum computers.
  • Support for the WasmGC extension is enabled by default, which simplifies the porting of programs written in programming languages ​​that use a garbage collector (Kotlin, PHP, Java, etc.) to WebAssembly. WasmGC adds new types of structures and arrays that can use non-linear memory allocation.
  • Improvements have been made to tools for web developers. Added the ability to edit CSS rules “@property” and display warnings if they are defined incorrectly. The list of emulated devices has been updated (for example, iPhone 14 and Pixel 7 have been added). Auto-completion of private fields is implemented in the web console. Provided formatting of JSON data placed inside blocks
    Chrome Release 119

In addition to innovations and bug fixes, the new version eliminates 15 vulnerabilities. Many of the vulnerabilities were identified as a result of automated testing using the AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL tools. No critical problems have been identified that would allow one to bypass all levels of browser protection and execute code on the system outside the sandbox environment. As part of the program to pay cash rewards for discovering vulnerabilities for the current release, Google paid 13 awards in the amount of 40.5 thousand US dollars (one award of $16000, $11000, $2000 and $500, three awards of $3000 and two awards of $1000). The size of the 4 rewards has not yet been determined.

Source: opennet.ru

Add a comment