Google company web browser release ... Simultaneously stable release of a free project , which is the basis of Chrome. Chrome browser use of Google logos, the ability to load the Flash module on demand, the presence of a system for sending notifications in case of a crash, modules for playing protected video content (DRM), an automatic update system, and transmission on search . The next release of Chrome 76 is scheduled for July 30th.
:
- To the canvas.getContext() method flag "desynchronized" for processing Canvas contexts (2D or WebGL) using an alternative rendering system that provides minimal delays by bypassing the regular DOM update mechanism and outputting directly through OpenGL;
- Extended API (object navigator.share), with the help of which, instead of a list of individual buttons, you can generate a unified button for publishing in social networks that are relevant to the visitor. In a new release in the API the ability to display a typical dialog for sending files to other applications (for example, on Android, a block is displayed for sending via mail, Bluetooth, etc.);
- the ability to separate groups of numbers in digital literals with an underscore character. For example, to improve the readability of large numbers in the code, you can specify 1_000_000_000 and this number will be processed as 1000000000;
- Enabled by default for all desktop users , in which pages of different hosts are always located in the memory of different processes, each of which uses its own sandbox. The main feature of the strict isolation mode is the division not by tabs, but by domains, i.e. if earlier the content of scripts, iframes and popups loaded from other domains was executed in the same process as the base site, now they will be separated into different processes;
- Blacklisted add-ons will now be completely removed, rather than disabled and put into inactive mode.
- In the built-in Chrome task manager (Settings > More Tools > Task Manager) displaying Service workers;
- Added the "window.open()" attribute to the "β, allowing you to open the page without filling in the Referer header;
- directives (Content Security Policy) "script-src-attr", "script-src-elem", "style-src-attr", and "style-src-elem", which provide the functionality of the script and style directives, but can be applied to individual event handlers, elements or attributes;
- In Web Authentication API support for FIDO CTAP2 PIN to use a user-defined PIN to authorize operations with keys that support the protocol . In the configurator, in the βAdvancedβ section, the βManage security keysβ item has appeared, in which you can assign a PIN code to protect keys located on a USB drive, as well as an option to reset the key (clearing all data and PIN);
- Objects added to the Web Animations API
, allowing you to interactively control animated elements and timing (duration, delays).
In addition, a new constructor has been added , which provides more extensive animation control. Previously, the Web Animations API allowed you to create animation using the Element.animate() method, which returns an already formed Animation object. Now the developer can control its creation through an explicit constructor call, in which, for example, you can specify a KeyframeEffect object; - Added option A that tells the browser to display the video in the element's playback area (for example, to provide a full-screen playback method);
- The MediaStreamTrack.getCapabilities() method implements the ability to get the range of valid values ββfor properties associated with audio devices (sampling rate, delays, number of channels, etc.);
- API added to WebRTC to obtain information about active transports, such as the use of SCTP or DTLS (Datagram Transport Layer Security), through which RTP and RTCP packets are sent or received. Also added interface RTCIceTransport to provide information about the state of transports
ICEs used in the RTCPeerConnection object; - The Cache-Control header implements the directive "β, which allows you to set an additional time window during which the browser can use a resource with an expired asynchronous recheck time;
- Scroll Snap Stop to determine the binding to elements during inertial scrolling (for example, a wide scrolling gesture when selecting in a list of images will result in the selection of not the last element, but the next one);
- In the Android version, the interface for autofilling account parameters in authentication forms has been improved. The tooltip block is now displayed directly above the on-screen keyboard and, when clicked, displays possible saved options instead of the on-screen keyboard, without obscuring the input form;
- Added experimental support for Reader Mode, when enabled, only meaningful text is displayed, and all related controls, banners, menus, navigation bars, and other non-content related parts of the page are hidden. Enabling support for the new mode is done by the chrome://flags/#enable-reader-mode option, after which an item for using it appears in the drop-down menu;
- The V8 JavaScript engine implements explicit caching of WebAssembly compilation results (when the page is reopened, previously processed WebAssembly components will be launched from the cache). IN
WebAssembly also added new memory.copy, memory.fill, table.copy, memory.init, and table.init instructions to copy, fill, and initialize large areas of memory; - Added support for directly parsing scripts on the fly as they are downloaded over the network without involving the main Chrome thread. Previously, the thread was first received in the main thread, from which it was redirected to the parser. This arrangement meant that the redirect could be blocked by other tasks running on the main thread, such as parsing HTML and executing other JavaScript. Now such a redirect is abolished;
- Improvements in tools for web developers:
- The CSS inspect mode provides autocompletion for the names and base values ββof functions that can be used in CSS properties (for example, "filter: blur(1px)"). Suggested values ββare immediately reflected in the page layout you view;
- The command panel displayed when pressing Ctrl+Shift+P implements the "Clear Site Data" command to clear all data associated with the page (similar to calling the menu Application > Clear Storage ), including Service workers, localStorage, sessionStorage, IndexedDB, Web SQL , Cookies, Cache and Application Cache;
- Added the ability to view all existing IndexedDB databases (previously, in Application > IndexedDB, you could view the database for the current domain, which did not allow, for example, to inspect the use of IndexedDB in blocks loaded via iframe);
- In the network inspection interface, the tooltip that pops up when hovering over the fields in the "Size" column now displays the size of the resource in its original form, without compression;
- The debugger sidebar provides separate output of information about the state of breakpoints associated with individual parts of complex expressions in a line (inline breakpoint), for example, those set in a method call chain;
- In the IndexedDB and Cache inspection panels, the display of counters of the total number of resources in the database or cache is implemented;
- The CSS inspect mode provides autocompletion for the names and base values ββof functions that can be used in CSS properties (for example, "filter: blur(1px)"). Suggested values ββare immediately reflected in the page layout you view;
- To experimental Canary builds support
access to DNS over HTTPS (DoH, DNS over HTTPS), which can be activated in chrome://flags#dns-over-https. DoH can be useful for preventing leaks of information about requested host names through the DNS servers of providers, combating MITM attacks and DNS traffic spoofing, resisting blocking at the DNS level, or organizing work in case it is impossible to directly contact DNS servers (for example, when working through a proxy);
In addition to innovations and bug fixes, the new version eliminates . Many of the vulnerabilities were identified as a result of automated testing tools , , , ΠΈ . No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the Vulnerability Bounty program for the current release, Google has paid out 13 bonuses worth $9000 (one $5000 bonus, two $1000 bonuses, and four $500 bonuses). The amount of 7 rewards has not yet been determined.
Source: opennet.ru