Google company web browser release ... Simultaneously stable release of a free project , which is the basis of Chrome. Chrome browser the use of Google logos, the presence of a system for sending notifications in case of a crash, the ability to download a Flash module on demand, modules for playing protected video content (DRM), an automatic update system, and transmission on search . The next release of Chrome 78 is scheduled for October 22.
:
- separate marking of sites with certificates of the EV level (Extended Validation). Information about the application of EV certificates is now only displayed in the drop-down menu shown when clicking on the secure connection icon. The name of the company verified by the certification authority, to which the EV certificate is linked, will no longer be displayed in the address bar;
- Improved isolation of site handlers. Added protection for cross-site data such as cookies and HTTP resources obtained from third-party sites controlled by attackers. Isolation works even if an attacker detects an error in the process responsible for rendering and tries to execute the code in its context;
- Added a new welcome page for new users (chrome://welcome/), which is displayed instead of the standard new tab interface after the first launch of Chrome. The page allows you to bookmark popular Google services (GMail, YouTube, Maps, News, and Translate), attach shortcuts to the new tab page, connect to a Google account to enable Chrome Sync, and set the default Chrome call on the system.
- Added the ability to load a background image to the New Tab page menu displayed in the upper right corner, as well as options for choosing a theme and setting up a shortcut block for quick navigation (most visited sites, manual user selection, and hiding shortcut blocks). The settings are still positioned as experimental and require activation through the flags "chrome://flags/#ntp-customization-menu-v2" and "chrome://flags/#chrome-colors-custom-color-picker";
- Provided animation of the site icon in the tab header, signaling that the page is in the process of loading;
- Added "-guest" flag to start Chrome from the command line in guest login mode (without connecting to a Google account, without writing browser activity to disk and without saving the session);
- The cleanup of flags in chrome://flags, started in the previous release, continued. Instead of flags to customize browser behavior, it is now recommended to use rule sets;
- A "Send to your devices" button has been added to the context menu of the page, tab, and address bar, allowing you to send a link to another device using Chrome Sync. After selecting the destination device linked to the same account and sending the link, a notification will be displayed on the destination device to open the link;
- In the Android version, the page with the list of uploaded files has been completely redesigned, in which, instead of a drop-down menu with content sections, buttons have been added to filter the general list by content type, and thumbnails of uploaded images are now shown in full screen width;
- new metrics for evaluating the speed of loading and rendering content in the browser, allowing the web developer to determine how quickly the main content of the page becomes available to the user. The previously proposed rendering control tools made it possible to judge only the very fact of the start of rendering, but not the readiness of the page as a whole. Chrome 77 introduces new API , which allows you to find out the rendering time of large (visible to the user) elements in the visible area, such as images, videos, block elements, and the page background;
- Added API A that provides information about the delay before the first user interaction (for example, pressing a key on the keyboard or mouse, clicking, or moving the pointer). The new API is a subset of the EventTiming API that provides additional insights for measuring and optimizing UI responsiveness;
- new features for forms that make it easier to use your own non-standard form controls (non-standard input fields, buttons, etc.). The new "formdata" event makes it possible to use JavaScript handlers to add data to a form when it is submitted, without having to store the data in hidden input elements.
The second new feature is support for creating custom form-associated elements that act as built-in form controls, including support for features such as enabling input validation and initiating data submission to the server. The formAssociated property is proposed to mark an element as a form interface component, and the attachInternals() call is added to access additional form control methods such as setFormValue() and setValidity();
- In the mode (experimental features requiring separate activation) new API added , which allows the user to select entries from the address book and pass certain details about them to the site. The request defines a list of properties that need to be obtained (for example, full name, email, phone number). These properties are explicitly displayed to the user, who makes the final decision to transfer data or not. The API can be used, for example, in a web-based email client to select recipients for a sent message, in a web application with a VoIP function to initiate a call to a specific number, or in a social network to search for already registered friends.
Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
- For forms, the attribute "", which allows you to define the behavior when you press the Enter key on the virtual keyboard. The attribute can take the values ββenter, done, go, next, previous, search, and send;
- Rule added , which controls access to the "document.domain" property. By default, access is allowed, but if it is denied, an attempt to change the value of "document.domain" will result in an error;
- Call added to Performance API , which allows you to track the change in the position of DOM elements on the screen.
- The size of the "Referer" HTTP header is limited to 4 KB; if this value is exceeded, the content is truncated to the domain name;
- The url argument to the registerProtocolHandler() function is restricted to use only the http:// and https:// schemes, and now does not allow the "data:" and "blob:" schemes.
- The method added support for formatting units, currencies, scientific and compact symbols (for example, "Intl.NumberFormat('en', {style: 'unit',
unit: 'meter-per-second'}"); - Added new CSS properties to control scrolling behavior when the logical border of the scroll area is reached;
- For the white-space CSS property support for the value of break-spaces;
- In Service Workers support for HTTP Basic authentication and displaying a regular dialog for entering login parameters;
- The Web MIDI API can now only be used in the context of a secure connection (https, local file, or localhost);
- Deprecated WebVR 1.1 API, replaced by API , which allows you to access components for creating virtual and augmented reality and unify work with various classes of devices, from stationary virtual reality helmets to solutions based on mobile devices.
- In developer tools the ability to copy the CSS properties of a DOM node to the clipboard through the context menu called by right-clicking on a node in the DOM tree. Added an interface (Show Rendering/ Layout Shift Regions) to track markup shifts due to the lack of placeholders for ads and images (when loading the next image shifts the text down when viewing). Audit Dashboard updated to release . Provided automatic switching to the dark theme of the DevTools design when using a dark theme in the OS. In the network inspection mode, a feature for loading a resource from the prefetch cache has been added. Added support for displaying push messages and notifications in the Application panel. In the web console, when previewing objects, private fields of classes are now displayed;
- In the V8 JavaScript engine, storage of statistics on the types of operands committed to different operations has been optimized (allows you to optimize the execution of these operations, taking into account specific types). To reduce memory consumption, type-aware vectors are now allocated in memory only after a certain amount of bytecode has been executed, which eliminates the use of optimizations for functions with a short lifetime. This change saves 1-2% memory on desktop and 5-6% on mobile.
Improved scalability of WebAssembly background compilation - the more processor cores in the system, the greater the benefit from the added optimizations. For example, on a 24-core Xeon machine, the compilation time for the Epic ZenGarden demo application was halved.
In addition to innovations and bug fixes, the new version eliminates . Many of the vulnerabilities were identified as a result of automated testing tools , , , ΠΈ . One issue (CVE-2019-5870) is marked as critical, i.e. allows you to bypass all levels of browser protection and execute code on the system outside the sandbox environment. Critical Vulnerability Details So Far , we only know that it can lead to accessing an already freed memory area in the multimedia data processing code. As part of the Vulnerability Bounty program for the current release, Google has paid out 38 awards worth $33500 (one $7500 award, four $3000 awards, three $2000 awards, four $1000 awards, and eight $500 awards). The amount of 18 rewards has not yet been determined.
Source: opennet.ru