ProHoster > Blog > internet news > Chrome Release 77

Chrome Release 77

Google has released a new version of the Chrome Internet browser. At the same time, a new release of the open-source Chromium project, the foundation of Chrome, is available. The next release is scheduled for October 22nd.

In the new version:

  • Separate tagging of sites with EV (Extended Validation) level certificates has been discontinued. Information about the application of EV certificates is now only displayed in the drop-down menu shown when clicking on the secure connection icon. The name of the company verified by the certification authority, to which the EV certificate is linked, will no longer be displayed in the address bar;
  • Improved isolation of site handlers. Added protection for cross-site data such as cookies and HTTP resources obtained from third-party sites controlled by attackers. Isolation works even if an attacker detects an error in the process responsible for rendering and tries to execute the code in its context;
  • Added a new welcome page for new users (chrome://welcome/), which is displayed instead of the standard new tab interface after the first launch of Chrome. The page allows you to bookmark popular Google services (GMail, YouTube, Maps, News, and Translate), attach shortcuts to the new tab page, connect to a Google account to enable Chrome Sync, and set the default Chrome call on the system.
  • Added the ability to load a background image to the New Tab page menu displayed in the upper right corner, as well as options for choosing a theme and setting up a shortcut block for quick navigation (most visited sites, manual user selection, and hiding shortcut blocks). The settings are still positioned as experimental and require activation through the flags "chrome://flags/#ntp-customization-menu-v2" and "chrome://flags/#chrome-colors-custom-color-picker";
  • Provided animation of the site icon in the tab header, signaling that the page is in the process of loading;
    Added "--guest" flag to start Chrome from the command line in guest login mode (without connecting to a Google account, without writing browser activity to disk and without saving the session);
  • The cleanup of flags in chrome://flags, started in the previous release, continued. Instead of flags to customize browser behavior, it is now recommended to use rule sets;
  • A "Send to your devices" button has been added to the context menu of the page, tab, and address bar, allowing you to send a link to another device using Chrome Sync. After selecting the destination device linked to the same account and sending the link, a notification will be displayed on the destination device to open the link;
  • In the Android version, the page with the list of uploaded files has been completely redesigned, in which, instead of a drop-down menu with content sections, buttons have been added to filter the general list by content type, and thumbnails of uploaded images are now shown in full screen width;
  • New metrics have been added to evaluate the speed of loading and rendering content in the browser, allowing the web developer to determine how quickly the main content of the page becomes available to the user. The previously proposed rendering control tools made it possible to judge only the very fact of the start of rendering, but not the readiness of the page as a whole. Chrome 77 introduces the new Largest Contentful Paint API, which allows you to find out the rendering time for large (visible to the user) elements in the visible area, such as images, videos, block elements, and the page background;
  • Added a PerformanceEventTiming API that provides information about the delay before the first user interaction (for example, pressing a key on the keyboard or mouse, clicking, or moving the pointer). The new API is a subset of the EventTiming API that provides additional insights for measuring and optimizing UI responsiveness;
  • Added new features for forms that make it easier to use your own non-standard form controls (non-standard input fields, buttons, etc.). The new "formdata" event makes it possible to use JavaScript handlers to add data to a form when it is submitted, without having to store the data in hidden input elements.
    The second new feature is support for creating custom form-associated elements that act as built-in form controls, including support for features such as enabling input validation and initiating data submission to the server. The formAssociated property is proposed to mark an element as a form interface component, and the attachInternals() call is added to access additional form control methods such as setFormValue() and setValidity();
  • In Origin Trials mode (experimental features that require separate activation), a new Contact Picker API has been added that allows the user to select entries from the address book and pass certain details about them to the site. The request defines a list of properties that need to be obtained (for example, full name, email, phone number). These properties are explicitly displayed to the user, who makes the final decision to transfer data or not. The API can be used, for example, in a web-based email client to select recipients for a sent letter, in a web application with a VoIP function to initiate a call to a specific number, or in a social network to search for already registered friends.
    Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site;
  • For forms, the "enterkeyhint" attribute is implemented, which allows you to define the behavior when pressing the Enter key on the virtual keyboard. The attribute can take the values ​​enter, done, go, next, previous, search, and send;
  • Added a document-domain rule that controls access to the "document.domain" property. By default, access is allowed, but if it is denied, an attempt to change the value of "document.domain" will result in an error;
  • Added a LayoutShift call to the Performance API to track changes in the position of DOM elements on the screen.
    The size of the "Referer" HTTP header is limited to 4 KB; if this value is exceeded, the content is truncated to the domain name;
  • The url argument to the registerProtocolHandler() function is limited to using only the http:// and https:// schemes, and now does not allow the "data:" and "blob:" schemes;
  • Added support for formatting units, currencies, scientific and compact notation to the Intl.NumberFormat method (for example, "Intl.NumberFormat('en', {style: 'unit', unit: 'meter-per-second'}");
  • Added new CSS properties overscroll-behavior-inline and overscroll-behavior-block to control scrolling behavior when the logical border of the scroll area is reached;
  • Support for the break-spaces value has been implemented for the white-space CSS property;
  • Service Workers added support for HTTP Basic authentication and displaying a regular dialog for entering login parameters;
  • The Web MIDI API can now only be used in the context of a secure connection (https, local file, or localhost);
  • The WebVR 1.1 API has been deprecated, replaced by the WebXR Device API, which allows access to components for creating virtual and augmented reality and unifies work with various classes of devices, from stationary virtual reality helmets to solutions based on mobile devices.
    Added the ability to copy the CSS properties of a DOM node to the clipboard in developer tools via the right-click context menu on a node in the DOM tree. Added an interface (Show Rendering/ Layout Shift Regions) to track markup shifts due to the lack of placeholders for ads and images (when loading the next image shifts the text down when viewing). Audit Dashboard updated to Lighthouse 5.1 release. Provided automatic switching to the dark theme of the DevTools design when using a dark theme in the OS. In the network inspection mode, a feature for loading a resource from the prefetch cache has been added. Added support for displaying push messages and notifications in the Application panel. In the web console, when previewing objects, private fields of classes are now displayed;
  • In the V8 JavaScript engine, storage of statistics on the types of operands committed to different operations has been optimized (allows you to optimize the execution of these operations, taking into account specific types). To reduce memory consumption, type-aware vectors are now allocated in memory only after a certain amount of bytecode has been executed, which eliminates the use of optimizations for functions with a short lifetime. This change saves 1-2% memory on desktop and 5-6% on mobile;
  • Improved scalability of WebAssembly background compilation - the more processor cores in the system, the greater the benefit from the added optimizations. For example, on a 24-core Xeon machine, the compilation time of the Epic ZenGarden demo application was halved;

In addition to innovations and bug fixes, 52 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. One issue (CVE-2019-5870) is marked as critical, i.e. allows you to bypass all levels of browser protection and execute code on the system outside the sandbox environment. Details about the critical vulnerability have not yet been disclosed, it is only known that it can lead to accessing an already freed memory area in the multimedia data processing code. As part of the Vulnerability Bounty program for the current release, Google has paid out 38 awards worth $33500 (one $7500 award, four $3000 awards, three $2000 awards, four $1000 awards, and eight $500 awards). The amount of 18 rewards has not yet been determined.

Source: linux.org.ru

Add a comment