Google company web browser release ... Simultaneously stable release of a free project , which is the basis of Chrome. Chrome browser the use of Google logos, the presence of a system for sending notifications in case of a crash, the ability to download a Flash module on demand, modules for playing protected video content (DRM), an automatic update system, and transmission on search . The next release of Chrome 79 is scheduled for December 10th.
:
- experimental support for "DNS over HTTPS" (DoH, DNS over HTTPS), which will be selectively enabled for certain categories of users whose system settings already have DNS providers that support DoH. For example, if the user has DNS 8.8.8.8 specified in the system settings, then the Google DoH service (“https://dns.google.com/dns-query”) will be activated in Chrome, if the DNS is 1.1.1.1, then DoH Cloudflare service ("https://cloudflare-dns.com/dns-query"), etc.
To control whether DoH is enabled, the "chrome://flags/#dns-over-https" setting is provided. Three operating modes are supported "secure", "automatic" and "off". In "secure" mode, hosts are determined only based on previously cached secure values (obtained over a secure connection) and requests via DoH, fallback to regular DNS is not applied. In the "automatic" mode, if DoH and the secure cache are not available, data can be retrieved from the insecure cache and accessed through traditional DNS. In the "off" mode, the shared cache is first checked and if there is no data, the request is sent through the system DNS.
- Sync Tools has preview support for shared clipboard, which is not yet enabled for all users. Instances of Chrome linked by the same account can now access the contents of the clipboard of another device, including the ability to share the clipboard between mobile and desktop. The contents of the clipboard are encrypted using end-to-end encryption, which does not allow access to the text on Google servers;
- For certain categories of users, the experimental ability to change the theme and customize the screen shown when opening a new tab is included. In addition to selecting a background image, the "Customize" menu displayed in the lower right corner of the New Tab screen now supports changing the label layout method and the ability to change the theme. Shortcuts can be auto-suggested based on most visited sites, user-selected, or disabled altogether. The theme can be selected from a set of predefined themes or create your own based on the selection of desired colors in the palette. To enable new features, you can use the flags "chrome://flags/#ntp-customization-menu-v2" and
"chrome://flags/#chrome-colors"; - For businesses, the address bar has the ability to search for files in Google Drive storage enabled by default. The search is carried out not only by titles, but also by the contents of documents, taking into account the history of their opening in the past;
- The composition includes the Password Checkup component, which will be progressively activated for certain categories of users (for forced inclusion, the flag “chrome://flags/#password-leak-detection” is provided). Password Checkup earlier as , designed to analyze the strength of passwords used by the user. When you try to log in to any site, Password Checkup checks the login and password against the database of compromised accounts with a warning in case of problems (checking based on the user-side hash prefix). The check is carried out against a database covering more than 4 billion compromised accounts that appeared in leaks of user databases. A warning is also issued when attempting to use trivial passwords such as "abc123";
- Added the ability to initiate a call from an Android device linked to the same Google account. In a desktop browser, the user can highlight the phone number in the text, right-click and redirect the call operation to the Android device, after which a notification will pop up on the phone, allowing you to initiate a call;
- Changed the format of the tooltip displayed when hovering the mouse over the tab title. The tooltip is now displayed as a popup block that shows the full text of the title and URL of the page. The block is convenient to use to quickly find the desired page when opening a very large number of tabs (instead of browsing through the tabs, you can drag the mouse over the tabbed panel and find the page you are looking for). In the future, this block is planned to provide a page thumbnail display;
- An experimental feature (chrome://flags/#enable-force-dark) has been added to force the use of a dark theme when browsing sites. Color inversion is used to provide a dark view of the site;
- specification support , which allows you to register your own CSS properties that are always of a certain type, allow you to set a default value, and allow animation effects to be attached. The registerProperty() method or the @property CSS rule can be used to register a property, for example:
CSS.registerProperty({
name: "--my-font-size",
syntax: "‹length›",
initialValue: "0px",
inherits: false
}); - In Origin Trials mode (experimental features that require a separate ) proposed several new APIs. Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
- API , which allows you to create web applications that interact with files in the local file system. For example, the new API may be required in browser-based IDEs, text editors, image editors, and video editors. To be able to directly write and read files, use dialogs to open and save files, and navigate through the contents of directories, the application asks the user for a special confirmation;
- Movement , which allows you to place on other sites verified copies of web pages that look like original pages to the user (without changing the URL), the ability to download sub-resources (CSS, JS, images, etc.) from the original site. The original source of the resource is specified through the Link HTTP header, which also specifies the verification hash for verifying each resource. With this new feature, content providers can create a single signed HTML file that includes all associated sub-resources;
- API , which allows a web application to access SMS messages, for example, to automate the verification of an operation using a one-time code sent via SMS. Access is granted only to SMS, which contain a special tag that determines the binding of the message to a specific web application;
- API , which allows you to create web applications that interact with files in the local file system. For example, the new API may be required in browser-based IDEs, text editors, image editors, and video editors. To be able to directly write and read files, use dialogs to open and save files, and navigate through the contents of directories, the application asks the user for a special confirmation;
- The performance of loading ArrayBuffer objects via Web Socket has been significantly improved. On the Linux platform, there is an increase in download speed by 7.5 times, in Windows - by 4.1 times, in macOS - by 7.8 times;
- Added the ability to define percentage transparency values in the opacity, stop-opacity, fill-opacity, stroke-opacity, and shape-image-threshold CSS properties. For example, instead of "opacity: 0.5" you can now specify "opacity: 50%";
- In the API allowed passing arbitrary timestamps to performance.measure() and performance.mark() calls to perform measurements between them, as well as specifying arbitrary metadata;
- In Media Session API support for defining handlers for changing the position in the stream (seekto), in addition to the previously available pause and playback start handlers;
- In the V8 JavaScript engine background parsing of scripts on the fly as they are downloaded over the network. The implemented optimization allowed to reduce the script compilation time by 5–20%. The new release also improves the performance of object destructuring (converting "const {x, y} = object;" to "const x = object.x; const y = object.y;"). Improved performance of RegExp expressions with mismatched matches.
Significantly (by 9-20%) increased the speed of calling JavaScript functions from WebAssembly and vice versa. When compiling bytecode, the efficiency of building tables of binding to initial positions has been increased, which has reduced memory consumption by
1-2.5%. - tools for web developers. The audit panel can now be used in combination with other features such as request blocking and download overriding. Added support for debugging payment processors via the Payment API. Added LCP (Largest Contentful Paint) labels to the performance analysis panel, reflecting the rendering time of the largest elements;
- XSS Auditor cross-site scripting blocking mechanism, which is recognized as ineffective (attackers have long been using methods to bypass XSS Auditor protection) and adds new vectors for information leakage;
- The Android version provides the ability to use a dark theme for menus, settings and navigation mode for open sites.
In addition to innovations and bug fixes, the new version eliminates . Many of the vulnerabilities were identified as a result of automated testing tools , , , и . No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the Vulnerability Bounty Program for the current release, Google has paid out 21 awards worth $59500 (one $20000 award, one $15000 award, one $5000 award, two $3000 awards, three $2000 awards, five $1000 awards, and five $500). The amount of 4 rewards has not yet been determined.
Source: opennet.ru