Google company web browser release ... Simultaneously stable release of a free project , which is the basis of Chrome. Chrome browser the use of Google logos, the presence of a system for sending notifications in case of a crash, the ability to download a Flash module on demand, modules for playing protected video content (DRM), an automatic update system, and transmission on search . The next release of Chrome 86 is scheduled for October 6.
:
- the ability to collapse groups of tabs. Tabs are combined into groups using the context menu and can be associated with a specific color and label. When clicking on a group label, the tabs associated with it are now hidden, leaving a single label instead. Clicking again on the label removes the hide.
- Implemented tab content preview. Hovering over a tab button now shows a thumbnail of the tabbed page. The feature is not yet enabled for all users and can be enabled using the "chrome://flags/#tab-hover-cards" setting.
- Added the ability to save edited PDF forms, as well as the "chrome://flags#pdf-viewer-update" and "chrome://flags/#pdf-two-up-view" settings for experimenting with viewing PDF documents.
- Added the ability to exchange links using QR codes. To generate a QR code for the current page, a special icon is placed in the address bar, which appears when you click on the address bar. The feature is not yet enabled for all users and can be enabled using the "chrome://flags/#sharing-qr-code-generator" setting.
- The about:flags page now has an option "Omnibox UI Hide Steady-State URL Path, Query, and Ref" ("chrome://flags#omnibox-ui-hide-steady-state-url-path-query-and-ref- on-interaction"), disable the display of path elements and query parameters in the address bar, leaving only the site domain visible. Hiding is done at the start of interaction with the page (during loading and until the user starts scrolling, the full URL is shown). After hiding, to view the full URL, you are invited to click on the address bar. There is also an option "chrome://flags#omnibox-ui-reveal-steady-state-url-path-query-and-ref-on-hover" to show the full URL on hover. Available in the context menu setting "Always show URL in full", cancels the hiding of "https://", "www.", paths and parameters. By default, hiding is only enabled for a small percentage of users so far. The motive for the change is the desire to protect users from phishing that manipulates parameters in the URL.
- In tablet mode for devices with touch screens, horizontal open tab navigation is enabled, which displays large thumbnails of the pages associated with the tabs in addition to the titles on the tabs. Tabs can be moved and rearranged with on-screen gestures. The display of thumbnails is turned on and off with a special button located next to the address bar and the user's avatar. To disable the mode, the settings "chrome://flags/#webui-tab-strip" and "chrome://flags/#scrollable-tabstrip" are provided.
- In the Android version, when typing in the address bar in the list of suggested pages, a tooltip is provided to quickly navigate to already open tabs.
- In the Android version, in the context menu of links that appears when you long-press on a link, labels for highlighting fast pages. Speed ββis determined based on metrics , which takes into account aggregated metrics for load time, responsiveness, and content stability.
- Blocking provided (without encryption) of executable files and added warnings for insecure loading of archives (zip, iso, etc.). The next release is expected to block archives and issue a warning for documents (docx, pdf, etc.). In the future, it is planned to gradually phase out support for downloading files without using encryption. The blocking is implemented because downloading files without encryption can be used to perform malicious actions by replacing the content during MITM attacks.
- By default, support for the AVIF (AV1 Image Format) image format is enabled, which uses intra-frame compression technologies from the AV1 video encoding format. The container for distributing compressed data in AVIF is completely similar to HEIF. AVIF supports both images in HDR (High Dynamic Range) and Wide-gamut color space, as well as in standard dynamic range (SDR).
- When compiling assemblies for Windows and macOS by default when calling the MSVC and Clang compilers optimizations based on the results of code profiling (PGO - Profile-guided optimization), which allow generating more optimal code based on an analysis of the features of the program execution. Enabling PGO made it possible to speed up the loading of tabs by approximately 10% (acceleration of the Speedometer 2.0 test in macOS by 7.7%, and in Windows by 11.4%). Interface responsiveness increased by 3.9% on macOS and 7.3% on Windows.
- Added an experimental "Tab Throttling" mode for background tab activity, available via the "chrome://flags##intensive-wake-up-throttling" setting (enabled by default in Chrome 86). When the mode is enabled, the transfer of control to background tabs (TaskQueues) is reduced to 1 call per minute if the page has been in the background for more than 5 minutes.
- For all categories of users, the mode of reducing CPU consumption is activated when the browser window is not in the user's field of vision. Chrome checks to see if the browser window is being overlapped by other windows and avoids drawing pixels in areas of overlap.
- protection against loading mixed media content (when resources are loaded on an HTTPS page using the http:// protocol). On pages opened via HTTPS, the automatic replacement of "http://" links with "https://" in the blocks associated with loading images has been implemented (scripts and iframes, sound files and videos were replaced earlier). If the image is not available via https, then its loading is blocked (manually you can mark the blocking through the menu, accessible through the padlock symbol in the address bar).
- For TLS certificates issued starting September 1, 2020, apply a new limitation on the validity period - the lifetime of these certificates will not be able to exceed 398 days (13 months). Similar restrictions apply in Firefox and Safari. For certificates received before September 1st, trust will be maintained, but limited to 825 days (2.2 years).
- Several new APIs have been added to the Origin Trials mode (experimental features that require separate activation). Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
- concept to provide seamless navigation between sites and insert one page into another to preview content before moving on. New tag proposed , which allows you to display another page in the insert form, with focus on which, the page shown in the insert will be transferred to the state of the main document, within which navigation is allowed. Unlike an iframe, the insert is completely isolated from the base page and is treated as a separate document.
- API , which allows fetch requests to load content as a stream (previously, the request required the content to be completely ready, but now you can start sending data in the form of a stream without waiting for the request body to be completely ready). For example, a web application can start sending web form data as soon as the user starts typing in the input field, and when the input is completed, the data via fetch () will already be sent. Including through the new API, you can transfer audio and video data generated on the client side.
- API Proposed to create new root branches in , for example, to separate an imported third-party element style and its associated DOM highlight from the main document. The proposed declarative API allows you to bypass HTML-only DOM branches without having to write JavaScript code.
- Property added , which allows the sender of RTC streams (real-time communication) to control the inclusion of an adaptive mechanism for sending packets.
- Easier provision of persistent storage for already installed PWA (Progressive Web Apps) and TWA (Trusted Web Activities) applications
The application just needs to call the navigator.storage.persist() method and will be provided automatically.
- Implemented a new CSS rule that allows you to register with inheritance, type checking and defaults. The @property action is similar to the previously added registerProperty() method.
- For systems with Windows OS, it is possible to use the method to determine the installation of PWA applications. Previously, this method only worked on the Android platform.
- Supported for desktop systems , allowing you to provide quick access to popular typical actions in the application. To create shortcuts, it is enough to add elements to the manifest of a web application in the PWA (Progressive Web Apps) format. Previously, app shortcuts were only available on the Android platform.
- Added CSS property to control content visibility to optimize rendering. When set to 'auto', visibility is determined by the browser based on the element's proximity to the edge of the visible area. The 'hidden' value allows full control over the display of the element from scripts.
- Added CSS property to set a specific value for existing counters. The new CSS property complements the previously available counter-reset and counter-increment properties, which are used to create a new counter or increment an existing one.
- Added 'page' CSS property to reflect page when printed, and 'page-orientation' property to get page orientation information ('upright', 'rotate-left' and 'rotate-right'). Implemented support for referring to pages by name, for example "@page foobar {}".
- Implemented API to measure event delays before and after page load.
- The leavepictureinpicture event now passes a reference to pictureInPictureWindow to access the window in Picture-in-Picture mode.
- When populating the Referrer header by default now strict-origin-when-cross-origin rule (send Referrer truncated to other hosts from which resources are downloaded) instead of no-referrer-when-downgrade (Referrer is not populated when accessing from HTTPS to HTTP, but is passed when downloading resources over HTTPS) .
- In WebAuthn API new getPublicKey(), getPublicKeyAlgorithm() and getAuthenticatorData() methods.
- In WebAssembly support for importing and exporting 64-bit integer function parameters using the BigInt JavaScript type.
- Extension implemented in WebAssembly , functions return more than one value.
- The initial (baseline) Liftoff compiler for WebAssembly is enabled for all architectures and platforms, not just for Intel systems. The key difference between Liftoff and the previously used TurboFan compiler is that Liftoff aims to achieve the highest initial compilation speed at the cost of low generated code performance. Liftoff is much simpler than TurboFan and generates ready-to-run machine code very quickly, allowing you to start executing it almost immediately, keeping compilation delay to a minimum. To speed up the draft code, an optimizing recompilation phase is launched in parallel, which is performed using the Turbofan compiler. After the optimized machine instructions are ready, the initial draft is replaced with faster code. In sum, by reducing the delay before the start of execution, the use of Liftoff led to an increase in the performance of the WebAssembly test suite by about 20%.
- In JavaScript new logical assignment operators: "??=", "&&=" and "||=". The "x ??= y" operator performs an assignment only if "x" evaluates to null or undefined. The "x ||= y" operator performs an assignment only if "x" is FALSE and "x &&= y" is TRUE.
- The String.prototype.replaceAll() method has been added, which returns a new string (the original string does not change), in which all matches are replaced based on the specified pattern. Patterns can be either simple masks or regular expressions.
- The Promise.any() method is implemented, which returns the first fulfilled Promise from the list.
- The AppCache manifest (a technology for organizing the work of a web application in offline mode) has been terminated. The reason given is the desire to get rid of one of the attack vectors associated with cross-site scripting. API is recommended instead of AppCache .
- Disallowed Cookie transmission in SameSite=None mode for unencrypted connections. The SameSite attribute is specified in the Set-Cookie header to control cookie transmission, and is set by default to "SameSite=Lax" to restrict the sending of cookies for cross-site subrequests such as requesting an image or downloading content via an iframe from another site.
Sites can override the default SameSite behavior by explicitly setting the Cookie to SameSite=None. The SameSite=None value for Cookies can now only be set in Secure mode, which is valid for connections over HTTPS. - In web developer tools support for editing styles created by CSS-in-JS frameworks using the CSSOM (CSS Object Model) API, as well as styles added from JavaScript. Audit Dashboard updated to release , which adds new Largest Contentful Paint (LCP), Cumulative Layout Shift (CLS), and Total Blocking Time (TBT) metrics.
- The Performance Evaluation Dashboard displays information about . In the case of user navigation on the page, the timeline is provided to show the time relative to the start of the navigation, and not the start of the recording.
In addition to innovations and bug fixes, the new version eliminates . Many of the vulnerabilities were identified as a result of automated testing tools , , , ΠΈ . No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the vulnerability bounty program for the current release, Google has paid out 14 awards worth $10000 (one $5000 award, three $1000 awards, and four $500 awards). The amount of 6 rewards has not yet been determined.
Source: opennet.ru