ProHoster > Blog > internet news > Chrome Release 89

Chrome Release 89

Google has unveiled the release of the Chrome 89 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser is distinguished by the use of Google logos, the presence of a system for sending notifications in the event of a crash, modules for playing protected video content (DRM), an automatic update system, and transmission when searching for RLZ parameters. The next release of Chrome 90 is scheduled for April 13th.

Key changes in Chrome 89:

  • The Android version of Chrome will now only run on Play Protect-certified devices. In virtual machines and emulators, Chrome for Android can be used if a valid device is emulated or the emulator is developed by Google. You can check whether the device is certified or not in the Google Play app in the settings section (on the settings page at the very bottom, the status β€œPlay Protect certification” is shown). For non-certified devices, such as third-party firmware, users are prompted to register their devices to run Chrome.
  • A small percentage of users are enabled to open websites via HTTPS by default when typing hostnames in the address bar. For example, entering the host "example.com" will default to https://example.com, and if there are problems opening, it will fall back to http://example.com. The setting "chrome://flags#omnibox-default-typed-navigations-to-https" has been proposed to control the use of "https://" by default.
  • Support for profiles is included, allowing different users to separate their accounts when working through one browser. For example, profiles can be used to organize access for family members or separate sessions used for work and personal interests. A user can create a new Chrome profile and set it to activate when connected to a specific Google account, allowing different users to share bookmarks, settings, and browsing history. When attempting to sign in to an account linked to another profile, the user will be prompted to switch to that profile. If the user has a binding to several profiles, he will be given the opportunity to select the desired profile. You can bind your color schemes to different profiles for visual separation of users.
    Chrome Release 89
  • Enabled showing content thumbnails when hovering over tabs in the top bar. Previously, tab content preview was disabled by default and required changing the "chrome://flags/#tab-hover-cards" setting.
    Chrome Release 89
  • For some users, the "Reading List" function (Reading List, "chrome://flags#read-later") is enabled, when activated, when you click on an asterisk in the address bar, in addition to the "Add bookmark" button, a second button "Add to reading list" appears ”, and the Reading List menu appears in the right corner of the bookmarks bar, which lists all pages previously added to the list. When you open a page from the list, it is marked as read. Pages in the list can also be marked as read and unread manually or removed from the list.
    Chrome Release 89
  • Users signed in to a Google Account without enabling Chrome Sync have access to payment methods and passwords saved in their Google Account. The feature is enabled for some users and will gradually be brought to the rest.
  • Enabled support for quick tab search, which previously required activation via the "chrome://flags/#enable-tab-search" flag. The user can view a list of all open tabs and quickly filter the desired tab, regardless of whether it is in the current or another window.
    Chrome Release 89
  • For all users, the processing of entering individual words in the address bar as attempts to open internal sites has been stopped. Previously, in the case of entering a single word in the address bar, the browser first tried to determine the presence of a host with that name in DNS, believing that the user was trying to open a subdomain, and only then redirected the request to the search engine. Thus, the owner of the DNS server specified in the user's settings received information about single-word search queries, which was assessed as a violation of confidentiality. For businesses using Internet hosts without a subdomain (such as "https://helpdesk/"), an option has been provided to revert to the old behavior.
  • Provided the ability to pin a version of an add-on or application. For example, to use only trusted add-ons in an enterprise, an administrator can use the new ExtensionSettings policy to configure Chrome to use its own URL to download updates instead of the URL specified in the add-on's manifest.
  • On x86 systems, the browser now requires processor support for SSE3 instructions, which have been supported by Intel since 2003 and AMD since 2005.
  • Additional APIs have been added to provide functionality that can replace third-party cookies used to track user movements between sites in the code of advertising networks, social network widgets and web analytics systems. The following APIs are offered for testing:
    • Trust Token to separate users without using cross-site identifiers.
    • First party sets - allows related domains to declare themselves primary so that the browser can take this relationship into account in cross-site requests.
    • Schemeful Same-Site to extend the concept of same-site to different URL schemes, i.e. http://website.example and https://website.example will be treated as one site in cross-site requests.
    • Floc to determine the category of user interests without individual identification and without reference to the history of visiting specific sites.
    • Conversion Measurement to evaluate user activity after switching to an ad.
    • User-Agent Client Hints to replace User-Agent and selectively return data about specific browser and system parameters (version, platform, etc.).
  • Added the Serial API to allow sites to read and write data over a serial port. The reason for the emergence of such an API is the ability to create web applications for direct control of devices such as microcontrollers and 3D printers. To gain access to a peripheral device, explicit authorization by the user is required.
  • The WebHID API has been added for low-level access to HID devices (Human interface devices, keyboards, mice, gamepads, touchpads), which allows you to implement the logic of working with a HID device in JavaScript to organize work with rare HID devices without the presence of specific drivers in the system. First of all, the new API is aimed at providing support for gamepads.
  • A Web NFC API has been added to allow web applications to read and write NFC tags. Examples of using the new API in web applications include providing information about museum exhibits, conducting an inventory, obtaining information from the badges of conference participants, etc. Tags are sent and scanned using the NDEFWriter and NDEFReader objects.
  • The Web Share API (navigator.share object) has moved beyond mobile devices and is now available to desktop browser users (only for Windows and Chrome OS so far). The Web Share API provides tools for sharing information on social networks, such as generating a unified button for sharing on the social networks used by the visitor, or arranging for data to be sent to other applications.
  • The Android versions and the WebView component include support for decoding the AVIF (AV1 Image Format) image format, which uses intra-frame compression technologies from the AV1 video encoding format (in desktop versions, AVIF support was included back in Chrome 85). The container for distributing compressed data in AVIF is completely similar to HEIF. AVIF supports both images in HDR (High Dynamic Range) and Wide-gamut color space, as well as in standard dynamic range (SDR).
  • A new Reporting API has been added to get information about a violation of the rules of safe use on the page of privileged operations, specified through the header COOP (Cross-Origin-Opener-Policy), which also allows you to put COOP into debug mode, which works without blocking rule violations.
  • The performance.measureUserAgentSpecificMemory() function has been added to determine the amount of memory consumed during page processing.
  • To comply with the web standard, all "data:" URLs are now treated as potentially trustworthy, i.e. are part of the protected context.
  • The Streams API has added support for Byte Streams, which are specifically optimized to efficiently transfer arbitrary sets of bytes and minimize the number of data copy operations. The stream's output can be written to primitives such as strings or ArrayBuffer.
  • SVG elements now support the full "filter" property syntax, which allows filtering functions such as blur(), sepia(), and grayscale() to be applied to SVG and non-SVG elements at the same time.
  • CSS implements the "::target-text" pseudo-element, which can be used to highlight the fragment to which the text was navigated (scroll-to-text) with a different style than is used by the browser when highlighting the found one.
  • Added CSS properties to control corner rounding: border-start-start-radius, border-start-end-radius, border-end-start-radius, border-end-end-radius.
  • Added the forced-colors CSS property to determine if the browser uses a user-specified, restricted color palette on a page.
  • Added forced-color-adjust CSS property to disable forced color constraint on individual elements, leaving them full color control via CSS.
  • JavaScript allows the use of the await keyword in modules at the top level, which makes it easier to integrate asynchronous calls into the module loading process and avoid wrapping in an "async function". For example, instead of (async function() { await Promise.resolve(console.log('test')); }()); now you can write await Promise.resolve(console.log('test'));
  • In the V8 JavaScript engine, function calls are accelerated when the number of arguments passed does not match the parameters defined in the function. With a discrepancy in the number of arguments in non-JIT mode, performance increased by 11.2%, and when using JIT TurboFan by 40%.
  • A large portion of small improvements have been made to the tools for web developers.

In addition to innovations and bug fixes, 47 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. At the same time, it is noted that one of the fixed vulnerabilities (CVE-2021-21166), related to the lifetime of objects in the sound subsystem, has the character of a 0-day problem and was used in one of the exploits before the fix. As part of the Vulnerability Bounty program for the current release, Google has paid out 33 bonuses worth $61000 (two $10000 bonuses, two $7500 bonuses, three $5000 bonuses, two $3000 bonuses, four $1000 bonuses, and two $500 bonuses). The amount of 18 rewards has not yet been determined.

Source: opennet.ru

Add a comment