ProHoster > Blog > internet news > Chrome Release 96

Chrome Release 96

Google has unveiled the release of the Chrome 96 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser is distinguished by the use of Google logos, the presence of a system for sending notifications in the event of a crash, modules for playing protected video content (DRM), an automatic update system, and transmission when searching for RLZ parameters. The Chrome 96 branch will be followed for 8 weeks as part of the Extended Stable cycle. The next release of Chrome 97 is scheduled for January 4th.

Key changes in Chrome 96:

  • The bookmarks bar displayed under the address bar hides the Apps button by default, which allows you to open the chrome://apps page with a list of installed services and web applications.
    Chrome Release 96
  • Ended support for Android 5.0 and earlier.
  • Added support for redirection from HTTP to HTTPS using DNS (when determining IP addresses, in addition to the DNS records "A" and "AAAA", the DNS record "HTTPS" is also requested, if available, the browser will immediately connect to the site via HTTPS).
  • In the edition for desktop systems, the back-forward cache, which provides an instant transition when using the "Back" and "Forward" buttons, has been expanded to support navigating through previously viewed pages after opening another site.
  • Added "chrome://flags#force-major-version-to-100" setting to test for possible site breaking when the browser reaches a 10-digit version instead of 100 (at one time after the release of Chrome 100.0.4664.45 in User-Agent parsing libraries a lot of problems came up). When the option is enabled, version XNUMX (Chrome/XNUMX) is emitted in the User-Agent header.
  • In builds for the Windows platform, data related to the operation of network services (cookies, etc.) has been moved to a separate subdirectory "Network" in preparation for the implementation of the network isolation mechanism (Network Sandbox).
  • Several new APIs have been added to the Origin Trials mode (experimental features that require separate activation). Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
    • A FocusableMediaStreamTrack object (to be renamed to BrowserCaptureMediaStreamTrack) has been proposed that supports a focus() method, which can be used by applications that capture the contents of windows or tabs (for example, programs for broadcasting the contents of windows during video conferences) to receive information about the focus of the input and track its change .
    • The Priority Hints mechanism has been implemented, which allows you to set the importance of a particular downloadable resource by specifying an additional attribute "importance" in tags such as iframe, img and link. The attribute can take the values ​​"auto" and "low", and "high", which affect the order in which the browser loads external resources.
  • The Cross-Origin-Embedder-Policy header, which controls the Cross-Origin isolation mode and allows you to define secure usage rules in the privileged operations page, now supports the "credentialless" parameter to disable the transmission of credential-related information such as cookies and client certificates.
  • CSS introduces a new pseudo-class ":autofill" that allows you to track the automatic filling of the fields in the input tag by the browser (the selector does not work with manual filling).
  • To avoid looping requests, the writing-mode, direction, and backgrounds CSS properties are no longer propagated to the viewport when applying the contain (CSS Containment) CSS property to HTML or BODY tags.
  • The font-synthesis CSS property has been added, which allows you to control the ability to synthesize styles (oblique, bold and small-cap) that are not in the selected font family.
  • Added an InteractionID attribute to the PerformanceEventTiming API, which provides additional insights for measuring and optimizing UI responsiveness, with the user interaction ID. The ID allows you to associate different metrics with a single user action, for example, when touching a touch screen, multiple events are generated, such as pointerdown, mousedown, pointerup, mouseup, and click, and InteractionID allows you to associate all of these events with a single touch.
  • Added a new type of media expressions (Media Query) - "prefers-contras" for adapting page content to the contrast settings set in the operating system (for example, enabling high contrast mode).
  • For stand-alone PWA apps, support for an optional "id" field with a global application ID has been added to the manifest (if the field is not specified, the start URL is used for identification).
  • For stand-alone PWA applications, the ability to register as URL handlers has been implemented. For example, the music.example.com application can register itself as a URL handler https://*.music.example.com and all transitions from external applications following these links, for example, from instant messengers and email clients, will lead to the opening of this PWA- applications, not a new browser tab.
  • Added CSP (Content Security Policy) wasm-unsafe-eval directive to control the ability to run code on WebAssembly. Using the script-src CSP directive now covers WebAssembly.
  • Support for reference types (externref type) has been added to WebAssembly. WebAssembly modules can now store in variables and pass references to JavaScript and DOM objects as arguments.
  • PaymentMethodData deprecated support for the "basic-card" payment method, which made it possible to organize work with any type of card through a single identifier, without being tied to individual data types. Instead of a "basic-card", it is proposed to use alternative methods such as Google Pay, Apple Pay and Samsung Pay.
  • When a site uses the U2F (Cryptotoken) API, a warning will be shown to the user with information about the deprecation of this API. The U2F API will be disabled by default in the release of Chrome 98 and completely removed in Chrome 104. The Web Authentication API should be used instead of the U2F API.
  • Improvements have been made to tools for web developers. A new CSS Overview panel has been added that offers a summary of information about colors, fonts, unused ads and media expressions, and highlights potential issues. Improved editing and copying CSS operations. In the Styles panel, an option has been added to the context menu to copy CSS definitions in the form of JavaScript expressions. The Payload tab has been added to the network request inspection panel with an analysis of the request parameters. An option has been added to the web console to hide all CORS (Cross-Origin Resource Sharing) errors and a stack trace has been provided for async functions.
    Chrome Release 96

In addition to innovations and bug fixes, 25 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the vulnerability bounty program for the current release, Google paid out 13 awards worth $60 (one $15000 award, one $10000 award, two $7500 awards, one $5000 award, two $3000 awards, one $2500 award, two $2000 awards, two $1000 awards, and one $500 award). The amount of 5 rewards has not yet been determined.

Source: opennet.ru

Add a comment