ProHoster > Blog > internet news > Chrome 129 web browser release

Chrome 129 web browser release

Google has published the release of the Chrome 129 web browser. At the same time, a stable release of the free Chromium project, which serves as the basis of Chrome, is available. The Chrome browser differs from Chromium in the use of Google logos, the presence of a system for sending notifications in case of a crash, modules for playing copy-protected video content (DRM), a system for automatically installing updates, permanently enabling Sandbox isolation, supplying keys to the Google API and transmitting RLZ- when searching. parameters. For those who need more time to update, the Extended Stable branch is separately supported, followed by 8 weeks. The next release of Chrome 130 is scheduled for October 15st.

Key changes in Chrome 129:

  • Added the ability to customize the contents of the toolbar, allowing the user to pin, unpin, and swap icons using the configurator displayed in the sidebar. For example, you can place buttons on the bar to call the developer interface, clear browser data, open reading mode, go to the task manager, go to the password manager, etc. To control whether the icon pinning option is enabled, the "chrome://flags/#toolbar-pinning" parameter has been added.
    Chrome 129 web browser release
  • A tab comparison feature has been introduced that uses machine learning to generate a comparison view of products that have product information pages open in different tabs. The feature is currently only available to US users.
    Chrome 129 web browser release
  • The Android version implements the movement of inactive tabs to a separate section (Inactive Tabs) of the tab switching interface. It is possible to view all old tabs and close them all at once. By default, the new feature is enabled for 1% of users. Tabs are automatically deleted after being in the Inactive Tabs section for more than 60 days.
  • An experimental mode of shared processes has been added, the essence of which is that one common rendering process will be used for different tabs in which the same site is open, instead of separate processes. The change allows for faster page loading and reduced memory consumption. To enable the mode, the setting "chrome://flags/#enable-process-per-site-up-to-main-frame-threshold" has been added.
  • Added the ability to grant sites one-time permissions that are valid only within the current session (for example, you can grant access to the camera and microphone that will remain valid until you close the tab or move to another site).
  • Support for macOS 10.15, which was discontinued by Apple in 2022, has ended.
  • For Windows and macOS platforms, a new certificate management interface has been implemented in the configurator (previously, system certificate management interfaces were called on these platforms).
  • Blocking access to IP 0.0.0.0 is enabled to prevent attacks on local services.
  • The upcoming replacement of the Kyber768+X25519 key exchange algorithm in TLS with ML-KEM768+X25519 has been announced (the recently adopted ML-KEM standard is based on the post-quantum Kyber algorithm, but is not fully compatible with its previous implementation).
  • The Scheduler API has been updated with a new method called "scheduler.yield()" that allows long running tasks to be temporarily returned to the browser's main thread, allowing the current long running task to be paused for important work such as input processing and frame rendering. The idea is to break long running tasks into smaller ones by periodically returning control to the main thread via "await scheduler.yield();" in your code, reducing the negative impact of long running tasks on the responsiveness of your site.
    Chrome 129 web browser release
  • The CSS property "interpolate-size" has been added, allowing you to choose the animation size not in absolute values, but relative to the values ​​calculated using the auto, min-content or fit-content properties. For more precise size control, the CSS function calc-size() has been proposed, similar to calc(), but supporting operations with the actual size of elements, changing depending on the content.
  • Changes have been made to CSS properties for managing the display of elements tied to the location of other elements (CSS Anchor Positioning) without using JavaScript, for example, for attaching popovers to elements that appear similar to tooltips. In accordance with the recommendation of the CSS standardization working group, the CSS property "inset-area" has been renamed to "position-area", the property "position-try-options" has been renamed to "position-try-fallbacks", and the need to specify inset-area() has been removed from the "position-try" property, i.e. instead of "position-try-fallbacks: inset-area(top)" you should write "position-try-fallbacks: top".
  • The Intl API has a new Intl.DurationFormat method for formatting duration data in time, taking into account the selected locale. For example: const l = "ru-RU"; const d = {hours: 1, minutes: 46, seconds: 40}; const opts = {style: "long"}; new Intl.DurationFormat(l, opts).format(d); // "1 hour, 46 minutes 40 seconds"
  • The Web GPU API has been updated to take advantage of the full brightness range supported by the display when rendering HDR images.
  • The WebRTC API now supports sending blobs using the RTCDataChannel.send(Blob) method and receiving data of the Blob type when handling the onMessage event if the "binaryType" attribute is set to "blob" (previously, sending strings and ArrayBuffer was supported). The blob size is limited by the maxMessageSize value.
  • The WebAuthn API has been updated with PublicKeyCredential.toJSON(), parseCreationOptionsFromJSON(), and parseRequestOptionsFromJSON() methods for serializing/deserializing WebAuthn responses using the JSON format.
  • The "Origin trials" mode implements the FileSystemObserver API, which allows sites to monitor changes to files and directories.
  • The Mesh2D Canvas API has been added to the Origin trials mode for rendering large numbers of textured triangles. The API's areas of application include implementing advanced texture mapping methods and creating deformation effects in a XNUMXD context.
  • The capabilities of tools for web developers have been expanded.

In addition to innovations and bug fixes, the new version eliminates 9 vulnerabilities. Many of the vulnerabilities were identified as a result of automated testing with the AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL tools. One problem was assigned a high severity level (incorrect type handling in the V8 engine). No critical problems that allow bypassing all levels of browser protection and executing code in the system outside the sandbox environment were identified. As part of the program for paying cash rewards for detecting vulnerabilities for the current release, Google has paid out 5 rewards totaling $13 (one reward of $8000 and $2000, three rewards of $1000). The amount of one reward has not yet been determined.

Source: opennet.ru

Add a comment