Google has published the release of the Chrome 133 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser differs from Chromium in the use of Google logos, the presence of a system for sending notifications in the event of a crash, modules for playing copy-protected video content (DRM), an automatic update installation system, constant inclusion of Sandbox isolation, supply of keys to the Google API and transmission of RLZ parameters during search. For those who need more time to update, the Extended Stable branch is separately supported, supported for 8 weeks. The next release of Chrome 134 is scheduled for March 4.
Key changes in Chrome 133:
- For 1% of users, support for freezing tabs in energy saver mode is enabled. Tabs that consume a lot of CPU resources and have been hidden for more than 5 minutes are automatically frozen. Tabs that output sound, as well as those related to managing external devices or conducting video and audio conferences are not subject to freezing (such tabs are determined based on access to the API for working with USB, Bluetooth, camera, input devices and microphone, as well as organizing a communication channel using RTCDataChannel or MediaStreamTrack). To control the inclusion of auto-freezing, you can use the setting "chrome://flags/#freezing-on-energy-saver".
- Chrome Sync no longer supports Chrome versions older than 4 years. You should use at least Chrome 89 to store information linked to your Google account and sync browser data between systems.
- In version for Android A setting has been added to disable just-in-time (JIT) optimizers in the V8 JavaScript engine. Disabling JIT can be useful for improving the security of potentially dangerous web applications by reducing possible attack vectors. In desktop versions of Chrome, this setting is available at chrome://settings/security, starting with Chrome 122.
- Parsing of non-special URL schemes (not included in the list of typical schemes) has been brought into compliance with the standard. For example, the URL "git://example.com/path".
- The capabilities of the CSS function attr() have been expanded, allowing you to use the values ββof a specific HTML attribute in CSS. Previously, the attr() function could only work with the "content" property of pseudo-elements and convert values ββto the CSS type " ", it can now be used with any CSS properties and convert values ββto any CSS types. In the example below, the color in the CSS property "color" is set based on the parsing of the "data-foo" attribute specified in the "div" element, and if the attribute is not specified, the value "red" is used. test β¦ div { color: attr(data-foo type( ), red); }
- The CSS query "@container scroll-state()" has been implemented, allowing you to determine the scroll state of an area. The supported states are: "stuck" - a container attached to one of the sides of the scrollable area; "snapped" - a container attached with horizontal or vertical alignment; "scrollable" - a container that can be scrolled in the specified direction.
- The CSS properties "text-box", "text-box-trim" and "text-box-edge" have been added, allowing precise control over the indentation before and after the text. The "text-box-trim" property specifies the area to trim (top, bottom or both sides), and "text-box-edge" specifies how the edges are trimmed. The "text-box" property combines the capabilities of "text-box-trim" and "text-box-edge".
- CSS has added the pseudo-class ":open" to allow you to specify when elements And dialog boxes are open, and for elements And The selection windows are shown.
- Added moveBefore DOM primitive to move an element in the DOM tree without resetting its state.
- Added FileSystemObserver interface, allowing sites to monitor changes in the file system.
- The getClientCapabilities() method has been added to the PublicKeyCredential API to determine the WebAuthn capabilities supported by the browser.
- A pause() property has been added to the Atomics object to indicate that code is waiting for a lock to be released.
- The WebCrypto API has added support for the X25519 key agreement scheme, which can be used through the SubtleCrypto API (generateKey, importKey, exportKey, deriveKey, and deriveBits methods).
- WebAssembly now supports 64-bit pointers (Memory64), which allows working with linear memory areas larger than 4 GB. The change does not add new WebAssembly instructions, but only allows existing instructions to use 64-bit indexes for tables and memory areas. Working in Memory64 mode results in significant overhead costs - depending on the type of workload, a slowdown of 10% to two times is observed.
- The capabilities of web developer tools have been expanded. The chat history with the AI ββassistant can now be saved between sessions. A "What's new" panel has been added with an overview of changes in the new version. The ability to put scripts on the ignore list has been added to exclude them from being shown on the performance profiling chart. The Performance panel's Insights tab now highlights images whose size can be optimized, and the Summary tab shows the stack trace of JavaScript calls (including asynchronous calls).


In addition to innovations and bug fixes, the new version eliminates 12 vulnerabilities. Many of the vulnerabilities were identified as a result of automated testing with the AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL tools. Two problems leading to access to already released memory in the V8 engine and the Skia library have been assigned a high severity level. Critical problems that allow bypassing all levels of browser protection and executing code in the system outside the sandbox environment have not been identified. As part of the program for paying cash rewards for detecting vulnerabilities for the current release, Google has paid two rewards in the amount of 2 thousand US dollars (one reward of $9 and one reward of $7000). The size of one reward has not yet been determined.
Source: opennet.ru
