Google Company published web browser release Chrome 124. Simultaneously available stable release of a free project Chromium, which serves as the basis of Chrome. Chrome browser is different from Chromium using Google logos, the presence of a system for sending notifications in case of a crash, modules for playing copy-protected video content (DRM), a system for automatically installing updates, constantly enabling Sandbox isolation, supplying keys to the Google API and transmitting RLZ parameters when searching. For those who need more time to update, the Extended Stable branch is separately supported, followed by 8 weeks. The next release of Chrome 125 is scheduled for May 14th.
Advertisement
- In the version for the Android platform, the bookmark manager now supports saving bookmarks and pending reading lists on Google servers in connection with a user account.
- Chrome for Android includes a new method for storing local passwords that aren't synced across devices. Previously, local passwords were stored in the Chrome profile, but will now be stored in the password storage provided by Google Play Services, which is already used to store the password for the Google account.
- In builds for Windows, macOS and Linux, TLS has support for the key encapsulation mechanism enabled by default (KEMKey Encapsulation Mechanism), using a hybrid algorithm X25519Kyber768, resistant to selection on quantum computers. X25519Kyber768 is a combination of the X25519 elliptic curve key exchange mechanism currently used in TLS with the Cyber-768using problem-solving cryptography methods lattice theorythe solution time of which does not differ on conventional and quantum computers.
- When rendering text with the library Skia The contrast and color settings specified in Windows for text smoothing technology are taken into account ClearType, which allows you to significantly improve the quality of font display on LCD monitors. In builds for Linux, the fonts used in the interface have noticeably changed.
- It is possible to install any web page as a self-contained PWA application (Progressive Web Apps), even if this page does not comply PWA criteria.
- As required by European law DMA (Digital Markets Act) provides a dialog to select the default search engine. There are search engines to choose from, available in the settings section “chrome://settings/search”. Search engines in the list are displayed in random order. In Chrome 120, this dialog was tested for 1% of users, and is now enabled for everyone.
- Implemented the output of a request to grant permissions to the user when a web application accesses the API Web MIDI, which allows you to interact with musical devices connected to a computer with a MIDI interface. Previously, permission prompts were only displayed when sending or receiving SysEx messages, and will now be output whenever the Web MIDI API is accessed. The reasons for the changes are mentioned situations, when random web pages seize exclusive control of the MIDI controller, blocking other applications from working with it. Also are noted security problems, since the Web MIDI API allows you to fully control the MIDI device, right down to installing your own firmware.
- API support has been completely discontinued Web SQL, which is not standardized, is hardly used and requires redesign to meet modern safety requirements. Web SQL has been disabled by default since Chrome 119, but there has been a setting to bring it back. This setting has now been removed. For developers who require this functionality, it is suggested to use a variant of the SQLite library compiled into a WebAssembly view.
- Added ability to control the writing direction of text displayed vertically in web form elements (select, meter, progress, button, textarea and input) when choosing vertical orientation via a CSS property writing-mode. To display text from top to bottom, you can now use the form element property “ltr”, and from bottom to top – “rtl”.
- In API User-Agent Client Hints, developed as a replacement for the User-Agent header, added support for the Sec-CH-UA-Form-Factors parameter, through which the client can inform the server about the form factor of the user’s device (Desktop, Automotive, Mobile, XR, EInk and Watch). User-Agent Client Hints allows you to organize selective delivery of data about specific browser and system parameters (version, platform, etc.) only after a request by the server. The user, in turn, can determine what information can be provided to site owners. When using User-Agent Client Hints, the browser identifier is not transmitted without an explicit request, and by default only basic parameters are specified, which makes passive identification difficult.
- Added the ability to control the cloning of individual roots in Shadow DOM, implemented by commands such as cloneNode(). The ability to clone DOM root branches is enabled using the clonable parameter (“attachShadow({clonable:true})”) or the “shadowrootclonable” attribute (‹template shadowrootmode=open shadowrootclonable›).
- Added new setHTMLUnsafe() and parseHTMLUnsafe() methods for use syntax Shadow DOM from JavaScript. The setHTMLUnsafe() and parseHTMLUnsafe() methods, similar to innerHTML and DOMParser.parseFromString(), allow you to insert or parse content in HTML format into an element, but differ in their support for processing template elements with the shadowrootmode attribute.
- Added API support WebSocket Streamwhich allows you to transfer data between the browser and the server in streaming mode without using polling, which is optimal for organizing the transmission and reception of constantly incoming data, for example, in the implementation of a chat.
const wss = new WebSocketStream(WSS_URL); const {readable, writable} = await wss.opened; const reader = readable.getReader(); const writer = writable.getWriter(); while (true) { const {value, done} = await reader.read(); if (done) { break; } const result = await process(value); await writer.write(result); } - API capabilities expanded View Transitions, which makes it easier to create transitional animation effects between different DOM states (for example, a smooth transition from one image to another). The new version adds support for the “pageswap” event, which is generated for the “window” object when the associated “document” object is replaced with a new one during navigation. Also added is the “render-blocking” property, which allows you to block document rendering until the parsing of important content is completed.
- Added parameter disallowReturnToOpenerpassed when calling the requestWindow method, which allows you to remove the back button in a window opened in picture-in-picture mode, preventing you from returning to the tab from which the window was opened.
- Added the ability to set the CSSImportRule.styleSheet attribute to NULL to indicate that there is no associated stylesheet. Added CSSKeyframesRule.length attribute indicating the number of properties to index.
- For editable fields, the “writingsuggestions” attribute has been implemented to control whether recommendations are shown as you type.
- In the WebGPU API added ServiceWorker and SharedWorker support.
- Added support for the “Priority” HTTP header, through which you can convey information about the priority of request processing (RFC 9218) at the stage of the first access to the resource.
- Submitted improvements to tools for web developers. A new Autofill panel has been added to inspect the information used to automatically fill out forms.
The CSS Styles Inspection Panel has improved support for nested styles. The performance measurement panel provides the ability to hide unnecessary functions and their associated child calls to reduce noise in the graph. Added support for animations tied to content scrolling to the animation debug panel (Scroll-driven Animation). The network inspection panel allows you to set parameters for packet loss and network queue size to check the operation of WebRTC applications in the event of network problems.
In addition to innovations and bug fixes, the new version eliminates 22 vulnerabilities. Many of the vulnerabilities were identified as a result of automated testing with tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer And AFL. No critical problems have been identified that would allow one to bypass all levels of browser protection and execute code on the system outside the sandbox environment. As part of the program to pay cash rewards for discovering vulnerabilities for the current release, Google paid 13 awards in the amount of 65 thousand US dollars (one award of $20,000, $10,000, $7,000 and $2,000, three awards of $5,000 and $3,000, two awards of $1,000). The size of one reward has not yet been determined.
Thanks for reading: