Chrome version: 151, 150, 149, 148, 147, 146, 145, 144, 143, 142, 141, 140, 139, 138, 137, 136, 135, 134, 133, 132, 131, 130, 129, 128, 127, 126, 125, 124, 123, 122, 121, 120, 119, 118, 117, 116, 115, 114, 113, 112, 111, 110, 109, 108, 107, 106, 105, 104, 103, 102, 101, 100, 99, 98, 97, 96, 95, 94, 93, 92, 91, 90, 89, 88, 87, 86, 85, 84, 83, 82, 81, 80, 79, 78, 77, 76, 75, 74, 73, 72, 71, 70, 69, 68, 67, 66, 65, 64, 63, 62, 61, 60, 59, 58, 57, 56, 55, 54, 53, 52, 51, 50, 49, 48, 47, 46, 45, 44, 43, 42, 41, 40, 39, 38, 37, 36, 35, 34, 33, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
This release of Chrome had 30 new features.
This feature adds the ability to construct exclusive accordions using a sequence of HTML <details> elements. It adds a name attribute to the <details> element. When this attribute is used, multiple <details> elements that have the same name form a group. At most one element in the group can be open at once. #
This feature was specified in this Spec.
This will allow detaching array buffers and using corresponding buffers inside VideoFrame, ImageDecoder, EncodedVideoChunk, EncodedAudioChunk, AudioData without a copy. Explainer: https://gist.github.com/Djuffin/1c8fac486ca9f402be85074166e89a16 #
This feature was specified in this Spec.
Docs: https://gist.github.com/Djuffin/1c8fac486ca9f402be85074166e89a16
No linked samplesWe plan on landing one change to the Attribution Reporting API focused on: * Further gating for trigger verbose debug reports The trigger verbose debug reports will be gated by the presence of the ar_debug cookie (3PC) at both source and trigger registrations. #
This feature was specified in this Spec.
The :dir() CSS pseudo-class selector matches elements based on directionality, which is determined based on the HTML dir attribute. :dir(ltr) matches left-to-right text directionality, and :dir(rtl) matches elements with right-to-left text directionality. It is not equivalent to [dir] attribute selectors because it matches against directions inherited from an ancestor with the dir attribute, and because it matches against the direction computed from use of dir=auto (which determines directionality from the first character in the text with strong directionality). #
This feature was specified in this Spec.
Samples: https://jsfiddle.net/fxc9a8uc/1
Supports using the <image> syntax for custom properties registered with @property or registerProperty(). The <image> syntax can be used to restrict values of the custom property to url() values and generated images like gradients.
This feature was specified in this Spec.
Supports using the <transform-function> and <transform-list> syntaxes for custom properties registered with @property or registerProperty(). The syntax can be used to restrict values of the custom property to represent transforms. This also makes it possible to use transitions and animations directly on these registered custom properties. #
This feature was specified in this Spec.
Add css exponential functions: pow(), sqrt(), hypot(), log(), exp() to CSS math expressions.
This feature was specified in this Spec.
The FontFaceSet's check() function verifies whether it's possible to display text using the specified fonts without attempting to utilize fonts in the FontFaceSet that have not completed loading. This allows users to safely employ the font without later triggering a font replacement (i.e., font swap). #
This feature was specified in this Spec.
CSS mask, and related properties such as mask-image, mask-mode, etc, are used to hide an element (partially or fully) by masking or clipping the image at specific points. This feature unprefixes the -webkit-mask* properties and brings them up to spec. This includes mask-image, mask-mode, mask-repeat, mask-position, mask-clip, mask-origin, mask-size, and mask-composite, as well as the "mask" shorthand. Local mask-image references are supported, serialization now matches the spec, and accepted values now match the spec (for example, "add" instead of "source-over" for mask-composite). #
This feature was specified in this Spec.
Docs: https://developer.mozilla.org/en-US/docs/Web/CSS/mask
No linked samplesRandomize the order of DTLS ClientHello extensions, to reduce potential ecosystem brittleness. This is a WebRTC specific follow-up to https://groups.google.com/a/chromium.org/g/blink-dev/c/bYZK81WxYBo/m/lKLrZ_P2BwAJ which launched successfully a while back. WebRTC uses DTLS (datagram TLS over UDP) multiplexed with STUN and RTP and also uses a SRTP specific extension (use_srtp defined in RFC 5764) to negotiate encryption keys. Middleboxes might expect the use_srtp flag in a certain position which changes with this feature. #
This feature was specified in this Spec.
Dedicated workers will inherit the "storage access status" of the parent context. I.e., if a document obtains storage access via `document.requestStorageAccess` and then creates a dedicated worker, the worker will also have storage access (and be able to access unpartitioned cookies). #
Dedicated APIs to help developers and users to better understand the authentication flow. Both APIs are triggered post user permission to sign in to an RP with an IdP. i.e. after user clicking the "Continue as" button. - With Error API, if user's sign-in attempt is failed, the IdP can share the reasons with the browser to keep both users and RP developers updated. - With AutoSelectedFlag API, both IdP and RP developers could have a better understanding about the sign-in UX, evaluate performance and segment metrics accordingly. #
This feature was specified in this Spec.
Docs: https://docs.google.com/document/d/1DEjbFSAMmmT47_n8JBLmcleCNPz_WS5a24WDrglSQMo/edit?usp=sharing
Samples: https://drive.google.com/file/d/1Z8r4OkQMmKulGv-vf-XTfwqh6VUyGZF9/view?usp=sharing
We are adding three functionality changes to Fenced Frames: 1. Enable leaving ad interest groups from urn iFrames and ad component frames Currently calling navigator.leaveAdInterestGroup() without any argument only works in fenced frames. This change enables this API for supporting navigator.leaveAdInterestGroup() without any argument: a) in urn iframes and b) in ad component frames. 2. Introduce reserved.top_navigation_start/commit Fenced frames or URN iframes, when loaded through an API like Protected Audience or Shared Storage, can send out reporting beacons automatically if some event occurs. With this change, we are adding support for top-level navigation start events, in addition to the existing top-level navigation commit events.
1) Additional format option for Protected Audience ad size macros In the Protected Audience API within the Privacy Sandbox, there is an opt-in feature that allows you to macro the size of the ad that wins the auction into the ad’s url, like: https://ad.com?width={%AD_WIDTH%}&height={%AD_HEIGHT%} (See https://github.com/WICG/turtledove/pull/417 for more details.) To be more consistent with other types of macros in Protected Audience, like those used by deprecatedReplaceInURN and registerAdMacro, in M120 we’re adding the ability to use ${AD_WIDTH} and ${AD_HEIGHT} as the format for the macros in addition to the current format. 2) Automatic beacons will now send to all registered URLs. Previously, only destinations specified when calling setReportEventDataForAutomaticBeacons() receive automatic beacons, even if that destination called registerAdBeacon() for "reserved.top_navigation" in their worklet. Now, any destination that called registerAdBeacon() for "reserved.top_navigation" will get an automatic beacon, but only destinations specified in setReportEventDataForAutomaticBeacons() will get automatic beacon data along with the beacon. The "once" parameter in setReportEventDataForAutomaticBeacons() will now determine whether the data is sent out once, rather than determine if the entire beacon is sent once. #
This feature was specified in this Spec.
This exposes WebDriver commands for creating, removing, querying and setting readings for so-called virtual sensors: sensors that do not depend on underlying hardware or operating system support and can be used for testing. #
This feature was specified in this Spec.
Intersection Observer scrollMargin allows developers to observe targets inside nested scroll containers that are currently clipped away by the scroll containers. This is achieved by expanding the container's clipping rect by the scrollMargin when calculating the intersection. #
This feature was specified in this Spec.
The scripting media feature is used to query whether scripting languages, such as JavaScript, are supported on the current document. Valid options are 'enabled', 'initial-only', 'none'. However, 'initial-only' never matches inside a browser. #
This feature was specified in this Spec.
Samples: https://developer.mozilla.org/en-US/docs/Web/CSS/@media/scripting
Adds an 'enterpictureinpicture' action to the Media Session API. Websites can register an action handler which can be used to open a Picture-in-Picture or Document Picture-in-Picture window. #
This feature was specified in this Spec.
Samples: https://steimelchrome.github.io/autopip.html
Adds support for CSS media queries to <source> elements used with <video> elements. Allowing developers to use media query syntax to tell the browser which source should be preferred for a given environment. #
This feature was specified in this Spec.
Docs: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/source#media
No linked samplesAn API that exposes frame counters (delivered, discarded, total) for MediaStreamTracks of kind video. Audio stats will be covered by a separate chrome feature launch. #
This feature was specified in this Spec.
This integrates the Permissions policy API with the Reporting API, allowing web developers to configure endpoints to which permissions policy violation reports will be sent, allowing site owners to see when disallowed features are being requested on their pages in the field. It also includes the Permissions-Policy-Report-Only header, which enables reports to be sent based on a proposed policy (analogous to Content-Security-Policy-Report-Only) so that policy changes can be evaluated for potential breakage before implementing them in the regular, enforcing mode. #
This feature was specified in this Spec.
Docs: https://github.com/w3c/webappsec-permissions-policy/blob/main/reporting.md
No linked samplesWe are implementing a temporary fix to not disable credentials on automatic beacon reports until 3rd Party Cookie Deprecation (3PCD), with higher priority for urn iframes. This will help adtech in running experiments with Protected Audience and other APIs. For example, the Attribution Reporting API’s verbose debugging feature requires cookies to be set in headers, so it is currently broken for automatic beacons.
Allows nested style rules to begin with an identifier.
This feature was specified in this Spec.
The Login Status API [1] (formerly IdP Sign-in Status API) allows identity providers to signal to the browser when their users are logging-in/out. Our goal is to open this up to other websites in the future. This signal, in this intent, is used by FedCM to address a silent timing attack, and in doing so, allows FedCM to operate without third party cookies altogether. This update would address the last remaining backwards incompatible changes we had previously identified in the original I2S of FedCM [2] as part of our scope of work. In the future, we expect that the Login Status API may also be used outside of FedCM (e.g. the Storage Access API [3]) and may be useful for websites that are not identity providers (e.g. extending browser storage [4]). [1] https://github.com/fedidcg/login-status [2] https://groups.google.com/a/chromium.org/g/blink-dev/c/URpYPPH-YQ4/m/E9pgS7GEBAAJ [3] https://github.com/fedidcg/login-status#storage-access-api [4] https://github.com/fedidcg/login-status#extending-site-data-storage #
This feature was specified in this Spec.
A static operation to determine whether a URL string is valid. More concise than catching an exception thrown from the URL constructor. #
This feature was specified in this Spec.
It allows to use the unprefixed version for background-clip: text and makes -webkit-background-clip an alias for background-clip. Also, it drops support for non-suffixed keywords (content, padding and border) for better round-trip with alias.
This feature was specified in this Spec.
The `startViewTransition` call currently takes an optional nullable callback type with a default value of null: `startViewTransition(optional UpdateCallback? callback = null)` This feature changes this to be a non-nullable type: `startViewTransition(optional UpdateCallback callback)` More details: https://github.com/w3c/csswg-drafts/issues/9460
This feature was specified in this Spec.
Add support for more than one memory per WebAssembly module as specified in the WebAssembly Multi-Memory proposal: https://github.com/WebAssembly/multi-memory/blob/main/proposals/multi-memory/Overview.md #
This feature was specified in this Spec.
Docs: https://github.com/WebAssembly/multi-memory/blob/main/proposals/multi-memory/Overview.md
No linked samplesAllows for the use of the half-precision floating-point type f16 in WebGPU shaders (WGSL). Developers can use the 'shader-f16' feature from the WebGPU spec and the 'f16' extension from the WGSL spec to access 16-bit floating point variables and APIs in their shaders.
This feature was specified in this Spec.
The WebGPU maxBindGroupsPlusVertexBuffers limit is the maximum number of bind group and vertex buffer slots used simultaneously, counting any empty slots below the highest index. It is validated in createRenderPipeline() and in draw calls. This change adds maxBindGroupsPlusVertexBuffers to the GPUSupportedLimits interface, and as an accepted key by the GPUDeviceDescriptor.requiredLimits record. #
This feature was specified in this Spec.
This release of Chrome had 3 new origin trials.
This feature adds the 'priority' request header for all HTTP requests with the priority information for the request at the time that it was sent. RFC 9218 (Extensible Prioritization Scheme for HTTP) defines a 'priority' HTTP request header to use for signaling request priority to origins (and intermediaries). It also defines negotiation processes and protocol-level frames for HTTP/2 and HTTP/3 to carry the same priority information. The header can only signal the initial priority for a resource when it was first requested while the frame-based mechanisms allow for modifying the priority after the fact. The header can operate end-to-end to the origin servers (and provide a mechanism for the origin to override the priority if recognized by intermediaries) while the frames are limited to operating on a link level. This feature is specifically for supporting the header-based prioritization scheme. #
This feature was specified in this Spec.
This launches the proposed extension of the Storage Access API (backwards compatible and currently in OT) to allow access to unpartitioned cookie and non-cookie storage in a third-party context. The current API only provides access to cookies, which have different use-cases than non-cookie storage (discussed more in the Motivation section). The API can be used as follows (JS running in an embedded iframe): // Request a new storage handle via rSA (this may prompt the user) let handle = await document.requestStorageAccess({all: true}); // Write some 1P context sessionstorage handle.sessionStorage.setItem("userid", "1234"); // Write some 1P context localstorage handle.localStorage.setItem("preference", "A"); // Open or create an indexedDB that is shared with the 1P context let messageDB = handle.indexedDB.open("messages"); // Use locks shared with the 1P context await handle.locks.request(“example”, …); The same flow would be used by iframes to get a storage handle when their top-level ancestor successfully called requestStorageAccessFor, just that in this case the storage-access permission was already granted and thus the requestStorageAccess call would not require a user gesture or show a prompt, allowing for “hidden” iframes accessing storage. #
This feature was specified in this Spec.
In order to establish connections to devices on a local network that do not have globally unique names, and therefore cannot obtain TLS certificates, this feature introduces a new option to `fetch()` to declare a developers' intent to talk to such a device, a new policy-controlled feature to gate each sites' access to this capability, and new headers for the server's preflight response to provide additional metadata. #
This feature was specified in this Spec.
Docs: https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y1WY/edithttps://github.com/WICG/private-network-access/blob/main/permission_prompt/security_privacy_self_review.md
Samples: https://drive.google.com/file/d/1pnyQfIsXdtJnZoCBVSt4xim0yXjZ0Aqc/view?usp=sharing
This release of Chrome had 12 are available behind a flag.
The `pagereveal` event is fired on a Document's window object at the first render opportunity after a Document is: initially loaded, restored from the back-forward cache, or activated from a prerender. It can be used by a page author to setup a page entry UX - such as a ViewTransition from a previous state. This feature is split out from the larger ViewTransition-on-Navigation project. #
This feature was specified in this Spec.
Docs: https://github.com/WICG/view-transitions/blob/main/cross-doc-explainer.md
No linked samplesArray.fromAsync is the async version of Array.from. It takes async iterables, iterates them, and collects the results into an array. #
This feature was specified in this Spec.
CSS mask, and related properties such as mask-image, mask-mode, etc, are used to hide an element (partially or fully) by masking or clipping the image at specific points. This feature unprefixes the -webkit-mask* properties and brings them up to spec. This includes mask-image, mask-mode, mask-repeat, mask-position, mask-clip, mask-origin, mask-size, and mask-composite, as well as the "mask" shorthand. Local mask-image references are supported, serialization now matches the spec, and accepted values now match the spec (for example, "add" instead of "source-over" for mask-composite). #
This feature was specified in this Spec.
Docs: https://developer.mozilla.org/en-US/docs/Web/CSS/mask
No linked samplesThe fetches in the FedCM API are hard to reason about because of the properties required of them. After lengthy discussions, it was decided that the ID assertion endpoint should use CORS. This aligns security properties of this fetch more closely to other fetches in the web platform. #
Adding command and commandfor attributes to <button> elements would allow authors to assign behaviour to buttons in a more accessible and declarative way, while reducing bugs and simplifying the amount of JavaScript pages are required to ship for interactivity. Buttons with commandfor and command attributes will - when clicked, touched, or enacted via keypress - dispatch a CommandEvent on the element referenced by commandfor, with some default behaviours such as opening dialogs and popovers. #
This feature was specified in this Spec.
Adds support for muxing audio/video into MP4 containers with MediaRecorder. Developer can record media format, container, with MP4 of H264 video and AAC audio codecs in the MediaRecorder API. #
This feature was specified in this Spec.
Docs: https://www.w3.org/TR/mediastream-recordinghttps://docs.google.com/document/d/1WV795DHY3Jf2p_htuAKZ9DXUefiGdQs29mCb8vRiHt8/edit?usp=sharing
No linked samplesIn order to establish connections to devices on a local network that do not have globally unique names, and therefore cannot obtain TLS certificates, this feature introduces a new option to `fetch()` to declare a developers' intent to talk to such a device, a new policy-controlled feature to gate each sites' access to this capability, and new headers for the server's preflight response to provide additional metadata. #
This feature was specified in this Spec.
Docs: https://docs.google.com/document/d/1Q18g4fZoDIYQ9IuxlZTaItgkzfiz_tCqaEAI8J3Y1WY/edithttps://github.com/WICG/private-network-access/blob/main/permission_prompt/security_privacy_self_review.md
Samples: https://drive.google.com/file/d/1pnyQfIsXdtJnZoCBVSt4xim0yXjZ0Aqc/view?usp=sharing
The Protected Audience API (formerly known as FLEDGE) is a Privacy Sandbox proposal to serve remarketing and custom audience use cases, designed so third parties cannot track user browsing behavior across sites. The k-anonymity enforcement feature enhances user privacy by limiting ads that can win protected audience auctions to those ads that are k-anonymous. Enforcing the k-anonymity requirement improves user privacy and limits the ability of advertisers to target specific users by requiring each ad be shown to a minimum number of users. Details for the timeline for k-anonymity enforcement is in https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/k-anonymity
This feature was specified in this Spec.
IndexedDB offers two durability modes for readwrite transactions: `relaxed` and `strict`. This may be specified via the optional `options` struct when creating a transaction. See https://developer.mozilla.org/en-US/docs/Web/API/IDBDatabase/transaction for more details. If not specified, the current default in Chromium is `strict`. Due to performance considerations, we plan to change the default to `relaxed`, which also aligns Chromium with FireFox and Safari. Blog post: https://developer.chrome.com/blog/indexeddb-durability-mode-now-defaults-to-relaxed #
This feature was specified in this Spec.
It allows to use the unprefixed version for background-clip: text and makes -webkit-background-clip an alias for background-clip. Also, it drops support for non-suffixed keywords (content, padding and border) for better round-trip with alias.
This feature was specified in this Spec.
fetchLater() is a JavaScript API to request a deferred fetch. Once called in a document, a deferred request is queued by the browser in the PENDING state, and will be invoked by the earliest of the following conditions: * The document is destroyed. * After a user-specified time. For privacy reason, all pending requests will be flushed upon document entering bfcache no matter how much time is left. * Browser decides it's time to send it. The API returns a FetchLaterResult that contains a boolean field "activated" that may be updated to tell whether the deferred request has been sent out or not. On successful sending, the whole response will be ignored by browser, including body and headers. Nothing at all should be processed or updated, as the page may have already be gone. Note that from the point of view of the API user, the exact send time is unknown. #
This feature was specified in this Spec.
Docs: https://github.com/WICG/pending-beacon/blob/main/docs/fetch-later-api.mdhttps://docs.google.com/document/d/1U8XSnICPY3j-fjzG35UVm6zjwL6LvX6ETU3T8WrzLyQ/edit#heading=h.ms1oipx914vf
Samples: https://github.com/WICG/pending-beacon/blob/main/docs/fetch-later-api.md#key-scenarios
The setHTMLUnsafe and parseHTMLUnsafe methods allow Declarative ShadowDOM to be used from javascript. In the future, they may also get new parameters for sanitization.
This feature was specified in this Spec.
To keep the platform healthy, we sometimes remove APIs from the Web Platform which have run their course. There can be many reasons why we would remove an API, such as:
Some of these changes will have an effect on a very small number of sites. To mitigate issues ahead of time, we try to give developers advanced notice so they can make the required changes to keep their sites running.
Chrome currently has a process for deprecations and removals of API's, essentially:
You can find a list of all deprecated features on chromestatus.com using the deprecated filter and removed features by applying the removed filter. We will also try to summarize some of the changes, reasoning, and migration paths in these posts.
This release of Chrome had 3 features deprecated.
Chrome will deprecate and remove support for the Theora video codec in desktop Chrome due to emerging security risks. Theora's low (and now often incorrect) usage no longer justifies support for most users. Notes: - Zero day attacks against media codecs have spiked. - Usage has fallen below measurable levels in UKM. - The sites we manually inspected before levels dropped off were incorrectly preferring Theora over more modern codecs like VP9. - It's never been supported by Safari or Chrome on Android. - An ogv.js polyfill exists for the sites that still need Theora support. - We are not removing support for ogg containers. Our plan is to begin escalating experiments turning down Theora support in M120. During this time users can reactivate Theora support via chrome://flags/#theora-video-codec if needed. The tentative timeline for this is (assuming everything goes smoothly): - ~Oct 23, 2023: begin 50/50 canary dev experiments. - ~Nov 1-6, 2023: begin 50/50 beta experiments. - ~Dec 6, 2023: begin 1% stable experiments. - ~Jan 8, 2024: begin 50% stable experiments. - ~Jan 16th, 2024: launch at 100%. - ~Feb 2024: remove code and chrome://flag in M123. - ~Mar 2024: Chrome 123 will roll to stable. #
This feature was specified in this Spec.
Assigning a data: URL in SVGUseElement can cause XSS. And this also led to a Trusted Types bypass. Therefore, we plan to deprecate and remove support for it. #
This feature was specified in this Spec.
Docs: https://developer.chrome.com/blog/migrate-way-from-data-urls-in-svg-use
Samples: https://shhnjk.github.io/svg-use-iconshttps://github.com/shhnjk/shhnjk.github.io/tree/main/svg-use-icons
Removes a special treatment for same-origin iframes from CSP Embedded Enforcement. This aligns the behavior of enforcing CSP Embedded Enforcement for cross-origin iframes and same-origin iframes. #
This feature was specified in this Spec.
This release of Chrome had 0 features removed.