Chrome version: 151, 150, 149, 148, 147, 146, 145, 144, 143, 142, 141, 140, 139, 138, 137, 136, 135, 134, 133, 132, 131, 130, 129, 128, 127, 126, 125, 124, 123, 122, 121, 120, 119, 118, 117, 116, 115, 114, 113, 112, 111, 110, 109, 108, 107, 106, 105, 104, 103, 102, 101, 100, 99, 98, 97, 96, 95, 94, 93, 92, 91, 90, 89, 88, 87, 86, 85, 84, 83, 82, 81, 80, 79, 78, 77, 76, 75, 74, 73, 72, 71, 70, 69, 68, 67, 66, 65, 64, 63, 62, 61, 60, 59, 58, 57, 56, 55, 54, 53, 52, 51, 50, 49, 48, 47, 46, 45, 44, 43, 42, 41, 40, 39, 38, 37, 36, 35, 34, 33, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
This release of Chrome had 27 new features.
We intend to ship two new extensions for FedCM to address two issue that were collectively identified as CR blockers by the FedID WG: “A not-yet logged in IDP has no route to success” and “Allow signing in to additional account(s)”. To address these issues, we intend to introduce the following extensions to FedCM: - Mode: The “active” mode allows websites to call FedCM inside a button click (e.g. clicking on a “Sign-in to IdP” button), which requires FedCM to guarantee it will always respond with a visible user interface (as opposed to in “passive” mode, which doesn’t show any UI when users are logged out). So, calling the FedCM API in “active mode” takes users to login to the Identity Provider (IdP) when users are logged-out. Also, because the active mode is called within an explicit user gesture, the UI is also more prominent (e.g. centered and modal) compared to the UI from the passive mode (which doesn’t require a user gesture requirement and can be called on page load). - Use Other Account: With this extension, an IdP can allow users to sign in to other accounts. #
This feature was specified in this Spec.
Samples: https://fedcm-button.glitch.me
We are landing the following change to the Attribution Reporting API focused on: * making it easier to predefine contribution budget allocation for aggregate reports
We are landing the following change to the Attribution Reporting API focused on: * making it easier to receive API cookie-based debug reports
Allow anchor-size() values for inset and margin properties. Originally, anchor-size() was only allowed in sizing properties. The specification was changed to allow anchor-size() in insets and margins as well. #
This feature was specified in this Spec.
This API helps developers to detect the current posture of a foldable device. The device posture is the physical position in which a device holds which may be derived from sensors in addition to the angle. From enhancing the usability of a website by avoiding the area of a fold, to enabling innovative use cases for the web, knowing the posture of a device can help developers tailor their content to different devices. Content can be consumed and browsed even when the device is not flat, in which case the developer might want to provide a different layout for it depending on the posture state in which the device is being used. #
This feature was specified in this Spec.
Samples: https://github.com/foldable-devices
It is useful for web authors do determine when their <dialog> elements open and close. popover already has `ToggleEvent` which is dispatched when a popover opens or closes, but <dialog> does not. The current way to detect when a <dialog> opens is to register a mutation observer to check for open, however, this is quite a lot of work where an event would be easier. This change incorporates the same `ToggleEvent`s that popovers dispatch, but for `<dialog>` elements: when `showModal` or `show` is called, <dialog> dispatches a ToggleEvent with newState=open. When a dialog is closed (via form or button or closewatcher) it should dispatch a ToggleEvent with newState=closed. #
This feature was specified in this Spec.
API for capturing a subtree of the DOM. Given a video MediaStreamTrack obtained through pre-existing means to initiate tab-capture, Element Capture allows mutating the track to only capture a subtree of the DOM starting at a given Element. The API bears some resemblance to the Region Capture API, but affords greater flexibility for applications, because occluding and occluded content are both excluded from the capture. #
This feature was specified in this Spec.
Samples: https://element-capture-demo.glitch.me
This bundles a few features that we would like to launch at the same time. We are bundling them together because they can be used by IdPs to implement authorization flows such as letting a user grant access to a user’s calendar to an RP. See also https://github.com/w3c-fedid/FedCM/issues/477. Continuation API: https://github.com/fedidcg/FedCM/issues/555 This lets the IDP open a popup window to finish the sign-in flow after potentially collecting additional information. Parameters API: https://github.com/fedidcg/FedCM/issues/556 This lets RPs pass additional data to the ID assertion endpoint Fields API: https://github.com/fedidcg/FedCM/issues/559 This lets RPs bypass the data sharing prompt in favor of the IDP prompting Multiple configURLs: https://github.com/fedidcg/FedCM/issues/552 This lets IDPs use different config files in different contexts without weakening FedCM privacy properties, by allowing one accounts endpoint for the eTLD+1 (instead of one config file, which is more limiting than necessary) Account labels: https://github.com/fedidcg/FedCM/issues/553 Combined with the previous proposal, this allows filtering the account list per config file without providing additional entropy to the IDP. #
This feature was specified in this Spec.
Reporting beacons (for FenceEvent-built destination enum events, FenceEvent-built automatic beacon events, and macro-substituted destination URL events) will have their "Referer" header set to the initiating frame's origin. This is a strictly additive change, as the "Referer" header is currently unpopulated for all fenced frame event-level reports. #
This feature was specified in this Spec.
Add a bytes() method to the Request and Response interfaces, which returns a promise that resolves with a Uint8Array. While Request and Response have an arrayBuffer() method, we can't read directly from a buffer. We have to create a view such as a Uint8Array to read it. The bytes() method improves the ergonomics of getting the body of Request and Response. #
This feature was specified in this Spec.
This API enables developers to build powerful apps that interact with other (non-Web) apps on the user’s device via the device’s file system. After a user grants a web app access, this API allows the app to read or save changes directly to files and folders selected by the user. Beyond reading and writing files, this API provides the ability to open a directory and enumerate its contents, as well as store file and directory handles in IndexedDB to later regain access to the same content. #
This feature was specified in this Spec.
Docs: https://web.dev/file-system-access/https://web.dev/browser-nativefs/
Samples: https://github.com/GoogleChromeLabs/text-editorhttps://googlechromelabs.github.io/text-editor/
Selection isCollapsed should return true if and only if the anchor and focus are the same. This should be true whether the selection starts/ends inside a light or a shadow tree. Currently, the Chrome implementation returns true if selection's anchor node is in a shadow tree, even if the selection itself is not collapsed. We fix this by removing the erroneous shadow tree check. #
This feature was specified in this Spec.
Samples: https://codepen.io/Di-Zhang/pen/jOjdeoX
Strict-Transport-Security response headers can cause problems for localhost web servers because STS applies host-wide, across all ports. This causes compatibility problems for web developers testing locally as well as end-users who use software packages that commonly spin up localhost webservers for ephemeral reasons (e.g. communication of an auth token from a web login to a local software package). If one local listener sets Strict-Transport-Security on a localhost response, it will be applied to all subsequent localhost requests regardless of port. We resolve this problem by ignoring Strict-Transport-Security headers on responses from localhost URLs. The HTML Fetch algorithm has been updated to require this behavior. #
Improves accessibility by making scroll containers focusable using sequential focus navigation. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more. By making scrollers focusable by default, users who can't (or don't want to) use a mouse will be able to focus clipped content using a keyboard's tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>. Note: The previous rollout of this feature (started in Chrome 127) was stopped due to web compatibility issues, which should be fixed in the current implementation shipping in 130. Note: The previous rollout of this feature (started in 130) was stopped due to an accessibility regression, which should be fixed in the current implementation shipping in 132. #
This feature was specified in this Spec.
Docs: https://drafts.csswg.org/css-overflow-3/#scroll-containerhttps://html.spec.whatwg.org/multipage/interaction.html#focusable-areahttps://html.spec.whatwg.org/multipage/interaction.html#dom-tabindex
No linked samplesCurrently, the availability of Private Aggregation’s debug mode is tied to a caller's eligibility to set a third-party cookie (see https://chromestatus.com/feature/5148973702840320). However, an edge case was missed in this logic: if the caller can only set a third-party cookie due to a top-level site exception (i.e. the user has generally disabled third-party cookies), this could allow access to information set from other sites that are not on the exception list. To avoid this issue, we plan to start ignoring these top-level site exceptions when determining the availability of Private Aggregation’s debug mode. (It is not possible in Chrome to generally enable third-party cookies but disable them on one site, so the inverse case doesn’t need to be considered.) This does not require a spec change. Note that this new behavior can reveal to the site that the user has generally disabled third-party cookies. #
This feature was specified in this Spec.
Access to the Private State Token API is gated by Permissions Policy features. We proposed to update the default allowlist for both `private-state-token-issuance` and `private-state-token-redemption` features from self to * (wildcard).
This feature was specified in this Spec.
Additional bids are a feature of the Protected Audience auction that provide buyers with a way to include server-constructed contextual bids in the auction, which allows negative targeting of those bids. We've identified a potential privacy risk with the current implementation, as well as a potential solution that addresses that risk. Additional bids come from buyers, but are transported to the auction by the auction's seller. To prevent replay of additional bids, additional bids rely on an auction nonce — a unique number created by and used by the browser to uniquely identify that auction. However, this introduces a privacy risk, in that all buyers see the same auction nonce, and could use that auction nonce as a key to join distinct bid requests for an auction. This proposal allows sellers to introduce an additional nonce that gets combined with the browser-provided one so that buyers see different combined nonces across bid requests, preventing the joining of bid requests. The combined nonce is generated through a one-way hash (SHA-256) to prevent the construction of a combined nonce that matches a previous combined nonce, which could otherwise be used to facilitate the replay of an additional bid.
This feature was specified in this Spec.
The PushMessageData interface mimics the Body interface, which was amended earlier this year with a new bytes() method, following the principle that APIs should generally vend byte buffers as Uint8Arrays. #
This feature was specified in this Spec.
sharedStorage.selectURL() now allows queries to be saved and reused on a per-page basis, where the two per-page-load budgets are charged the first time a saved query is run but not for subsequent runs of the saved query during the same page-load. This is accomplished with a savedQuery parameter in the options for selectURL() that will name the query. #
This feature was specified in this Spec.
Support of `sideways-rl` and `sideways-lr` keywords for `writing-mode` CSS property is added. They are vertical writing modes, and all letters are sideways. #
This feature was specified in this Spec.
This is a corner case change that hopefully does not impact developers. Previously calling `showPopover()` or `showModal()` on a popover or dialog that resides within an inactive document would silently fail. I.e. no exception would be thrown, but since the document is inactive, no popover or dialog would be shown. As of the https://github.com/whatwg/html/pull/10705 spec PR, these situations now throw InvalidStateError. #
This feature was specified in this Spec.
Allow WebAuthn relying parties to report information about existing credentials back to credential storage providers, so that incorrect or revoked credentials can be updated or removed from provider and system UI. https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-Signal-API-explainer #
This feature was specified in this Spec.
Samples: https://signal-api-demo.glitch.me
Functionality added to the WebGPU spec after its first shipment in a browser. The “float32-blendable” GPU feature makes GPU textures with formats "r32float", "rg32float", and "rgba32float" blendable. #
This feature was specified in this Spec.
Functionality added to the WebGPU spec after its first shipment in a browser. The GPUDevice adapterInfo attribute exposes the same GPUAdapterInfo as the GPUAdapter object.. #
This feature was specified in this Spec.
Adds an optional field to WebGPU texture view creation to request a subset of the usage flags from the source texture. By default, texture view usage inherits from the source texture but there are view formats which can be incompatible with the full set of inherited usages. Adding a usage field to texture view creation allows the user request a subset of the source texture's usages that are valid with the view format and specific to their intended usage of the texture view. WebGPU implementations can also optimize the creation of low level resources and improve performance when using views with more specialized usage flags. #
This feature was specified in this Spec.
navigator.storage is no longer an EventTarget navigator.storage was made an EventTarget for the Storage Pressure Event, which never made it past the prototype phase: https://chromestatus.com/feature/5666274359115776 This dead code is being removed and as a result, navigator.storage will no longer extend EventTarget.
This feature was specified in this Spec.
navigator.storage is no longer an EventTarget navigator.storage was made an EventTarget for the Storage Pressure Event, which never made it past the prototype phase: https://chromestatus.com/feature/5666274359115776 This dead code is being removed and as a result, navigator.storage will no longer extend EventTarget.
This feature was specified in this Spec.
This release of Chrome had 2 new origin trials.
Document-Isolation-Policy allows a document to enable crossOriginIsolation for itself, without having to deploy COOP or COEP, and regardless of the crossOriginIsolation status of the page. The policy is backed by process isolation. Additionally, the document non-CORS cross-origin subresources will either be loaded without credentials or will need to have a CORP header. #
This feature was specified in this Spec.
Allow attaching information about which functions should be eager parsed & compiled in JavaScript files. The information will be encoded as magic comments. We'll first target launching the file-based explicit compile hints, and as a follow up, investigate selecting individual functions for eager compilation. #
This feature was specified in this Spec.
This release of Chrome had 11 are available behind a flag.
Allow the creation of interactive scroll buttons as pseudo-elements, e.g. .scroller { overflow: auto; } .scroller::scroll-button(inline-start) { content: "<"; } .scroller::scroll-button(inline-end) { content: ">"; } These should be focusable, behaving as a button (including their UA styles). When activated, a scroll should be performed in the direction by some amount. When it is not possible to scroll in that direction, they should be disabled (and styled via :disabled), otherwise they are enabled (and styled via :enabled). Selector allows to define buttons in four logical directions: block-start, block-end, inline-start, inline-end; as well as four physical directions: up, down, left, right. #
This feature was specified in this Spec.
As a continuation of Storage Partitioning, Chromium will implement partitioning of Blob URL access by Storage Key (top-level site, frame origin, and the has-cross-site-ancestor boolean), with the exception of top-level navigations which will remain partitioned only by frame origin. This behavior is similar to what’s currently implemented by both Firefox and Safari, and aligns Blob URL usage with the partitioning scheme used by other storage APIs as part of Storage Partitioning. In addition, Chromium will enforce noopener on renderer-initiated top-level navigations to Blob URLs where the corresponding site is cross-site to the top-level site performing the navigation. This aligns Chromium with similar behavior in Safari, and the relevant specs have been updated to reflect these changes. This change can be temporarily reverted by setting the PartitionedBlobURLUsage policy. The policy will be deprecated when the other storage partitioning related enterprise policies are deprecated. Note: This launched for users with third-party cookies disabled in M137 and for all users in M142 #
The interactivity property specifies whether an element and its flat tree descendants (including text runs) are inert or not. Making an element inert affects whether it can be focused, edited, selected, and searchable by find-in-page. It also affects whether it is visible in the accessibility tree. The syntax is: interactivity: auto | inert
This feature was specified in this Spec.
Chromium supports animation of the caret-color property, but when animated the default blinking behavior of the caret interferes with the animation. For instance, see the example at https://drafts.csswg.org/css-ui/#caret-animation where an animation from blue to red and back is rendered as a blinking cursor that is randomly blue or red. The CSS caret-animation property has two possible values: auto and manual, where auto means browser default (blinking) and manual means the page author is controlling the caret animation. In addition, via a user stylesheet, it allows users who are disturbed by or have adverse reactions to blinking or flashing visuals to disable the blinking. #
This feature was specified in this Spec.
All element-timing and LCP performance entries would have a non-zero renderTime, even if they are cross-origin without Timing-Allow-Origin. All presentation timestamps (renderTime, paint timing start time, event timing end time) will be coarsened to a 4ms multiple to mitigate the risk of reading cross-origin image information. #
This feature was specified in this Spec.
When Energy Saver is active, Chrome will freeze a "browsing context group" that has been hidden and silent for >5 minutes if any subgroup of same-origin frames within it exceeds a CPU usage threshold, unless it: - Provides audio- or video-conferencing functionality (detected via microphone, camera or screen/window/tab capture or an RTCPeerConnection with an 'open' RTCDataChannel or a 'live' MediaStreamTrack). - Controls an external device (detected via usage of Web USB, Web Bluetooth, Web HID or Web Serial). - Holds a Web Lock or an IndexedDB connection that blocks a version update or a transaction on a different connection. - Participates in the freezing opt-out origin trial. Freezing consists of pausing execution. It is formally defined in the Page Lifecycle API. The CPU usage threshold will be calibrated to freeze approximately 10% of background tabs when Energy Saver is active. ** Note: The origin trial is to opt-out from freezing, not to activate it. ** #
This feature was specified in this Spec.
Docs: https://docs.google.com/document/d/1uTJifh_erMX4_CTKgKljlj9O4SAmGam5W61FBHeasGI/edit?usp=sharing
No linked samplesTo eliminate user browsing history leaks, anchor elements are styled as :visited only if they have been clicked from this top-level site and frame origin before. On the browser-side, this means that the VisitedLinks hashtable is now partitioned via "triple-keying", or by storing the following for each visited link: <link URL, top-level site, frame origin>. By only styling links that have been clicked on this site and frame before, the many side-channel attacks that have been developed to obtain :visited links styling information are now obsolete, as they no longer provide sites with new information about users. There is an exception for "self-links", where links to a site's own pages can be styled as :visited even if they have not been clicked on in this exact top-level site and frame origin before. This exemption is only enabled in top-level frames or subframes which are same-origin with the top-level frame. The privacy benefits above are still achieved because sites already know which of its subpages a user has visited, so no new information is exposed. This was a community-requested exception which improves user experience as well. #
This feature was specified in this Spec.
Docs: https://github.com/explainers-by-googlers/Partitioning-visited-links-history
No linked samplesResource timing: - responseStart returns the first response, either early hints (interim) or final - Expose the final response headers (2xx/4xx/5xx) time as finalResponseHeadersStart. #
This feature was specified in this Spec.
The ClipboardItem, which is the input to the async clipboard write method, now accepts string values in addition to Blobs in its constructor. ClipboardItemData can be a Blob, a string, or a Promise that resolves to either a Blob or a string. #
This feature was specified in this Spec.
This is a corner case change that hopefully does not impact developers. Previously calling `showPopover()` or `showModal()` on a popover or dialog that resides within an inactive document would silently fail. I.e. no exception would be thrown, but since the document is inactive, no popover or dialog would be shown. As of the https://github.com/whatwg/html/pull/10705 spec PR, these situations now throw InvalidStateError. #
This feature was specified in this Spec.
Web links now direct users to installed web apps. This aligns with users' installed app expectations. Chrome makes it easier to move between the browser and installed web apps. Clicking a link that could be handled by an installed web app with the launch_handler field specified, the link will open in that installed web app, following the launch handling behavior. Users can change this behavior through the installed web app's settings. Developers can control this behavior via the launch_handler manifest property. For more information, please refer to https://docs.google.com/document/d/e/2PACX-1vSqYzAmiLr-58OgSWBITtAAu6_2XUpjjNEdMvc6IdZn9DjQCeVrE0SKViumyly0cpryxAONMq62zwHw/pub, or watch https://youtu.be/OFH9TfrqZCY #
Docs: https://bit.ly/pwa-navigation-capturinghttps://bit.ly/pwa-navigation-capturing-preshttps://youtu.be/OFH9TfrqZCYhttps://docs.google.com/document/d/e/2PACX-1vSqYzAmiLr-58OgSWBITtAAu6_2XUpjjNEdMvc6IdZn9DjQCeVrE0SKViumyly0cpryxAONMq62zwHw/pub
Samples: https://googlechrome.github.io/samples/pwa-testing/chat-app-deep-linkinghttps://googlechrome.github.io/samples/pwa-testing/fake-chat-app-companion
To keep the platform healthy, we sometimes remove APIs from the Web Platform which have run their course. There can be many reasons why we would remove an API, such as:
Some of these changes will have an effect on a very small number of sites. To mitigate issues ahead of time, we try to give developers advanced notice so they can make the required changes to keep their sites running.
Chrome currently has a process for deprecations and removals of API's, essentially:
You can find a list of all deprecated features on chromestatus.com using the deprecated filter and removed features by applying the removed filter. We will also try to summarize some of the changes, reasoning, and migration paths in these posts.
This release of Chrome had 1 features deprecated.
The prefixed HTMLVideoElement-specific fullscreen APIs have been deprecated since approximately M38. They were replaced by the Element.requestFullscreen() API, which first shipped un-prefixed in M71, in 2018. As of 2024, most browsers have had support for the un-prefixed APIs for a few years now. This feature tracks removing the following APIs from HTMLVideoElement: - readonly attribute boolean webkitSupportsFullscreen; - readonly attribute boolean webkitDisplayingFullscreen; - void webkitEnterFullscreen(); - void webkitExitFullscreen(); // Note the different capitalization of the "S" in FullScreen. - void webkitEnterFullScreen(); - void webkitExitFullScreen(); These methods are now only aliases for the modern API. Their use has declined steadily over the years.
This release of Chrome had 0 features removed.