Planet Chromium

January 26, 2015

Google Chrome Releases

Stable Channel Update

The stable channel has been updated to 40.0.2214.93 for Windows, Mac and Linux. A full list of changes is available in the log.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.


Matthew Yuan
Google Chrome

by matthewyuan@chromium.org (noreply@blogger.com) at January 26, 2015 06:17 PM

January 23, 2015

Google Chrome Releases

Beta Channel Update for Chrome OS

The Beta channel has been updated to 40.0.2214.91 (Platform version: 6457.78.0). This build contains a number of bug fixes, security updates, and feature enhancements.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Daniel Xie
Google Chrome

by Daniel xie (noreply@blogger.com) at January 23, 2015 06:35 AM

January 22, 2015

Google Chrome Releases

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 40 to the stable channel for Windows, Mac and Linux. Chrome 40.0.2214.91 contains a number of fixes and improvements, including:
  • Updated info dialog for Chrome app on Windows and Linux.
  • A new clock behind/ahead error message.
A partial list of changes is available in the log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.

[$5000][430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
[$4500][435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
[$4000][434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer@booktrack.com.
[$4000][422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
[$3500][444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
[$3500][435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
[$3000][442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
[$3000][442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
[$2000][443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
[$2000][427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to Aki Helin of OUSPG.
[$2000][427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
[$1500][428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
[$1500][419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
[$1000][416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
[$1000][399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
[$1000][433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
[$1000][428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
[$1000][426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
[$1000][422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
[$1000][418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
[$500][430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
[$500][414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.


We would also like to thank Atte Kettunen of OUSPG, Christian Holler, cloudfuzzer and Khalil Zhani for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $35000 in additional rewards were issued.

As usual, our ongoing internal security work was responsible for a wide range of fixes
  • [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch (currently 3.30.33.15).
Many of the above bugs were detected using AddressSanitizer or MemorySanitizer.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Matthew Yuan
Google Chrome

by matthewyuan@chromium.org (noreply@blogger.com) at January 22, 2015 09:44 PM

Beta Channel Update

The Chrome Team is happy to announce the promotion of Chrome 41 to the beta channel for Windows, Mac and Linux. Chrome 41.0.2272.16 contains many improvements including:

  • A number of new apps/extension APIs 
  • Lots of under the hood changes for stability and performance 
A full list of changes in this build is available in the log.  Find out more at the Chrome and Chromium blogs.  Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Penny MacNeil
Google Chrome

by Penny MacNeil (noreply@blogger.com) at January 22, 2015 06:51 PM

Chromium Blog

Chrome 41 Beta: New ES6 Features and Improved DevTools for Service Workers and Web Animations

Today’s Chrome Beta channel release includes new Javascript ES6 features and improved workflows for debugging Service Workers and Web Animations. Unless otherwise noted, changes described below apply to Chrome for Android, Windows, Mac, Linux, and Chrome OS.

ES6 Template Literals

There are many pitfalls of working with strings on the modern web. The Javascript we know today lacks basic string formatting features, doesn’t support multi-line strings, and makes it difficult to protect users from XSS attacks when inserting user-generated content into pages.

Template Literals, introduced in this release, aims to solve these problems. Its basic form adds string formatting into Javascript by providing syntactic sugar for concatenating strings, variables, and the results of functions. Specifically, expressions can be embedded directly into strings when using the backtick operator (`).

var name = "John";
var message = `Hello, ${name}!`;  // Expected result: "Hello John!"

Any code contained within the braces and preceded by the dollar sign will automatically be evaluated and inserted into place.

var message = `1 + 1 = ${1 + 1}!`;  // Expected result: "1 + 1 = 2!"

Besides accepting multi-line strings, Template Literals also introduces the concept of tagged templates which are useful for escaping HTML to prevent XSS attacks and when internationalizing a site.

New features in Chrome Developer Tools

Chrome 36 added Web Animations, unifying several of the animation APIs on the web. This release makes visual debugging easier by allowing developers to slow down playback of their animations on the fly within DevTools.


In Chrome 40 we shipped Service Workers, enabling developers to make their sites load faster and work offline by intercepting network requests to deliver programmatic or cached responses. Until now, developers had to inspect their Service Worker’s cache manually by printing out its contents to the console, making debugging slow. Today’s Beta includes a new section in DevTools for viewing Service Worker caches which can be found by inspecting a Service Worker on chrome://serviceworker-internals.

Other updates in this release


  • ES6 Lexical Declarations cause variables declared with the 'let' keyword to be scoped to their containing block instead of being hoisted to the top of their containing function, giving developers more control over Javascript's tricky scoping rules.
  • The new CSS value image-rendering: pixelated allows scaled images to appear to be composed of very large pixels, trading smooth results for faster image scaling.
  • CSS Media Queries now support any-pointer and any-hover, which function similarly to pointer and hover but can be triggered by any input device, not only the primary one.
  • The Web Audio API now allows developers to temporarily suspend an AudioContext when it’s not in use, improving power consumption. StereoPannerNode is also now supported, enabling left-right panning of an incoming audio stream while maintaining equal power.
  • HTTPS sites that have certificate chains using SHA-1 that are valid past January 1st, 2017 will be treated as “affirmatively insecure” in Chrome UI from this release onwards as part of our plan to gradually sunset SHA-1.

As always, visit chromestatus.com/features for a complete overview of Chrome’s developer features, and circle +Google Chrome Developers for more frequent updates.

`Posted by ${"Erik Arvidsson"}, Software Engineer`

by Google Chrome Blog (noreply@blogger.com) at January 22, 2015 01:49 PM

January 21, 2015

Google Chrome Releases

Dev Channel Update

The dev channel has been updated to 41.0.2272.3 for Windows, Mac and Linux.

A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Penny MacNeil
Google Chrome

by Penny MacNeil (noreply@blogger.com) at January 21, 2015 03:49 PM

Dev Channel Update

The dev channel has been updated to 41.0.2272.12 for Windows, Mac and Linux.

A list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Penny MacNeil
Google Chrome

by Penny MacNeil (noreply@blogger.com) at January 21, 2015 03:49 PM

Chrome for Android Update

The Chrome Team is overjoyed to announce the release of Chrome 40 for Android. Chrome 40.0.2214.89 will be available in Google Play over the next few days. This release contains an updated page info and content settings UI, along with a number of bug fixes and performance improvements! A partial list of changes in this build are available in the Git log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Jason Kersey
Google Chrome

by Jason Kersey (noreply@blogger.com) at January 21, 2015 02:29 PM

Dev Channel Update for Chrome OS

The Dev channel has been updated to 41.0.2272.13 (Platform version: 6680.9.0) for all Chrome OS. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Dharani Govindan
Google Chrome

by Dharani (noreply@blogger.com) at January 21, 2015 09:45 AM

January 20, 2015

Google Chrome Releases

Chrome for iOS Update

The Chrome team is excited to announce Chrome 40 for iPhone and iPad. Chrome 40.0.2214.61 contains a number of improvements including:
  • New look with Material Design bringing bold graphics, fluid motion, and tactile surfaces
  • iOS 8 optimizations and support for bigger phones
  • Support handoff from Chrome to your default browser on OS X
  • Stability improvements and bug fixes
The update will be rolling out in the App Store over the next few hours. Known issues are available on the Chrome support site. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

by Jason Kersey (noreply@blogger.com) at January 20, 2015 09:38 AM

January 16, 2015

Google Chrome Releases

Admin Console Update

The Admin console has been updated with the following change to administrator roles:
  • The setting to manage devices can now be delegated by organizational unit. 

Known issues are available here. Enterprise customers can report an issue by contacting support.

Lawrence Lui
Google Chrome

by Lawrence L (noreply@blogger.com) at January 16, 2015 02:10 PM

Beta Channel Update for Chrome OS

The Beta channel has been updated to 40.0.2214.85 (Platform version: 6457.68.0). This build contains a number of bug fixes, security updates, and feature enhancements. Here is a list of Chromium changes.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Daniel Xie
Google Chrome

by Daniel xie (noreply@blogger.com) at January 16, 2015 08:41 AM

January 14, 2015

Google Chrome Releases

Dev Channel Update for Chrome OS

The Dev channel has been updated to 41.0.2272.2 (Platform version: 6680.1.0) for all Chrome OS except Samsung Chromebook and HP Chromebook. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Dharani Govindan
Google Chrome

by Dharani (noreply@blogger.com) at January 14, 2015 04:07 PM

Beta Channel Update

The beta channel has been updated to 40.0.2214.85 for Windows, Mac and Linux.

A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.


Matthew Yuan
Google Chrome

by matthewyuan@chromium.org (noreply@blogger.com) at January 14, 2015 01:45 PM

January 13, 2015

Chromium Blog

See what your apps & extensions have been up to

Extensions are a great way to enhance the browsing experience. However, some extensions ask for broad permissions that allow access to sensitive data such as browser cookies or history. Last year, we introduced the Chrome Apps & Extensions Developer Tool, which provides an improved developer experience for debugging apps and extensions. The newest version of the tool, available today, lets power users audit any app or extension and get visibility into the precise actions that it's performing.

Once you’ve installed the Chrome Apps & Extensions Developer Tool, it will start locally auditing your extensions and apps as you use them. For each app or extension, you can see historical activity over the past few days as well as real-time activity by clicking the “Behavior” link. The tool highlights activities that involve your information, such as reading website cookies or modifying web sites, in a privacy section. You can also search for URLs to see if an extension has modified any matching pages. If you’re debugging an app or extension, you can use the “Realtime” tab to watch the stream of API calls as an extension or app runs. This can help you track down glitches or identify unnecessary API calls.

Whether you’re a Chrome power user or a developer testing an extension, the Chrome Apps & Extensions Developer Tool can give you the information you need to understand how apps and extensions affect your browsing.

Posted by Adrienne Porter Felt, Software Engineer and Extension Tinkerer

by Google Chrome Blog (noreply@blogger.com) at January 13, 2015 06:36 PM

Gradually Sunsetting SHA-1

The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper.

That’s why Chrome will start the process of sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39 in November. HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome’s user interface.

SHA-1's use on the Internet has been deprecated since 2011, when the CA/Browser Forum, an industry group of leading web browsers and certificate authorities (CAs) working together to establish basic security requirements for SSL certificates, published their Baseline Requirements for SSL. These Requirements recommended that all CAs transition away from SHA-1 as soon as possible, and followed similar events in other industries and sectors, such as NIST deprecating SHA-1 for government use in 2010.

We have seen this type of weakness turn into a practical attack before, with the MD5 hash algorithm. We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it. Unfortunately, this can be quite challenging. For example, when Chrome disabled MD5, a number of enterprises, schools, and small businesses were affected when their proxy software — from leading vendors — continued to use the insecure algorithms, and were left scrambling for updates. Users who used personal firewall software were also affected.

We plan to surface, in the HTTPS security indicator in Chrome, the fact that SHA-1 does not meet its design guarantee. We are taking a measured approach, gradually ratcheting down the security indicator and gradually moving the timetable up (keep in mind that we release stable versions of Chrome about 6 – 8 weeks after their branch point):

Chrome 39 (Branch point 26 September 2014)

Sites with end-entity (“leaf”) certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

The current visual display for “secure, but with minor errors” is a lock with a yellow triangle, and is used to highlight other deprecated and insecure practices, such as passive mixed content.



Chrome 40 (Branch point 7 November 2014; Stable after holiday season)

Sites with end-entity certificates that expire between 1 June 2016 to 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “neutral, lacking security”.

The current visual display for “neutral, lacking security” is a blank page icon, and is used in other situations, such as HTTP.



Chrome 41 (Branch point in Q1 2015)

Sites with end-entity certificates that expire between 1 January 2016 and 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “affirmatively insecure”. Subresources from such domain will be treated as “active mixed content”.

The current visual display for “affirmatively insecure” is a lock with a red X, and a red strike-through text treatment in the URL scheme.



Note: SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash.

Posted by Chris Palmer, Secure Socket Lover and Ryan Sleevi, Transport Layer Securer

by Google Chrome Blog (noreply@blogger.com) at January 13, 2015 06:28 PM

Chrome Apps for Mobile: Now with a faster dev workflow and a modern WebView

In January, we told you about Chrome Apps for Mobile, a project based on Apache Cordova to run your Chrome Apps on both Android and iOS. The project provides a native application wrapper around your Chrome App, allowing you to distribute it via the Google Play Store and the Apple App Store. Cordova plugins give your App access to a wide range of APIs, including many of the core Chrome APIs. The newest version of Chrome Apps for Mobile includes Chrome APIs for identity, Google Cloud Messaging (GCM) and rich notifications, as well as an improved developer workflow and modern WebView capabilities extended to older versions of Android.

The developer workflow for Chrome Apps for Mobile is now significantly faster and simpler with the new live deploy feature. With live deploy, you can instantly preview the Chrome App you’re editing, running right on your Android or iOS device. When you make a change to the code, you will be able to see it straight away. Live deploy is available in both Chrome Dev Editor (CDE) and the Chrome Apps for Mobile command line tool.

Chrome Apps are at their best when they leverage the powerful functionality and performance of the latest Chromium WebView. The introduction of an updated WebView into Android KitKat paved the way for advanced features such as WebRTC, WebAudio and Accelerated 2D Canvas, and we will continue to see improvements with each new Android release. However, now you have a way to leverage the latest Chromium WebView on any device running Android versions back to Ice Cream Sandwich by bundling your Chrome App with an embeddable Chromium WebView, provided by the Crosswalk open source project.

To show Crosswalk in action, we have taken the Topeka Polymer Web App released at I/O and packaged it as a Chrome App for Mobile, available for you to try out on Android.


The Topeka Android app uses an embedded Crosswalk WebView to achieve smooth performance even on older versions of Android, enabling a full fidelity material design UI with fluid animations and no polyfills. Crosswalk is now readily available through the Chrome Apps for Mobile tooling and should be used with an understanding of its advantages and tradeoffs.

Using Chrome Apps, you can now build performant and capable applications that target desktop, Android, and iOS devices. To get started, take a look at our documentation. As always, we welcome your feedback on Stack Overflow and our G+ Developers page.

Posted by Michal Mocny, Chrome Apps for Mobile Engineer and Mobile Magic Maker

by Google Chrome Blog (noreply@blogger.com) at January 13, 2015 06:25 PM

Google Chrome Releases

Dev Channel Update

The dev channel has been updated to 41.0.2267.0 for Windows, Mac and Linux.

A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Penny MacNeil
Google Chrome

by Penny MacNeil (noreply@blogger.com) at January 13, 2015 04:33 PM

Dev Channel Update

The dev channel has been updated to 41.0.2251.0 for Windows, Mac and Linux.

A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Penny MacNeil
Google Chrome

by Penny MacNeil (noreply@blogger.com) at January 13, 2015 04:33 PM

Stable Channel Update

The stable channel has been updated to 39.0.2171.99 for Windows, Mac and Linux.  This release contains an update for Adobe Flash as well as a number of other fixes. A full list of changes is available in the log.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Alex Mineer
Google Chrome

by Alex Mineer (noreply@blogger.com) at January 13, 2015 12:54 PM

January 12, 2015

Igalia Chromium

Javier Fernández: Box Alignment and Grid Layout (II)

Some time has passed since my first post about the Box Alignment spec implementation status for Blink and WebKit web engines. I’ll do an update in this post and, since the gap between both web engines has grown considerably (I’ll do my best to reduce it as soon as possible), I’ll remark the differences between both engines.

What’s new ?

The ‘stretch’ value is now implemented for align-{self, items} and justify-{self, items} CSS properties. This behavior is quite important because it’s the default for these four properties in Flexible Box and Grid layouts. According to the specification, the ‘stretch’ value is defined as follows:

If the width or height (as appropriate) of the alignment subject is auto, its used value is the length necessary to make the alignment subject’s outer size as close to the size of the alignment container as possible, while still respecting the constraints imposed by min-height/max-width/etc. Otherwise, this is equivalent to start.

When defining the alignment properties in a grid layout it’s very important to consider how we want to manage item’s overflow. It’s allowed to specify an overflow alignment value for both Content and Item Alignment definition, but so far it’s implemented only for the Item Alignment properties. The Overflow Alignment concept is defined in the specification as follows:

To help combat undesirable data loss, an overflow alignment mode can be explicitly specified. “True” alignment honors the specified alignment mode in overflow situations, even if it causes data loss, while “safe” alignment changes the alignment mode in overflow situations in an attempt to avoid data loss.

The ‘stretch’ value in Grid Layout

This value applies to the Self Alignment properties {align, justify}-self, and obviously their corresponding Default Alignment ones {align, justify}-items. For grids, these properties consider that the alignment container is the grid cell, while the alignment subject is the grid item’s margin box.

The Box Alignment specification states that Default Alignment ‘auto’ values should be resolved to ‘stretch’ in case of Grid containers; this value will be used as the resolved value for ‘auto’ Self Alignment values.

So by default, or when explicitly defined as ‘stretch’, the grid item’s margin box will be stretched to fill its grid cell breadth. Let’s see it with a basic example:

align-stretch

All the examples available at https://igalia.github.io/css-grid-layout/

This change affected only the layout codebase of the web engine, since the value was already introduced in the style parsing logic. The Grid Layout rendering logic uses an interesting abstraction to override the grid item’s block container. This abstraction allows us to use Grid Cells as block containers when computing the logical height and width.

Overflow Alignment in Grid Layout

The Overflow Alignment value used when defining a grid layout could be particularly useful, specially for fixed sized grids. The potential data lost may happen not only at the left and top box edges, but between adjoining grid cells. Overflow Alignment is defined via the ‘safe’ and ‘true’ keywords. They were already introduced in the Blink core’s style parsing logic as part of the CSS3 upgrade of the alignment properties (justify-self, align-self) used in the FlexBox implementation. The new CSS syntax is described by the following expression:

auto | stretch | ">">">">" href="http://dev.w3.org/csswg/css-align-3/#typedef-baseline-position" data-link-type="type"><baseline-position> | [ ">">">">" href="http://dev.w3.org/csswg/css-align-3/#typedef-item-position" data-link-type="type"><item-position> && ">">">">" href="http://dev.w3.org/csswg/css-align-3/#typedef-overflow-position" data-link-type="type"><overflow-position>? ]

According to the current Box Alignment specification draft, the Overflow Alignment keywords have the following meaning:

  • safe: If the size of the alignment subject overflows the alignment container, the alignment subject is instead aligned as if the alignment mode were start.
  • true: Regardless of the relative sizes of the alignment subject and alignment container, the given alignment value is honored.

I’ll proceed now to show how Overflow Alignment is applied in the Grid Layout specification with an example:

align-overflow

All the examples available at https://igalia.github.io/css-grid-layout/

The new syntax to allow the Overflow Alignment keywords required to modify the style builder and parsing logic, as it was mentioned before. The alignment properties became a CSSValueList instance instead of simple keyword IDs; both Blink and WebKit provides Style Builder code generation directives (CSSPropertyNames.in) for simple properties, but this was not the case for these properties anymore.

The Style Builder is more complex now because it has to deal with the conditional overflow keyword, which can be specified before or after the <item-position> keyword. Blink provides a function template scheme for groups of properties sharing the same logic, which is the case of most of the CSS Box Alignment properties (align-self, align-items and justify-self; justify-items is slightly different so it needs custom functions). WebKit is currently defining the new style builder and it does not follow this approach yet, but I’d say it will, eventually, since it makes a lot of sense.

{% macro apply_alignment(property_id, alignment_type) %}
{% set property = properties[property_id] %}
{{declare_initial_function(property_id)}}
{
    state.style()->set{{alignment_type}}(RenderStyle::initial{{alignment_type}}());
    state.style()->set{{alignment_type}}OverflowAlignment(RenderStyle::initial{{alignment_type}}OverflowAlignment());
}
 
{{declare_inherit_function(property_id)}}
{
    state.style()->set{{alignment_type}}(state.parentStyle()->{{property.getter}}());
    state.style()->set{{alignment_type}}OverflowAlignment(state.parentStyle()->{{property.getter}}OverflowAlignment());
}
 
{{declare_value_function(property_id)}}
{
    CSSPrimitiveValue* primitiveValue = toCSSPrimitiveValue(value);
    if (Pair* pairValue = primitiveValue->getPairValue()) {
        state.style()->set{{alignment_type}}(*pairValue->first());
        state.style()->set{{alignment_type}}OverflowAlignment(*pairValue->second());
    } else {
        state.style()->set{{alignment_type}}(*primitiveValue);
    }
}
{% endmacro %}
{{apply_alignment('CSSPropertyJustifySelf', 'JustifySelf')}}
{{apply_alignment('CSSPropertyAlignItems', 'AlignItems')}}
{{apply_alignment('CSSPropertyAlignSelf', 'AlignSelf')}}

Even though style building and parsing is shared among all the layout models using the Box Alignment properties, like Flexible Box and Grid so far, Overflow Alignment is only supported so far by the CSS Grid Layout implementation. The Overflow Alignment logic affects how the grid items are positioned during the layout phase.

The Overflow Alignment keywords are also valid in the Content Distribution syntax, which I’m working on now with quite good progress. The first patches landed already in trunk, providing an implementation of the justify-content property in Grid Layout. I’ll talk about it soon, hopefully, once the implementation is completed and the discussion in the www-style mailing list conclude with some agreement regarding the Distributed Alignment for grids.

Current implementation status

The Box Alignment specification is quite complete now in Blink, unfortunately that’s not the case of WebKit. I’ll summarize now the current implementation status in browsers based on each web engine, which are basically Chrome/Chromium vs Safari; I’ll also try to outline the roadmap for the next weeks.

align-grid-support

The flex-start, and flex-end values are used only in Flexible Box layouts, so they don’t apply to this analysis of the Grid support of the Box Alignment spec. The Distributed Alignment values apply only to the Content Distribution properties (align-content and justify-content). Finally, ‘stretch‘ is a valid value for both, Positional and Distributed Alignment, so it’s not redundant but a different interpretation of the same value depending on the property it’s applied to.

Some conclusions we can extract from the table above:

  • Default and Self Alignment support is almost complete in Blink; only Baseline Alignment is pending to be implemented.
  • Content Distribution support for justify-content in Blink. Only <content-position> values are implemented, since current spec draft states that all the <content-distibution> values will fallback in Grid Layout; spec authors are still evaluating changes on this issue, though.
  • WebKit fails to provide CSS3 parsing for all the properties except justify-self, although there are some patches pending of review to improve this situation.
  • There is no Grid support at all in WebKit for any of the Box Alignment properties.
Igalia & Bloomberg logos

Igalia and Bloomberg working to build a better web platform

by jfernandez at January 12, 2015 11:41 AM

January 09, 2015

Google Chrome Blog

Simplified sign-in with Chrome for Android

If you’ve typed your password on a tiny on-screen keyboard recently, you know how frustrating it can be. Well, say goodbye to all those "x"s when you meant "c"s. Now with the latest Chrome beta for Android when you’re signed into Chrome, you won’t need to sign in again on Google websites, including Gmail, Maps or Search.
To sign into Chrome, simply click on > Settings > Sign in to Chrome.
When you add more than one Google Account to your device, you'll also be automatically signed in to those accounts on the web. In addition to having your accounts a click away, your bookmarks, passwords, and other Chrome stuff will be kept in sync across your devices, using the account you choose.

For the eagle-eyed out there, you might also notice that this version of Chrome is starting to sport some of the elements of Material Design, Android's latest design look and feel, as well:



Posted by Travis McCoy, Product Manager and Password Fumbler

by Google Chrome Blog (noreply@blogger.com) at January 09, 2015 08:58 AM

Introducing fun family games for Chromecast

Over the past year Chromecast has added hundreds of your favorite apps, and brought anything on the web to the TV via Android mirroring and Chrome tab casting. Just in time for the holidays, we’re adding even more apps to the list. So whether you’re looking forward to a quiet evening watching your favorite holiday heartwarmer or a rousing game night with the gang, there’s something for everyone.

Family-friendly games for Chromecast

Chromecast uses your phone or tablet as the controller and your TV screen like a game or score board to let you play games like Wheel of Fortune or classics like Hasbro’s Monopoly Dash, Scrabble Blitz, Connect Four Quads and Simon Swipe on your big screen.

If you prefer to dance around, check out Just Dance Now. Your smartphone can tell if you’re fist pumping high or shaking your hands down low, which earns you points. To show off your mental moves instead, Big Web Quiz and Emoji Party for Chromecast bring trivia to the TV. Astound your friends with your answers to questions like: How many goats tall is Taylor Swift? What does the "Queen of Hearts" look like in emoji? Big Web Quiz uses Google Knowledge Graph to create hundreds of questions, while Emoji Party uses your knowledge of emojis to guess movie titles based on the pictures.

There's no hassle or expense with extra controllers. Anyone with a phone or tablet can join in on any of these games, so download these apps from the Play Store or App Store so all your family and friends can shake it, show off their smarts or just play.

More movies and shows with Showtime Anytime and Starz

Nothing says winter like a TV binge on a cold, gray day. With Showtime Anytime you can catch up on past and current seasons of the network’s original series including Homeland and The Affair. With Starz Play, get your tartan on with the first season of Outlander, or have a marathon of Friday night flicks.

Easily explore and discover new things to cast 

To make it easier for you to navigate through the many great apps available with Chromecast and find exactly what you’d like to cast, we’ve added category tabs to the chromecast.com/apps page. Choose from TV & Movies, Music & Audio, Games, Sports, Photos & Video, or More.

Posted by Wendi Zhang, three-peat Scrabble champ

by Google Chrome Blog (noreply@blogger.com) at January 09, 2015 08:56 AM

Bookmarks get a new look and learn a few new tricks

We all know how hard it can be to find something once you've saved it. Starting today, it's a lot easier thanks to an update to bookmarks in the latest Chrome Beta. We’ll be rolling this feature gradually out over the next few weeks. Try out the new Bookmarks Manager by going to your Chrome Menu  > Bookmarks > Bookmarks Manager.


Now when you create a bookmark, you can select an image and add a note or snippet to help you find that bookmark more quickly later. Google will also suggest a folder if it seems like it could be a fit.

The new bookmarks get even better if you’re signed in to Chrome with sync enabled:
  • Improved search: Quickly find that elusive page with search powered by Google, which looks not only at the bookmark title and snippet, but also the bookmarked page’s content. 
  • Collect bookmarks by topic: Your bookmarks will automatically be organized by topic, like “Tokyo” and “Photography.” If you’d rather, you can still organize them into folders yourself.
  • Familiar bookmarks, new look: Your existing bookmarks will automatically get updated with images and descriptions, wherever possible.
  • Share: Have a folder of favorite bookmarks? You can make it public and share the link with whomever you’d like to access it. 
  • Access your bookmarks anywhere: Bookmarked an article on your phone to finish reading on your laptop? Chrome will continue to sync your bookmarks across all of your devices, just like it does today. 

Adding, organizing, and browsing your bookmarks is now easier (and prettier) than ever before. Have any questions about your new bookmarks? Join the discussion here.

Posted by Cynthia Johanson, Product Manager and Super Star-rer

by Google Chrome Blog (noreply@blogger.com) at January 09, 2015 08:53 AM

Google Chrome Releases

Beta Channel Update for Chrome OS

The Beta channel has been updated to 40.0.2214.72 (Platform version: 6457.59.0). This build contains a number of bug fixes, security updates, and feature enhancements. Here is a list of Chromium changes.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Daniel Xie
Google Chrome

by Daniel xie (noreply@blogger.com) at January 09, 2015 06:12 AM

Dev Channel Update for Chrome OS

The Dev channel has been updated to 41.0.2268.2(Platform version: 6662.1.0/6662.2.0) for all Chrome OS. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Dharani Govindan
Google Chrome

by Dharani (noreply@blogger.com) at January 09, 2015 06:11 AM

January 07, 2015

Igalia Chromium

Manuel Rego: CSS Grid Layout 2014 Recap: Implementation Status

After the review of the changes in the CSS Grid Layout spec in my previous post, let’s focus now in the status of the implementation in Blink and WebKit. This post will try to cover what we’ve been doing in Igalia during 2014 around grid layout, and it’ll talk about our plans for 2015.

Work done in 2014

Spec syntax

During the first part of the year we were updating the CSS Grid Layout syntax in order to match the last modifications introduced in the spec during 2013.
As part of this work, the grid and grid-template shorthands were introduced, which are deeply explained by my colleague Javi Fernández in a post.
Right now the implementation both in Blink (#337626) and WebKit (#127987) is complete and matching the spec regarding to the syntax.

Painting optimizations

Back in 2013, Julien Chaffraix did some optimizations in the grid painting code (#248151). However, those changes introduced some issues that were being fixed during 2014. Finally the painting code seems to have been stable for a while.
This optimization is not present in WebKit, so this work was only done in Blink.

Code refactoring

Another task that was done in the first half of this year was the refactoring of the code related to positions resolution. It’s been moved to its own class (GridResolvedPosition), so RenderGrid only has to deal with resolved positions now.
This change was done in both Blink (#258258) and WebKit (#131732).

Named grid lines

At the beginning of the year we implemented the support for named grid lines. This completes the implementation of the different placement options availabe in a grid (numeric indexes, named areas, named lines and span). Once more, this is supported in Blink (#337779) and WebKit (#129372).
In this case, my fellow Sergio Villar talked about this work in another post.

Named grid lines example Named grid lines example

Track sizing algorithm

The track sizing algorithm has been rewritten in the spec during 2014. Despite of keeping the same behaviour, the implementation was modified to follow the new algorithm closely.
During this work some missing features were detected and solved, making the current implementation more complete and robust.
Several patches have been done in both Blink (#392200) and WebKit (#137253, #136453, #137019 & #136575).

Automatic placement algorithm

The auto-placement feature has been completed adding support for items spanning several tracks and implementing the “sparse” and “dense” packaging modes.

Auto-placement example with spanning item Auto-placement example with spanning item

In this case you can read my post about how all this works.
This was done in both Blink (#353789 & #384099) and WebKit (#103316).

Auto-placement Auto-placement “sparse” and “dense” packing modes example

Fuzzinator bugfixing

Apart from generic bugfixing during this year we’ve fixed some issues detected by a tool called Fuzzinator in both Blink and WebKit. Renata Hodovan wrote a nice post explaining all the details regarding this (thanks for great your work).
The good news is that now the grid code is much more stable thanks to all the reports and patches done during 2014.

Alignment and justification

This work is still ongoing, but the main alignment properties (justify-self, align-self, justify-items, align-items, justify-content and align-content) are already supported, or on the way (with patches pending review), in Blink (#234199). For this feature the patches in WebKit (#133222 & #133224) are moving slowly.
You can check all the possibilities provided by these properties in a blog post by Javi.

Different options to align an item inside a grid cell Different options to align an item inside a grid cell

Absolutely positioned grid children

During the last part of 2014 it’s been implemented the special support for positioned grid children, because of they’ve some particularities in grids.
The initial patch is available on Blink (#273898), but still some stuff needs to be fixed to complete it. Then, it’ll be ported to WebKit as usual.

Absolutely positioned grid children example Absolutely positioned grid children example

Writing modes

We’ve been working on writing modes support fixing issues with margins, borders and paddings. Now, the columns/rows are painted in the right order depending on the direction property.
Orthogonal flows were clarified in the last update of the spec, current issues are already being addressed in order to fix them.
Again, all this work was done in Blink (#437354) and will be ported to WebKit later on.

Example of direction support in grid Example of direction support in grid

Testing

You can always increase the test coverage, specially for a big spec like CSS Grid Layout. We’ve been adding some missing tests here and there, and finally decided to start the road to create a W3C test suite for grid.
We’re still on the early stages, and getting used to all the W3C testing infrastucture and processes. Gérard Talbot is helping us to take the first steps, big thanks!
We’ve already drafted a test plan where you can follow our progress. We hope to complete the test suite during 2015.
As expeceted, the nice part when you’re focused on writing tests in general (not only tests for the patch you’re developing) is that you do much better tests and you end up finding small issues in different places.

Plans for 2015

The main goal is to ship CSS Grid Layout in Chrome (Blink) and see if Safari (WebKit) follows the trend. In that hypothetical scenario 3 major browsers: Chrome, Safari and Internet Explorer (despite implementing an old version of the spec) will have CSS Grid Layout support; which would be really great news.
Thinking about the next step in the short-term, our intention is to send the “Intent to Ship” to Blink mailing list during the first quarter of 2015.
WebKit is lagging a bit behind, but we’ve plans to update the implementation and reduce the gap between Blink and WebKit grid’s codebases.

Of course, apart from completing all the ongoing tasks and other minor fixes, we’ll have to keep doing more work to fully implement the spec:

  • Add support for “auto” keyword for repeat() (recently added to the spec).
  • Allow to grow the implicit grid before the explicit grid (supporting properly negative indexes for grid line numbers).
  • Implement fragmentation support once the spec is definitive regarding this topic.

Apart from that during 2015 we’ll review the performance and will try to make faster the grid with some optimizations.
Furthermore, it’d be really nice to add some support for grid in Chrome DevTools and Safari Web Inspector. That would make life of end users much easier.

Wrap-up

2015 will be the year of CSS Grid Layout in the browser. Hopefully, you’ll be able to use it natively in all the major browsers but Firefox (where you could use the polyfill). Anyway you can start to play with it already, enabling the experimental Web Platform features flag in Chrome (unprefixed) or using the WebKit nightly builds (with “-webkit” prefix).
If you want to follow closely the implementation track the meta-bugs in Blink (#79180) and WebKit (#60731).

Igalia is doing all this work as part of our collaboration with Bloomberg.
We’re waiting for you to start testing grid layout, report feedback and bugs. We’ll do our best in order that you enjoy it. Exciting times ahead!

Igalia and Bloomberg working together to build a better web Igalia and Bloomberg working together to build a better web

January 07, 2015 11:00 PM

Google Chrome Releases

Beta Channel Update

The beta channel has been updated to 40.0.2214.69 for Windows, Mac and Linux.

A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.


Matthew Yuan
Google Chrome

by matthewyuan@chromium.org (noreply@blogger.com) at January 07, 2015 11:59 AM