Planet Chromium

April 24, 2018

Google Chrome Releases

Dev Channel Update for Chrome OS

The Dev channel has been updated to 67.0.3396.17 (Platform version: 10575.13.0 for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Kevin Bleicher
Google Chrome

by Kevin Bleicher (noreply@blogger.com) at April 24, 2018 05:20 PM

Dev Channel Update for Desktop

The dev channel has been updated to 67.0.3396.18 for Windows, Mac and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at April 24, 2018 01:56 PM

April 19, 2018

Google Chrome Releases

Dev Channel Update for Chrome OS

The Dev channel has been updated to 67.0.3396.12 (Platform version: 10575.8.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements.  A list of changes can be found here

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Kevin Bleicher
Google Chrome

by Kevin Bleicher (noreply@blogger.com) at April 19, 2018 04:40 PM

April 18, 2018

Google Chrome Releases

Beta Channel Update for Chrome OS

The Beta channel has been updated to 66.0.3359.117 (Platform version: 10452.69.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser). 


Josafat Garcia

Google Chrome

by Josafat (noreply@blogger.com) at April 18, 2018 06:27 PM

Dev Channel Update for Desktop

The dev channel has been updated to 67.0.3396.10 for Windows, Mac and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at April 18, 2018 11:49 AM

April 17, 2018

Google Chrome Releases

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 66 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 66.0.3359.117 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 66.

Site Isolation Trial

Chrome 66 will include a small percentage trial of Site Isolation, to prepare for a broader upcoming launch.  Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre.

To diagnose whether an issue is caused by Site Isolation, use chrome://flags#site-isolation-trial-opt-out as described here. Please report any trial-specific issues to help us fix them before Site Isolation is launched more broadly.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Chrome 66 will not trust website certificates issued by Symantec's legacy PKI before June 1st 2016, continuing the phased distrust outlined in our previous announcements.

This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$TBD][826626] Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
[$TBD][827492] Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
[$7500][813876] High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
[$5000][822091] High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
[$4500][808838] High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
[$3000][820913] High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
[$500][771933] High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
[$N/A][819869] High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
[$4000][780435] Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
[$2000][633030] Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
[$2000][637098] Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
[$1000][776418] Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
[$1000][806162] Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
[$500][798892] Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
[$500][808825] Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
[$500][811117] Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
[$500][813540] Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
[$500][813814] Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
[$500][816033] Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
[$500][820068] Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
[$N/A][803571] Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
[$N/A][805729] Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
[$N/A][808316] Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
[$N/A][816769] Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
[$N/A][710190] Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
[$N/A][777737] Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
[$N/A][780694] Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
[$N/A][798096] Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
[$N/A][805900] Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
[$N/A][811691] Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
[$TBD][819809] Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
[$N/A][822266] Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
[$N/A][822465] Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
[$N/A][822424] Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [833889] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Abdul Syed

Google Chrome

by Abdul Syed (noreply@blogger.com) at April 17, 2018 05:51 PM

Beta Channel Update for Desktop

The beta channel has been updated to 66.0.3359.117 for Windows, Mac, and, Linux.

A full list of changes in this build is available in the log. Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at April 17, 2018 04:56 PM

Chrome for Android Update

Good news, everyone!  Chrome 66 (66.0.3359.106) for Android has been released and will be available on Google Play over the course of the next few weeks. With this release, you can now find your saved passwords more easily – just tap the new Search icon in Settings > Passwords.

A list of the changes in this build is available in the Git log.

If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Estelle Yomba
Google Chrome

by Estelle Yomba (noreply@blogger.com) at April 17, 2018 04:56 PM

Hangouts Meet Hardware Update

The stable channel has been updated to Chrome OS 65 for Hangouts Meet hardware and Chrome devices for meetings. Systems will be receiving updates over the next several days.

In addition to Chrome OS bug fixes and security updates, this update contains the latest Huddly firmware, 1.2.14 featuring:
  • Significantly improved color accuracy for skin tones
  • Increased image sharpness at the default zoom level
It also adds a self-remediation feature which monitors the status of the touchscreen automatically recovering in the background should it become unresponsive.

For more information about this release, along with known issues and bug fixes checkout the Hangouts Meet hardware and Chrome OS release notes. 

Kota Hisamatsu
Hangouts Meet hardware

by Kota Hisamatsu (noreply@blogger.com) at April 17, 2018 11:58 AM

Chromium Blog

Protecting WebView with Safe Browsing

Since 2007, Google Safe Browsing has been protecting users across the web from phishing and malware attacks. It protects over three billion devices from an increasing number of threats, now also including unwanted software across desktop and mobile platforms. Today, we’re announcing that Google Play Protect is bringing Safe Browsing to WebView by default, starting in April 2018 with the release of WebView 66.

Developers of Android apps using WebView no longer have to make any changes to benefit from this protection. Safe Browsing in WebView has been available since Android 8.0 (API level 26), using the same underlying technology as Chrome on Android. When Safe Browsing is triggered, the app will present a warning and receive a network error. Apps built for API level 27 and above can customize this behavior with new APIs for Safe Browsing.

An example of a warning shown when Safe Browsing detects a dangerous site. The style and content of the warning will vary depending on the size of the WebView.

You can learn more about customizing and controlling Safe Browsing in the Android API documentation, and you can test your application today by visiting the Safe Browsing test URL (chrome://safe-browsing/match?type=malware) while using the current WebView beta.

Posted by Nate Fischer, Software Engineer

by Chrome Blog (noreply@blogger.com) at April 17, 2018 10:00 AM

April 16, 2018

Igalia Chromium

Jacobo Aragunde: Updated Chromium on the GENIVI platform

I’ve devoted some of my time at Igalia to get a newer version of Chromium running on the GENIVI Development Platform (GDP).

Since the last update, there have been news regarding Wayland support in Chromium. My colleagues Antonio, Maksim and Frédéric have worked on a new Wayland backend following modern Chromium architecture. You can find more information in their own blogs and talks. I’m linking the most recent talk, from FOSDEM 2018.

Everyone can already try the new, Igalia-developed backend on their embedded devices using the meta-browser layer. I built it along with the GDP but discovered that it cannot run as it is, due to the lack of ivi-shell hooks in the new Chromium backend. This is going to be fixed in the mid-term, so I decided not to spend a lot of time researching this and chose a different solution for the current GDP release.

The LG SVL team recently announced the release of an updated Ozone Wayland backend for Chromium, based on the legacy implementation provided by Intel, as a part of the webOS OSE project. This is an update on the backend we were already running on the GDP, so it looked like a good idea to reuse their work.

I added the meta-lgsvl-browser layer to the GDP, which provides recipes for several Chromium flavors: chromium-lge is the one that builds upon the legacy Wayland backend and currently provides Chromium version 64.

The chromium-lge browser worked out-of-the-box on Raspberry Pi, but I faced some trouble with the other supported platforms. In the case of ARM64 platforms, we were finding a “relocation overflow” problem. This is something that my colleagues had already detected when trying the new Wayland backend on the R-Car gen. 3 platform, and it can be fixed by enabling compiler optimization flags for binary size.

In the case of Intel platforms, compilation failed due to a build-system assertion. It looks like Clang’s Control Flow Integrity feature is enabled by default on x64 Linux builds, but we aren’t using the Clang compiler. The solution consists just in disabling this feature, like the upstream meta-browser project was already doing.

The ongoing work is shared in this pull request. I hope to be able to make it for the next GDP release!

Finally, this week my colleague Xavi is taking part in the GENIVI All Member Meeting. If you are interested in browsers, make sure you attend his talk, “Wayland Support in Open Source Browsers“, and visit our booth during the Member Showcase!

by Jacobo Aragunde Pérez at April 16, 2018 11:04 AM

Chromium Blog

Chrome 66 Beta: CSS Typed Object Model, Async Clipboard API, AudioWorklet

Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. View a complete list of the features in Chrome 66 on ChromeStatus.

The ImageBitmap Rendering Context for <canvas>

Historically, rendering an image to a canvas has involved first creating an <img> tag and then rendering its contents to a canvas. This causes multiple copies of the image to be stored in memory. A new rendering context streamlines the display of ImageBitmap objects by avoiding memory duplication and rendering them more efficiently.
This example shows how to do this using an ImageBitmapRenderingContext. This essentially transfers ownership of an image's pixels. This example does so from a blob to a <canvas>, but pixels can be moved between <canvas> elements as well. Note that the blob is compressed so it is not a full copy in memory.

const image = await createImageBitmap(imageBlob);
const canvas = document.createElement('canvas');
const context = canvas.getContext('bitmaprenderer');
context.transferFromImageBitmap(image);

canvas.toBlob((outputJPEGBlob) => {
// Do something with outputJPEGBlob.
}, 'image/jpeg');

If this were done without createImageBitmap(), the imageBlob would be lazily decoded, which would cause jank. On the other hand createImageBitmap() is asynchronous which allows you to decode it completely before using it and avoiding jank. For example, a WebGL game could use this to load new textures on the fly as gameplay progresses.

CSS Typed Object Model

Historically, developers wanting to manipulate CSS properties have had to manipulate strings only for the browser to then convert it back to a typed representation. What made things worse was when developers tried to read the value of a CSS property in Javascript, this typed value was converted back to a string.
In version 66, Chrome implements the CSS Typed Object Model (OM) Level 1, a part of Houdini, for a subset of CSS properties. Typed OM reduces this burden on both the developer and browser by exposing CSS values as typed JavaScript objects rather than strings. Along with allowing the performant manipulation of values assigned to CSS properties, Typed OM allows developers to write more maintainable and easy to understand code.
A brief example illustrates the point. Previously if I wanted to set the opacity of an element I could do this:

el.style.opacity = 0.3;
el.style.opacity === "0.3"

With CSSOM:

el.attributeStyleMap.set("opacity", CSS.number("0.3"));
el.attributeStyleMap.get("opacity").value === 0.3

The returned values above are of type CSSUnitValue, which are easier to manipulate than strings.

Asynchronous Clipboard API

The new asynchronous clipboard API provides a promise-based means of reading from and writing to the clipboard. It's simpler than the old execCommand('copy') API released in Chrome 43 and integrates with the Permissions API. Future Chrome releases will also support copy/paste of richer types of data, including images.
To get a taste of this API, lets do simple write and read operations with text.

try {
await navigator.clipboard.writeText("Hello, clipboard.");
} catch {
console.error("Unable to write to clipboard.");
}

Similarly, to read text back:

const data = await navigator.clipboard.readText();
console.log("From the clipboard:", data);

For more information, including how to use security and permissions with the API, read Unblocking Clipboard Access and check out our sample.

AudioWorklet

The legacy ScriptProcessorNode was asynchronous and required thread hops, which could produce an unstable audio output. The AudioWorklet object provides a new synchronous JavaScript execution context which allows developers to programmatically control audio without additional latency and higher stability in the output audio.
You can see example code in action along with other examples at Google Chrome Labs.
In addition to AudioWorklet, other worklet API are being built. PaintWorklet was released in Chrome 65/Opera 52. An AnimationWorklet is planned. ScriptProcessorNode will be deprecated some time after AudioWorklet ships.

Other Features in this Release

Blink > Animation

The add and accumulate compositing operations are intended for building modularized animations. The add and accumulate keywords will be supported in Chrome soon. Until then, they will no longer throw errors. This is to maintain compatibility with Firefox and other implementations.

Blink > CSS

CSS has two new features.
  • The mathematical expressions calc(), min(), and max() are now supported in media queries, as required by the CSS Values and Units Module Level 4 specification. This change brings them in line with other types of rules where these functions are allowed anywhere a number is allowed.
  • Floating point values are now allowed in the rgb() and rgba() functions.

Blink > Feature Policy

By default, the deviceorientation, deviceorientationabsolute, and devicemotion events are now restricted to top-level document and same-origin subframes, the same as if the feature policy for those features were set to 'self'. To modify this behavior, explicitly enable or disable the specific feature.

Blink > File API

The File API now results in a network error instead of a 404 when attempting to read from an invalid or non-existing blob URL.

Blink > Forms

HTML forms have two new features.
  • The <textarea> element and the <select> element now support the autocomplete attribute as required by the specification.
  • A mutable checkbox now fires three events as required by the HTML specification: a click event, then an input event, then a change event. Formerly only the click and change events were fired.

Blink > Fullscreen

If a page in fullscreen mode opens a popup and calls window.focus(), that page exits full screen. This does not occur if the popup receives focus some other way.

Blink > GetUserMedia

A new method on the MediaStreamTrack interface called getCapabilities()
returns a MediaTrackCapabilities object, which specifies the values or range of values which each constrianable property. Capabilities vary by device.

Blink > JavaScript

There are several JavaScript changes.
  • The Function.prototype.toString() function now returns exactly what is written in the source code. This includes whitespace and other text that may have been used. For example, if there is a comment between the function keyword and the function name, the comment is now returned in addition to the keyword and name.
  • JSON is now a syntactic subset of ECMAScript, which allows line separator (U+2028) and paragraph separator (U+2029) symbols in string literals.
  • The catch clause of a try statement can now be used without a parameter.
  • String.prototype.trimStart() and String.prototype.trimEnd() are now available as the standards-based way of trimming whitespace from strings, in addition to String.prototype.trim() which was already implemented. The non-standard trimLeft() and trimRight() remain as aliases of the new methods for backward compatibility.
  • The Array.prototype.values() method returns a new array iterator object that contains the values for each index in the array.

Blink > Layout

Layout has two new features.
  • The grid prefix has been removed from the CSS gutter properties:
    • grid-gap becomes gap
    • grid-row-gap becomes row-gap
    • grid-column-gap becomes column-gap
The default value for all three is normal and the prefixed properties are aliases of the new ones. Note that column-gap property already exists and is used by css-multicol.
  • Elements with the display properties table-row, table-row-group, table-header-group, table-footer-group, table-cell, and table-caption that have a transform property are now containing blocks for fixed position elements. Blink currently does not make <tr>, <tbody>, <tfoot>, and <thead> be containing blocks for fixed-position elements.

Blink > Media

Media has two new features.
  • As announced earlier, autoplay is now allowed only when either the media won't play sound, after the user clicks or taps on the site, or (on desktop) if the user has previously shown an interest in media on the site. This will reduce unexpected video playbacks with sound when first opening a web page.
  • The Media Capabilities, Decoding Info API allows websites to get more information about the decoding abilities of the client. This enables more informed selection of media streams for the user, avoiding scenarios such as where the client is unable to smoothly and power-efficiently decode a resolution that might have been picked based only on available bandwidth and screen size.

Blink > Network

The Fetch API has two new features.
  • The Request object now supports a keepalive property which allows a fetch to continue after a tab is closed. This feature is invoked by passing a boolean in the constructor's initialization object. Its value can be read back from the object itself. This property can be used with sendBeacon() as well.
  • New AbortSignal and AbortController interfaces allow a fetch to be canceled. To accomplish this create an AbortController object and pass its signal property as an option to fetch. Calling abortController.abort() cancels the fetch. There's more information in our abortable fetch article, but a small code example is shown below.


const controller = new AbortController();
const signal = controller.signal;
const requestPromise = fetch(url, { signal });

// Abort the fetch:
controller.abort();

Blink > ServiceWorker

Service workers have two changes.
  • A service worker can no longer respond to a request whose mode is same-origin with a response whose type is CORS. This is a security measure recently added to the Fetch specification.
  • FetchEvent.clientId now returns an empty string instead of null when it isn't set. For example, this can occur during a navigation request.

Blink > WebRTC

Chrome now supports the RTCRtpSender.dtmf
attribute per the specification. This replaces the CreateDTMFSender() function which has not yet been deprecated.

Deprecations and Interoperability Improvements

Blink > CSS

The object-position and perspective-origin properties no longer accepts three-part values such as top right 20%. This change also applies to basic shapes and gradients. Valid position values must always have 1, 2, or 4 parts.

    Blink > HTML

    Following a specification change, ImageCapture.prototype.setOptions() has been removed.

      Blink > Input

      Following a specification change, document.createTouch() and document.createTouchList() have been removed.

      Blink > Web Audio

      Following a specification change, automatic dezippering of AudioParam.prototype.value changes was removed from Chrome. If you need to smooth the value of AudioParam changes, use AudioParam.prototype.setTargetAtTime().

        by Chrome Blog (noreply@blogger.com) at April 16, 2018 11:12 AM

        April 15, 2018

        Igalia Chromium

        Manuel Rego: CSSWG F2F Berlin 2018

        Last week I was in Berlin for the CSS Working Group (CSSWG) face-to-face meeting representing Igalia, member of the CSSWG since last year. Igalia has been working on the open web platform for many years, where we help our customers with the implementation of different standards on the open source web engines. Inside the CSSWG we play the implementors role, providing valuable feedback around the specifications we’re working on.

        It was really nice to meet all the folks from the CSSWG there, it’s amazing to be together with such a brilliant group of people in the same room. And it’s lovely to see how easy is to talk with any of them, you all rock!

        CSSWG F2F Berlin 2018 by Rossen Atanassov CSSWG F2F Berlin 2018 by Rossen Atanassov

        This is a brief post about my highlights from there, of course totally subjective and focused on the topics I’m more interested.

        CSS Grid Layout

        We were discussing two issues of the current specification related to the track sizing algorithm and its behavior in particular cases. Some changes will be added in the specification to try to improve them and we’ll need to update the implementations accordingly.

        On top of that, we discussed about the Level 2 of the spec. It’s already defined that this next level will include the following features:

        • The awaited subgrids feature: There was the possibility of allowing subgrids in both axis (dual-axis) or only in one of them (per-axis), note that the per-axis approach covers the dual-axis if you define the subgrid in both axis.

          There are clear uses cases for the per-axis approach but the main doubt was about how hard it’d be to implement. Mats Palmgren from Mozilla posted a comment on the issue explaining that he has just created a prototype for the feature following the per-axis idea, so the CSSWG resolved to remove the dual-axis one from the spec.

        • And aspect-ratio controlled gutters: Regarding this topic, the CSSWG decided to add a new ar unit. We didn’t discuss anything more but we need to decide what we’ll do in the situations where there’s no enough free space to fulfill the requested aspect-ratio, should we ignore it or overflow in that case?

          Talking to Rachel Andrew about the issue, she was not completely sure of what would be the preferred option from the authors point of view. I’ve just added some examples to the issue so we can discuss about them there and gather more feedback, please share your thoughts.

        Tests

        This was a discussion I wanted to have with the CSSWG people in order to understand better the current situation and possible next steps for the CSSWG test suites.

        Just to add some context, the CSSWG test suites are now part of the web-platform-tests (WPT) repository. This repository is being used by most browser vendors to share tests, including tests for new CSS features. For example, at Igalia we’re currently using WPT test suites in all our developments.

        The CSSWG uses the CSS Test Harness tool which has a build system that adds some special requirements for the test suites. One of them causes that we need to duplicate some files in the repository, which is not nice at all.

        Several people in the CSSWG still rely on this tool mainly for two things:

        • Run manual tests and store their results: Some CSS features like media queries or scrolling are hard to automate when writing tests, so several specs have manual tests. Probably WebDriver can help to automate this kind of tests, maybe not all though.
        • Extract status reports: To verify that a spec fulfills the CR exit criteria, the current tooling has some nice reports, it also provides info about the test coverage of the spec.

        So we cannot get rid of the CSS Test Harness system at this point. We discussed about possible solutions but none of them were really clear, also note that the lack of funding for this kind of work makes it harder to move things forward.

        I still believe the way to go would be to improve the WPT Dashboard (wpt.fyi) so it can support the 2 features listed above. If that’s the case maybe the specific CSS Test Harness stuff won’t be needed anymore, thus the weird requirements for people working on the test suites will be gone, and there would be a single tool for all the tests from the different working groups.

        As a side note wpt.fyi needs some infrastructure improvements, for example Microfost was not happy as Ahem font (which is used a lot in CSS tests suites) is still not installed on the Windows virtual machines that extract test results for wpt.fyi.

        Floats, floats, floats

        People are using floats to simulate CSS Shapes on browsers that don’t have support yet. That is causing that some special cases related to floats happen more frecuently, and it’s hard to decide what’s the best thing to do on them.

        The CSSWG was discussing what would be the best solution when the non-floated content doesn’t fit in the space left by the floated elements. The problem is quite complex to explain, but imagine the following picture where you have several floated elements.

        An example of float layout An example of float layout

        In this example there are a few floated elements restricting the area where the content can be painted, if the browser needs to find the place to add a BFC (like a table) it needs to decide where to place it avoiding overlapping any other floats.

        There was a long discussion, and it seems the best choice would be that the browser tests all the options and if there’s no overlapping then puts the table there (basically Option 1 in the linked illustration). Still there are concerns about performance, so there’s still more work to be done here. As a result of this discussion a new CSS Floats specification will be created to describe the expected behavior in this kind of scenarios.

        Monica Dinculescu created a really cool demo to explain how float layout works, with the help of Ian Kilpatrick who knows it pretty well as he has been dealing with lots of corner cases while working in LayoutNG.

        TYPO Labs

        The members of the CSSWG were invited to the co-located TYPO Labs event. I attended on Friday when Elika (fantasai), Myles and Rossen gave a talk. It was nice to see that CSS Grid Layout was mentioned in the first talk of the day, as an useful tool for typographers. Variable fonts and Virtual Reality were clearly hot topics in several talks.

        Elika (fantasai), Myles and Rossen in the CSSWG talk at TYPO Labs Elika (fantasai), Rossen and Myles in the CSSWG talk at TYPO Labs

        It’s funny that the last time I was in Berlin was 10 years ago for a conference related to TYPO3, totally unrelated but with a similar name. 😄

        Other

        Some pictures of Berlin Some pictures of Berlin

        And that’s mostly all that I can remember now, I’m sure I’m missing many other important things. It was a fantastic week and I even find some time for walking around Berlin as the weather was really pleasant.

        April 15, 2018 10:00 PM

        April 13, 2018

        Google Chrome Releases

        Stable Channel Update for Chrome OS

        The Stable channel has been updated to 65.0.3325.209 (Platform version: 10323.67/68) for most Chrome OS devices(*). This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days.


        If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).


        Bernie Thompson
        Google Chrome

        (*) Update 4/13: Asus Chromebook Flip C302, Google Pixelbook, HP Chromebook 13 G1 and Samsung Chromebook Pro have been updated to Platform version: 10323.67.5 to patch a kernel crash loop when using bluetooth

        by Bernie Thompson (noreply@blogger.com) at April 13, 2018 07:01 PM

        April 12, 2018

        Google Chrome Releases

        Chrome Beta for Android Update

        Ladies and gentlemen, behold!  Chrome Beta 66 (66.0.3359.106) for Android has been released and is available in Google Play.  A partial list of the changes in this build is available in the Git log. Details on new features is available on the Chromium blog, and developers should check out our updates related to the web platform here.

        If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

        Estelle Yomba
        Google Chrome

        by Estelle Yomba (noreply@blogger.com) at April 12, 2018 09:20 PM

        Beta Channel Update for Desktop

        The beta channel has been updated to 66.0.3359.106 for Mac, Linux, and Windows.

        A full list of changes in this build is available in the log. Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

        Abdul Syed
        Google Chrome

        by Abdul Syed (noreply@blogger.com) at April 12, 2018 03:31 PM

        Beta Channel Update for Chrome OS

        The Beta channel has been updated to 66.0.3359.102 (Platform version: 10452.54.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

        If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser). 


        Josafat Garcia

        Google Chrome

        by Josafat (noreply@blogger.com) at April 12, 2018 12:50 PM

        April 11, 2018

        Google Chrome Releases

        Dev Channel Update for Desktop

        The dev channel has been updated to 67.0.3393.4 for Windows, Mac and Linux.


        A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

        Krishna Govind
        Google Chrome

        by Krishna Govind (noreply@blogger.com) at April 11, 2018 02:13 PM

        Monica Dinculescu

        How browsers position floats

        iframe { height: 800px; width: 100%; margin: 0 auto; border: 5px solid #E0F7FA; border-radius: 3px; }

        When you have a float CSS property on a box (with a value different than none), this box must be laid out according to the float positioning algorithm. Loosely, it says:

        • if the box has float:left, the box is positioned at the beginning of the line box
        • if the box has float:right, the box is positioned at the end of the line box
        • text (and more generally anything within the normal, non-floaty flow) is laid out along the edges of the floating boxes
        • the clear property changes the floating behaviour.

        Anyway, in general you’ll have a better time if you use a flexbox or CSS grid instead of floats, because floats are quirky and have strange edge cases, but if you were ever curious about how the algorithm would choose where to position different floats, here’s a demo (which you can also play with directly on glitch):

        April 11, 2018 12:00 AM

        April 04, 2018

        Google Chrome Releases

        Chrome Beta for Android Update

        Ladies and gentlemen, behold!  Chrome Beta 66 (66.0.3359.82) for Android has been released and is available in Google Play.  A partial list of the changes in this build is available in the Git log. Details on new features is available on the Chromium blog, and developers should check out our updates related to the web platform here.

        If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

        Estelle Yomba
        Google Chrome

        by Estelle Yomba (noreply@blogger.com) at April 04, 2018 08:00 PM

        Beta Channel Update for Desktop

        The beta channel has been updated to 66.0.3359.81 for Mac, Linux, and Windows.

        A full list of changes in this build is available in the log. Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

        Abdul Syed
        Google Chrome

        by Abdul Syed (noreply@blogger.com) at April 04, 2018 12:24 PM