Planet Chromium

May 21, 2018

Chromium Blog

Unified autoplay

Users watch and listen to a lot of media, and autoplay can make it faster and easier to consume on the web. However, one of the most frequent user concerns is unexpected media playback, which can use data, consume power, and make unwanted noise while browsing. To address this, Chrome will be making autoplay more consistent with user expectations and will give users more control over audio.

Starting in Chrome 64, autoplay will be allowed when either the media won’t play sound, or the user has indicated an interest in the media. This will allow autoplay to occur when users want media to play, and respect users' wishes when they don't. These changes will also unify desktop and mobile web behavior, making web media development more predictable across platforms and browsers.

Not all users have the same preferences for autoplay media, so Chrome 63 will add a new user option to completely disable audio for individual sites. This site muting option will persist between browsing sessions, allowing users to customize when and where audio will play.

These changes will give users greater control over media playing in their browser, while making it easier for publishers to implement autoplay where it benefits the user. For more details, please see the autoplay roadmap.

Posted by Mounir Lamouri, Software Engineer

Update 2018-05-21: The autoplay policy is in effect for <video> and <audio> and prevents roughly half of unwanted media autoplays. Please see the Chrome blog post for more details.

For the Web Audio API, the policy described in this post will go into effect in Chrome 70 (October, 2018). This will affect web games and some WebRTC applications, as well as any site using the Web Audio API. We recommend that developers update their code to correctly handle the autoplay policy.

by Chrome Blog (noreply@blogger.com) at May 21, 2018 05:50 PM

May 18, 2018

Google Chrome Releases

Dev Channel Update for Chrome OS


The Dev channel has been updated to 68.0.3431.0 (Platform version: 10682.0.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements.


If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).


CIndy Bayless
Google Chrome

by Cindy Bayless (noreply@blogger.com) at May 18, 2018 09:25 AM

May 17, 2018

Google Chrome Releases

Dev Channel Update for Desktop

The dev channel has been updated to 68.0.3432.3 for Windows, Mac and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at May 17, 2018 03:11 PM

Stable Channel Update for Chrome OS

The Stable channel has been updated to 66.0.3359.181 (Platform version: 10452.96.0) for most Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Josafat Garcia
Google Chrome

by Josafat (noreply@blogger.com) at May 17, 2018 01:31 PM

Chromium Blog

Evolving Chrome's security indicators

Previously, we posted a proposal to mark all HTTP pages as definitively “not secure” and remove secure indicators for HTTPS pages. HTTPS usage on the web has taken off as we’ve evolved Chrome security indicators. Later this year, we’ll be taking several more steps along this path.

Users should expect that the web is safe by default, and they’ll be warned when there’s an issue. Since we’ll soon start marking all HTTP pages as “not secure”, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure. Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018 (Chrome 69).

Chrome treatment for HTTPS pages


Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70), we’ll start showing the red “not secure” warning when users enter data on HTTP pages.

Chrome 70 treatment for HTTP pages with user input


We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities -- so don’t wait to migrate to HTTPS! Check out our set-up guides to get started.

Posted by Emily Schechter, Product Manager, Chrome Security

by Chrome Blog (noreply@blogger.com) at May 17, 2018 10:04 AM

Google Chrome Releases

Beta Channel Update for Chrome OS

The Beta channel has been updated to 67.0.3396.49 (Platform version: 10575.40.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Kevin Bleicher
Google Chrome

by Kevin Bleicher (noreply@blogger.com) at May 17, 2018 09:08 AM

May 16, 2018

Google Chrome Releases

Beta Channel Update for Desktop

The beta channel has been updated to 67.0.3396.48 for Windows, Mac, and, Linux.


A full list of changes in this build is available in the log. Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at May 16, 2018 12:14 PM

May 15, 2018

Google Chrome Releases

Stable Channel Update for Desktop

The stable channel has been updated to 66.0.3359.181 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.

A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at May 15, 2018 12:56 PM

May 10, 2018

Google Chrome Releases

Chrome Beta for Android Update

Ladies and gentlemen, behold!  Chrome Beta 67 (67.0.3396.42) for Android has been released and is available in Google Play.  A partial list of the changes in this build is available in the Git log. Details on new features is available on the Chromium blog, and developers should check out our updates related to the web platform here.

If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Estelle Yomba
Google Chrome

by Estelle Yomba (noreply@blogger.com) at May 10, 2018 07:48 PM

Stable Channel Update for Desktop

The stable channel has been updated to 66.0.3359.170 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.

A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][835887] Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23:
  • [836858] High CVE-2018-6121: Privilege Escalation in extensions.
  • [836141] High CVE-2018-6122: Type confusion in V8. 
[$5000][833721] High CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes
  • [841841] Various fixes from internal audits, fuzzing and other initiatives


Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at May 10, 2018 02:55 PM

Chrome for Android Update

Chrome for Android has been updated to version 66.0.3359.158; the update is now available in Google Play.  A list of all Chromium changes in this build can be found here. This release fixes a bug when uploading photos to the Web.

If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Estelle Yomba
Google Chrome

by Estelle Yomba (noreply@blogger.com) at May 10, 2018 12:21 PM

Beta Channel Update for Chrome OS

The Beta channel has been updated to 67.0.3396.41 (Platform version: 10575.32.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Cindy Bayless
Google Chrome

by Kevin Bleicher (noreply@blogger.com) at May 10, 2018 08:45 AM

May 09, 2018

Chromium Blog

The State of the Web at Google I/O 2018

The web is a global treasure, and has many strengths we all enjoy. It is a distribution platform like no other, providing people around the world access to a diverse range of content and enabling businesses to reach customers wherever they are. Underpinning the web’s success is its community and a set of fundamentally open standards, which ensures it remains dynamic and available to all.

From PageRank to Chromium, Google has been deeply invested in the web’s continued success. This week at Google I/O, our annual developer conference, we gave a State of the Union presentation to catalog some of our recent efforts to help the web continue to thrive and work well for everyone. We recap the key themes below, but encourage you to check out all the talks on YouTube.


Service Worker
The introduction of the Service Worker API is one of the most significant improvements to the web in recent history. It frees developers from the limited lifecycle of pages, working in the background to intercept network requests and handle incoming events to enable web apps to work offline. With service workers your site can receive push notifications, synchronize data in the background, and more. Apple rolled out support for service workers in Safari 11.1 on iOS and MacOS this March and Microsoft Edge shipped service workers just last week — meaning that every major modern browser now supports the standard. Using service workers can be a big change to your architecture, so to make it simpler we created Workbox, which wraps up many common, powerful service worker patterns into an easy-to-use API. We've just released version 3 of this library, built around modules allowing you to use only the features that you need.

Progressive Web Apps (PWAs)
Service workers provide the backbone for many of the capabilities of a PWA. Companies around the world, in many different industries, have been seeing incredible success building PWAs. Starbucks, who launched their PWA site last year, saw a 2X increase in their daily active users. In fact, across advertising sites that we measured, when a site switches to a PWA they see on average a mobile conversion rate boost of 20%.

Many early PWAs were focused on mobile, and the benefits now also extend to desktop. Chrome will soon provide support for users to “install” PWAs to their desktop. The site will get its own icon and launch in a standalone window, while retaining powerful features that one expects in a browser like find in page, shareable URLs, Google Cast support, and more. At I/O we demonstrated how Spotify is deploying their rich media experience as a desktop PWA. “Install” support for desktop PWA’s will be coming to ChromeOS in Chrome 67 in early June, and on Windows and macOS later this year.



WebAssembly
WebAssembly enables websites to run high-performance, low-level code written in languages like C or C++, and opens up entirely new classes of content on the web platform. In March, AutoCAD from Autodesk took a 35-year-old-codebase — older than the web itself — and compiled it to run directly inside a browser using WebAssembly. AutoCAD is now just a link away, meaning you can make edits to your CAD drawing directly in a browser, regardless of device or operating system. AutoCAD’s engineering team has a single shared C++ codebase, and when their desktop team makes changes, they are easily integrated into the AutoCAD web app.

If you’re interested in learning how to port code or write your own, check out the WebAssembly codelab, demonstrating the interplay between C libraries and the DOM. Whether you’re using a complex library written in C, want to bring a new codec into the web platform, or using an engine such as Unity or Unreal Engine, WebAssembly is here to help.

Lighthouse
Lighthouse is a tool for analyzing the quality of your website, giving you clear measurements of your site’s performance and guidance for improving your users’ experience. It can be accessed directly from inside Chrome’s DevTools, run from the command-line, or integrated with other development products. In 2018 alone, half a million developers are running Lighthouse against their sites on a regular basis. We know that the web changes fast — Lighthouse can help you stay up-to-date with the latest performance best-practices. Lighthouse 3.0, announced at I/O, will be available to everyone later this week.

Lighthouse gives you clarity into your site’s load performance in a controlled environment. However, if you want to see how your site performs for real users in the real world, then check out the Chrome User Experience Report. The report now provides origin-level performance metrics for the four million most visited websites. To learn more about how these and other tools can help you get a complete view of your site’s performance, check out our speed tools infographic.

AMP
AMP is a web component library and ecosystem for building reliably fast websites with great user experience at scale. There are now over six billion AMP pages from 46 million domains, with a median load time of less than one second from Google Search. Businesses are seeing success with AMP: AliExpress, the global online retail marketplace, recently launched a new mobile site as an AMP-driven Progressive Web App. The new site increased their conversion rate for non-search traffic by an incredible 31%.

Content consumption on mobile is changing, with bite-sized, fullscreen storytelling formats becoming increasingly popular. To help meet the needs of web publishers, the AMP project recently announced the development of AMP stories, a rich set of web components built for mobile-first storytelling. The format is under continued development, and we encourage you to experiment with building your own stories and give the AMP team your feedback.



Web Packaging
Web Packaging is a set of emerging technologies that we believe will redefine how web content is distributed on the web and shared between users. It allows publishers to bundle their content for distribution by other parties, while keeping the integrity guarantees of HTTPS. As part of exploring the novel use cases enabled by Web Packaging, we realized that there was an interesting opportunity for AMP. Through collaboration with the AMP team and the web community, we were able to design a solution that allows AMP documents to retain the publisher's original URL when served from the AMP cache.

As a showcase of our efforts, AMP project collaborators Food Network and Pinterest have built demos of Web Packaging, such as the one below. If you are curious to learn more, the AMP team wrote an article that goes into more detail about how Web Packaging benefits users and publishers. Beyond the AMP application, we are excited about what Web Packaging technologies will enable and are looking forward to refine our thinking with your help.

A demo using Web Packaging with an AMP page from Google Search

Polymer
Polymer is a JavaScript library that helps you create custom reusable web components to share with other developers or combine to build performant, maintainable apps. At I/O we launched version 3.0 of the library, which makes some significant upgrades to the Polymer ecosystem. We’ve completed support for using npm as the package management system and ES6 modules as the unit of composition, making it easy to use Polymer-based web components alongside your other favorite web development tools and frameworks.

We’ve also introduced LitElement, a new web component base-class that combines the expressive power of Lit-HTML with web components to make it even easier to create lightweight, reactive components using a modern and expressive templating syntax.

We’re also releasing the PWA Starter Kit, a comprehensive starting point for building web component-driven PWAs that are fast, reliable, responsive, themable, and score top marks in our Lighthouse PWA and performance criteria.

Angular
At I/O this year the Angular team gave an overview of the growth of the community, and touched on some of the exciting new capabilities that have landed across the core framework, CLI, and Angular Material library in version 6. Angular is used by millions of developers and has built up a huge amount of momentum and a fantastic ecosystem. New commands released in version 6 like `ng update` and `ng add` will keep your application up to date and help developers move faster as the Angular team continues to balance stability and innovation.

The Angular team also gave a sneak peek at some of the improvements they are making under the hood of Angular with Project Ivy. This will make Angular simpler to debug and faster to compile and run, in a way that works with existing applications. The team showed demonstrated the utility of these improvements in the form of a small Hello World application where the Angular features that weren't used were automatically removed from the application's JavaScript bundle.



Our mission at Google and in Chrome is to work with the community to create experiences that are fast, integrated, reliable, and engaging. We’re excited by the powerful new capabilities that have come to the open web platform, and the comprehensive set of tools that enable you to rapidly build high quality sites for your users. To stay up to date on the latest advancements in the web, visit our developer portal or check out the talks from this year’s I/O on the Google Developers YouTube channel. And we’d love to see you at the upcoming Chrome Dev Summit later this year.

Posted by Malte Ubl and Ben Galbraith

by Chrome Blog (noreply@blogger.com) at May 09, 2018 02:16 PM

Google Chrome Releases

Beta Channel Update for Desktop

The beta channel has been updated to 67.0.3396.40 for Windows, Mac, and, Linux.


A full list of changes in this build is available in the log. Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at May 09, 2018 12:26 PM

May 08, 2018

Google Chrome Releases

Stable Channel Update for Chrome OS

The Stable channel has been updated to 66.0.3359.158 (Platform version: 10452.85.0) for most Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Josafat Garcia
Google Chrome

by Josafat (noreply@blogger.com) at May 08, 2018 08:18 PM

Dev Channel Update for Desktop

The dev channel has been updated to 68.0.3423.2 for Windows, Mac and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at May 08, 2018 12:00 PM

May 04, 2018

Google Chrome Releases

Dev Channel Update for Chrome OS

The Dev channel has been updated to 68.0.3417.0 (Platform version: 10643.0.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. 

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser). 


Bernie Thompson
Google Chrome

by Bernie Thompson (noreply@blogger.com) at May 04, 2018 05:44 PM

Dev Channel Update for Desktop

The dev channel has been updated to 68.0.3418.2 for Windows, Mac and Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Abdul Syed
Google Chrome

by Abdul Syed (noreply@blogger.com) at May 04, 2018 01:02 PM

May 02, 2018

Google Chrome Releases

Chrome Beta for Android Update

Ladies and gentlemen, behold!  Chrome Beta 67 (67.0.3396.29) for Android has been released and is available in Google Play.  A partial list of the changes in this build is available in the Git log. Details on new features is available on the Chromium blog, and developers should check out our updates related to the web platform here.

If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Estelle Yomba
Google Chrome

by Estelle Yomba (noreply@blogger.com) at May 02, 2018 02:30 PM

Beta Channel Update for Desktop

The beta channel has been updated to 67.0.3396.30 for Windows, Mac, and, Linux.


A full list of changes in this build is available in the log. Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Krishna Govind
Google Chrome

by Krishna Govind (noreply@blogger.com) at May 02, 2018 01:30 PM

Beta Channel Update for Chrome OS

The Beta channel has been updated to 67.0.3396.26 (Platform version: 10575.22.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Cindy Bayless
Google Chrome

by Cindy Bayless (noreply@blogger.com) at May 02, 2018 09:14 AM

Chromium Blog

Chrome 67 Beta: WebXR Origin Trial, Generic Sensors

Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. View a complete list of the features in Chrome 67 on ChromeStatus.com.

Generic Sensors

Sensor data is used in many native applications to enable experiences like immersive gaming, fitness tracking, and augmented or virtual reality. This data is now available to web applications using the Generic Sensor API. The API consists of a base Sensor interface with a set of concrete sensor classes built on top. Here are links to the sensor specs and examples of how they might be used.

Accelerometer: Use the motion of the device to move around in a 3D video.

Gyroscope: Use the orientation of the device to implement a table-top maze.

Orientation Sensor: This is what's called a fusion sensor meaning it combines readings from two or more sensors, in this case the accelerometer and the gyroscope. Whereas a maze implemented using only the gyroscope might only move the location marker in two dimensions, one implemented with the orientation sensor could require the user to physically turn the device to turn a corner.

Motion Sensors: This is a fusion sensor that includes a magnetometer as well as the accelerometer and the gyroscope. The most obvious use case for this as a virtual compass.

Accelerometer sensor measurements provide the movement speed of the device in terms of x, y, and z coordinates.

Intel has a website devoted to demonstrations of the sensor APIs with sample code available for download. The article published at the start of the origin trial has been updated.

WebXR Device API Origin Trial

The WebXR Device API enables the creation of virtual and augmented reality experiences on mobile devices and desktops - unifying experiences across AR enabled mobile devices, mobile-based VR headsets like Google Daydream View and Samsung Gear VR, as well as desktop-hosted headsets like Oculus Rift, HTC Vive, and Windows Mixed Reality Headsets.

The new API is available as an origin trial (explainer, sign-up form). You can find samples and documentation in the Immersive Web Community Group GitHub repos. There's also a polyfill available that supports browsers with WebVR 1.1 support, browsers without support, and "magic window" on mobile devices.

Watching a video in virtual reality

Virtual and augmented reality experiences enabled by this API include games as well as other "long tail" applications, such as:
  • Immersive 360° videos
  • Traditional 2D (or 3D) videos presented in immersive surroundings
  • Data visualization
  • Home shopping
  • Art
Note: If you are participating in the WebVR origin Trial that has been available in Chrome since version 62, you cannot use your existing token for the WebXR origin Trial. The WebVR origin Trial (the old one) previously set to end on July 24, 2018, has been extended to September.

Other Features in this Release

SVG

SVG2 requires <foreignObject> to be a stacking context. Making <foreignObject> a stacking context allows developers to place HTML content underneath a <foreignObject> without confusion.

DOM

The DOM specification was updated so that DOMTokenList.replace() returns a boolean value indicating whether a replacement occurred. This is useful for code that takes different paths depending on whether a replacement occurred, avoiding the need for an extra condition using contains(). Chrome now follows the specification.

HTML > CustomElements

Authors can now create custom elements that inherit from the semantics of native, built-in elements. This saves developers from reimplementing built-in functionality such as accessibility, semantics, JavaScript methods/properties.

Input

Web pages can now process mouse events (mousedown, auxclick, mouseup) for back and forward buttons on mice with five or more buttons. This allows back and forward mouse buttons to be prevented by applications such as games that wish to override them.

On Windows the right-hand Alt key serves as AltGraph (ISO-Level-3-Shift) on some layouts, such as many European language layouts, to allow generating additional printable-characters. Internally the key generates Ctrl+Alt modifiers, so that Chrome reports all of Control, Alt and AltGraph in the flags for these keys. In this change, Chrome distinguishes AltGraph from Ctrl+Alt under Windows for consistency with these modifiers on other platforms.

For developers this removes an edge-case from keyboard event modifier handling. If an app handles keydown/keypress/keyup to implement shortcuts, it will no longer need workarounds to cope with certain (mainly European) keyboard layouts. For example, if an app uses Ctrl+# as a shortcut (as GMail did) then previously the app would need to check for both Ctrl, and for AltGraph, otherwise French users would not be able to use it.
This change applies to Windows only.

JavaScript

JavaScript now has a numeric primitive that provides support for arbitrary precision integers. Previously, numbers in JavaScript were represented as double-precision floats, giving them limited precision. Using the BigInt() function and 'n' suffix on numeric literals you can safely store and operate on large integers even beyond the safe integer limit for numbers.

Layout

Formatting contexts will now behave exactly like floats do when they are positioned. In other words, they no longer look at the shape-outside property of the float for positioning and instead are positioned according to their margin box. The new behavior may be seen in this example by changing the height of the flex class. This also affects how new formatting contexts are sized and positioned.

Loader

Client Hints enable origins to receive device-specific preferences in the HTTP request headers. Accept-CH-Lifetime adds a client hint that allow origins to persist their opt-in policy for a specified period so they can receive client hints on navigation requests. Additionally, on the first page load, this feature provides hints for all subresources of the page.

Network > Streams API

TransformStream is part of the Streams API, which is used for creating, composing, and consuming streams of data. It enables transforming data in stream form. It is typically used in a pipe between a ReadableStream and a WritableStream. The following example uses TransformStream to decode text received in a streaming response body.

function textDecodeTransform() {
const decoder = new TextDecoder();
return new TransformStream({
transform(chunk, controller) {
controller.enqueue(decoder.decode(chunk, { stream: true }));
}
});
}

fetch(url).then(response => {
// response.body is a stream of Uint8Array chunks.
// But if we want chunks of text:
const stream = response.body.pipeThrough(textDecodeTransform());
// …
});

Shadow DOM

The <slot> element can now participate in a flat layout tree, with UA style display: contents. Before this change, applying a CSS selector to a <slot> element had no effect. Not only is this fixed, but when selectors are applied to a <slot> element, its children inherit its styles.

Deprecations and Interoperability Improvements

Chrome sometimes deprecates, removes, or changes features to increase interoperability with other browsers. This version of Chrome includes the following such changes.

Deprecate HTTP-Based Public Key Pinning

HTTP-Based Public Key Pinning (HPKP) was intended to allow websites to send an HTTP header that pins one or more of the public keys present in the site's certificate chain. It has very low adoption, and although it provides security against certificate mis-issuance, it also creates risks of denial of service and hostile pinning.

To defend against certificate misissuance, web developers should use the Expect-CT header, including its reporting function. Expect-CT is safer than HPKP due to the flexibility it gives site operators to recover from configuration errors, and due to the built-in support offered by a number of CAs.

We expect to remove this in Chrome 69.

Deprecate AppCache on Non-secure Contexts

AppCache over HTTP is deprecated. AppCache is a powerful feature that allows offline and persistent access to an origin. Allowing AppCache to be used over non-secure contexts makes it an attack vector for cross-site scripting hacks.
Removal is expected in Chrome 69.

Layout

Several Webkit-prefixed CSS properties will be removed in this release.

-webkit-box-flex-group: This property has minimal usage based on the UseCounter in stable.

Percent (%) values for -webkit-line-clamp: There is interest in finding a standards-based solution to the number values use case, but we haven't seen demand for the %-based values.

-webkit-box-lines: This property was never fully implemented. It was originally intended such that a "vertical"/"horizontal" -webkit-box could have multiple rows/columns.

by Chrome Blog (noreply@blogger.com) at May 02, 2018 08:17 AM