chromium 53 chrome 各个版本发布功能列表(85-108)

chromium Features 85-108

From https://chromestatus.com/features

chromium85 Features:30

1. Web Bluetooth getDevices() and forget()

Chrome’s implementation of Web Bluetooth does not have a way for websites to get a list of permitted devices. This feature adds the Bluetooth.getDevices() and BluetoothDevice.forget methods. getDevices() will return a list of BluetoothDevice objects that the current origin has been granted permission to use by the user. forget() will allow web developers to voluntarily revoke a permission to a BluetoothDevice that was granted by a user.

2. @property

The @property rule is an alternative way to register a custom property without JavaScript.

3. AVIF Image Decode

AVIF is a next generation image format standardized by the Alliance for Open Media. This feature supports adding decode support for AVIF content natively into the browser via existing AV1 decoders.

4. App shortcuts

Lets a web application register shortcuts for common tasks. These would typically be added to the app launcher icon (for a progressive web app) enabling the user to quickly run key tasks.

5. CORS: Strict ABNF based Checks on Access-Control-Allow-Headers and Access-Control-Allow-Methods headers

Chrome CORS checked Access-Control-Allow-Headers and Access-Control-Allow-Methods headers in a relaxed manner and didn’t follow the ABNF that spec defined.

After Chrome 85, CORS checks follow the standardized ABNF.

6. CSS Color Adjust: Remove ‘only’ and support used ‘dark’ for preferred ‘light’ for color-scheme

The color-scheme property from CSS Color Adjustment level 1 spec changed in two ways.

1. The ‘only’ keyword is no longer special and is treated as a <custom-ident> as any other unknown color-scheme. The ‘only’ keyword was previously only allowed in combination with ‘light’, but had otherwise no effect in Chrome.

2. ‘color-scheme: dark’ will have a used value of ‘dark’ even when preferred color-scheme is ‘light’. ‘color-scheme: light dark’ still has a used values based on the preferred scheme.

3. CSS content-visibility property

Adds a CSS property called content-visibility, which allows automatic or script management of content visibility. When hidden, the element’s contents (subtree or replaced element contents) are not drawn or hit-tested and have CSS containment applied, allowing for rendering optimizations. The ‘auto’ keyword allows for the user-agent to manage content visibility based on proximity to the viewport, whereas ‘hidden’ keyword allows full script control of content visibility.

8. CSS counter-set

CSS counter-set is an additional property introduced in css-lists-3 to control counters by setting an existing counter to a specified value. This builds upon other implemented counter control properties, specifically counter-reset (which creates a new counter with a specified value) and counter-increment (which increments an existing counter by a specified amount).

9. Cookies default to SameSite=Lax

Treat cookies as SameSite=Lax by default if no SameSite attribute is specified. Developers are still able to opt-in to the status quo of unrestricted use by explicitly asserting SameSite=None.

This feature is available as of Chrome 76 by enabling the same-site-by-default-cookies flag.

This feature will be rolled out gradually to Stable users starting July 14, 2020. See https://www.chromium.org/updates/same-site for full timeline and more details.

10. Event Timing API

Monitoring event latency requires an event listener. This precludes measuring event latency early in page load, and adds unnecessary performance overhead. The Event Timing API will enable web developers to measure event latency both before and after the page load.

11. Expose Picture-in-Picture Window in leavepictureinpicture event

Allow web developers to access pictureInPictureWindow in leavepictureinpicture event.

12. Feature Policy for Clipboard API

Adds a feature policy (aka permission policy) flags for the Clipboard API. The flag names will be ‘clipboard-read’ and ‘clipboard-write’, to be consistent with the Clipboard API permissions, as feature policy is now merged with permissions and renamed to permissions policy.

13. Get Installed Related Apps API

The Get Installed Related Apps API (navigator.getInstalledRelatedApps) provides sites access to if their corresponding related applications are installed. Sites are only allowed to use this API if the native application has an established association with the web origin.

The API was launched in Chrome 80. You can find details here: https://web.dev/get-installed-related-apps/

14. Interoperable Element’s scrollLeft and scrollTop in non-default writing modes

Change Chrome’s behavior such that when a scrollable element has content overflowing to the left (or to the top) then its horizontal (or vertical) scroll position will be zero at its initial position and negative when scrolled leftward (or upward).

This change only affects DOM API Element.scrollLeft(), Element.scrollTop(), Element.scroll(), Element.scrollTo() when the scrollable element has a non-default writing mode that may invert overflow directions (e.g right to left or vertical modes).

15. JavaScript logical assignment operators

Adds the logical assignment operators ||=, &&=, and ??= to JavaScript.

16. Media Feeds

Adds an API to allow a user agent to discover a media feed provided by a website. When fetched by the user agent the site will return a feed of personalized media recommendations for the user.

17. Named pages with page-orientation

Support the ‘page’ CSS property [1], along with named pages support (@page foobar {} selector). Also support the ‘page-orientation’ descriptor [2] for @page, with values ‘upright’ (initial value), ‘rotate-left’, or ‘rotate-right’.

[1] https://www.w3.org/TR/css-page-3/#using-named-pages
[2] https://drafts.csswg.org/css-page-3/#page-orientation-prop

18. Promise.any and AggregateError

Promise.any() accepts an iterable of promises and returns a promise that is fulfilled by the first given promise to be fulfilled, or rejected with an AggregateError holding the rejection reasons if all of the given promises are rejected.

AggregateError is a support class that aggregates one or more errors into a single object.

19. Referrer Policy: Default to strict-origin-when-cross-origin

Web developers may specify a referrer policy on their documents, which impacts the Referer header sent on outgoing requests and navigations. When no policy is specified, Chrome will now use strict-origin-when-cross-origin as the default policy, instead of no-referrer-when-downgrade. On cross-origin requests made from documents without a specified referrer policy, this reduces the Referer header to the initiating origin and retains its usefulness while mitigating the risk of leaking data.

20. Reject insecure SameSite=None cookies

Deprecate and remove the use of cookies with the SameSite=None attribute but without the Secure attribute. Any cookie that requests SameSite=None but is not marked Secure will be rejected.

This feature is available as of Chrome 76 by enabling the cookies-without-same-site-must-be-secure flag.

This feature will be rolled out gradually to Stable users starting July 14, 2020. See https://www.chromium.org/updates/same-site for full timeline and more details.

21. String.prototype.replaceAll

JavaScript now has first-class support for global substring replacement through the new String.prototype.replaceAll() method.

22. Subresource prefetching+loading via Signed HTTP Exchange

Adds support signed exchange subresource prefetching and loading by extending the HTTP link header.

23. Update fallback content’s behavior for ImageInputType and HTMLImageElement

Previously, there have been inconsistencies on the implementation of fallback content and its treatment as a replaced element for ImageInputType and HTMLImageElement. This led to interoperable issues between implementors.
Examples:
<input style="display: inline;" type=image alt="ALT">
<img title="foo">
<img src="foo" width=10 height=10 alt>

Please see, https://github.com/yuzhe-han/images-fallback-content-1094763, for visual comparison.

24. Update the behavior of the “disabled” attribute for HTMLLinkElement

Previously, Chromium had intermittent behavior with respect to the “disabled” attribute:

• <link id=foo rel="stylesheet" disabled> would not show up in document.styleSheets.
• foo.disabled=false; foo.disabled=true; would cause it to appear (and remain) in document.styleSheets.
• <link rel="alternate stylesheet"> cannot be enabled, except by disabling and re-enabling it.
• When disabled, link.ownerNode was not null

The above issues are being resolved.

25. Web Bluetooth Write With/Without Response

Implements two APIs for writing to GATT characteristics that will allow an app to ignore a response from the device or to expect a response from the device.

The currently implemented writeValue() method will remain for backwards compatibility, but is discouraged.

26. WebAssembly BigInt Integration

Allow WebAssembly to import and export WebAssembly function parameters of type i64 using BigInt.

27. WebAuthn getPublicKeyAlgorithm and getAuthenticatorData()

Adds two accessors from the Web Authentication Level 2 spec that save sites from parsing Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) in order to use security keys.

28. disallow preventDefault() on TouchMoves during overscroll

Touch events sent to a page can be either blocking or non-blocking. A blocking touch event means that the page calls preventDefault() to prevent the browser from turning the touch into a scroll. TouchMove events start out blocking until the first event in a sequence isn’t preventDefaulted and causes scrolling. Chromium currently reverts the touchevent stream back to blocking so that pages can override browser default overscrolling behavior. This feature causes overscrolling to be non-blocking.

29. -webkit-box quirks from -webkit-line-clamp

The following display properties will no longer work when -webkit-box and -webkit-box-clamp are combined: -webkit-box-flex, -webkit-box-ordinal-group, -webkit-box-align, -webkit-box-pack, -webkit-box-direction.

30. Heavy Ad Intervention

Chrome will unload ad iframes that use an egregious amount of CPU or network bandwidth.

An ad will be subject to unload if it has not received a user gesture and:

• Used the main thread for more than 60 seconds total
• Used the main thread for more than 15 seconds in any 30 second window (50% utilization over 30 seconds)
• Used more than 4 megabytes of network bandwidth to load resources

chromium86 Features:23

1. A well-known URL for changing passwords

Websites can set a well-known URL for changing password /.well-known/change-password to be redirected to its change password page to help users change their password quickly. Chrome leverages this URL to help users change their passwords when it detects a weak password in the user’s password storage.

2. Altitude/Azimuth for PointerEvents v3

Adds Altitude/Azimuth angles to PointerEvents. Adds TiltX/TiltY to Altitude/Azimuth transformation and Altitude/Azimuth to TiltX/TiltY transformation depending which pair is available from the device.

3. Autoupgrade Image Mixed Content

This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS. Image mixed content autoupgrades by default are targeted for M86.

Audio/Video mixed content autoupgrades are separately tracked in https://www.chromestatus.com/feature/5557268741357568

4. Back-forward cache on Android

Creates a cache for pages which allows for instant navigations to previously-visited pages after cross-site navigations.

5. CSS ::marker pseudo-element

The ::marker pseudo-element represents the automatically generated marker box of a list item.

Like ::before and ::after, ::marker is a tree-abiding pseudo-element, so it always fit within the box tree.

But unlike ::before and ::after, currently it only accepts a small subset of safe properties, because the marker box layout is mostly undefined.

Note this intent only covers ::marker, not ::before::marker nor ::after::marker (see crbug.com/1097992).

6. CSS Selectors 4 Pseudo-Class :focus-visible

The :focus-visible pseudo-class makes it easier for developers to create focus styles that appropriately match the user’s input modality. It is designed to help prevent a common anti-pattern where developers remove focus outlines for mouse users, and inadvertently make their sites inaccessible to keyboard users.

7. Change MediaSettingsRange & PhotoCapabilities interfaces to dictionaries

Aggregates and logs media settings ranges and photo capabilities in JSON.

Changing MediaSettingsRange and PhotoCapabilities interfaces to dictionaries will improve developer ergonomics by allowing web developers to easily log and aggregate exposureCompensation, exposureTime, colorTemperature, iso, brightness, contrast, saturation, sharpness, focusDistance, pan, tilt, zoom, and photo capabilities (redEyeReduction, imageHeight, imageWidth, fillLightMode).

8. Document-Policy header

Document Policy restricts the surface area of the web platform on a per-document basis, similar to iframe sandboxing, but more flexibly. It can do things like:

• Restrict the use of poorly-performing images
• Disable slow synchronous JS APIs
• Configure iframe, image, or script loading styles
• Restrict overall document sizes or network usage
• Restrict patterns which cause page re-layout

This is just the HTTP header used to set a policy on a document, separate from any features.

9. Document-Policy: force-load-at-top

ForceLoadAtTop provides an opt-out for Scroll To Text (and other load-on-scroll behaviors as they are also affected by the issues raised in https://github.com/WICG/scroll-to-text-fragment/issues/76) for privacy sensitive sites, as discussed in https://github.com/WICG/scroll-to-text-fragment/issues/80. The ForceLoadAtTop feature allows sites to indicate that they should always be loaded at the top of the page, blocking any scroll-on-load behaviors including text fragments, element fragments, and

10. FetchEvent.handled

A FetchEvent dispatched to a service worker is in a loading pipeline, which is performance sensitive. The new FetchEvent.handled property returns a promise that resolves when a response is returned from a service worker to its client. This enables a service worker to delay tasks that can only run after responses are complete.

11. File System Access

This API enables developers to build powerful apps that interact with other (non-Web) apps on the user’s device via the device’s file system. After a user grants a web app access, this API allows the app to read or save changes directly to files and folders selected by the user. Beyond reading and writing files, this API provides the ability to open a directory and enumerate its contents, as well as store file and directory handles in IndexedDB to later regain access to the same content.

12. HTMLMediaElement.preservesPitch

Adds a property to determine whether the pitch of an audio or video element should be preserved when adjusting the playback rate.

13. Imperative Shadow DOM Distribution API

Web developers can specify node-to-slot assignments imperatively in Shadow DOM slotting.

Please see the spec discussion [1] and the explainer [2].

• [1] https://github.com/whatwg/html/issues/3534
• [2] https://github.com/w3c/webcomponents/blob/gh-pages/proposals/Imperative-Shadow-DOM-Distribution-API.md

14. Intensive throttling of Javascript timer wake ups

In a Window whose top Window has been hidden for 5 minutes and which is not opted out from intensive wake up throttling, a timer task with non-zero timeout can run:

• on a 1-second aligned wake up if:
  • the timer task’s nesting level is < 5, or,
    -the Window is same-origin with the top Window and at least 1 minute has elapsed since the last timer task with nesting level >= 5 has run in any Window in the tree that is same-origin with the top Window
• on a 1-minute aligned wake up, otherwise.

15. ParentNode.replaceChildren() Method

Replaces all children of the ParentNode with the passed-in nodes.

16. Percent-encode U+007F DELETE when parsing URLs

When parsing URLs, encode the character U+007F DELETE as “%7F”.

This improves readability, reduces spoofing risk, makes Chrome’s behavior more consistent, interoperable with other browsers and compliant with the specification.

17. Safelist distributed web schemes for registerProtocolHandler()

Extend the list of URL schemes that can be overridden via registerProtocolHandler() to include “cabal”, “dat”, “did”, “dweb”, “ethereum”, “hyper”, “ipfs”, “ipns”, and “ssb”.

18. Third-party origin trials

Origin trials can now be enabled by embedded scripts, based on tokens matching their third-party origin. Previously, it was possible for scripts to enable origin trials, but only when the token matches the origin of the containing document.

19. WebRTC Insertable Streams

This API enables the insertion of user-defined processing steps in the encoding and decoding of a WebRTC MediaStreamTrack.

20. display:inline-grid/grid/inline-flex/flex for <fieldset>

The FIELDSET element will support ‘inline-grid’, ‘grid’, ‘inline-flex’ and ‘flex’ keywords for CSS ‘display’ property.

21. document.fragmentDirective

This change moves window.location.fragmentDirective to document.fragmentDirective which seems like a more appropriate and safer place. It is a small change to the text-fragments feature in https://chromestatus.com/feature/4733392803332096.

Text-fragments introduced an empty object at window.location.fragmentDirective as a means to feature detect the newly added text-fragment capability. window.location turns out to be a bad place for this functionality, see https://crbug.com/1057795.

22. text/html support for async clipboard api

The async clipboard api currently does not support the text/html format. This feature adds support for copying and pasting html from the clipboard. The HTML is sanitized when it is read and written to the clipboard.

23. EME persistent-usage-record session

Support a new MediaKeySessionType “persistent-usage-record session”, for which the license and key(s) are not persisted and for which a record of key usage is persisted when the keys available within the session are destroyed.

chromium87 Features:18

1. @font-face descriptors to override font metrics

Introduces new @font-face descriptors ascent-override, descent-override and line-gap-override to override metrics of the font. This allows web authors to (i) achieve interoperable text layout across browsers and platforms, and (ii) reduce layout shifting caused by web fonts.

2. Atomics.waitAsync

Adds Atomics.waitAsync, the async version of Atomics.wait. Atomics.waitAsync allows programmers to wait on a SharedArrayBuffer location in the same fashion as Atomics.wait but returns a Promise instead.

3. Block HTTP ports 5060 and 5061

Connections to HTTP, HTTPS or FTP servers on ports 5060 or 5061 will fail.

This is a mitigation for the slipstream attack: https://samy.pl/slipstream/. It helps developers by keeping the web platform safe for users.

4. Block HTTP ports 69, 137, 161, 1719, 1720, 1723, and 6566

Connections to HTTP, HTTPS or FTP servers on ports 69, 137, 161, 1719, 1720, 1723 or 6566 will fail.

This is a mitigation for the NAT Slipstream 2.0 attack: https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/. It helps developers by keeping the web platform safe for users.

5. CSS flow-relative shorthand and offset properties

Ship the already implemented properties introduced by CSS Logical Properties.
Specifically:

• border-block, border-block-color, border-block-style, border-block-width
• border-inline, border-inline-color, border-inline-style, border-inline-width
• inset-block-start, inset-block-end, inset-inline-start, inset-inline-end
• inset, inset-block, inset-inline
• margin-block, margin-inline
• padding-block, padding-inline

6. CSS quotes property - support ‘auto’ value

Support ‘auto’ for the ‘quotes’ property.

CSS2 specified the initial value for ‘quotes’ as UA dependent, but WebKit and Blink returns an invalid value (empty string) which will not round-trip. Setting it to the empty string will remove the declaration instead of setting it to the initial value. css-content-3 instead uses an ‘auto’ keyword for the default UA behavior.

7. Cookie Store API

The Cookie Store API exposes HTTP cookies to service workers and offers an asynchronous alternative to document.cookie.

8. Intl.Segmenter

Intl.Segmenter implements methods for finding the location of boundaries in text, including grapheme,word and sentence boundary analysis.

9. Is-Input-Pending

This API enables developers to complete their work as fast as possible if the user isn’t interacting, but respond to user input as fast as possible if input occurs.

10. New TextMetrics object in canvas

We intended to add attributes FontBoundingBoxAscent and fontBoundingBoxDescent to textmetrics in canvas (following spec https://html.spec.whatwg.org/multipage/canvas.html#textmetrics). This feature will help web developers to arrange text better and it has strong user support (https://crbug.com/277215).

11. Pan/Tilt support for Camera

This feature allows developers to pan and tilt the camera using media constraints in getUserMedia().

https://w3c.github.io/mediacapture-image/#dom-mediatracksupportedconstraints-pan

https://w3c.github.io/mediacapture-image/#dom-mediatrackcapabilities-tilt

12. Range request header in a Service Worker

Range request header can be passed through a service worker if it’s not modified. This enables service workers can work with requests made by media elements such as video and audio.

13. Streams API: transferable streams

The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. A natural thing to do with a stream is to pass it to a web worker. This provides a fluent primitive for offloading work to another thread. Transferable streams add this capability by allowing ReadableStream, WritableStream, and TransformStream objects to be passed as arguments to postMessage().

14. WakeLockSentinel.released Attribute

The WakeLockSentinel object has a new attribute called released that indicates whether a sentinel has already been released. Its value is initially false, and it changes to true once a “release” event is dispatched.

15. cross-origin isolation

16. Use origin instead of site as agent cluster key for cross-origin isolated agent clusters. document.domain mutation is no-op for agents in cross-origin isolated agent clusters.

17. Introduce cross-origin isolated permission (https://w3c.github.io/webappsec-feature-policy/).

18. Introduce self.crossOriginIsolated returning whether the surrounding agent cluster is cross-origin isolated and the environment has the cross-origin isolated permission.

19. ontransition{run, start, cancel} event handler attributes

The ontransitionrun, ontransitionstart, and ontransitioncancel event handler attributes allow developers to add event listeners for ‘transitionrun’, ‘transitionstart’, and ‘transitioncancel’ events on elements, Document objects, and Window objects.

An example of how this might be used:

target.ontransitioncancel = () => { console.log(‘transition was cancelled!’); }

17. text-decoration-thickness, text-underline-offset and from-font keyword for text-underline-position

Implement CSS text decoration properties text-decoration-thickness and text-underline-offset.

Add support for the new from-font keyword for text-underline-position.

When from-font keywords are used, support variable font MVAR underline scaling, (tags unds and undo in the MVAR table overriding underlinePosition and underlineThickness in the OpenType post table.

18. -webkit-font-size-delta

Developers should use font-size to control font size.

Blink will no longer support the rarely used property
-webkit-font-size-delta.

chromium88 Features:17

1. WebXR dynamic viewport scaling

Applications can optionally render to a subset of the WebXR viewport, using a scale factor that can be changed every animation frame.

This is intended to be more efficient than resizing the full framebuffer which requires reallocation, and the UA can supply a recommended scale factor based on internal heuristics.

2. Align with Gecko and spec on grouping properties

The CSS transforms level 2 spec requires that any grouping property causes the used value
of transform-style to be flat. Chromium applies grouping for some of the specified grouping
properties, but not all. This change tracked here will add:

• clip
• clip-path
• mask
• backdrop-filter
• isolation

3. Anchor target=_blank implies rel=noopener by default

To mitigate “tab-napping” attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target _blank should behave as if |rel=“noopener”| is set. A page wishing to opt out of this behavior may set |rel=“opener”|.

4. CSS Automatic Hyphenation for Windows/Linux/ChromeOS

Blink supports manual and none values of the CSS hyphens property since M55, but auto, which enables the automatic hyphenation, is supported only on Android and Mac.

This feature enables hyphens: auto on Windows, Linux, and ChromeOS by downloading dictionary files used in Android Open Source Project.

The previous feature entry for M55 is https://www.chromestatus.com/features/5642121184804864

5. CSS Selectors 4 Pseudo-Classes :is(), :where()

The matches-any pseudo-class, :is(), is a functional pseudo-class taking a selector list as its argument. It represents an element that is represented by its argument.

6. CSS Selectors 4: Complex :not()

Allows complex selectors inside the :not() pseudo class, such as :not(.a + .b .c).

7. CSS aspect-ratio property

Normally, only certain replaced elements have an aspect ratio, particularly images. For them, if only one of width and height is specified, the other can be computed from it using the intrinsic aspect ratio.

This property allows explicitly specifying an aspect ratio for any other element to get similar behavior.

8. Don’t clear adoptedStyleSheets on adoption to/from <template>

When adopting a shadow root into a <template> document from a document that the <template> is in (or vice versa), we will no longer clear its adoptedStyleSheets.

9. ElementInternals.shadowRoot attribute

A new attribute on ElementInternals, ‘shadowRoot’, allows custom elements to access their own ShadowRoot, regardless of open/closed status. Additionally, further restrictions are added to the attachInternals() API to ensure that custom elements get the first chance to attach the ElementInternals interface. With this change, the attachInternals() function will throw an exception if called prior to the custom element constructor being run.

10. Limit characters allowed in extensions in File System Access API file pickers

To improve security, the File System Access API’s showOpenFilePicker() and showSaveFilePicker() methods will limit what characters are allowed in extensions for accepted file types.

Specifically only A-Z, a-z, 0-9, + and . will be allowed, extensions can’t end in .local or .lnk, and can’t be more than 16 characters long.

11. Make “type” optional in WakeLock.request()

Implement https://github.com/w3c/screen-wake-lock/pull/291, which makes the “type” parameter in WakeLock.request() optional and defaulting to “screen”, which is the only allowed value at the moment.

In other words, the following two lines would do the exact same thing:

navigator.wakeLock.request()
navigator.wakeLock.request("screen")

12. Origin-keyed agent clusters

Origin-keyed agent clusters allows developers to opt in to giving up certain cross-origin same-site access capabilities — namely synchronous scripting via document.domain, and postMessage()ing WebAssembly.Module instances.

This gives the browser more flexibility in implementation technologies. In particular, in Chrome, we will use this as a hint to put the origin in its own process, subject to resource or platform limitations.

13. Permissions-Policy header

The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features.

14. RTCRtpTransceiver.stop()

Transceivers allow the sending and/or receiving of media in WebRTC. Stopping a transceiver makes it permanently inactive.

15. Shared Array Buffers (SABs) on Android

Adds the JavaScript type SharedArrayBuffer to Android gated behind COOP/COEP.
The concept of a SharedArrayBuffer is that a message to a worker, is posted but instead of copying the content of the array just a reference to it is shared, so that all have the same view on the shared chunk of data in the memory.

This feature is only targeting Android - https://www.chromestatus.com/feature/4570991992766464 handles all other platforms

16. path() support in clip-path CSS property

So far clip-path only supported other basic shapes (circle, ellipse, polygon, url).
This adds support for path() as a value as specified in https://drafts.csswg.org/css-shapes-1/#funcdef-path, for example:

clip-path: path(oddeven, ‘M 5 5 h 100 v 100 Z’) would clip the element with a triangle.

17. Flash Player Support

Remove support for Flash Player from Chromium in alignment with Adobe’s planned end of life on January 12th, 2021.

chromium89 Features:30

1. Element Reflection

This feature allows for ARIA relationship attributes to be reflected in IDL as element references rather than DOMStrings.

2. ‘disclosure-open’ and ‘disclosure-closed’ keywords for CSS list-style-type property

CSS property ‘list-style-type’ supports two new keywords ‘disclosure-open’ and ‘disclosure-closed’.

In an element with display:list-item, ‘disclosure-open’ shows a symbol indicating a widget like <details> is opened. ‘disclosure-closed’ shows a symbol indicating a widget like <details> is closed.

They will be used for the default style of <summary> in the user-agent stylesheet.

3. ‘display: list-item’ by default for <summary>

The default value of CSS ‘display’ property for <summary> is changed to ‘list-item’ from ‘block’.

We also support ‘::marker’ pseudo element selector for <summary>, and remove ‘::-webkit-details-marker’ pseudo element selector.

Before this change, developers did the following in order to hide the details marker:

summary::-webkit-details-marker {
display: none;
margin-inline-end: 0;
}

Now developers can do:

summary {
display: block;
}

or

summary {
list-style-type: none;
}

4. Add support for encoding CBR audio files with MediaRecorder.

Adds support for hard constant bitrate (CBR) mode of the Opus encoder when CBR mode is used for MediaRecorder. Without this change it is impossible to encode compressed constant bitrate audio files with the MediaRecorder.

This implements a spec change allowing either constant bitrate (CBR) or variable bitrate (VBR) encoding on the MediaRecorderOptions object passed to the MediaRecorder constructor. Previously VBR was assumed when using anything other than uncompressed PCM.

5. CSS ::target-text pseudo-element

A highlight pseudo element to allow authors to style scroll-to-text fragments different from the default UA highlighting.

6. CSS flow-relative Corner Rounding properties

Support the flow-relative Corner Rounding properties following CSS Logical Properties and Values spec. Specifically, the following logical properties are included: border-start-start-radius, border-start-end-radius, border-end-start-radius, and border-end-end-radius.

The flow-relative Corner Rounding properties (border-*-radius) will allow to set top-left, bottom-left, top-right and bottom-right box corners with logical mappings rather than physical properties.

7. Cross-origin opener policy reporting API

Adds a reporting API to help developers deploy cross-origin opener policy.

8. Expose ReadableStreamDefaultController interface

The Streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. We will expose the ReadableStreamDefaultController interface on the global object, as with the other ReadableStream-related classes. This will align Blink with the current version of the Streams API Standard and consensus among the developer community. See https://github.com/whatwg/streams/issues/963.

9. Forced colors mode

Adds the ‘forced-colors’ media feature, which is used to detect if the user agent has enabled a forced colors mode where it enforces a user-chosen limited color palette on the page.

Adds the ‘forced-color-adjust’ property, which allows authors to opt particular elements out of forced colors mode, restoring full control over the colors to CSS.

10. Import maps

Import maps allows control over what URLs get fetched by JavaScript import statements and import() expressions.

11. Schemeful same-site

Modifies the definition of same-site for cookies such that requests on the same registrable domain but across schemes are considered cross-site instead of same-site. E.g., http:// site.example and https:// site.example (note: a space was added between the scheme and the domain to prevent automatic link conversion) will now be considered cross-site to each other.

Releasing to Stable, as part of a gradual rollout, starting in M88.

12. Sec-CH-UA Client Hints

The set of Sec-CH-UA-* client hints aims to deprecate and replace the User-Agent header in order to reduce the passive fingerprinting surface we expose via HTTP requests.

13. Stop cloning sessionStorage for windows opened with noopener

When a window is opened with noopener, Chrome should not clone the sessionStorage of its opener; it should instead start from an empty sessionStorage namespace.

14. Streams API: Byte Streams

The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. For streams representing bytes, an extended version of the readable stream is provided to handle bytes efficiently, in particular by minimizing copies.

15. Support for full ‘filter’ property syntax on SVG elements

Allows the full syntax of the ‘filter’ property to be used on SVG elements which previously only supported single url(…) references. This allows filter functions such as blur(…), sepia(…) and grayscale(…) to apply to SVG elements as well as non-SVG elements. It makes the platform support for ‘filter’ more uniform and allows for easier application of some “canned” effects.

16. Top-level await

Allow the await keyword at the top-level within JavaScript modules.

17. Web NFC

Web NFC aims to provide sites the ability to read and write to NFC tags when they are brought in close proximity to the user’s device (usually 5-10 cm, 2-4 inches). The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported within the current scope.

18. Web Serial API

The Serial API provides an interface for connecting to serial devices, either through a serial port on the user’s system or removable USB and Bluetooth devices that emulate a serial port. This API has been requested by the hardware developer community, especially developers building educational tools, as a companion to the WebUSB API because operating systems require applications to communicate with USB-based serial ports using their higher-level serial API rather than the low-level USB API.

19. Web Share API

Web Share is an API for sharing data (text, URLs, images) from the web to an app of the user’s choosing.

20. Web Share API Level 2

Web Share API Level 2 allows sharing of files from the web to an app of the user’s choosing.

The API enables web developers to build share buttons that display the same system share dialog boxes used by native applications. Level 1 enabled system share dialogs; however only text and urls could previously be shared.

21. Web Share Target

Web Share Target allows websites to receive shared data (text, URLs, images) and register to be choosable by the user as targets from sharing contexts, including (but not limited to) Web Share.

22. Web Share Target Level 2

Installed web applications can now receive file shares, e.g. images. Using the manifest, the web application can declare which MIME types and/or file extensions it accepts.

Previously, mobile platforms allowed files to be shared to native applications, but not web applications.

23. WebAuthentication API: ResidentKeyRequirement and credProps extension

Adds support for the AuthenticatorSelectionCriteria.residentKey property to specify during Web Authentication API (WebAuthn) credential registration whether a client-side discoverable credential should be created. Also adds support for the WebAuthn “credProps” extension, which indicates to the Relying Party whether a created credential is client-side discoverable.

24. WebHID (Human Interface Device)

Enables web applications to interact with human interface devices (HIDs) other than the standard supported devices (mice, keyboards, touchscreens, and gamepads). However, there are many other HID devices that are currently inaccessible to the web. This API allows web applications to request access to these devices, send and receive HID reports, and retrieve information about the report descriptor.

25. navigator.webdriver === false when automation is not enabled.

Prior to this change, Chromium only exposed navigator.webdriver when the browser was being automated. However, other browsers expose it unconditionally per the spec (https://w3c.github.io/webdriver/#interface), with the value false in case the browser is not being automated.

We propose changing Chromium to align with other browsers and the spec. This is a potentially breaking change since web pages could in theory rely on the old navigator.webdriver === undefined behavior.

26. display_override

Adds a new advanced field to the web manifest, “display_override”, where a developer with special requirements can specify an explicit display fallback chain they would like applied.

Here’s an example of a website that wants “minimal-ui” to fall back to “standalone”.
{
“display”: “standalone”,
“display_override”: [“minimal-ui”],
}

Note: This API is only intended to be used for advanced use cases & display modes only. Most developers will only need to use the “display” property.

27. performance.measureUserAgentSpecificMemory()

The feature adds a performance.measureUserAgentSpecificMemory() function that estimates the memory usage of the web page. The website needs to be cross-origin isolated to use the API.

28. Comma separator in iframe allow attribute

This deprecation removes the ability to use “,” as a separator between items in a permissions policy declaration (feature policy declaration) in an iframe tag.

Developers should switch to “;” as the correct separator.

29. Remove prefixed events for <link rel=prerender>

Remove legacy prefixed events (webkitprerenderstart, webkitprerenderstop, webkitprerenderload, and webkitprerenderdomcontentloaded) dispatched on <link rel=prerender>.

These were introduced for internal use and not upstreamed to any specifications.

30. Federated Learning of Cohorts

The FLoC API would enable ad-targeting based on the user’s general browsing interest, without the websites knowing their exact browsing history. In today’s web, people’s interests are typically inferred based on observing what sites or pages they visit, which relies on tracking techniques like third-party cookies. User privacy could be better protected if this can be accomplished without needing to collect a particular individual’s exact browsing history.

OT targeted to start end of March.

chromium90 Features:20

1. AV1 Encoder

This feature ships an AV1 encoder in Chrome desktop, specifically optimized for video conferencing with WebRTC integration.

2. AbortSignal in addEventListener

This feature adds a new AbortSignal option, named “signal”, to the options parameter of addEventListener().
The “signal” option must first be created by an AbortController by accessing the “signal” property on an AbortController instance. Once the signal is passed in to addEventListener, calling “abort()” on the AbortController will remove the event listener added with addEventListener.
For more context, see https://github.com/whatwg/dom/issues/911.

3. AbstractRange superclass

The bits shared between StaticRange and Range objects are put on a shared superclass named AbstractRange.

4. Add support for CSS properties “overflow: clip” and “overflow-clip-margin”

Adds two CSS features. The ‘clip’ value results in a box’s content being clipped to the box’s overflow clip edge. In addition, no scrolling interface is provided, and the content can not be scrolled by the user or programmatically.

The overflow-clip-margin property enables specifying how far outside the bounds an element is allowed to paint before being clipped.

5. Block HTTP port 554

Connections to HTTP, HTTPS or FTP servers on port 554 will fail.

This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.

Chrome briefly blocked port 554 before, but it was unblocked due to complaints from enterprise users. However, we have now achieved rough consensus at https://github.com/whatwg/fetch/pull/1148 to block 554.

6. CSS aspect-ratio interpolation

The aspect-ratio property allows automatically computing the other dimension if only one of width and height is specified on any element. This property was originally launched as non-interpolable (meaning that it would snap to the target value) when animated.

This feature provides smooth interpolation from one aspect ratio to another.

7. Custom state pseudo class

The feature lets custom elements expose their states via the :state() CSS pseudo class.

8. Declarative Shadow DOM

A declarative API to allow the creation of #shadowroot’s using only HTML and no Javascript.

Blog post: https://web.dev/declarative-shadow-dom/

9. Protect application/x-protobuffer via Cross-Origin-Read-Blocking

Protect application/x-protobuffer from speculative execution attacks by adding it to the list of never sniffed MIME types used by Cross-Origin-Read-Blocking.

application/x-protobuf is already protected as a never sniffed mime type. application/x-protobuffer is another commonly used MIME type that is defined as an “ALT_CONTENT_TYPE” by the protobuf library.

See the original Intent to Implement and Ship notice for CORB here:

https://groups.google.com/a/chromium.org/g/blink-dev/c/hnA

10. RegExp match indices

This proposal adds a new .indices property to the result array object returned by RegExp.prototype.exec and String.prototype.match. This property is an indices array containing a pair of start and end indices for each captured substring.

As producing this array is expensive, the .indices property is only present when the /d flag is passed.

11. Seeking past the end of a file in the File System Access API

Rather than rejecting when trying to write past the end of a file, require extending a file with some number of 0x00 (NUL) bytes instead.

This enables creating sparse files and greatly simplifies saving content to a file when the data to be written is received out of order.

12. StaticRange constructor

Currently, Range is the only constructible range type available to web authors. However, Range objects are “live” and maintaining them can be expensive. For every tree change, all affected Range objects need to be updated. StaticRange objects are not live and represent a lightweight range type that is not subject to the same maintenance cost as Range. By making StaticRange constructible, we will allow web authors to use them for ranges that do not need to be updated on every DOM tree change.

13. Support specifying width/height on <source> elements for <picture>

This feature allows specifying a width and height on <source> elements that are used in <picture>, which allows the image to compute an aspect ratio from these attributes, e.g.:

  <picture>
    <source srcset="image.jpg" width="640" height="480">
    <img style="width: 100%; height: auto;">
  </picture>

In this example, the width of the image will adjust to the size of its container and the height will follow the aspect ratio, even before the image is loaded (avoiding a content shift).

14. URL protocol setter: New restrictions for file URLs

Aligns behavior with the standard in edge cases when changing the URL protocol to or from “file”.

Previously, attempting to change the protocol of a URL with credentials or a port to “file” would lead to an invalid URL. Similarly, attempting to change a URL with no host from “file” to “http” would lead to an invalid URL. Now the invalid change will be ignored for consistency with other browsers.

This affects the “protocol” attribute on the URL API, location, and <a> and <area> elements.

15. Use :focus-visible in the default UA style sheet

Change the Chromium default UA style sheet to use :focus-visible instead of :focus pseudo-class to paint the focus indicator (outline).

This will avoid that elements show a focus indicator (because they’re focused and match :focus) while they don’t match :focus-visible.

16. WebAudio: OscillatorOptions.periodicWave is not nullable

It is no longer possible to set the periodicWave member of OscillatorOptions to null.

The WebAudio spec doesn’t allow this, so we’re aligning Chrome with the spec and also Firefox, which has implemented this correctly for 4 years.

17. WebXR AR Lighting Estimation

Allows sites to query for estimates of the environmental lighting conditions within WebXr sessions. This exposes both spherical harmonics representing the ambient lighting, as well as a cubemap texture representing “reflections”.

18. WebXR Depth API

The Depth API is an extension to WebXR Device API that allows applications access to depth buffer information that conveys information about the user’s environment, with primary focus on Augmented Reality scenarios.

19. Remove Content Security Policy directive ‘plugin-types’

The directive ‘plugin-types’ allows developer to restrict which types of plugin can be loaded via <embed> or <object> html elements. The main point was to allow developer to block Flash in their pages. But Flash support has been discontinued, so there is not much point in this anymore.

20. Remove WebRTC RTP data channels

Removes support for the non-standard RTP data channels in WebRTC. Users should use the standard SCTP-based data channels instead.

chromium91 Features:19

1. Managed configuration for Web Applications

This new API will help clients who are still using Chrome Apps to migrate to the Web, by using a simliar API to chrome.storage.managed Extensions API.

2. Block HTTP port 10080

Connections to HTTP, HTTPS or FTP servers on port 10080 will fail.

This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.

3. CSS custom counter styles

The CSS @counter-style rule allows web authors to specify and use custom counter styles in list markers and CSS counters. This helps web internationalization.

4. Class static initializer blocks

The classic static block proposal adds the ability for JavaScript classes to have one or more static initialization blocks. These blocks are initialized once per evaluation of the class definition.

class C {
  static s_field;
  static {
    this.s_field = doSomeInitialization();
  }
}

5. Clipboard: read-only files support

This proposes to expose read-only files on the clipboard to renderers using a similar approach to drag-and drop.

Renderers will have access to read files from the clipboard, but not write files to the clipboard. For files on the clipboard, renderers will have read-only access.

async function onPaste(e) {
let file = e.clipboardData.files[0];
let contents = await file.text();
}

6. Disable Double Tap to Zoom when mobile viewport is set

Disables Double Tap to Zoom (DTZ) when meta viewport tag is set to optimize the web page for mobile devices. In some situations Chrome enables DTZ even if the meta viewport tag is specified correctly which is unexpected to web developers. Having DTZ enabled introduces a 300ms delay between touchend and click events which degrades the user experience on mobile devices.DTZ should be disabled in all cases when a proper meta viewport tag is specified.

7. ES Modules for service workers (‘module’ type option)

JavaScript will support modules in service workers. Setting ‘module’ type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available on worker contexts.

8. Ergonomic brand checks for private fields

This JavaScript feature adds the capability for testing the existence of a private field in an object: “#foo in obj”

Proposal: https://github.com/tc39/proposal-private-fields-in-in

The feature has reached Stage 3 in TC39.

9. GravitySensor API

Expose the GravitySensor API, which provides a 3-axis reading of the gravity force, to users.

10. Honor media HTML attribute for link icon

The link element’s “media” attribute will be honored for link[rel=“icon”] so that web developers can define multiple equally appropriate icons based on a media query (dark and light modes for instance). The last one that matches will be picked.

Browsers don’t currently honor the media attribute for link[rel=“icon”] even though the HTML specification says they should.

11. Import Assertions

Import Assertions are an inline syntax for module import statements to pass on more information alongside the module specifier. The syntax is as follows (shown here is the proposed method for importing a JSON module):

import json from “./foo.json” assert { type: “json” };

12. JSON Modules

JSON modules allow statically importing JSON instead of consuming JSON dynamically through fetch(). JSON modules, like JavaSCript modules, are fetched using “cors” mode and strict MIME type checking. They also share the same module import syntax, for example: import data from "./resource.json”.

13. Run PWA on OS Login

Provides a mechanism to allow users to configure a Progressive Web Application (PWA) to be launched automatically when a user logs in to the operating system.

14. Suggested file name and location for the File System Access API

When initially shipping the File System Access API we shipped a bare minimum API surface
for showing file and directory pickers. We’re now proposing adding a couple of frequently
requested (and commonly supported in other file picker APIs) options to let websites
provide a couple more opportunities to influence the behavior of the file and directory pickers.
In particular we want to let websites give suggestions for the name and location of files and
directories that are being saved or loaded.

15. WebAssembly SIMD

WebAssembly SIMD will expose hardware SIMD instructions to WebAssembly applications in a platform-independent way. The SIMD proposal introduces a new 128-bit value type that can be used to represent different types of packed data, and several vector operations that operate on packed data.

SIMD can boost performance by exploiting data level parallelism and is also useful when compiling native code to WebAssembly

16. WebOTP API: cross-origin iframe support

Adds support for WebOTP API calls from cross-origin iframes if enabled by a permission policy.

17. WebSockets over HTTP/2

Supports WebSockets over HTTP/2 in Chromium as specified in RFC 8441 https://tools.ietf.org/html/rfc8441. This is only used for secure WebSockets requests, and only when there is already an HTTP/2 connection where the server has already advertised support for WebSockets over HTTP/2 via the HTTP/2 SETTINGS parameter defined in the specification.

18. adaptivePtime property for RTCRtpEncodingParameters

Adds the adaptivePtime property to RTCRtpEncodingParameters(https://w3c.github.io/webrtc-pc/#rtcrtpencodingparameters). This new flag sets a sender in a real-time communication (RTC) system to enable/disable adaptive packet rate.

19. Remove webkitBeforeTextInserted & webkitEditableContentChanged JS events

The webkitBeforeTextInserted and webkitEditableContentChanged JS events are Blink internal events and are non standard events. There are better replacement of these events which Browser vendors have been actively working on such as Input events(https://w3c.github.io/input-events/).

chromium92 Features:11

1. CSS position: sticky scroll initial position into view

For the purposes of any operation targetting the scroll position of a sticky positioned element (or one of its descendants), the sticky positioned element must be considered to be positioned at its initial (non-offsetted) position.

This was discussed in https://github.com/w3c/csswg-drafts/issues/1459.

2. Add dayPeriod option for Intl.DateTimeFormat

Add a dayPeriod option to Intl.DateTimeFormat() method so the caller can format times such as “7 in the morning”, “11 in the morning”, “12 noon”, “1 in the afternoon”, “6 in the evening”, “10 at night” (or in Chinese, “清晨7時”, “上午11時”, “中午12時”, “下午1時” ,“下午6時” ,“晚上10時”)

3. Change click, auxclick and contextmenu event types to PointerEvent

Change “click”, “contextmenu”, “auxclick” events to PointerEvent (instead of MouseEvent) to let developers: distinguish between mouse, pen and individual fingers in a multitouch interaction through pointerType and pointerId attributes, and utilize fractional event coordinates for high precision use cases.

4. Final specified imperative slot distribution behavior

The final imperative slot distribution API spec has been landed at [1]. There are minor changes from the initial draft [2] which was implemented in Chromium. This feature represents the changes from the draft to the final spec.

[1] https://html.spec.whatwg.org/#dom-slot-assign
[2] https://chromestatus.com/feature/5711021289242624

5. Relative indexing method for Array, String, and TypedArrays

Add a new method, named at(), to Array.prototype, String.prototype, and the TypedArray prototypes, that permit relative indexing with negative indices.

let arr = [1,2,3,4];
arr.at(-1); // Returns 4

6. Tainted origin flag applied to Resource Timing

Accounts for the tainted origin flag when computing whether a fetched resource passes the timing allow origin check. The Timing Allow Origin check is used in Resource Timing to determine whether the page has the right to receive detailed timing information about a resource used in the page. The tainted origin flag impacts this check in cases where there are multiple redirects that cross origins. In those cases, the header should be ‘*’, i.e. can no longer be a specific origin.

7. Web Bluetooth manufacturer data filter

Being able to filter based on manufacturer specific data (such as vendor ID and product ID) will enable e.g. manufacturer.example.com to configure/select only its own Bluetooth devices and present them to users, instead of showing unrelated Bluetooth devices in the browser picker.

8. crypto.randomUUID()

Introduces the method crypto.randomUUID() for generating RFC 4122 version 4 identifiers. The method returns the namespace specific string representation (for example, “6e4decd0-6066-4a25-98e3-0227317cda52”).

9. size-adjust descriptor for @font-face

The size-adjust descriptor in @font-face allows scaling of glyph sizes for a particular font face without affecting the CSS font-size and derived metrics such as em.

CSS font-size can be seen as a scale factor for a box that the font draws in. Glyph sizes within that box vary between fonts, and size-adjust enables harmonising them across different fonts. That’s why it can also help with reducing cumulative layout shift by matching up the fallback font and primary web font using this descriptor.

10. Payment handlers for standardized payment method identifiers.

Enables web-based payment handlers to receive “paymentrequest” events with non-URL, but standardized payment method identifiers, such as “basic-card” or “tokenized-card”.

11. aria-touchpassthrough

Screen readers with touch screen support typically include a “touch exploration” mode where you can tap or slowly drag around the screen and listen to feedback on what you’re touching, before it activates.

Setting aria-touchpassthrough on an HTML element indicates to a screen reader that touch events targeted at this element should be passed through directly, instead.

chromium93 Features:14

1. Intl BestFitMatcher by using ICU LocaleMatcher

Use the ICU LocaleMatcher to implement the BestFitMatcher of ECMA402 in v8 JavaScript engine.
ECMA402 defined the BestFitMatcher abstract operation to allow browser implementation to implement a better way to match locale data.
UTS35 sec “4.4 Language Matching” details a data driven algorithm to use CLDR. ICU 67.1 (launched in April 2020) comes with an improved icu::LocaleMatcher API and implementation . This document shows how we implement v8’s BestFitMatcher to use such API.

2. AbortSignal.abort() static method

AbortSignal.abort() is a static method that allows creating a new AbortSignal object that is already aborted. It is similar in spirit to Promise.reject(), and provides improved developer ergonomics.

3. Block ports 989 and 990

Connections to HTTP, HTTPS or FTP servers of ports 989 and 990 will fail.

These ports are used by the FTPS protocol, which has never been implemented in Chrome. However, FTPS servers can be attacked in a cross-protocol attack by malicious web pages using carefully-crafted HTTPS requests.

This is a mitigation for the ALPACA attack. See https://alpaca-attack.com/.

4. CSS Flexbox: support alignment keywords start, end, self-start, self-end, left, right

Make flexbox and flex items obey the positional alignment keywords from https://drafts.csswg.org/css-align-3/#positional-values.

Flexbox previously only obeyed center, flex-start, and flex-end. The additional alignment keywords (start, end, self-start, self-end, left, right) allow authors to more easily align the flex items in the face of varying writing modes and flex flows.

5. CSS module scripts

CSS Module Scripts are an extension of the ES Script Modules system that allows web developers to load CSS into a component definition in a manner that interacts seamlessly with other module types:

import styleSheet from “./styles.css” assert { type: “css” };

6. Error.cause property

Adds an additional options parameter to the Error() constructor with a cause property, the value of which will be assigned to the error instances as a property. This allows errors to be chained without unnecessary and overelaborate formalities on wrapping the errors in conditions.

7. Honor media HTML attribute for meta name=theme-color

The meta element’s “media” attribute will be honored for meta[name=“theme-color”] so that web developers can adjust the theme color of their site based on a media query (dark and light modes for instance). The first one that matches will be picked.

8. Object.hasOwn

Object.hasOwn provides an easier-to-use, static method version of Object.prototype.hasOwnProperty. For example, Object.hasOwn({ prop:42 }, ‘prop’) returns true.

9. Re-add ‘style’ to contain:strict and contain:content CSS properties

The ‘strict’ and ‘content’ keywords for the ‘contain’ property will now include ‘style’. Per CSSWG resolution this was (re-)added now that contain:style is well-defined in the specifications.

10. Sec-CH-Prefers-Color-Scheme User Preference Media Features Client Hints Header

User Preference Media Features Client Hints Header defines a set of HTTP Client Hints headers around user preference media features as defined by Media Queries Level 5. If used as Critical Client Hints, these headers allow servers to make smart choices regarding, e.g., CSS inlining.

Sec-CH-Prefers-Color-Scheme reflects the user’s prefers-color-scheme preference.

11. WebOTP API: cross-device support

We plan to support WebOTP API on desktop when both Chrome Desktop and Chrome Android are logged into the same Google account.

12. accent-color CSS property

The accent-color CSS property allows the page to specify a color used by form controls instead of using the builtin default color. For example, “accent-color: red” on an <input type=checkbox> would change the blue color around the checkmark to red.

13. noplaybackrate in HTMLMediaElement.controlsList

Offers a way for the website to enable/disable the playback speed control exposed by the browser in native media controls.

14. Remove 3DES in TLS

Remove support for the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.

chromium94 Features:15

1. Align transform-style: preserve-3d and perspective property with the spec

Align the behavior of transform-style: preserve-3d (which allows child elements to participate in the same 3D scene) and the perspective property (which applies a perspective transform to child elements) with the spec by making them apply only to child elements. Before this change, Chromium applies both of these effects based on the containing block hierarchy rather than the DOM tree, and also allows them to extend through elements without transform-related properties on them.

2. CSS Overflow: scrollbar-gutter

The “scrollbar-gutter” property provides control over the presence of scrollbar gutters (the space which may be reserved to display a scrollbar), allowing authors to prevent layout changes as content expands while avoiding unwanted visuals when scrolling isn’t needed.

Note that the presence of the scrollbars themselves is determined by the “overflow” property and the decision of whether to use classical or overlay scrollbars is up to the User Agent.

3. Canvas color management

Formalize that the default color space for 2D canvases and ImageData is sRGB. Clarify that 2D canvas is fully color managed (that all inputs are converted to the canvas color space). These were previously convention and not clearly specified.

Add parameters to specify a non-sRGB color space when creating a 2D canvas or an ImageData. Add support for the Display P3 color space for these parameters.

4. Feature Policy: display-capture

Implement the display-capture feature policy from the Screen Capture spec.
https://w3c.github.io/permissions/#dom-permissionname-display-capture
This policy allows restricting access to the getDisplayMedia() API in embedded resources.

5. Idle Detection

The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification.

6. ImageDecoder API extension for WebCodecs

The ImageDecoder API intends to provide web authors random access to decoded images (as ImageBitmap) for each frame in a given image. The returned ImageBitmap objects can be used for drawing to canvas or WebGL (as well as any other future ImageBitmap use cases). Since the API is not bound to the DOM it may also be used in workers.

7. JS Self-Profiling API

Adds a web-exposed sampling profiler for measuring client JavaScript execution time. Gathering JS profiles from real users can help developers debug slow observed performance without the need for invasive manual instrumentation.

8. MediaStreamTrack Insertable Streams (a.k.a. Breakout Box)

This feature defines an API surface for manipulating raw media carried by MediaStreamTracks such as the output of a camera, microphone, screen capture, or the decoder part of a codec and the input to the decoder part of a codec. It uses WebCodecs interfaces to represent raw media frames and exposes them using streams, similarly to the way the WebRTC Insertable Streams spec exposes encoded data from RTCPeerConnections.

9. Return fixed lists for navigator.plugins and navigator.mimeTypes

With the removal of Flash, there is no longer the need to return anything for navigator.plugins and navigator.mimeTypes. These APIs were used primarily for a) probing for Flash player support, or b) fingerprinting. Some sites use these APIs to probe for PDF viewer support. With this change, these arrays will return fixed lists containing a standard list of PDF viewer plugins.

10. Richer Install UI for PWAs

Gives developers the ability to add more data (descriptions and screenshots) to their PWA install dialog and gives users more insight into the apps they are about to install.

11. Scheduling APIs: Prioritized scheduler.postTask

Userspace tasks often have varying degrees of importance (related to user experience), but the Platform lacks a unified API to schedule prioritized work. The postTask API allows developers to schedule tasks (javascript callbacks) with a native browser scheduler at 3 levels of priority: user-blocking, user-visible, and background. It also exposes a TaskController, which can be used to dynamically cancel tasks and change their priority.

12. VirtualKeyboard API

The virtual keyboard is the on-screen keyboard used for input in scenarios where a hardware keyboard may not be available.
The VirtualKeyboard interface has APIs to provide authors with more control over when the virtual keyboard is shown or hidden. It also fires events with the size of the virtual keyboard when it occludes content in the page.

13. WebCodecs

Provides efficient, low-level access to built-in (software and hardware) media encoders and decoders.

14. preferCurrentTab

We introduce a dictionary member to MediaStreamConstraints called preferCurrentTab. It’s a boolean defaulting to false. When getDisplayMedia() is called with preferCurrentTab=true, the browser should offer the current tab as the most prominent capture source.

15. Application Cache

AppCache was standardized in the Offline Web applications section of the HTML specification. The standard is formally referred to as application caches.

New Web applications should be built around Service Workers. Existing applications that use AppCache should migrate to Service Workers.

AppCache access was removed from insecure origins in M70. This intent addresses AppCache usage in secure origins.

chromium95 Features:17

1. Back-forward cache for same-site navigations on Android

Creates a cache for pages which allows for instant navigations to previously-visited pages after all eligible navigations on Android, both cross-site and same-site.

This enhances the original version of back-forward cache, which only caches pages on cross-site navigations: https://chromestatus.com/feature/5815270035685376.

This enhancement shipped by default in M95.

2. CSS @counter-style rules in shadow trees

Allows custom counter styles (@counter-style rules) to be defined with shadow trees, and properly referenced within shadow trees or across shadow boundaries.

3. Cookie size limits

Enforce limits on the size (in bytes) of cookies set by HTTP responses (Set-Cookie header) and via JS APIs (document.cookie and CookieStore).

4. Extend Intl.DateTimeFormat timeZoneName Option

Add 4 new values “shortGeneric”, “longGeneric”, “shortOffset”, and “longOffset” for Intl.DateTimeFormat timeZoneName option

5. EyeDropper API

The EyeDropper API enables developers to use a browser-supplied eyedropper in the construction of custom color pickers.

6. Intl.DisplayNames v2

Extend the Intl.DisplayNames API to include “calendar” and “dateTimeField” names and add “languageDisplay” option.
see https://github.com/tc39/intl-displaynames-v2 for the proposal
The proposal advanced to Stage 3 on 2021-05-25
Spec: https://tc39.es/intl-displaynames-v2/

7. Logical properties for contain-intrinsic-size

This converts contain-intrinsic-size to a shorthand and adds corresponding contain-intrinsic-{width,height} properties as well as contain-intrinsic-{inline,block} size.

For example, this will make the following work:

<div style="writing-mode: vertical-lr; contain: size; contain-intrinsic-inline-size: 100px; contain-intrinsic-block-size: 50px;"></div>

8. New UA platform version source on Windows for User-Agent Client Hints

Updates the version provided via the Sec-CH-UA-Platform-Version on Windows to provide a reasonable level of fidelity to allow sites to identify meaningful Windows platform changes. This aligns with the current definition in the proposal in the UA Client Hints WICG repo.

This enables sites to deliver appropriate binary executables and help content specific to that OS version.

9. Note taking new note URL

Parses a web app manifest entry for a URL to open to take a new note in a note-taking web app, allowing OS integrations.

10. Secure payment confirmation

Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new ‘payment’ extension to WebAuthn, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the ‘secure-payment-confirmation’ payment method.

11. URLPattern

URLPattern is a new web API that provides native support for matching URLs given a pattern string. It is designed to be usable both in javascript directly and by passing patterns to other web platform APIs; e.g. as a service worker scope.

12. WebAssembly Exception Handling

This feature is adding exception support to WebAssembly. Exception handling allows code to break control flow when an exception is thrown. The exception can be any exception known by the WebAssembly module, or it may be an unknown exception that was thrown by a called imported function.

13. WebAssembly cross-origin module sharing

WebAssembly module sharing between cross-origin but same-site environments will be deprecated to allow agent clusters to be scoped to origins long term. This is a WebAssembly spec change, which has an impact on the platform as well.

Therefore this deprecation is the first step to deprecate document.domain

14. droppedEntriesCount in PerformanceObserver callback

Currently, web developers can use PerformanceObserver with buffered flag to listen to past and future performance entries about their site. However, past entries need to be stored, and there is a buffer size limit. The droppedEntriesCount parameter helps developers know if they may have lost an entry due to this storage being full. It’s set to the number of entries which got dropped from the buffer due to such buffer being full.

15. self.reportError()

This function, available in windows and workers, allows developers to report errors to the console and any global “error” event handlers, in the same way as an uncaught JavaScript exception. It is mainly useful for custom event-dispatching or callback-manipulating libraries.

16. Deprecate support for URLs with non-IPv4 hostnames ending in numbers

Most hostnames that aren’t valid IPv4 addresses, but end in numbers are treated as valid, and looked up via DNS (e.g., http://foo.127.1/). Per the Public Suffix List spec, the eTLD+1 of the hostname in that URL should be “127.1”. If that is ever fed back into a URLs, “http://127.1/” is mapped to “http://127.0.0.1/” by the URL spec, which seems potentially dangerous. “127.0.0.0.1” could also potentially be used to confuse users. We want to reject URLs with these hostnames.

17. Remove FTP support

Deprecate and remove support for FTP URLs.

chromium96 Features:15

1. CSS @counter-style descriptor ‘speak-as’

A custom counter style can be constructed with a meaning that is obvious visually, but impossible to meaningfully represent via a speech synthesizer or other non-visual means, or possible but nonsensical when naively read out loud. The ‘speak-as’ descriptor describes how to synthesize the spoken form of a counter formatted with the given counter style.

2. Reporting API: Isolate reports per-document and support the Reporting-Endpoints header

Splits the reporting cache into a per-document cache for document-generated reports, and the existing cache for network reports. There is currently a single reporting cache per profile, which means that reports from unrelated documents can potentially be sent in a single request. This also introduces the Reporting-Endpoints HTTP response header for non-persistent configuration of document-generated reports.

3. ALPS and ACCEPT_CH HTTP/2 and HTTP/3 frames

The ACCEPT_CH HTTP/2 and HTTP/3 frames, combined with the TLS ALPS extension, are a connection-level optimization to deliver the server’s Client Hint preferences in time for the first HTTP request.

4. Adding captureTimestamp and senderCaptureTimeOffset to RTCRtpContributingSource.

Two new data properties, captureTimestamp and senderCaptureTime, will be added to the RTCRtpContributingSource, returned by RTCRtpReceiver.getContributingSources(). (See https://w3c.github.io/webrtc-extensions/#rtcrtpcontributingsource-dictionary.) These new properties are used to measure A/V sync and end-to-end delay in real-time communication (RTC) systems.

5. Back-forward cache for desktop

Creates a cache for pages which allows for instant navigations to previously-visited pages.

6. Clipboard: Preserve PNG metadata

Read unsanitized PNGs from the system clipboard. This will apply to both DataTransfer and the Async Clipboard API (navigator.clipboard.read()).

7. Cross-Origin-Embedder-Policy: credentialless

Introduce Cross-Origin-Embedder-Policy: credentialless. This causes cross-origin no-cors requests to omit credentials (cookies, client certificates, etc). Similarly to COEP:require-corp, it can enable cross-origin isolation.

8. Disable propagation of body style to viewport when contained

Used contain values different from none on the root or body elements will disable propagation of CSS properties from body as per specification[1].

[1] https://drafts.csswg.org/css-contain-1/#c3

9. EME MediaKeySession Closed Reason

A MediaKeySessionClosedReason is proposed to indicate the reason for EME MediaKeySession closure, and the closed attribute would return a Promise<MediaKeySessionClosedReason> instead of the current Promise<void>.

See https://github.com/w3c/encrypted-media/issues/473.

10. InteractionID in EventTiming

Developers currently use the Event Timing API to gather performance data about events they care about. However, it is currently hard to link events that correspond to the same user interaction. For instance, when a user taps, many events are generated, such as pointerdown, mousedown, pointerup, mouseup, and click. The interactionID enables developers to link multiple PerformanceEventTiming entries when they correspond to the same user interaction.

11. Media Queries: prefers-contrast feature

Adds the ‘prefers-contrast’ feature, which lets authors adapt web content to user-selected level of contrast in the OS, such as increased contrast mode on macOS and high contrast mode on Windows.

Valid options are ‘more’, ‘less’, ‘custom’, or ‘no-preference’.

12. PWA manifest unique id - desktop

Define an optional id field in app manifest that’s used to globally identify the web app. If the id is not specified, start_url will be used as the default id.

13. URL Protocol Handler Registration for PWAs

Enable web applications to register themselves as handlers of custom URL protocols/schemes using their installation manifest.

14. WebAssembly Reference Types

Allow WebAssembly modules to hold references to JS/DOM objects, passing them as arguments, storing them in locals and globals, and storing them in WebAssembly.Table objects.

15. [WebAuthn] Authenticator Attachment in Public Key Credential

Add the authenticator attachment (platform/cross-platform) used during both registration and authentication to the public key credential payload returned from the browser to the relying party (website/application etc)

chromium97 Features:12

1. Array and TypedArray findLast and findLastIndex

This is a Stage 3 TC39 proposal that adds the methods findLast and findLastIndex to Array.prototype and the various TypedArray.prototypes.

These methods are the “from the end” versions of find and findIndex.

2. Content-Security-Policy delivery via response headers for dedicated workers.

Dedicated workers should be governed by the Content Security Policy delivered in their script response headers. Chrome incorrectly used to instead apply the Content Security Policy of the owner document.

We would like to change chrome’s behaviour to adhere to what is specified.

3. Feature policy for Keyboard API

getLayoutMap() used in conjunction with code solves the problem of identifying the actual key pressed in keyboard with different layout maps such as English vs French keyboards, but since getLayoutMap() isn’t available in all contexts (can’t be used inside iframes), Office web apps like Excel, Word, PowerPoint, etc. that show up as embedded experiences in Outlook Web, Teams, etc. and are running in iframes, can’t use this API.
Adding keyboard-map to the allow attribute list solves this problem.

4. HTMLScriptElement.supports(type) method

Provides a unified way to detect new features that use script elements.

5. Late newline normalization in form submission

Before this change, newlines in form entries were normalized early in the form submission process (during the entry list construction), with an additional late normalization happening as the form payload was encoded with the application/x-www-form-urlencoded enctype. With this change, the early normalization is removed and the late normalization is extended to all enctypes.

6. PermissionStatus.prototype.name

Adds a read only attribute “name” to the PermissionStatus interface, allowing the name of the permission to be gotten after a PermissionStatus is created.

When querying multiple permissions simultaneously via the Permissions API, it was not possible to identify which PermissionStatus was which, as they were lacking a way to identify them (i.e., their “name”). The only way around this was to use something like array order or some other external index, which is less than ideal.

7. Propagate request origin and redirect chain in passthrough service workers.

This feature will cause service workers that handle navigation requests by calling fetch(evt.request) to use the origin and redirect chain from FetchEvent.request. Previously this information was always set to the service worker’s origin with no redirect chain.

This information is used to control the origin header and SameSite cookies sent with the request to the server.

8. Standardize existing client hint naming

Client Hints, a method to request information about the user’s device or conditions, have been implemented in Chrome, but since the initial implementation the naming scheme has changed. If implemented, this proposal would add new client hints with a sec-ch- prefix to re-implement the following: dpr, width, viewport-width, device-memory, rtt, downlink, and ect.

9. Support calc(<number>) where only accepts <integer>

CSS math functions that resolve to <number> can be used in any place that only accepts <integer>. (It gets rounded to the nearest integer, as specified in https://drafts.csswg.org/css-values-4/#calc-range)

10. WebAssembly Content Security Policy

Enhancements to Content Security Policy to improve interoperability with WebAssembly.

11. WebTransport

WebTransport is a protocol framework that enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport.

12. transform: perspective(none)

Implement support for a ‘none’ argument to the perspective() function within the syntax of the CSS transform property. This provides the perspective() function with a value that gives the identity matrix. Its effect is as though the perspective() function was given an argument that is infinite. This makes it easier (or, in some cases, possible) to do animations involving the perspective() function where one of the endpoints of the animation is the identity matrix.

chromium98 Features:8

1. Add support for Promise to Blobs in clipboard item

Add promise support to ClipboardItem object. This helps the web author to call async clipboard write method without having to provide the Blob data synchronously. Authors can choose to resolve the promise later when the Blob data is available.

2. COLRv1 Color Gradient Vector Fonts

To solve problems with existing color font formats, we designed a next generation font format suitable for the web called COLRv1 which enables powerful 2D graphics glyph definitions (gradients, transforms), supports variations, and reuses existing contour definitions.

Previous color font formats embed bitmap files into the OpenType font containers. They do not scale in high quality and have a large binary size. OpenType SVG embeds vectors but requires complex parsers and rasterisers.

3. CSS Color Adjust: ‘only’ keyword for color-scheme

The ‘only’ keyword has been re-added to the specification for color-scheme as a way of per-element opt-out of color-scheme override like forced darkening.

div { color-scheme: light } will force the div element into color-scheme dark and apply forced darkening.
div { color-scheme: only light } will keep the color-scheme for the element light and opt-out of forced darkening.

4. HDR CSS Media Queries: dynamic-range

Adds a media query to CSS which allows a page to detect the current display device’s support for HDR.

This feature adds the query: ‘dynamic-range’ which may be one of ‘standard’ or ‘high’. Chrome will resolve this query according to the capabilities of the display device the browser window is currently positioned on, allowing pages to toggle CSS rules accordingly or respond in Javascript via ‘window.matchMedia()’.

5. New window.open() popup vs. window behavior

This change aligns Chromium with the spec for window.open(), by 1) adding a “popup” windowFeature to control popup vs. tab/window, and 2) ensuring all BarProp properties return !is_popup.

6. WritableStream controller AbortSignal

The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. This change permits an underlying sink to rapidly abort an ongoing write or close when requested by the writer.

7. self.structuredClone()

Enables using the HTML structured clone algorithm synchronously for cloning and transferring objects within a single realm.

8. Remove SDES key exchange for WebRTC

The SDES key exchange mechanism for WebRTC has been declared a MUST NOT in the relevant IETF standards since 2013. The SDES specification has been declared Historic by the IETF.

Its usage in Chrome has declined significantly over the recent year.

This intent is to deprecate and remove this code from Chromium and WebRTC.

chromium99 Features:15

1. Autofill in ShadowDOM

This feature allows autofill to look into ShadowDOM when collecting form controls within a form element.

With the adoption of web components, it is common to wrap form controls like input elements in ShadowDOM.
When autofill traverses the children of form elements to collect form controls, it currently skips ShadowDOM, and makes these form controls never get autofilled.
This feature will make autofill also traverse into ShadowDOM when collecting form controls.

2. Intl Enumeration API

Intl Enumeration API Specification is a new ECMA402 Stage 3 proposal which lists supported values of options in pre-existing API.

3. Intl Locale Info in ECMA402

Intl Locale Info API is a new Stage ECMAScript TC39 proposal to enhance the Intl.Locale object by exposing Locale information, such as week data (first day in a week, weekend start day, weekend end day, minimun day in the first week), and text direction hour cycle used in the locale.
https://github.com/tc39/proposal-intl-locale-info

4. “audioworklet” destination for AudioWorklet

Sets the destination of script requests for AudioWorklet to “audioworklet”.

The specification defines script requests for AudioWorklet have “audioworklet” destination, but previously they had “script” destination. The destination is exposed to the Sec-Fetch-Dest HTTP request header and FetchEvent.request.destination on Service Workers. This helps servers to decide how to handle the requests.

5. “paintworklet” destination for PaintWorklet

Sets the destination of script requests for PaintWorklet to “paintworklet”.

The specification defines script requests for PaintWorklet have “paintworklet” destination, but previously they had “script” destination. The destination is exposed to the Sec-Fetch-Dest HTTP request header and FetchEvent.request.destination on Service Workers. This helps servers to decide how to handle the requests.

6. Allow infinity, -infinity and NaN in CSS calc()

CSS calc() math function should allow infinity and NaN values by ‘infinity’, ‘-infinity’, ‘NaN’ keywords or expressions that could be evaluated into infinity or NaN such as ‘calc(1/0)’.

7. Allow simple Range header values without preflight

Allows requests with simple range headers to go through without preflight.

CORS requests will be able to use the Range header in limited ways (only one valid range) without triggering a preflight.

8. CSS cascade layers

CSS cascade layers (@layer rule and layered @import syntax) provide a structured way to organize and balance concerns within a single origin. Rules within a single cascade layer cascade together without interleaving with style rules outside the layer. This allows authors to achieve a certain cascade ordering for same-origin rules in a proper way.

9. Convert adoptedStyleSheets to use ObservableArray

The prior specification for adoptedStyleSheets used a FrozenArray backing array. The spec was recently changed, so that the backing array is an ObservableArray. This makes the API easier to use and understand, since it is a true mutable JS array object. For example, normal array operations such as adoptedStyleSheets.push(sheet) can be used.

10. HTMLInputElement showPicker()

The HTMLInputElement showPicker() method allows web developers to programmatically show a browser picker for input elements (temporal, color, file, and those with suggestions like datalist or autofill).

11. Handwriting Recognition API

An API for web applications to make use of advanced handwriting recognition services (e.g. those on operating systems) to recognize text from handwriting drawings (inks) in real time. In this context, handwriting drawing means the temporal and positional information used to describe a human handwriting process.

12. New Canvas 2D API

Updated functionality for the Canvas2D API. Adds nine new features/functions to CanvasRenderingContext2D:

• “ContextLost” and “ContextRestored” events
• “willReadFrequently” option for canvases where lots of readback is expected
• More CSS text modifier support
• A reset function
• A roundRect draw primitive
• Conic gradients
• Better support for SVG filters

https://github.com/fserb/canvas2d

13. Replace GamepadList with sequence<Gamepad?> for navigator.getGamepads() return value

We intend to replace GamepadList with sequence<Gamepad?> for the navigator.getGamepads() return value to follow the spec and match current Gecko and WebKit implementations.

14. Unprefixed text-emphasis properties

This feature introduces ‘text-emphasis’, ‘text-emphasis-color’, ‘text-emphasis-position’, and ‘text-emphasis-style’ CSS properties. They are unprefixed versions of ‘-webkit-text-emphasis’, ‘-webkit-text-emphasis-color’, ‘-webkit-text-emphasis-position’, and ‘-webkit-text-emphasis-style’.

15. Remove font-family -webkit-standard

Remove support for the font-family value “-webkit-standard”. This essentially behaves as an alias to the proprietary keyword “-webkit-body” and is only exposed as historical implementation details inherited from WebKit.

chromium100 Features:14

1. Allow cookie domain attributes to be the empty string

Updates the parsing of cookie strings to allow a cookie’s domain attribute to be set to the empty string. This change will also correct the failing web-platform tests related to an empty string domain. Additionally, it brings Chrome in alignment with the draft RFC6265bis specification, and will improve interoperability with Safari and Firefox by matching their treatment of an empty cookie domain attribute.

2. AbortSignal.prototype.throwIfAborted

Throws an AbortSignal’s reason if the signal is aborted. This convenience method can be used by signal-handling functions to check a signal’s abort status and propagate the abort reason, e.g. after async operations that might change a signal’s state.

3. Capability Delegation

Capability delegation means allowing a frame to relinquish its ability to call a restricted API and transfer the ability to another (sub)frame it trusts.

If an app wants to delegate its ability to call a restricted JS capability (e.g. popups, fullscreen, etc) to a known+trusted third-party frame, the app would utilize a Capability Delegation API to “transfer” the ability to the target frame in a time-constrained manner (unlike static mechanisms like <iframe allow> attributes).

4. Digital Goods API

An API for querying and managing digital products to facilitate in-app purchases from web applications, in conjunction with the Payment Request API (which is used to make the actual purchases). The API would be linked to a digital distribution service connected to via the user agent. In Chromium, this is specifically a web API wrapper around the Android Play Billing API.

5. HIDDevice forget()

The HIDDevice forget() method allows web developers to voluntarily revoke a permission to a HIDDevice that was granted by a user.

6. Markup based Client Hints delegation for third-party content

To support content negotiation use cases such as differential serving of variable fonts, color vector fonts, responsive images, and other third-party content which requires client information lost by user agent reduction. For example: variable fonts allow significantly less font information to be transferred without loss of functionality, but only works on specific operating systems.

7. Omnibox prerendering

With this feature, Chrome will start prerendering the high-confidence omnibox autocomplete suggestions.

8. SerialPort integration with WritableStream controller AbortSignal

This integration prevents a situation in which aborting a SerialPort’s WritableStream can be blocked on waiting for a partially-written chunk of data to be written to the port. If the port is waiting for the peer device to provide a flow control signal it could be blocked indefinitely. The intent of aborting a WritableStream is to immediately stop trying to write data to the underlying sink. The introduction of an AbortSignal to the controller was done to fix bugs like this.

9. TLS ALPN extension in wss-schemed WebSockets connections

This is a PSA about a small tweak to an existing feature. The change is to include the TLS ALPN extension when initiating a new connection for wss-schemed WebSockets, offering just the default “http/1.1” protocol. Currently, unlike HTTPS connections, such connections do not offer ALPN at all. Changing this aligns with Firefox and Safari, hardens against cross-protocol attacks (see ALPACA), and makes wss eligible for the False Start optimization. It also simplifies work on the HTTPS DNS record.

10. Web NFC: NDEFReader makeReadOnly()

The NDEFReader makeReadOnly() method allows web developers to make NFC tags permanently read-only with Web NFC.

11. WebTransport serverCertificateHashes option

In WebTransport, the serverCertificateHashes option allows the website to connect to a WebTransport server by authenticating the certificate against the expected certificate hash instead of using the Web public key infrastructure (PKI).

This feature allows Web developers to connect to WebTransport servers that would normally find obtaining a publicly trusted certificate challenging, such as hosts that are not publically routable, or virtual machines that are ephemeral in nature.

12. Window Management

Previously named “Multi-Screen Window Placement”.

Adds new screen information APIs and makes incremental improvements to existing window placement APIs, allowing web applications to offer compelling multi-screen experiences.

The existing singular window.screen offers a limited view of available screen space, and window placement functions generally clamp bounds to the current screen. This feature unlocks modern multi-screen workspaces for web applications.

13. mix-blend-mode: plus-lighter

This proposal adds a plus-lighter value to the mix-blend-mode property. Plus-lighter adds the source and destination colors multiplied by their respective alphas. This operation is useful when cross fading between two elements that may contain common pixels. In that case, plus-lighter ensures that the common pixels do not change in appearance as opacity changes from 0 to 1 on one element and from 1 to 0 on the other.

14. The “basic-card” method of PaymentRequest API

Deprecate the “basic-card” payment method from PaymentRequest API.

chromium101 Features:8

1. font-palette and custom @font-palette-values palettes

The font-palette CSS property allows selecting a palette from a color font. In combination with the @font-palette-values at-rule, custom palettes can be defined.

Use cases: designs where an icon or emoji font is used in combination with dark or light mode, or multi-colored icon fonts that are colorised using font-palette to harmonise with the content’s color scheme.

font-palette increases efficiency of color font uses, as no server roundtrip is needed for changing the colors of the font.

2. Deprecate and remove WebSQL in third-party contexts

We intend to deprecate and remove usage of WebSQL in third party contexts. Deprecation is targeted for M94 and removal is targeted for M97.

3. Fetch Priority

Fetch Priority provides developers a way to indicate a resource’s relative priority to the browser, allowing more control over the order resources are loaded.

Many factors influence a resource’s priority in browsers. These include type, visibility, and preload status of a resource. This introduces a developer-set “fetchpriority” attribute to HTML elements and a “priority” property to the fetch API allowing developers to influence the computed priority of a resource. Supported fetchpriority values are auto, low, and high.

4. Make ‘true’ a truthy value for window.open boolean features

This is a recent change [1] to the spec for parsing the windowFeatures argument to window.open(). Previous to this change, window.open(url,‘’,‘popup=true’) interpreted the ‘popup=true’ to mean popup is false. With this change, ‘true’ counts as a truthy value.

[1] https://github.com/whatwg/html/pull/7425

5. MediaCapabilities API for WebRTC

Extends the MediaCapabilities API to support WebRTC streams. The MediaCapabilities API helps web sites to make informed decisions on what codec, resolution, etc. to use for video playback by providing information about whether a configuration is supported and also whether the playback is expected to be smooth. This feature extends the MediaCapabilities API to also include WebRTC streams.

6. Secure context fix for dedicated workers

Dedicated workers loaded from a secure (HTTPS) origin yet instantiated by insecure (non-HTTPS) contexts are no longer considered secure.

This results in the following web developer facing changes inside such worker contexts:

• self.isSecureContext is now false
• self.caches and self.storageFoundation are no longer available

This aligns Blink behavior with the specification and Gecko.

7. USBDevice forget()

Following the recent HIDDevice forget() addition[1] to the web platform, the USBDevice forget() method allows web developers to voluntarily revoke a permission to a USBDevice that was granted by a user.

[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/Fk-IJF63UWc

8. Web USB sameObject behavior

Make USBConfiguration, USBInterface, USBAlternateInterface, and USBEndpoint instances returned by the accessors on USBDevice === comparable.

chromium102 Features:12

1. Add Save Data Client Hint

The existing Save-Data header will be made a formal client hint by adding a new CH-Save-Data permissions policy that controls its delegation. This hint will still be sent by default (when lite mode is on) and delegated to all first and third parties by default.

2. AudioContext.outputLatency

AudioContext.outputLatency property is the estimation in seconds of audio output latency.

Technically, this is the interval between the time the UA requests the host system to play a buffer and the time at which the first sample in the buffer is actually processed by the audio output device. For devices such as speakers or headphones that produce an acoustic signal, this latter time refers to the time when a sample’s sound is produced.

3. Capture Handle

We introduce a mechanism that allows an application to opt-in to exposing certain information to other applications which are video-capturing it. This allows collaboration between capturing and captured applications.

For example, a VC application that’s video-capturing a tab where a presentation application lives, could expose user-facing controls in the VC tab for navigating the presentation in the captured tab.

4. File Handling

File Handling provides a way for web applications to declare the ability to handle files with given MIME types and extensions. The web application will receive an event when the user intends to open a file with that web application.

5. HTTP->HTTPS redirect for HTTPS DNS records

Query DNS for HTTPS records (alongside traditional A and AAAA queries). When a website has deployed an HTTPS DNS record and Chrome receives it, Chrome will always connect to the website via HTTPS.

Design doc for all Chrome DNS HTTPS plans: https://docs.google.com/document/d/1k461sRbddjDGj7Q8f-ZKHZvmB-ENUWSdX_3Fpp2dmXQ

This feature covers just the basic query and HTTP->HTTPS upgrade part of those plans, and only for simpler cases that do not require followup DNS queries by the Chrome DNS stack.

6. Secure Payment Confirmation API V3

Three changes to the Secure Payment Confirmation API, implemented and flagged as “V3” of the API.

• Add Relying Party ID as a required input (https://github.com/w3c/secure-payment-confirmation/issues/164). This is a breaking change, see compatibility section.
• Add an optional boolean to allow failed instrument icon download (https://github.com/w3c/secure-payment-confirmation/issues/125)
• Add payeeName as an optional input (https://github.com/w3c/secure-payment-confirmation/issues/163)

7. WebAssembly Dynamic Tiering

With WebAssembly Dynamic Tiering, an heuristic decides which functions of a WebAssembly module get optimized, and when the optimization is triggered. This is an improvement to the existing eager optimization approach, where all functions get optimized immediately after baseline compilation is finished. WebAssembly Dynamic Tiering reduces the resource consumption of the optimizing compiler, and prevents the compiler from competing with the web application for resources.

8. WebHID exclusionFilters option in requestDevice()

The “exclusionFilters” option in navigator.hid.requestDevice() allows web developers to exclude some devices from the browser picker. It can be used to exclude devices that are known to be malfunctioning.

9. inert attribute

The inert attribute allows web authors to mark parts of the DOM tree as inert. When a node is inert:

• Hit-testing must act as if the ‘pointer-events’ CSS property were set to ‘none’.
• Text selection functionality must act as if the ‘user-select’ CSS property were set to ‘none’.
• If it is editable, the node behaves as if it were non-editable.
• The user agent may ignore the node for the purposes of find-in-page.

(also aboxhall@)

10. [WebRTC] Deprecate and Remove Plan B

The SDP used to establish a connection in WebRTC has a non-standard dialect: Plan B. Removal timeline:
M93: Exception thrown in Canary.
M96: Exception thrown in Beta and Stable.
M102: Prior to this version, Plan B was allowed behind Deprecation Trial. With M102, sdpSemantics is ignored (you get Unified Plan no matter what). CrOS-only: Plan B was temporarily allowed up until M104.

11. Calling PaymentRequest.show without user activation

Allowing PaymentRequest.show() to be triggered without a user activation could be abused by malicious websites. To protect users, the spec was changed to require user activation, and we are now following through in the Chrome implementation.

12. Navigation API

The window.navigation API provides the ability to intercept and initiate navigations, as well as introspect an application’s history entries. This provides a more useful alternative to window.history and window.location, specifically aimed at the needs of single-page web applications.

(Note: this API was formerly known as the app history API.)

chromium103 Features:13

1. “deflate-raw” compression format

Add a new compression format, “deflate-raw”, to give web developers access to the raw deflate stream without any headers or footers. This is needed, for example, to read and write zip files.

2. 103 Early Hints for Navigation

Support 103 Early Hints informational responses during top-level frame navigation. When a 103 response includes link headers Chromium tries to preload specified resources (including modulepreload) or preconnect to specified origins before the final response is received. This gives Web developers a way to optimize Core Web Vitals such as Largest Contentful Paint (LCP).

3. ARIA Attribute Reflection for role attribute

This feature provides a JavaScript API to allow web developers to query and modify the “role” ARIA attribute directly.

This implements attribute reflection for “role” attribute, similar to other attributes already supported like “ariaDescription” or “ariaRequired”.

4. AbortSignal.timeout() Static Method

Returns a new AbortSignal object that is automatically aborted after a given number of milliseconds. This method can be used by developers to easily implement timeouts for signal-accepting async APIs, e.g. fetch().

5. Add .avif to permitted Web Share file extensions

The .avif image file should be able to be shared by Web Share.
Adding avif to the other allowed image file types will help spread the use of it.

6. Allow popstate to fire before load

Before this change, Chromium would fire hashchange asynchronously (after a task), and delay popstate until the load event. This means the event ordering could be either [hashchange, popstate], or [popstate, hashchange], depending on how long the document took to load. After this change, Chromium will match Firefox and always fire popstate immediately upon URL changes, i.e. the order will always be [popstate, hashchange].

7. Block external protocol in sandboxed iframe

Block sandboxed iframe from opening external application.

To enable it again, apply at least one of following values to the <iframe> element’s sandbox property:

• allow-popups
• allow-top-navigation
• allow-top-navigation-with-user-activation

Or use the new dedicated one:

• allow-top-navigation-to-custom-protocols

8. Local Font Access

Gives web applications the ability to enumerate local fonts and some metadata about each. Also gives web applications access to table data stored within local fonts, allowing those fonts to be rendered within their applications using custom text stacks.

9. Restrict Gamepad usage

Requires a secure context for the Gamepad API and adds a feature policy to allow restricting gamepad use.

10. SerialPort forget()

Following the recent HIDDevice[1] and USBDevice[2] forget() additions to the web platform, the SerialPort forget() method allows web developers to voluntarily revoke a permission to a SerialPort that was granted by a user.

[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/Fk-IJF63UWc
[2] https://groups.google.com/a/chromium.org/g/blink-dev/c/pSM2W0TtKEI/

11. Update User-Agent Client Hints GREASE implementation

We seek to align our implementation of GREASE in User Agent Client Hints with the current spec, which includes additional GREASE characters beyond the current semicolon and space, and which recommends varying the arbitrary version. This is to help prevent bad assumptions from being built on top of User-Agent strings.

12. User Activation Requirement for SPC Credential Enrollment

This intent is to add a user activation requirement for Secure Payment Confirmation (SPC) credential enrollment in a cross-origin iframe to help mitigate a privacy issue (see https://github.com/w3c/secure-payme for discussion of a potential identity tracking attack).

13. Remove Battery Status API on Insecure Origins

Deprecate and remove the Battery Status API on insecure origins, such as HTTP pages or HTTPS iframes embedded in HTTP pages.

chromium104 Features:15

1. Block iframe contexts navigating to filesystem: URLs

Render-initiated navigations to filesystem:// URLs are blocked in top-level frames, but for some reason allowed in iframes. As part of the storage partitioning efforts, we propose to remove support for third party contexts, and consistently block navigation to filesystem:// URLs everywhere.

See https://chromestatus.com/metrics/feature/timeline/popularity/4077 for usage details (currently extremely low).

2. CSS object-view-box

object-view-box allows the author to specify a subset within an image that should draw within the content box of the target replaced element. This enables an author to create an image with a custom glow or shadow applied, with proper ink-overflow behavior like a CSS shadow would have.

3. Cookie Expires/Max-Age attribute upper limit

When cookies are set with an explicit Expires/Max-Age attribute the value will now be capped to no more than 400 days in the future. Previously, there was no limit and cookies could expire as much as multiple millennia in the future.

4. Individual Properties for CSS Transforms

This adds three new CSS properties: translate, rotate, and scale. These properties are known as the individual transform properties (and were previously known as the independent transform properties).

This exposes a simple way for web developers to access transforms in an intuitive way, without having to think about how functions in the transform property interact with each other.

The properties are individually animatable.

5. Media Queries Level 4 Syntax & Evaluation

Allows writing media queries using ordinary mathematical comparison operators, and adds support for ‘or’, ‘not’, nesting, and evaluation of “unknown” features.

6. Permissions Policy for Web Bluetooth API

Integrates the Web Bluetooth API with Permissions Policy, which should be identified by the “bluetooth” token.

The Web Bluetooth API allows webpages to communicate with devices over Bluetooth. However, this API is not allowed to be used from cross-origin iframes. This integration enables this scenario while providing protection against unwanted access to Bluetooth capabilities, which requires the top-level document to explicitly allow a cross-origin iframe to use the API’s methods.

7. Private Network Access preflight requests for subresources: warning-only mode

Sends a warning-only CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server.

If the preflight request fails due to Private Network Access checks, a warning is displayed in the DevTools issues panel, but the error is otherwise ignored. The subsequent request is sent as if the preflight had succeeded.

A private network request is any request from a public website to a private IP address or localhost, or from a private website (e.g. intranet) to localhost. Sending a preflight request mitigates the risk of cross-site request forgery attacks against private network devices such as routers, which are often not prepared to defend against this threat.

8. Removing Legacy Client Hint Mode

A set of 4 hints (dpr, width, viewport-width, and device-memory) have a default allowlist of self but behave as though they have a default allowlist of * on Android. The default allowlist of * goes against the Client Hints Infrastructure standard; fixing this will increase privacy on Android by requiring explicit delegation of these hints.

9. Subresource loading with Web Bundles

Provides a new approach to load a large number of resources efficiently using a format that allows multiple resources to be bundled, e.g. Web Bundles.

10. Support visual-box on overflow-clip-margin

overflow-clip-margin specifies how far an element’s content is allowed to paint before being clipped. This feature allows using visual-box values to configure the reference box that defines the overflow clip edge the content is clipped to.

11. U2F Security Key API removal (Cryptotoken Component Extension)

The Cryptotoken component extension offers a chrome.runtime.sendMessage() API that allows any web site to make requests to a user’s FIDO U2F security key. Cryptotoken and its API have been subsumed by the W3C Web Authentication API.

12. Web Custom formats for Async Clipboard API

Web Custom formats let websites read and write arbitrary unsanitized payloads using a standardized web custom format, as well as read and write a limited subset of OS-specific formats (for supporting legacy apps).
The name of the clipboard format is mangled by the browser in a standardized way to indicate that the content is from the web, which allows native applications to opt-in to accepting the unsanitized content.

13. WebGL canvas color management

Implementation of WebGL color management API

WebGL allows specification of

• the color space that its drawing buffer is
• the color space that content should be converted to when importing as a texture

This feature is to update our implementation to include this functionality.

Prior to this feature, both of these defaulted to sRGB. Now they can also use “display-p3”.

14. Window Management: Fullscreen Companion Window

Fullscreen Companion Window allows sites to place fullscreen content and a popup window on separate screens from a single user activation.

This is a small requested enhancement of the Window Management feature: https://chromestatus.com/feature/5252960583942144

15. Region Capture

We introduce a performant and robust API for cropping a self-capture video track. (Recall that applications may already video-capture the tab in which the application is run using getDisplayMedia(). Using our new Region Capture, such an application may now crop that track and remove some content from it; typically before sharing it remotely.)

chromium105 Features:27

1. Opaque Response Blocking (ORB, aka CORB++) v0.1

Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of “no-cors” subresources. This entry tracks v0.1 of ORB - Chrome’s first step toward full ORB implementation.

For interop web authors should check Content-Type headers of their resources and indicate multimedia content when needed (e.g. audio/*, application/dash+xml, etc).

2. ‘blocking=rendering’ attribute on scripts and style sheets

Allows putting ‘blocking=render’ as an attribute and value to a <script>, <style> or stylesheet <link> to make it explicitly render-blocking. The main usage is to avoid a flash of unstyled content or user interactions with an unmature page caused by, e.g., script-inserted scripts/stylesheets, client-side A/B testing and etc.

3. :has() pseudo class

The :has() pseudo class is a selector that specifies an element which has at least one element that matches the relative selector passed as an argument.

4. Add onbeforeinput global event handler content attribute

The ‘beforeinput’ event fires when the value of an <input>, <textarea>, or contenteditable element is about to be modified.

Add an ‘onbeforeinput’ global content attribute to make it easier for developers to use.

5. CSS :modal Pseudo Class

A pseudo class selector to style dialog element.

The :modal pseudo-class represents an element which is in a state that excludes all interaction with elements outside it until it has been dismissed.

6. Container Queries

Container Queries allow authors to style elements according to the size of a container element.

It’s similar to a @media query, except it evaluates against the size of a container instead of the size of the viewport.

7. Custom Highlight API

The custom highlight API provides a way for web developers to style the text of arbitrary ranges. This is useful in a variety of scenarios, including editing frameworks that wish to implement their own selection, find-on-page over virtualized documents, multiple selections to represent online collaboration, or spellchecking frameworks.

8. Default SVG cursor size set from OS settings

Platform cursor size used as default for custom SVG cursors if no specified size. SVG cursors can scale based on the platform accessibility/cursor settings. This can be overridden if the cursor has any specified dimensions. This feature is initially available on Windows only.

9. DisplayMediaStreamConstraints.systemAudio

Hint indicating to the user agent whether the application, upon calling getDisplayMedia() with {systemAudio: true}, wishes system audio to be offered to the user. (If not - only offer tab-audio.)

10. Element.checkVisibility method

Element.checkVisibility() returns true if the element is visible, and false if it is not. It checks a variety of factors that would make an element invisible, including display:none, visibility, content-visibility, and opacity.

11. Expose TransformStreamDefaultController

This exposes the TransformStreamDefaultController class on the global scope.

This class already exists and can be accessed using code such as

let TransformStreamDefaultController;
new TransformStream({ start© { TransformStreamDefaultController = c.constructor; } });

This change makes such code unnecessary as now TransformStreamDefaultController just exists on the global scope.

12. Prerender2 for Desktop

To achieve parity among the all supporting platforms, we are implementing Prerender2 for Desktop (as an addition to Android).

We are going to ship same-origin prerendering triggered by the speculation rules API and Omnibox (same as current triggers for Android).

See also [1] Same-origin prerendering triggered by the speculation rules API

[1] https://chromestatus.com/feature/5355965538893824

13. Prevent overscroll for fixed elements.

When a user overscrolls, all elements on the page (including fixed elements) move in response to the overscroll. This feature prevents fixed elements from moving during overscroll.

features=FixedElementsDontOverscroll
Spec discussion: https://github.com/w3c/csswg-drafts/issues/6299

14. Response.json()

Improves ergonomics for creating JSON Response objects. The Response constructor allows for creating the body of the response from many types, however it is not possible to directly create a JSON object. The Response.json() static method fills this gap. It returns a Response object with a body consisting the first argument serialized as JSON. The second argument is a ResponseInit option bag as with the Response constructor.

15. Same-origin prerendering triggered by the speculation rules API

Prerendering loads a web page before it is needed, so that when the actual navigation to that page occurs, it can be shown instantly.

16. Syntax changes to markup based Client Hints delegation

There is existing HTML syntax to delegate client hints to third-party content which requires client information lost by user agent reduction. Example:
<meta name="accept-ch" value="sec-ch-dpr=(https://foo.bar https://baz.qux), sec-ch-width=(https://foo.bar)">

We shipped this syntax in M100 and got belated developer feedback that it’s confusing. We reached the conclusion it’s not too late to change course due to low adoption so far.

This intent proposes a replacement syntax with the same feature set. Example:
<meta http-equiv="delegate-ch" value="sec-ch-dpr https://foo.bar https://baz.qux; sec-ch-width https://foo.bar">

This proposal also removes the older syntax introduced in M100.

17. Viewport-height client hint

Currently, Responsive Image Client Hints provide a way for origins to obtain the viewport’s width. However, no such attribute exists for viewport height. We’ve observed that to optimize the loading of content that appears in viewport, it is essential for the origins to adapt HTML response based on viewport height.

18. Window Controls Overlay for Installed Desktop Web Apps

When the window controls overlay is enabled for installed desktop web apps, the app’s client area is extended to cover the entire window–including the title bar area–and the window control buttons (close, maximize/restore, minimize) are overlaid on top of the client area. The web app developer is responsible for drawing and input-handling for the entire window except for the window controls overlay.

19. Window Management: Accurate Screen Labels

Enhances screen label strings provided by the Window Management API: <https://chromestatus.com/feature/5252960583942144>

This launch refines the ScreenDetailed.label implementation by replacing the current placeholder values (e.g. ‘External Display 1’) with data sourced from display device EDIDs (e.g. ‘HP Z27n’) and higher-level OS APIs (e.g. localized descriptions such as ‘Built-in Retina Display’). These more accurate labels match those shown by OSes in display settings UI surfaces. The labels are only exposed to sites which have been granted the window-management permission by the user.

This revised implementation aligns with the current attribute specification <https://w3c.github.io/window-management/#screen-label> and definitions used for the M93-M96 Origin Trial and the M100 API launch. There is no structural change to the API, only a change in the string content returned by the ScreenDetailed.label attribute.

20. Worklet loading is reported to Resource Timing

When a worklet module is fetched, e.g. via CSS.paintWorklet.addModule(), the fetched resource is now available in resource timing and in PerformanceObservers.

window.performance.getEntries() or window.performance.getEntriesByType(“resource”) would also show worklet resources, which were not present there before despite being loaded.

21. Writable directory prompts for the File System Access API

Allow returning a directory with both read and write permissions in a single prompt for the File System Access API.

Currently showDirectoryPicker() always returns a read-only directory (after showing a read access prompt), requiring a second prompt to get write access. This double-prompt is a poor user experience and contributes to confusion and permission fatigue among users.

Adds an optional “mode” option to DirectoryPickerOptions which can be specified as either “read” or “readwrite”.

22. import.meta.resolve()

import.meta.resolve(specifier) returns the URL to which the given specifier would resolve in the context of the current script. That is, it returns the URL that would be imported if you did import(specifier).

23. navigateEvent.intercept()

intercept() works very similarly to the existing navigateEvent.transitionWhile() method, except that instead of taking a mandatory Promise, it takes an optional handler function.

We will send a separate Intent to Deprecate and Remove for navigateEvent.transitionWhile().

24. navigateEvent.scroll()

scroll() works very similarly to the existing restoreScroll() except that it can be called when the navigation is not a traversal. It also allows manually performing the scroll even when not in manual scroll mode.

25. CSS default keyword is disallowed in custom identifiers

The CSS keyword ‘default’ is not allowed within CSS custom identifiers, which are used for many types of user-defined names in CSS (for example, names created by @keyframes rules, counters, @container names, custom layout or paint names). This adds ‘default’ to the list of names that are reserved from being used in custom identifiers, which already reserve ‘inherit’, ‘initial’, ‘unset’, ‘revert’, and ‘revert-layer’.

26. Gesture Scroll DOM events

Gesture Scroll DOM events, namely “gesturescrollstart”, “gesturescrollupdate” and “gesturescrollend” are non-standard APIs, which were added to Blink for use in plugins, but it appears they were also exposed to the web unintentionally. Plugins are no longer web-exposed since the deprecation of Google Native Client (NaCl).

WebKit Bug: https://bugs.webkit.org/show_bug.cgi?id=92281
Changelog: https://bugs.webkit.org/attachment.cgi?id=155046&action=prettypatch

27. fetch() upload streaming

Fetch upload streaming lets web developers make a fetch with a ReadableStream body. Fetch provides a generic definition of Request and Response objects (and other things involved with network requests).

chromium106 Features:9

1. CSS ‘ic’ Length Unit

Support for expressing CSS lengths relative to the used advance measure of the CJK water ideograph.

2. Deprecate Persistent Quota

We plan to deprecate support of the window.PERSISTENT quota type in requestFileSystem().

3. Enforce CORS in subresource SignedExchange prefetching

Changes the request mode and credentials mode of prefetch requests used in Subresource prefetching+loading via Signed HTTP Exchange (https://chromestatus.com/feature/5126805474246656).

Currently SignedExchange subresource prefetches (triggered by Link: rel=“alternate”) are requested with “no-cors” mode. After this change, SignedExchange subresource prefetches will be requested with “cors” mode and “same-origin” credentials mode.

This means, subresource SignedExchanges prefetched from cross-origin must have an appropriate Access-Control-Allow-Origin response header.

4. Intl.NumberFormat v3 API

Intl.NumberFormat v3 API is a new TC39 ECMA402 stage 3 proposal extend the pre-existing Intl.NumberFormat, with the following new features:

1. Add 3 new functions to format range of number:
   formatRange / formatRangeToParts / selectRange

2. Grouping Enum

3. New Rounding/Precision Options

4. Rounding Priority

5. Interpret Strings as Decimals

6. Rounding Modes

7. Sign Display Negative
   https://github.com/tc39/proposal-intl-numberformat-v3

8. SerialPort BYOB reader support

Updates the underlying data source for the ReadableStream provided by a SerialPort to be a readable byte stream. This change is backwards-compatible with existing code that calls port.readable.getReader() with no parameters. Developers can detect support for BYOB readers by calling getReader({ mode: ‘byob’ }) as older implementations will throw a TypeError when the new parameter is passed.

BYOB (or, “bring your own buffer”) readers allow the developer to specify the buffer into which data is read instead of the stream allocating a new buffer for each chunk. In addition to potentially reducing memory pressure this allows the developer to control how much data is received as the stream cannot return more than there is space for in the provided buffer. The ability to read a particular amount of data from a port makes this API more familiar to developers used to programming against the Windows and POSIX APIs for serial devices, which operate on this same “bring your own buffer” principle.

6. Unprefix -webkit-hyphenate-character CSS property

This change supports unprefixed hyphenate-character, not only -webkit-hyphenate-character.

According to the csswg discussion, https://github.com/w3c/csswg-drafts/issues/6887, hyphenate-character css property is stable enough to ship.

7. WebCodecs dequeue event

This feature tracks adding a single event named “dequeue” to the audio and video encoder and decoder interfaces (e.g. AudioDecoder.ondequeue).

Authors may initially queue up encoding or decoding work by calling encode() or decode() respectively. The new “dequeue” event is fired to indicate when the underlying codec has ingested some/all of the queued work. The decrease in the queue size is already reflected by a lower value of encoder.encodeQueueSize and decoder.decodeQueueSize attributes. The new event eliminates the need for authors to setTimeout() poll to determine when the queue has decreased (i.e. when they should queue up more work).

See mentions of “dequeue” in the WebCodecs specification
https://w3c.github.io/webcodecs/#audiodecoder-event-summary

8. forced-color-adjust: preserve-parent-color

Adds the ‘preserve-parent-color’ value to the ‘forced-color-adjust’ CSS property.

When Forced Colors Mode is enabled, the ‘color’ property is inherited, and we’ve set ‘forced-color-adjust: preserve-parent-color’, the ‘color’ property will compute to the used value of its parent. Otherwise, ‘forced-color-adjust: preserve-parent-color’ value behaves the same as ‘forced-color-adjust: none’.

9. Deprecate non-ASCII characters in cookie domain attributes

To align with the latest specification in RFC 6265bis, Chromium will reject cookies with a “Domain” attribute that contains a non-ASCII character (e.g. Domain=éxample.com).

chromium107 Features:12

1. Align Timers (including DOM timers) at 125 Hz

Run all timers (with a few exceptions) with a non-zero delay on a regular 8ms aligned wake up (125 Hz), instead of as soon as their delay has passed.

This affect DOM timers; On foreground pages, run DOM timers with a non-zero delay on a regular 8ms aligned wake up, instead of as soon as their delay has passed.
On background pages, DOM timers already run on a regular 1s aligned wake up (1 Hz), or even less frequently after 5 minutes.

2. User-Agent Reduction Phase 5

As previously detailed in https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html, we intend to proceed with Phase 5 of the User-Agent Reduction plan.

The <platform> and <oscpu> tokens (i.e., parts of the User-Agent string) are reduced to the relevant <unifiedPlatform> token values, and will no longer be updated.

Additionally, the values for navigator.platform are frozen on desktop platforms (see https://www.chromium.org/updates/ua-reduction/#reduced-navigatorplatform-values-for-all-versions).

This is phase 5 of the User-Agent reduction plan as described in https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html.

For use cases requiring high-entropy OS version, CPU architecture, bitness or Wow64-ness, developers are encouraged to request that via the User Agent Client Hints API, in particular the Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, and Sec-CH-UA-Bitness client hints.

3. CSS grid-template properties interpolation

In CSS Grid, the grid-template-columns and grid-template-rows properties allow developers to define line names and track sizing of grid columns and rows, respectively. Supporting interpolation for these properties will allow grid layouts to smoothly transition between states, instead of snapping at the halfway point of an animation or transition.

Web developers can use this functionality to achieve specific interactive effects.

4. DisplayMediaStreamConstraints.selfBrowserSurface

Hint allowing Web applications to instruct the browser whether, upon calling getDisplayMedia(), the current tab should be excluded from the list of tabs offered to the user.

5. DisplayMediaStreamConstraints.surfaceSwitching

Adds an option to programmatically control whether Chrome shows a button for switching tabs while screen-shared. This option will be passed to navigator.mediaDevices.getDisplayMedia().

6. Enable HEVC hardware decoding.

Enables support for decoding HEVC video on platforms where hardware (e.g., GPU, media accelerator, etc) for decoding HEVC is available (Android 5.0+, macOS 11+, with supported hardware on Windows 8+ and ChromeOS).

7. MediaTrackConstraintSet.displaySurface

When getDisplayMedia() is called, the browser offers the user a choice of display surfaces: tabs, windows, or monitors. Using the displaySurface constraint, the Web application may now hint to the browser if it prefers that a certain surface type be more prominently offered to the user.

8. Render blocking status in Resource Timing

Adds a field to PerfomanceResourceTiming to indicate the render blocking status of a resource. Currently from a developer perspective, the only way to determine which resources were actually render blocking is to rely on complex heurestics. The new field would instead provide a direct signal regarding the same.

9. URLPattern ignoreCase

Many client-side JavaScript frameworks currently use case insensitive URL matching. URLPattern, however, follows URL semantics and treats many parts of the URL as case sensitive.

This feature adds an ignoreCase option to the URLPattern that switches all matching operations to case insensitive for that given pattern.

10. WebXR Raw Camera Access

Allows applications authored against the WebXR Device API to access pose-synchronized camera image textures from within WebXR sessions.

11. form rel attribute

This feature adds the “rel” attribute to form elements, which makes it possible to prevent window.opener from being present on websites navigated to by form elements which have rel=noopener and prevents the referer header from being sent with rel=noreferrer.

12. Expect-CT

Expect-CT is an HTTP header that allowed websites to opt in to Certificate Transparency enforcement before it was enforced by default. It also has reporting functionality to help developers discover CT misconfigurations.

chromium108 Features:19

1. Web Authentication Conditional UI

A new mode for WebAuthn that displays a credential selection UI only if the user has a discoverable credential registered with the Relying Party on their authenticator. The credential is displayed alongside autofilled passwords. This solves the bootstrapping problem when replacing traditional username and password with WebAuthn: websites can fire a WebAuthn call while showing a regular password prompt without worrying about showing a modal dialog error if the device lacks appropriate credentials.

2. Android OSK resizes visual viewport by default + <meta> opt-out

The Android On-Screen Keyboard resizes the visual viewport by default rather than the initial containing block. Authors can opt out of this using the new “interactive-widget” meta-viewport key.

3. CSS Overflow for replaced elements

This change allows developers to use the existing overflow property with replaced elements that paint outside the content-box. Paired with object-view-box this can be used to create an image with a custom glow or shadow applied, with proper ink-overflow behavior like a CSS shadow would have.

4. CSS Values and Units Module Level 4: Small/Large/Dynamic/Logical viewport units

Support for sv* units, lv* units, dv* units and the logical vi/vb units.

5. Deprecate and remove window.defaultStatus and window.defaultstatus

These two APIs originally were used to modify/control the “status bar” text at the bottom of browser windows. However, they have never had any actual effect on Chrome’s status bar, and they are not standardized attributes. Gecko has not supported these attributes since version 23; WebKit still supports these attributes.

The related window.status attribute is standardized, but also must never have an impact on the window status bar (https://html.spec.whatwg.org/multipage/window-object.html#dom-window-status). The window.status attribute is not being modified with this launch.

6. Last Baseline Item Alignment

This feature allows developers to align items within either flex or grid layout by their last baseline, instead of their first.

This is done via the following properties:
align-items: last baseline; /* flex/grid container /
justify-items: last baseline; / grid container /
align-self: last baseline; / flex/grid item /
justify-self: last baseline; / grid item */

7. LayoutNG printing

Support printing with LayoutNG, so that we no longer have to print using the legacy engine. Apart from getting the modern and more bugfree LayoutNG experience, this also adds support for the ‘avoid’ value to the break-before / break-after properties, since that’s part of the core LayoutNG block fragmentation implementation that has already shipped (everywhere but printing).

This means that we finally use LayoutNG everywhere, and we can soon start removing the legacy engine.

8. MSE in Workers

Enable Media Source Extensions (MSE) API usage from DedicatedWorker contexts to enable improved performance of buffering media for playback by an HTMLMediaElement on the main Window context. By creating a MediaSource object on a DedicatedWorker context, an application may then obtain a MediaSourceHandle from it and transfer that handle to the main thread for use in attaching to an HTMLMediaElement. The context that created the MediaSource object may then use it to buffer media.

9. Sec-CH-Prefers-Reduced-Motion User Preference Media Features Client Hints Header

User Preference Media Features Client Hints Header defines a set of HTTP Client Hints headers around user preference media features as defined by Media Queries Level 5. If used as Critical Client Hints, these headers allow servers to make smart choices regarding, e.g., CSS inlining.

Sec-CH-Prefers-Reduced-Motion reflects the user’s prefers-reduced-motion preference.

10. Sync methods for SyncAccessHandle in File System Access API

Updates asynchronous methods (flush(), getSize(), truncate()) in SyncAccessHandle in File System Access API to synchronous methods. SyncAccessHandle currently has a mix of sync and async methods, hindering the performance and the usability, especially for applications porting c/c++ to Wasm. This update will bring consistency in the API usage and improve the performance for Wasm-based libraries.

11. Variable COLRv1

COLRv1 color vector fonts have been released in Chrome 98 https://developer.chrome.com/blog/colrv1-fonts/ but this initial release supported only static functionality of the COLRv1 table. The COLRv1 specification defines integration with OpenType Variations which allows modifying font properties of gradients and transforms by means of changing variable axis parameters. This second step brings support for such variations to COLRv1.

12. Wildcards in Permissions Policy Origins

This feature will add support for wildcard in permissions policy structured like SCHEME://.HOST:PORT (e.g., https://.foo.com/) where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., https://foo.com/). This requires that HOST is at least eTLD+1 (a registrable domain). This means that https://.bar.foo.com/ works but https://.com/ won’t (if you want to allow all domains to use the feature, you should just delegate to ). Wildcards in the scheme and port section will be unsupported and https://.foo.com/ does not delegate to https://foo.com/.

Before, a permissions policy might need to look like:
permissions-policy: ch-ua-platform-version=(self “https://foo.com” “https://cdn1.foo.com” “https://cdn2.foo.com”)

With this feature, it could look like:
permissions-policy: ch-ua-platform-version=(self “https://foo.com” “https://*.foo.com”)

Note that https://*.foo.com does not match https://foo.com.

13. font-tech() and font-format() condition extensions to CSS @supports

The font-tech() and font-format() are extensions to the @supports rule CSS Conditional Syntax enable declarative and programmatic access to feature detection of font stack features.

Using these conditions together with @supports allow progressive enhancement of content depending on font format support. In particular with UAs differing in support for color font formats, this is useful for including color font style rule and @font-face definitions only if the user agent supports it.

Using JS CSS.supports() calls this is also the first ergonomic way of testing for font stack capabilities on the web without UA sniffing or canvas pixel readback as in Chromacheck (https://pixelambacht.nl/chromacheck/).

This feature is closely related to the @font-face src: descriptor syntax extension which was recently discussed and LGTM’ed here: https://groups.google.com/a/chromium.org/g/blink-dev/c/_9k-Ne8FRu4 - the same font format and technology keywords are used and synchronized between these two features.

14. tech() function support in @font-face src: descriptor

CSS Fonts Level 4 provides additional means of selecting or filtering font resources. The tech() function was introduced, which allows passing in a list of font technologies that this respective font blob requires to function. Based on that, the UA will select the first suitable resource.

15. Deprecate and remove ImageDecoderInit.premultiplyAlpha.

Feature has no observable effects in primary use cases, but may constrain implementations in suboptimal ways. See https://github.com/w3c/webcodecs/issues/508 for a more detailed description.

Per consensus of WebCodecs spec editors and lack of usage (0.000000339% - 0.00000687% of page loads per use counter in M106), we propose deprecating and removing this feature starting M108.

16. Removal of navigateEvent.restoreScroll()

restoreScroll() is being replaced by navigateEvent.scroll(). scroll() works identically except that it allows the developer to control scroll timing for non-traverse navigations (i.e., scroll() works when the scroll is not a restore, hence the name change along with the behavior change).

17. Removal of navigateEvent.transitionWhile()

transitionWhile() is being replaced by navigateEvent.intercept() due to design flaws reported by developers.

intercept() behaves nearly identically to transitionWhile(), but instead of taking a mandatory Promise parameter, it takes an optional handler function that returns a Promise. This allows the browser to control when handler executes, which is later and more intuitive than what transitionWhile() required. Also, the “default” intercept() case with no handler is much shorter and simpler to write than the “default” transitionWhile() boilerplate.

18. [WebRTC] Deprecate and Remove mediaConstraint’s googIPv6

“googIPv6: false” can be used (example: new RTCPeerConnection({}, {mandatory:{googIPv6:false}})😉 to disable IPv6 support in WebRTC. IPv6 has been enabled by default for many years and we should not be able to disable it. Remove this non-standard API.

19. Federated Credentials Management (was WebID)

The Federated Credential Management API allows users to bring their federated identity to login to websites in a manner compatible with improvements to browser privacy.