Chrome’s implementation of Web Bluetooth does not have a way for websites to get a list of permitted devices. This feature adds the Bluetooth.getDevices() and BluetoothDevice.forget methods. getDevices() will return a list of BluetoothDevice objects that the current origin has been granted permission to use by the user. forget() will allow web developers to voluntarily revoke a permission to a BluetoothDevice that was granted by a user.
@property
The @property rule is an alternative way to register a custom property without JavaScript.
AVIF Image Decode
AVIF is a next generation image format standardized by the Alliance for Open Media. This feature supports adding decode support for AVIF content natively into the browser via existing AV1 decoders.
App shortcuts
Lets a web application register shortcuts for common tasks. These would typically be added to the app launcher icon (for a progressive web app) enabling the user to quickly run key tasks.
CORS: Strict ABNF based Checks on Access-Control-Allow-Headers and Access-Control-Allow-Methods headers
Chrome CORS checked Access-Control-Allow-Headers and Access-Control-Allow-Methods headers in a relaxed manner and didn’t follow the ABNF that spec defined.
After Chrome 85, CORS checks follow the standardized ABNF.
CSS Color Adjust: Remove ‘only’ and support used ‘dark’ for preferred ‘light’ for color-scheme
The color-scheme property from CSS Color Adjustment level 1 spec changed in two ways.
The ‘only’ keyword is no longer special and is treated as a as any other unknown color-scheme. The ‘only’ keyword was previously only allowed in combination with ‘light’, but had otherwise no effect in Chrome.
‘color-scheme: dark’ will have a used value of ‘dark’ even when preferred color-scheme is ‘light’. ‘color-scheme: light dark’ still has a used values based on the preferred scheme.
CSS content-visibility property
Adds a CSS property called content-visibility, which allows automatic or script management of content visibility. When hidden, the element’s contents (subtree or replaced element contents) are not drawn or hit-tested and have CSS containment applied, allowing for rendering optimizations. The ‘auto’ keyword allows for the user-agent to manage content visibility based on proximity to the viewport, whereas ‘hidden’ keyword allows full script control of content visibility.
CSS counter-set
CSS counter-set is an additional property introduced in css-lists-3 to control counters by setting an existing counter to a specified value. This builds upon other implemented counter control properties, specifically counter-reset (which creates a new counter with a specified value) and counter-increment (which increments an existing counter by a specified amount).
Cookies default to SameSite=Lax
Treat cookies as SameSite=Lax by default if no SameSite attribute is specified. Developers are still able to opt-in to the status quo of unrestricted use by explicitly asserting SameSite=None.
This feature is available as of Chrome 76 by enabling the same-site-by-default-cookies flag.
This feature will be rolled out gradually to Stable users starting July 14, 2020. See https://www.chromium.org/updates/same-site for full timeline and more details.
Event Timing API
Monitoring event latency requires an event listener. This precludes measuring event latency early in page load, and adds unnecessary performance overhead. The Event Timing API will enable web developers to measure event latency both before and after the page load.
Expose Picture-in-Picture Window in leavepictureinpicture event
Allow web developers to access pictureInPictureWindow in leavepictureinpicture event.
Feature Policy for Clipboard API
Adds a feature policy (aka permission policy) flags for the Clipboard API. The flag names will be ‘clipboard-read’ and ‘clipboard-write’, to be consistent with the Clipboard API permissions, as feature policy is now merged with permissions and renamed to permissions policy.
Get Installed Related Apps API
The Get Installed Related Apps API (navigator.getInstalledRelatedApps) provides sites access to if their corresponding related applications are installed. Sites are only allowed to use this API if the native application has an established association with the web origin.
The API was launched in Chrome 80. You can find details here: https://web.dev/get-installed-related-apps/
Interoperable Element’s scrollLeft and scrollTop in non-default writing modes
Change Chrome’s behavior such that when a scrollable element has content overflowing to the left (or to the top) then its horizontal (or vertical) scroll position will be zero at its initial position and negative when scrolled leftward (or upward).
This change only affects DOM API Element.scrollLeft(), Element.scrollTop(), Element.scroll(), Element.scrollTo() when the scrollable element has a non-default writing mode that may invert overflow directions (e.g right to left or vertical modes).
JavaScript logical assignment operators
Adds the logical assignment operators ||=, &&=, and ??= to JavaScript.
Media Feeds
Adds an API to allow a user agent to discover a media feed provided by a website. When fetched by the user agent the site will return a feed of personalized media recommendations for the user.
Named pages with page-orientation
Support the ‘page’ CSS property [1], along with named pages support (@page foobar {} selector). Also support the ‘page-orientation’ descriptor [2] for @page, with values ‘upright’ (initial value), ‘rotate-left’, or ‘rotate-right’.
Promise.any() accepts an iterable of promises and returns a promise that is fulfilled by the first given promise to be fulfilled, or rejected with an AggregateError holding the rejection reasons if all of the given promises are rejected.
AggregateError is a support class that aggregates one or more errors into a single object.
Referrer Policy: Default to strict-origin-when-cross-origin
Web developers may specify a referrer policy on their documents, which impacts the Referer header sent on outgoing requests and navigations. When no policy is specified, Chrome will now use strict-origin-when-cross-origin as the default policy, instead of no-referrer-when-downgrade. On cross-origin requests made from documents without a specified referrer policy, this reduces the Referer header to the initiating origin and retains its usefulness while mitigating the risk of leaking data.
Reject insecure SameSite=None cookies
Deprecate and remove the use of cookies with the SameSite=None attribute but without the Secure attribute. Any cookie that requests SameSite=None but is not marked Secure will be rejected.
This feature is available as of Chrome 76 by enabling the cookies-without-same-site-must-be-secure flag.
This feature will be rolled out gradually to Stable users starting July 14, 2020. See https://www.chromium.org/updates/same-site for full timeline and more details.
String.prototype.replaceAll
JavaScript now has first-class support for global substring replacement through the new String.prototype.replaceAll() method.
Subresource prefetching+loading via Signed HTTP Exchange
Adds support signed exchange subresource prefetching and loading by extending the HTTP link header.
Update fallback content’s behavior for ImageInputType and HTMLImageElement
Previously, there have been inconsistencies on the implementation of fallback content and its treatment as a replaced element for ImageInputType and HTMLImageElement. This led to interoperable issues between implementors. Examples:
Please see, https://github.com/yuzhe-han/images-fallback-content-1094763, for visual comparison.
Update the behavior of the “disabled” attribute for HTMLLinkElement
Previously, Chromium had intermittent behavior with respect to the “disabled” attribute:
would not show up in document.styleSheets.
foo.disabled=false; foo.disabled=true; would cause it to appear (and remain) in document.styleSheets.
cannot be enabled, except by disabling and re-enabling it.
When disabled, link.ownerNode was not null
The above issues are being resolved.
Web Bluetooth Write With/Without Response
Implements two APIs for writing to GATT characteristics that will allow an app to ignore a response from the device or to expect a response from the device.
The currently implemented writeValue() method will remain for backwards compatibility, but is discouraged.
WebAssembly BigInt Integration
Allow WebAssembly to import and export WebAssembly function parameters of type i64 using BigInt.
WebAuthn getPublicKeyAlgorithm and getAuthenticatorData()
Adds two accessors from the Web Authentication Level 2 spec that save sites from parsing Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) in order to use security keys.
disallow preventDefault() on TouchMoves during overscroll
Touch events sent to a page can be either blocking or non-blocking. A blocking touch event means that the page calls preventDefault() to prevent the browser from turning the touch into a scroll. TouchMove events start out blocking until the first event in a sequence isn’t preventDefaulted and causes scrolling. Chromium currently reverts the touchevent stream back to blocking so that pages can override browser default overscrolling behavior. This feature causes overscrolling to be non-blocking.
-webkit-box quirks from -webkit-line-clamp
The following display properties will no longer work when -webkit-box and -webkit-box-clamp are combined: -webkit-box-flex, -webkit-box-ordinal-group, -webkit-box-align, -webkit-box-pack, -webkit-box-direction.
Heavy Ad Intervention
Chrome will unload ad iframes that use an egregious amount of CPU or network bandwidth.
An ad will be subject to unload if it has not received a user gesture and:
Used the main thread for more than 60 seconds total
Used the main thread for more than 15 seconds in any 30 second window (50% utilization over 30 seconds)
Used more than 4 megabytes of network bandwidth to load resources
chromium86 Features:23
A well-known URL for changing passwords
Websites can set a well-known URL for changing password /.well-known/change-password to be redirected to its change password page to help users change their password quickly. Chrome leverages this URL to help users change their passwords when it detects a weak password in the user’s password storage.
Altitude/Azimuth for PointerEvents v3
Adds Altitude/Azimuth angles to PointerEvents. Adds TiltX/TiltY to Altitude/Azimuth transformation and Altitude/Azimuth to TiltX/TiltY transformation depending which pair is available from the device.
Autoupgrade Image Mixed Content
This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS. Image mixed content autoupgrades by default are targeted for M86.
Audio/Video mixed content autoupgrades are separately tracked in https://www.chromestatus.com/feature/5557268741357568
Back-forward cache on Android
Creates a cache for pages which allows for instant navigations to previously-visited pages after cross-site navigations.
CSS ::marker pseudo-element
The ::marker pseudo-element represents the automatically generated marker box of a list item.
Like ::before and ::after, ::marker is a tree-abiding pseudo-element, so it always fit within the box tree.
But unlike ::before and ::after, currently it only accepts a small subset of safe properties, because the marker box layout is mostly undefined.
Note this intent only covers ::marker, not ::before::marker nor ::after::marker (see crbug.com/1097992).
CSS Selectors 4 Pseudo-Class :focus-visible
The :focus-visible pseudo-class makes it easier for developers to create focus styles that appropriately match the user’s input modality. It is designed to help prevent a common anti-pattern where developers remove focus outlines for mouse users, and inadvertently make their sites inaccessible to keyboard users.
Change MediaSettingsRange & PhotoCapabilities interfaces to dictionaries
Aggregates and logs media settings ranges and photo capabilities in JSON.
Changing MediaSettingsRange and PhotoCapabilities interfaces to dictionaries will improve developer ergonomics by allowing web developers to easily log and aggregate exposureCompensation, exposureTime, colorTemperature, iso, brightness, contrast, saturation, sharpness, focusDistance, pan, tilt, zoom, and photo capabilities (redEyeReduction, imageHeight, imageWidth, fillLightMode).
Document-Policy header
Document Policy restricts the surface area of the web platform on a per-document basis, similar to iframe sandboxing, but more flexibly. It can do things like:
Restrict the use of poorly-performing images
Disable slow synchronous JS APIs
Configure iframe, image, or script loading styles
Restrict overall document sizes or network usage
Restrict patterns which cause page re-layout
This is just the HTTP header used to set a policy on a document, separate from any features.
Document-Policy: force-load-at-top
ForceLoadAtTop provides an opt-out for Scroll To Text (and other load-on-scroll behaviors as they are also affected by the issues raised in https://github.com/WICG/scroll-to-text-fragment/issues/76) for privacy sensitive sites, as discussed in https://github.com/WICG/scroll-to-text-fragment/issues/80. The ForceLoadAtTop feature allows sites to indicate that they should always be loaded at the top of the page, blocking any scroll-on-load behaviors including text fragments, element fragments, and
FetchEvent.handled
A FetchEvent dispatched to a service worker is in a loading pipeline, which is performance sensitive. The new FetchEvent.handled property returns a promise that resolves when a response is returned from a service worker to its client. This enables a service worker to delay tasks that can only run after responses are complete.
File System Access
This API enables developers to build powerful apps that interact with other (non-Web) apps on the user’s device via the device’s file system. After a user grants a web app access, this API allows the app to read or save changes directly to files and folders selected by the user. Beyond reading and writing files, this API provides the ability to open a directory and enumerate its contents, as well as store file and directory handles in IndexedDB to later regain access to the same content.
HTMLMediaElement.preservesPitch
Adds a property to determine whether the pitch of an audio or video element should be preserved when adjusting the playback rate.
Imperative Shadow DOM Distribution API
Web developers can specify node-to-slot assignments imperatively in Shadow DOM slotting.
Please see the spec discussion [1] and the explainer [2].
In a Window whose top Window has been hidden for 5 minutes and which is not opted out from intensive wake up throttling, a timer task with non-zero timeout can run:
on a 1-second aligned wake up if:
the timer task’s nesting level is < 5, or, -the Window is same-origin with the top Window and at least 1 minute has elapsed since the last timer task with nesting level >= 5 has run in any Window in the tree that is same-origin with the top Window
on a 1-minute aligned wake up, otherwise.
ParentNode.replaceChildren() Method
Replaces all children of the ParentNode with the passed-in nodes.
Percent-encode U+007F DELETE when parsing URLs
When parsing URLs, encode the character U+007F DELETE as “%7F”.
This improves readability, reduces spoofing risk, makes Chrome’s behavior more consistent, interoperable with other browsers and compliant with the specification.
Safelist distributed web schemes for registerProtocolHandler()
Extend the list of URL schemes that can be overridden via registerProtocolHandler() to include “cabal”, “dat”, “did”, “dweb”, “ethereum”, “hyper”, “ipfs”, “ipns”, and “ssb”.
Third-party origin trials
Origin trials can now be enabled by embedded scripts, based on tokens matching their third-party origin. Previously, it was possible for scripts to enable origin trials, but only when the token matches the origin of the containing document.
WebRTC Insertable Streams
This API enables the insertion of user-defined processing steps in the encoding and decoding of a WebRTC MediaStreamTrack.
display:inline-grid/grid/inline-flex/flex for
The FIELDSET element will support ‘inline-grid’, ‘grid’, ‘inline-flex’ and ‘flex’ keywords for CSS ‘display’ property.
document.fragmentDirective
This change moves window.location.fragmentDirective to document.fragmentDirective which seems like a more appropriate and safer place. It is a small change to the text-fragments feature in https://chromestatus.com/feature/4733392803332096.
Text-fragments introduced an empty object at window.location.fragmentDirective as a means to feature detect the newly added text-fragment capability. window.location turns out to be a bad place for this functionality, see https://crbug.com/1057795.
text/html support for async clipboard api
The async clipboard api currently does not support the text/html format. This feature adds support for copying and pasting html from the clipboard. The HTML is sanitized when it is read and written to the clipboard.
EME persistent-usage-record session
Support a new MediaKeySessionType “persistent-usage-record session”, for which the license and key(s) are not persisted and for which a record of key usage is persisted when the keys available within the session are destroyed.
chromium87 Features:18
@font-face descriptors to override font metrics
Introduces new @font-face descriptors ascent-override, descent-override and line-gap-override to override metrics of the font. This allows web authors to (i) achieve interoperable text layout across browsers and platforms, and (ii) reduce layout shifting caused by web fonts.
Atomics.waitAsync
Adds Atomics.waitAsync, the async version of Atomics.wait. Atomics.waitAsync allows programmers to wait on a SharedArrayBuffer location in the same fashion as Atomics.wait but returns a Promise instead.
Block HTTP ports 5060 and 5061
Connections to HTTP, HTTPS or FTP servers on ports 5060 or 5061 will fail.
This is a mitigation for the slipstream attack: https://samy.pl/slipstream/. It helps developers by keeping the web platform safe for users.
Connections to HTTP, HTTPS or FTP servers on ports 69, 137, 161, 1719, 1720, 1723 or 6566 will fail.
This is a mitigation for the NAT Slipstream 2.0 attack: https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/. It helps developers by keeping the web platform safe for users.
CSS flow-relative shorthand and offset properties
Ship the already implemented properties introduced by CSS Logical Properties. Specifically:
CSS2 specified the initial value for ‘quotes’ as UA dependent, but WebKit and Blink returns an invalid value (empty string) which will not round-trip. Setting it to the empty string will remove the declaration instead of setting it to the initial value. css-content-3 instead uses an ‘auto’ keyword for the default UA behavior.
Cookie Store API
The Cookie Store API exposes HTTP cookies to service workers and offers an asynchronous alternative to document.cookie.
Intl.Segmenter
Intl.Segmenter implements methods for finding the location of boundaries in text, including grapheme,word and sentence boundary analysis.
Is-Input-Pending
This API enables developers to complete their work as fast as possible if the user isn’t interacting, but respond to user input as fast as possible if input occurs.
New TextMetrics object in canvas
We intended to add attributes FontBoundingBoxAscent and fontBoundingBoxDescent to textmetrics in canvas (following spec https://html.spec.whatwg.org/multipage/canvas.html#textmetrics). This feature will help web developers to arrange text better and it has strong user support (https://crbug.com/277215).
Pan/Tilt support for Camera
This feature allows developers to pan and tilt the camera using media constraints in getUserMedia().
Range request header can be passed through a service worker if it’s not modified. This enables service workers can work with requests made by media elements such as video and audio.
Streams API: transferable streams
The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. A natural thing to do with a stream is to pass it to a web worker. This provides a fluent primitive for offloading work to another thread. Transferable streams add this capability by allowing ReadableStream, WritableStream, and TransformStream objects to be passed as arguments to postMessage().
WakeLockSentinel.released Attribute
The WakeLockSentinel object has a new attribute called released that indicates whether a sentinel has already been released. Its value is initially false, and it changes to true once a “release” event is dispatched.
cross-origin isolation
Use origin instead of site as agent cluster key for cross-origin isolated agent clusters. document.domain mutation is no-op for agents in cross-origin isolated agent clusters.
Introduce self.crossOriginIsolated returning whether the surrounding agent cluster is cross-origin isolated and the environment has the cross-origin isolated permission.
The ontransitionrun, ontransitionstart, and ontransitioncancel event handler attributes allow developers to add event listeners for ‘transitionrun’, ‘transitionstart’, and ‘transitioncancel’ events on elements, Document objects, and Window objects.
An example of how this might be used:
target.ontransitioncancel = () => { console.log(‘transition was cancelled!’); }
text-decoration-thickness, text-underline-offset and from-font keyword for text-underline-position
Implement CSS text decoration properties text-decoration-thickness and text-underline-offset.
Add support for the new from-font keyword for text-underline-position.
When from-font keywords are used, support variable font MVAR underline scaling, (tags unds and undo in the MVAR table overriding underlinePosition and underlineThickness in the OpenType post table.
-webkit-font-size-delta
Developers should use font-size to control font size.
Blink will no longer support the rarely used property -webkit-font-size-delta.
chromium88 Features:17
WebXR dynamic viewport scaling
Applications can optionally render to a subset of the WebXR viewport, using a scale factor that can be changed every animation frame.
This is intended to be more efficient than resizing the full framebuffer which requires reallocation, and the UA can supply a recommended scale factor based on internal heuristics.
Align with Gecko and spec on grouping properties
The CSS transforms level 2 spec requires that any grouping property causes the used value of transform-style to be flat. Chromium applies grouping for some of the specified grouping properties, but not all. This change tracked here will add:
clip
clip-path
mask
backdrop-filter
isolation
Anchor target=_blank implies rel=noopener by default
To mitigate “tab-napping” attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target _blank should behave as if |rel=“noopener”| is set. A page wishing to opt out of this behavior may set |rel=“opener”|.
CSS Automatic Hyphenation for Windows/Linux/ChromeOS
Blink supports manual and none values of the CSS hyphens property since M55, but auto, which enables the automatic hyphenation, is supported only on Android and Mac.
This feature enables hyphens: auto on Windows, Linux, and ChromeOS by downloading dictionary files used in Android Open Source Project.
The previous feature entry for M55 is https://www.chromestatus.com/features/5642121184804864
CSS Selectors 4 Pseudo-Classes :is(), :where()
The matches-any pseudo-class, :is(), is a functional pseudo-class taking a selector list as its argument. It represents an element that is represented by its argument.
CSS Selectors 4: Complex :not()
Allows complex selectors inside the :not() pseudo class, such as :not(.a + .b .c).
CSS aspect-ratio property
Normally, only certain replaced elements have an aspect ratio, particularly images. For them, if only one of width and height is specified, the other can be computed from it using the intrinsic aspect ratio.
This property allows explicitly specifying an aspect ratio for any other element to get similar behavior.
Don’t clear adoptedStyleSheets on adoption to/from
When adopting a shadow root into a document from a document that the is in (or vice versa), we will no longer clear its adoptedStyleSheets.
ElementInternals.shadowRoot attribute
A new attribute on ElementInternals, ‘shadowRoot’, allows custom elements to access their own ShadowRoot, regardless of open/closed status. Additionally, further restrictions are added to the attachInternals() API to ensure that custom elements get the first chance to attach the ElementInternals interface. With this change, the attachInternals() function will throw an exception if called prior to the custom element constructor being run.
Limit characters allowed in extensions in File System Access API file pickers
To improve security, the File System Access API’s showOpenFilePicker() and showSaveFilePicker() methods will limit what characters are allowed in extensions for accepted file types.
Specifically only A-Z, a-z, 0-9, + and . will be allowed, extensions can’t end in .local or .lnk, and can’t be more than 16 characters long.
Make “type” optional in WakeLock.request()
Implement https://github.com/w3c/screen-wake-lock/pull/291, which makes the “type” parameter in WakeLock.request() optional and defaulting to “screen”, which is the only allowed value at the moment.
In other words, the following two lines would do the exact same thing:
Origin-keyed agent clusters allows developers to opt in to giving up certain cross-origin same-site access capabilities — namely synchronous scripting via document.domain, and postMessage()ing WebAssembly.Module instances.
This gives the browser more flexibility in implementation technologies. In particular, in Chrome, we will use this as a hint to put the origin in its own process, subject to resource or platform limitations.
Permissions-Policy header
The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features.
RTCRtpTransceiver.stop()
Transceivers allow the sending and/or receiving of media in WebRTC. Stopping a transceiver makes it permanently inactive.
Shared Array Buffers (SABs) on Android
Adds the JavaScript type SharedArrayBuffer to Android gated behind COOP/COEP. The concept of a SharedArrayBuffer is that a message to a worker, is posted but instead of copying the content of the array just a reference to it is shared, so that all have the same view on the shared chunk of data in the memory.
This feature is only targeting Android - https://www.chromestatus.com/feature/4570991992766464 handles all other platforms
path() support in clip-path CSS property
So far clip-path only supported other basic shapes (circle, ellipse, polygon, url). This adds support for path() as a value as specified in https://drafts.csswg.org/css-shapes-1/#funcdef-path, for example:
clip-path: path(oddeven, ‘M 5 5 h 100 v 100 Z’) would clip the element with a triangle.
Flash Player Support
Remove support for Flash Player from Chromium in alignment with Adobe’s planned end of life on January 12th, 2021.
chromium89 Features:30
Element Reflection
This feature allows for ARIA relationship attributes to be reflected in IDL as element references rather than DOMStrings.
‘disclosure-open’ and ‘disclosure-closed’ keywords for CSS list-style-type property
CSS property ‘list-style-type’ supports two new keywords ‘disclosure-open’ and ‘disclosure-closed’.
In an element with display:list-item, ‘disclosure-open’ shows a symbol indicating a widget like is opened. ‘disclosure-closed’ shows a symbol indicating a widget like is closed.
They will be used for the default style of in the user-agent stylesheet.
‘display: list-item’ by default for
The default value of CSS ‘display’ property for is changed to ‘list-item’ from ‘block’.
We also support ‘::marker’ pseudo element selector for , and remove ‘::-webkit-details-marker’ pseudo element selector.
Before this change, developers did the following in order to hide the details marker:
Add support for encoding CBR audio files with MediaRecorder.
Adds support for hard constant bitrate (CBR) mode of the Opus encoder when CBR mode is used for MediaRecorder. Without this change it is impossible to encode compressed constant bitrate audio files with the MediaRecorder.
This implements a spec change allowing either constant bitrate (CBR) or variable bitrate (VBR) encoding on the MediaRecorderOptions object passed to the MediaRecorder constructor. Previously VBR was assumed when using anything other than uncompressed PCM.
CSS ::target-text pseudo-element
A highlight pseudo element to allow authors to style scroll-to-text fragments different from the default UA highlighting.
CSS flow-relative Corner Rounding properties
Support the flow-relative Corner Rounding properties following CSS Logical Properties and Values spec. Specifically, the following logical properties are included: border-start-start-radius, border-start-end-radius, border-end-start-radius, and border-end-end-radius.
The flow-relative Corner Rounding properties (border-*-radius) will allow to set top-left, bottom-left, top-right and bottom-right box corners with logical mappings rather than physical properties.
Cross-origin opener policy reporting API
Adds a reporting API to help developers deploy cross-origin opener policy.
Expose ReadableStreamDefaultController interface
The Streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. We will expose the ReadableStreamDefaultController interface on the global object, as with the other ReadableStream-related classes. This will align Blink with the current version of the Streams API Standard and consensus among the developer community. See https://github.com/whatwg/streams/issues/963.
Forced colors mode
Adds the ‘forced-colors’ media feature, which is used to detect if the user agent has enabled a forced colors mode where it enforces a user-chosen limited color palette on the page.
Adds the ‘forced-color-adjust’ property, which allows authors to opt particular elements out of forced colors mode, restoring full control over the colors to CSS.
Import maps
Import maps allows control over what URLs get fetched by JavaScript import statements and import() expressions.
Schemeful same-site
Modifies the definition of same-site for cookies such that requests on the same registrable domain but across schemes are considered cross-site instead of same-site. E.g., http:// site.example and https:// site.example (note: a space was added between the scheme and the domain to prevent automatic link conversion) will now be considered cross-site to each other.
Releasing to Stable, as part of a gradual rollout, starting in M88.
Sec-CH-UA Client Hints
The set of Sec-CH-UA-* client hints aims to deprecate and replace the User-Agent header in order to reduce the passive fingerprinting surface we expose via HTTP requests.
Stop cloning sessionStorage for windows opened with noopener
When a window is opened with noopener, Chrome should not clone the sessionStorage of its opener; it should instead start from an empty sessionStorage namespace.
Streams API: Byte Streams
The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. For streams representing bytes, an extended version of the readable stream is provided to handle bytes efficiently, in particular by minimizing copies.
Support for full ‘filter’ property syntax on SVG elements
Allows the full syntax of the ‘filter’ property to be used on SVG elements which previously only supported single url(…) references. This allows filter functions such as blur(…), sepia(…) and grayscale(…) to apply to SVG elements as well as non-SVG elements. It makes the platform support for ‘filter’ more uniform and allows for easier application of some “canned” effects.
Top-level await
Allow the await keyword at the top-level within JavaScript modules.
Web NFC
Web NFC aims to provide sites the ability to read and write to NFC tags when they are brought in close proximity to the user’s device (usually 5-10 cm, 2-4 inches). The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported within the current scope.
Web Serial API
The Serial API provides an interface for connecting to serial devices, either through a serial port on the user’s system or removable USB and Bluetooth devices that emulate a serial port. This API has been requested by the hardware developer community, especially developers building educational tools, as a companion to the WebUSB API because operating systems require applications to communicate with USB-based serial ports using their higher-level serial API rather than the low-level USB API.
Web Share API
Web Share is an API for sharing data (text, URLs, images) from the web to an app of the user’s choosing.
Web Share API Level 2
Web Share API Level 2 allows sharing of files from the web to an app of the user’s choosing.
The API enables web developers to build share buttons that display the same system share dialog boxes used by native applications. Level 1 enabled system share dialogs; however only text and urls could previously be shared.
Web Share Target
Web Share Target allows websites to receive shared data (text, URLs, images) and register to be choosable by the user as targets from sharing contexts, including (but not limited to) Web Share.
Web Share Target Level 2
Installed web applications can now receive file shares, e.g. images. Using the manifest, the web application can declare which MIME types and/or file extensions it accepts.
Previously, mobile platforms allowed files to be shared to native applications, but not web applications.
WebAuthentication API: ResidentKeyRequirement and credProps extension
Adds support for the AuthenticatorSelectionCriteria.residentKey property to specify during Web Authentication API (WebAuthn) credential registration whether a client-side discoverable credential should be created. Also adds support for the WebAuthn “credProps” extension, which indicates to the Relying Party whether a created credential is client-side discoverable.
WebHID (Human Interface Device)
Enables web applications to interact with human interface devices (HIDs) other than the standard supported devices (mice, keyboards, touchscreens, and gamepads). However, there are many other HID devices that are currently inaccessible to the web. This API allows web applications to request access to these devices, send and receive HID reports, and retrieve information about the report descriptor.
navigator.webdriver === false when automation is not enabled.
Prior to this change, Chromium only exposed navigator.webdriver when the browser was being automated. However, other browsers expose it unconditionally per the spec (https://w3c.github.io/webdriver/#interface), with the value false in case the browser is not being automated.
We propose changing Chromium to align with other browsers and the spec. This is a potentially breaking change since web pages could in theory rely on the old navigator.webdriver === undefined behavior.
display_override
Adds a new advanced field to the web manifest, “display_override”, where a developer with special requirements can specify an explicit display fallback chain they would like applied.
Here’s an example of a website that wants “minimal-ui” to fall back to “standalone”. { “display”: “standalone”, “display_override”: [“minimal-ui”], }
Note: This API is only intended to be used for advanced use cases & display modes only. Most developers will only need to use the “display” property.
performance.measureUserAgentSpecificMemory()
The feature adds a performance.measureUserAgentSpecificMemory() function that estimates the memory usage of the web page. The website needs to be cross-origin isolated to use the API.
Comma separator in iframe allow attribute
This deprecation removes the ability to use “,” as a separator between items in a permissions policy declaration (feature policy declaration) in an iframe tag.
Developers should switch to “;” as the correct separator.
Remove prefixed events for
Remove legacy prefixed events (webkitprerenderstart, webkitprerenderstop, webkitprerenderload, and webkitprerenderdomcontentloaded) dispatched on .
These were introduced for internal use and not upstreamed to any specifications.
Federated Learning of Cohorts
The FLoC API would enable ad-targeting based on the user’s general browsing interest, without the websites knowing their exact browsing history. In today’s web, people’s interests are typically inferred based on observing what sites or pages they visit, which relies on tracking techniques like third-party cookies. User privacy could be better protected if this can be accomplished without needing to collect a particular individual’s exact browsing history.
OT targeted to start end of March.
chromium90 Features:20
AV1 Encoder
This feature ships an AV1 encoder in Chrome desktop, specifically optimized for video conferencing with WebRTC integration.
AbortSignal in addEventListener
This feature adds a new AbortSignal option, named “signal”, to the options parameter of addEventListener(). The “signal” option must first be created by an AbortController by accessing the “signal” property on an AbortController instance. Once the signal is passed in to addEventListener, calling “abort()” on the AbortController will remove the event listener added with addEventListener. For more context, see https://github.com/whatwg/dom/issues/911.
AbstractRange superclass
The bits shared between StaticRange and Range objects are put on a shared superclass named AbstractRange.
Add support for CSS properties “overflow: clip” and “overflow-clip-margin”
Adds two CSS features. The ‘clip’ value results in a box’s content being clipped to the box’s overflow clip edge. In addition, no scrolling interface is provided, and the content can not be scrolled by the user or programmatically.
The overflow-clip-margin property enables specifying how far outside the bounds an element is allowed to paint before being clipped.
Block HTTP port 554
Connections to HTTP, HTTPS or FTP servers on port 554 will fail.
This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.
Chrome briefly blocked port 554 before, but it was unblocked due to complaints from enterprise users. However, we have now achieved rough consensus at https://github.com/whatwg/fetch/pull/1148 to block 554.
CSS aspect-ratio interpolation
The aspect-ratio property allows automatically computing the other dimension if only one of width and height is specified on any element. This property was originally launched as non-interpolable (meaning that it would snap to the target value) when animated.
This feature provides smooth interpolation from one aspect ratio to another.
Custom state pseudo class
The feature lets custom elements expose their states via the :state() CSS pseudo class.
Declarative Shadow DOM
A declarative API to allow the creation of #shadowroot’s using only HTML and no Javascript.
Blog post: https://web.dev/declarative-shadow-dom/
Protect application/x-protobuffer via Cross-Origin-Read-Blocking
Protect application/x-protobuffer from speculative execution attacks by adding it to the list of never sniffed MIME types used by Cross-Origin-Read-Blocking.
application/x-protobuf is already protected as a never sniffed mime type. application/x-protobuffer is another commonly used MIME type that is defined as an “ALT_CONTENT_TYPE” by the protobuf library.
See the original Intent to Implement and Ship notice for CORB here:
This proposal adds a new .indices property to the result array object returned by RegExp.prototype.exec and String.prototype.match. This property is an indices array containing a pair of start and end indices for each captured substring.
As producing this array is expensive, the .indices property is only present when the /d flag is passed.
Seeking past the end of a file in the File System Access API
Rather than rejecting when trying to write past the end of a file, require extending a file with some number of 0x00 (NUL) bytes instead.
This enables creating sparse files and greatly simplifies saving content to a file when the data to be written is received out of order.
StaticRange constructor
Currently, Range is the only constructible range type available to web authors. However, Range objects are “live” and maintaining them can be expensive. For every tree change, all affected Range objects need to be updated. StaticRange objects are not live and represent a lightweight range type that is not subject to the same maintenance cost as Range. By making StaticRange constructible, we will allow web authors to use them for ranges that do not need to be updated on every DOM tree change.
Support specifying width/height on elements for
This feature allows specifying a width and height on elements that are used in , which allows the image to compute an aspect ratio from these attributes, e.g.:
In this example, the width of the image will adjust to the size of its container and the height will follow the aspect ratio, even before the image is loaded (avoiding a content shift).
URL protocol setter: New restrictions for file URLs
Aligns behavior with the standard in edge cases when changing the URL protocol to or from “file”.
Previously, attempting to change the protocol of a URL with credentials or a port to “file” would lead to an invalid URL. Similarly, attempting to change a URL with no host from “file” to “http” would lead to an invalid URL. Now the invalid change will be ignored for consistency with other browsers.
This affects the “protocol” attribute on the URL API, location, and and elements.
Use :focus-visible in the default UA style sheet
Change the Chromium default UA style sheet to use :focus-visible instead of :focus pseudo-class to paint the focus indicator (outline).
This will avoid that elements show a focus indicator (because they’re focused and match :focus) while they don’t match :focus-visible.
WebAudio: OscillatorOptions.periodicWave is not nullable
It is no longer possible to set the periodicWave member of OscillatorOptions to null.
The WebAudio spec doesn’t allow this, so we’re aligning Chrome with the spec and also Firefox, which has implemented this correctly for 4 years.
WebXR AR Lighting Estimation
Allows sites to query for estimates of the environmental lighting conditions within WebXr sessions. This exposes both spherical harmonics representing the ambient lighting, as well as a cubemap texture representing “reflections”.
WebXR Depth API
The Depth API is an extension to WebXR Device API that allows applications access to depth buffer information that conveys information about the user’s environment, with primary focus on Augmented Reality scenarios.
The directive ‘plugin-types’ allows developer to restrict which types of plugin can be loaded via or html elements. The main point was to allow developer to block Flash in their pages. But Flash support has been discontinued, so there is not much point in this anymore.
Remove WebRTC RTP data channels
Removes support for the non-standard RTP data channels in WebRTC. Users should use the standard SCTP-based data channels instead.
chromium91 Features:19
Managed configuration for Web Applications
This new API will help clients who are still using Chrome Apps to migrate to the Web, by using a simliar API to chrome.storage.managed Extensions API.
Block HTTP port 10080
Connections to HTTP, HTTPS or FTP servers on port 10080 will fail.
This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.
CSS custom counter styles
The CSS @counter-style rule allows web authors to specify and use custom counter styles in list markers and CSS counters. This helps web internationalization.
Class static initializer blocks
The classic static block proposal adds the ability for JavaScript classes to have one or more static initialization blocks. These blocks are initialized once per evaluation of the class definition.
class C {
static s_field;
static {
this.s_field = doSomeInitialization();
}
}
Clipboard: read-only files support
This proposes to expose read-only files on the clipboard to renderers using a similar approach to drag-and drop.
Renderers will have access to read files from the clipboard, but not write files to the clipboard. For files on the clipboard, renderers will have read-only access.
async function onPaste(e) { let file = e.clipboardData.files[0]; let contents = await file.text(); }
Disable Double Tap to Zoom when mobile viewport is set
Disables Double Tap to Zoom (DTZ) when meta viewport tag is set to optimize the web page for mobile devices. In some situations Chrome enables DTZ even if the meta viewport tag is specified correctly which is unexpected to web developers. Having DTZ enabled introduces a 300ms delay between touchend and click events which degrades the user experience on mobile devices.DTZ should be disabled in all cases when a proper meta viewport tag is specified.
ES Modules for service workers (‘module’ type option)
JavaScript will support modules in service workers. Setting ‘module’ type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available on worker contexts.
Ergonomic brand checks for private fields
This JavaScript feature adds the capability for testing the existence of a private field in an object: “#foo in obj”
Expose the GravitySensor API, which provides a 3-axis reading of the gravity force, to users.
Honor media HTML attribute for link icon
The link element’s “media” attribute will be honored for link[rel=“icon”] so that web developers can define multiple equally appropriate icons based on a media query (dark and light modes for instance). The last one that matches will be picked.
Browsers don’t currently honor the media attribute for link[rel=“icon”] even though the HTML specification says they should.
Import Assertions
Import Assertions are an inline syntax for module import statements to pass on more information alongside the module specifier. The syntax is as follows (shown here is the proposed method for importing a JSON module):
import json from “./foo.json” assert { type: “json” };
JSON Modules
JSON modules allow statically importing JSON instead of consuming JSON dynamically through fetch(). JSON modules, like JavaSCript modules, are fetched using “cors” mode and strict MIME type checking. They also share the same module import syntax, for example: import data from "./resource.json”.
Run PWA on OS Login
Provides a mechanism to allow users to configure a Progressive Web Application (PWA) to be launched automatically when a user logs in to the operating system.
Suggested file name and location for the File System Access API
When initially shipping the File System Access API we shipped a bare minimum API surface for showing file and directory pickers. We’re now proposing adding a couple of frequently requested (and commonly supported in other file picker APIs) options to let websites provide a couple more opportunities to influence the behavior of the file and directory pickers. In particular we want to let websites give suggestions for the name and location of files and directories that are being saved or loaded.
WebAssembly SIMD
WebAssembly SIMD will expose hardware SIMD instructions to WebAssembly applications in a platform-independent way. The SIMD proposal introduces a new 128-bit value type that can be used to represent different types of packed data, and several vector operations that operate on packed data.
SIMD can boost performance by exploiting data level parallelism and is also useful when compiling native code to WebAssembly
WebOTP API: cross-origin iframe support
Adds support for WebOTP API calls from cross-origin iframes if enabled by a permission policy.
WebSockets over HTTP/2
Supports WebSockets over HTTP/2 in Chromium as specified in RFC 8441 https://tools.ietf.org/html/rfc8441. This is only used for secure WebSockets requests, and only when there is already an HTTP/2 connection where the server has already advertised support for WebSockets over HTTP/2 via the HTTP/2 SETTINGS parameter defined in the specification.
adaptivePtime property for RTCRtpEncodingParameters
Adds the adaptivePtime property to RTCRtpEncodingParameters(https://w3c.github.io/webrtc-pc/#rtcrtpencodingparameters). This new flag sets a sender in a real-time communication (RTC) system to enable/disable adaptive packet rate.
The webkitBeforeTextInserted and webkitEditableContentChanged JS events are Blink internal events and are non standard events. There are better replacement of these events which Browser vendors have been actively working on such as Input events(https://w3c.github.io/input-events/).
chromium92 Features:11
CSS position: sticky scroll initial position into view
For the purposes of any operation targetting the scroll position of a sticky positioned element (or one of its descendants), the sticky positioned element must be considered to be positioned at its initial (non-offsetted) position.
This was discussed in https://github.com/w3c/csswg-drafts/issues/1459.
Add dayPeriod option for Intl.DateTimeFormat
Add a dayPeriod option to Intl.DateTimeFormat() method so the caller can format times such as “7 in the morning”, “11 in the morning”, “12 noon”, “1 in the afternoon”, “6 in the evening”, “10 at night” (or in Chinese, “清晨7時”, “上午11時”, “中午12時”, “下午1時” ,“下午6時” ,“晚上10時”)
Change click, auxclick and contextmenu event types to PointerEvent
Change “click”, “contextmenu”, “auxclick” events to PointerEvent (instead of MouseEvent) to let developers: distinguish between mouse, pen and individual fingers in a multitouch interaction through pointerType and pointerId attributes, and utilize fractional event coordinates for high precision use cases.
Final specified imperative slot distribution behavior
The final imperative slot distribution API spec has been landed at [1]. There are minor changes from the initial draft [2] which was implemented in Chromium. This feature represents the changes from the draft to the final spec.
Relative indexing method for Array, String, and TypedArrays
Add a new method, named at(), to Array.prototype, String.prototype, and the TypedArray prototypes, that permit relative indexing with negative indices.
let arr = [1,2,3,4];
arr.at(-1); // Returns 4
Tainted origin flag applied to Resource Timing
Accounts for the tainted origin flag when computing whether a fetched resource passes the timing allow origin check. The Timing Allow Origin check is used in Resource Timing to determine whether the page has the right to receive detailed timing information about a resource used in the page. The tainted origin flag impacts this check in cases where there are multiple redirects that cross origins. In those cases, the header should be ‘*’, i.e. can no longer be a specific origin.
Web Bluetooth manufacturer data filter
Being able to filter based on manufacturer specific data (such as vendor ID and product ID) will enable e.g. manufacturer.example.com to configure/select only its own Bluetooth devices and present them to users, instead of showing unrelated Bluetooth devices in the browser picker.
crypto.randomUUID()
Introduces the method crypto.randomUUID() for generating RFC 4122 version 4 identifiers. The method returns the namespace specific string representation (for example, “6e4decd0-6066-4a25-98e3-0227317cda52”).
size-adjust descriptor for @font-face
The size-adjust descriptor in @font-face allows scaling of glyph sizes for a particular font face without affecting the CSS font-size and derived metrics such as em.
CSS font-size can be seen as a scale factor for a box that the font draws in. Glyph sizes within that box vary between fonts, and size-adjust enables harmonising them across different fonts. That’s why it can also help with reducing cumulative layout shift by matching up the fallback font and primary web font using this descriptor.
Payment handlers for standardized payment method identifiers.
Enables web-based payment handlers to receive “paymentrequest” events with non-URL, but standardized payment method identifiers, such as “basic-card” or “tokenized-card”.
aria-touchpassthrough
Screen readers with touch screen support typically include a “touch exploration” mode where you can tap or slowly drag around the screen and listen to feedback on what you’re touching, before it activates.
Setting aria-touchpassthrough on an HTML element indicates to a screen reader that touch events targeted at this element should be passed through directly, instead.
chromium93 Features:14
Intl BestFitMatcher by using ICU LocaleMatcher
Use the ICU LocaleMatcher to implement the BestFitMatcher of ECMA402 in v8 JavaScript engine. ECMA402 defined the BestFitMatcher abstract operation to allow browser implementation to implement a better way to match locale data. UTS35 sec “4.4 Language Matching” details a data driven algorithm to use CLDR. ICU 67.1 (launched in April 2020) comes with an improved icu::LocaleMatcher API and implementation . This document shows how we implement v8’s BestFitMatcher to use such API.
AbortSignal.abort() static method
AbortSignal.abort() is a static method that allows creating a new AbortSignal object that is already aborted. It is similar in spirit to Promise.reject(), and provides improved developer ergonomics.
Block ports 989 and 990
Connections to HTTP, HTTPS or FTP servers of ports 989 and 990 will fail.
These ports are used by the FTPS protocol, which has never been implemented in Chrome. However, FTPS servers can be attacked in a cross-protocol attack by malicious web pages using carefully-crafted HTTPS requests.
This is a mitigation for the ALPACA attack. See https://alpaca-attack.com/.
CSS Flexbox: support alignment keywords start, end, self-start, self-end, left, right
Make flexbox and flex items obey the positional alignment keywords from https://drafts.csswg.org/css-align-3/#positional-values.
Flexbox previously only obeyed center, flex-start, and flex-end. The additional alignment keywords (start, end, self-start, self-end, left, right) allow authors to more easily align the flex items in the face of varying writing modes and flex flows.
CSS module scripts
CSS Module Scripts are an extension of the ES Script Modules system that allows web developers to load CSS into a component definition in a manner that interacts seamlessly with other module types:
import styleSheet from “./styles.css” assert { type: “css” };
Error.cause property
Adds an additional options parameter to the Error() constructor with a cause property, the value of which will be assigned to the error instances as a property. This allows errors to be chained without unnecessary and overelaborate formalities on wrapping the errors in conditions.
Honor media HTML attribute for meta name=theme-color
The meta element’s “media” attribute will be honored for meta[name=“theme-color”] so that web developers can adjust the theme color of their site based on a media query (dark and light modes for instance). The first one that matches will be picked.
Object.hasOwn
Object.hasOwn provides an easier-to-use, static method version of Object.prototype.hasOwnProperty. For example, Object.hasOwn({ prop:42 }, ‘prop’) returns true.
Re-add ‘style’ to contain:strict and contain:content CSS properties
The ‘strict’ and ‘content’ keywords for the ‘contain’ property will now include ‘style’. Per CSSWG resolution this was (re-)added now that contain:style is well-defined in the specifications.
Sec-CH-Prefers-Color-Scheme User Preference Media Features Client Hints Header
User Preference Media Features Client Hints Header defines a set of HTTP Client Hints headers around user preference media features as defined by Media Queries Level 5. If used as Critical Client Hints, these headers allow servers to make smart choices regarding, e.g., CSS inlining.
Sec-CH-Prefers-Color-Scheme reflects the user’s prefers-color-scheme preference.
WebOTP API: cross-device support
We plan to support WebOTP API on desktop when both Chrome Desktop and Chrome Android are logged into the same Google account.
accent-color CSS property
The accent-color CSS property allows the page to specify a color used by form controls instead of using the builtin default color. For example, “accent-color: red” on an would change the blue color around the checkmark to red.
noplaybackrate in HTMLMediaElement.controlsList
Offers a way for the website to enable/disable the playback speed control exposed by the browser in native media controls.
Remove 3DES in TLS
Remove support for the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.
chromium94 Features:15
Align transform-style: preserve-3d and perspective property with the spec
Align the behavior of transform-style: preserve-3d (which allows child elements to participate in the same 3D scene) and the perspective property (which applies a perspective transform to child elements) with the spec by making them apply only to child elements. Before this change, Chromium applies both of these effects based on the containing block hierarchy rather than the DOM tree, and also allows them to extend through elements without transform-related properties on them.
CSS Overflow: scrollbar-gutter
The “scrollbar-gutter” property provides control over the presence of scrollbar gutters (the space which may be reserved to display a scrollbar), allowing authors to prevent layout changes as content expands while avoiding unwanted visuals when scrolling isn’t needed.
Note that the presence of the scrollbars themselves is determined by the “overflow” property and the decision of whether to use classical or overlay scrollbars is up to the User Agent.
Canvas color management
Formalize that the default color space for 2D canvases and ImageData is sRGB. Clarify that 2D canvas is fully color managed (that all inputs are converted to the canvas color space). These were previously convention and not clearly specified.
Add parameters to specify a non-sRGB color space when creating a 2D canvas or an ImageData. Add support for the Display P3 color space for these parameters.
Feature Policy: display-capture
Implement the display-capture feature policy from the Screen Capture spec. https://w3c.github.io/permissions/#dom-permissionname-display-capture This policy allows restricting access to the getDisplayMedia() API in embedded resources.
Idle Detection
The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification.
ImageDecoder API extension for WebCodecs
The ImageDecoder API intends to provide web authors random access to decoded images (as ImageBitmap) for each frame in a given image. The returned ImageBitmap objects can be used for drawing to canvas or WebGL (as well as any other future ImageBitmap use cases). Since the API is not bound to the DOM it may also be used in workers.
JS Self-Profiling API
Adds a web-exposed sampling profiler for measuring client JavaScript execution time. Gathering JS profiles from real users can help developers debug slow observed performance without the need for invasive manual instrumentation.
This feature defines an API surface for manipulating raw media carried by MediaStreamTracks such as the output of a camera, microphone, screen capture, or the decoder part of a codec and the input to the decoder part of a codec. It uses WebCodecs interfaces to represent raw media frames and exposes them using streams, similarly to the way the WebRTC Insertable Streams spec exposes encoded data from RTCPeerConnections.
Return fixed lists for navigator.plugins and navigator.mimeTypes
With the removal of Flash, there is no longer the need to return anything for navigator.plugins and navigator.mimeTypes. These APIs were used primarily for a) probing for Flash player support, or b) fingerprinting. Some sites use these APIs to probe for PDF viewer support. With this change, these arrays will return fixed lists containing a standard list of PDF viewer plugins.
Richer Install UI for PWAs
Gives developers the ability to add more data (descriptions and screenshots) to their PWA install dialog and gives users more insight into the apps they are about to install.
Scheduling APIs: Prioritized scheduler.postTask
Userspace tasks often have varying degrees of importance (related to user experience), but the Platform lacks a unified API to schedule prioritized work. The postTask API allows developers to schedule tasks (javascript callbacks) with a native browser scheduler at 3 levels of priority: user-blocking, user-visible, and background. It also exposes a TaskController, which can be used to dynamically cancel tasks and change their priority.
VirtualKeyboard API
The virtual keyboard is the on-screen keyboard used for input in scenarios where a hardware keyboard may not be available. The VirtualKeyboard interface has APIs to provide authors with more control over when the virtual keyboard is shown or hidden. It also fires events with the size of the virtual keyboard when it occludes content in the page.
WebCodecs
Provides efficient, low-level access to built-in (software and hardware) media encoders and decoders.
preferCurrentTab
We introduce a dictionary member to MediaStreamConstraints called preferCurrentTab. It’s a boolean defaulting to false. When getDisplayMedia() is called with preferCurrentTab=true, the browser should offer the current tab as the most prominent capture source.
Application Cache
AppCache was standardized in the Offline Web applications section of the HTML specification. The standard is formally referred to as application caches.
New Web applications should be built around Service Workers. Existing applications that use AppCache should migrate to Service Workers.
AppCache access was removed from insecure origins in M70. This intent addresses AppCache usage in secure origins.
chromium95 Features:17
Back-forward cache for same-site navigations on Android
Creates a cache for pages which allows for instant navigations to previously-visited pages after all eligible navigations on Android, both cross-site and same-site.
This enhances the original version of back-forward cache, which only caches pages on cross-site navigations: https://chromestatus.com/feature/5815270035685376.
This enhancement shipped by default in M95.
CSS @counter-style rules in shadow trees
Allows custom counter styles (@counter-style rules) to be defined with shadow trees, and properly referenced within shadow trees or across shadow boundaries.
Cookie size limits
Enforce limits on the size (in bytes) of cookies set by HTTP responses (Set-Cookie header) and via JS APIs (document.cookie and CookieStore).
Extend Intl.DateTimeFormat timeZoneName Option
Add 4 new values “shortGeneric”, “longGeneric”, “shortOffset”, and “longOffset” for Intl.DateTimeFormat timeZoneName option
EyeDropper API
The EyeDropper API enables developers to use a browser-supplied eyedropper in the construction of custom color pickers.
Intl.DisplayNames v2
Extend the Intl.DisplayNames API to include “calendar” and “dateTimeField” names and add “languageDisplay” option. see https://github.com/tc39/intl-displaynames-v2 for the proposal The proposal advanced to Stage 3 on 2021-05-25 Spec: https://tc39.es/intl-displaynames-v2/
Logical properties for contain-intrinsic-size
This converts contain-intrinsic-size to a shorthand and adds corresponding contain-intrinsic-{width,height} properties as well as contain-intrinsic-{inline,block} size.
For example, this will make the following work:
New UA platform version source on Windows for User-Agent Client Hints
Updates the version provided via the Sec-CH-UA-Platform-Version on Windows to provide a reasonable level of fidelity to allow sites to identify meaningful Windows platform changes. This aligns with the current definition in the proposal in the UA Client Hints WICG repo.
This enables sites to deliver appropriate binary executables and help content specific to that OS version.
Note taking new note URL
Parses a web app manifest entry for a URL to open to take a new note in a note-taking web app, allowing OS integrations.
Secure payment confirmation
Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new ‘payment’ extension to WebAuthn, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the ‘secure-payment-confirmation’ payment method.
URLPattern
URLPattern is a new web API that provides native support for matching URLs given a pattern string. It is designed to be usable both in javascript directly and by passing patterns to other web platform APIs; e.g. as a service worker scope.
WebAssembly Exception Handling
This feature is adding exception support to WebAssembly. Exception handling allows code to break control flow when an exception is thrown. The exception can be any exception known by the WebAssembly module, or it may be an unknown exception that was thrown by a called imported function.
WebAssembly cross-origin module sharing
WebAssembly module sharing between cross-origin but same-site environments will be deprecated to allow agent clusters to be scoped to origins long term. This is a WebAssembly spec change, which has an impact on the platform as well.
Therefore this deprecation is the first step to deprecate document.domain
droppedEntriesCount in PerformanceObserver callback
Currently, web developers can use PerformanceObserver with buffered flag to listen to past and future performance entries about their site. However, past entries need to be stored, and there is a buffer size limit. The droppedEntriesCount parameter helps developers know if they may have lost an entry due to this storage being full. It’s set to the number of entries which got dropped from the buffer due to such buffer being full.
self.reportError()
This function, available in windows and workers, allows developers to report errors to the console and any global “error” event handlers, in the same way as an uncaught JavaScript exception. It is mainly useful for custom event-dispatching or callback-manipulating libraries.
Deprecate support for URLs with non-IPv4 hostnames ending in numbers
Most hostnames that aren’t valid IPv4 addresses, but end in numbers are treated as valid, and looked up via DNS (e.g., http://foo.127.1/). Per the Public Suffix List spec, the eTLD+1 of the hostname in that URL should be “127.1”. If that is ever fed back into a URLs, “http://127.1/” is mapped to “http://127.0.0.1/” by the URL spec, which seems potentially dangerous. “127.0.0.0.1” could also potentially be used to confuse users. We want to reject URLs with these hostnames.
Remove FTP support
Deprecate and remove support for FTP URLs.
chromium96 Features:15
CSS @counter-style descriptor ‘speak-as’
A custom counter style can be constructed with a meaning that is obvious visually, but impossible to meaningfully represent via a speech synthesizer or other non-visual means, or possible but nonsensical when naively read out loud. The ‘speak-as’ descriptor describes how to synthesize the spoken form of a counter formatted with the given counter style.
Reporting API: Isolate reports per-document and support the Reporting-Endpoints header
Splits the reporting cache into a per-document cache for document-generated reports, and the existing cache for network reports. There is currently a single reporting cache per profile, which means that reports from unrelated documents can potentially be sent in a single request. This also introduces the Reporting-Endpoints HTTP response header for non-persistent configuration of document-generated reports.
ALPS and ACCEPT_CH HTTP/2 and HTTP/3 frames
The ACCEPT_CH HTTP/2 and HTTP/3 frames, combined with the TLS ALPS extension, are a connection-level optimization to deliver the server’s Client Hint preferences in time for the first HTTP request.
Adding captureTimestamp and senderCaptureTimeOffset to RTCRtpContributingSource.
Two new data properties, captureTimestamp and senderCaptureTime, will be added to the RTCRtpContributingSource, returned by RTCRtpReceiver.getContributingSources(). (See https://w3c.github.io/webrtc-extensions/#rtcrtpcontributingsource-dictionary.) These new properties are used to measure A/V sync and end-to-end delay in real-time communication (RTC) systems.
Back-forward cache for desktop
Creates a cache for pages which allows for instant navigations to previously-visited pages.
Clipboard: Preserve PNG metadata
Read unsanitized PNGs from the system clipboard. This will apply to both DataTransfer and the Async Clipboard API (navigator.clipboard.read()).
Cross-Origin-Embedder-Policy: credentialless
Introduce Cross-Origin-Embedder-Policy: credentialless. This causes cross-origin no-cors requests to omit credentials (cookies, client certificates, etc). Similarly to COEP:require-corp, it can enable cross-origin isolation.
Disable propagation of body style to viewport when contained
Used contain values different from none on the root or body elements will disable propagation of CSS properties from body as per specification[1].
[1] https://drafts.csswg.org/css-contain-1/#c3
EME MediaKeySession Closed Reason
A MediaKeySessionClosedReason is proposed to indicate the reason for EME MediaKeySession closure, and the closed attribute would return a Promise instead of the current Promise.
See https://github.com/w3c/encrypted-media/issues/473.
InteractionID in EventTiming
Developers currently use the Event Timing API to gather performance data about events they care about. However, it is currently hard to link events that correspond to the same user interaction. For instance, when a user taps, many events are generated, such as pointerdown, mousedown, pointerup, mouseup, and click. The interactionID enables developers to link multiple PerformanceEventTiming entries when they correspond to the same user interaction.
Media Queries: prefers-contrast feature
Adds the ‘prefers-contrast’ feature, which lets authors adapt web content to user-selected level of contrast in the OS, such as increased contrast mode on macOS and high contrast mode on Windows.
Valid options are ‘more’, ‘less’, ‘custom’, or ‘no-preference’.
PWA manifest unique id - desktop
Define an optional id field in app manifest that’s used to globally identify the web app. If the id is not specified, start_url will be used as the default id.
URL Protocol Handler Registration for PWAs
Enable web applications to register themselves as handlers of custom URL protocols/schemes using their installation manifest.
WebAssembly Reference Types
Allow WebAssembly modules to hold references to JS/DOM objects, passing them as arguments, storing them in locals and globals, and storing them in WebAssembly.Table objects.
[WebAuthn] Authenticator Attachment in Public Key Credential
Add the authenticator attachment (platform/cross-platform) used during both registration and authentication to the public key credential payload returned from the browser to the relying party (website/application etc)
chromium97 Features:12
Array and TypedArray findLast and findLastIndex
This is a Stage 3 TC39 proposal that adds the methods findLast and findLastIndex to Array.prototype and the various TypedArray.prototypes.
These methods are the “from the end” versions of find and findIndex.
Content-Security-Policy delivery via response headers for dedicated workers.
Dedicated workers should be governed by the Content Security Policy delivered in their script response headers. Chrome incorrectly used to instead apply the Content Security Policy of the owner document.
We would like to change chrome’s behaviour to adhere to what is specified.
Feature policy for Keyboard API
getLayoutMap() used in conjunction with code solves the problem of identifying the actual key pressed in keyboard with different layout maps such as English vs French keyboards, but since getLayoutMap() isn’t available in all contexts (can’t be used inside iframes), Office web apps like Excel, Word, PowerPoint, etc. that show up as embedded experiences in Outlook Web, Teams, etc. and are running in iframes, can’t use this API. Adding keyboard-map to the allow attribute list solves this problem.
HTMLScriptElement.supports(type) method
Provides a unified way to detect new features that use script elements.
Late newline normalization in form submission
Before this change, newlines in form entries were normalized early in the form submission process (during the entry list construction), with an additional late normalization happening as the form payload was encoded with the application/x-www-form-urlencoded enctype. With this change, the early normalization is removed and the late normalization is extended to all enctypes.
PermissionStatus.prototype.name
Adds a read only attribute “name” to the PermissionStatus interface, allowing the name of the permission to be gotten after a PermissionStatus is created.
When querying multiple permissions simultaneously via the Permissions API, it was not possible to identify which PermissionStatus was which, as they were lacking a way to identify them (i.e., their “name”). The only way around this was to use something like array order or some other external index, which is less than ideal.
Propagate request origin and redirect chain in passthrough service workers.
This feature will cause service workers that handle navigation requests by calling fetch(evt.request) to use the origin and redirect chain from FetchEvent.request. Previously this information was always set to the service worker’s origin with no redirect chain.
This information is used to control the origin header and SameSite cookies sent with the request to the server.
Standardize existing client hint naming
Client Hints, a method to request information about the user’s device or conditions, have been implemented in Chrome, but since the initial implementation the naming scheme has changed. If implemented, this proposal would add new client hints with a sec-ch- prefix to re-implement the following: dpr, width, viewport-width, device-memory, rtt, downlink, and ect.
Support calc() where only accepts
CSS math functions that resolve to can be used in any place that only accepts . (It gets rounded to the nearest integer, as specified in https://drafts.csswg.org/css-values-4/#calc-range)
WebAssembly Content Security Policy
Enhancements to Content Security Policy to improve interoperability with WebAssembly.
WebTransport
WebTransport is a protocol framework that enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport.
transform: perspective(none)
Implement support for a ‘none’ argument to the perspective() function within the syntax of the CSS transform property. This provides the perspective() function with a value that gives the identity matrix. Its effect is as though the perspective() function was given an argument that is infinite. This makes it easier (or, in some cases, possible) to do animations involving the perspective() function where one of the endpoints of the animation is the identity matrix.
chromium98 Features:8
Add support for Promise to Blobs in clipboard item
Add promise support to ClipboardItem object. This helps the web author to call async clipboard write method without having to provide the Blob data synchronously. Authors can choose to resolve the promise later when the Blob data is available.
COLRv1 Color Gradient Vector Fonts
To solve problems with existing color font formats, we designed a next generation font format suitable for the web called COLRv1 which enables powerful 2D graphics glyph definitions (gradients, transforms), supports variations, and reuses existing contour definitions.
Previous color font formats embed bitmap files into the OpenType font containers. They do not scale in high quality and have a large binary size. OpenType SVG embeds vectors but requires complex parsers and rasterisers.
CSS Color Adjust: ‘only’ keyword for color-scheme
The ‘only’ keyword has been re-added to the specification for color-scheme as a way of per-element opt-out of color-scheme override like forced darkening.
div { color-scheme: light } will force the div element into color-scheme dark and apply forced darkening. div { color-scheme: only light } will keep the color-scheme for the element light and opt-out of forced darkening.
HDR CSS Media Queries: dynamic-range
Adds a media query to CSS which allows a page to detect the current display device’s support for HDR.
This feature adds the query: ‘dynamic-range’ which may be one of ‘standard’ or ‘high’. Chrome will resolve this query according to the capabilities of the display device the browser window is currently positioned on, allowing pages to toggle CSS rules accordingly or respond in Javascript via ‘window.matchMedia()’.
New window.open() popup vs. window behavior
This change aligns Chromium with the spec for window.open(), by 1) adding a “popup” windowFeature to control popup vs. tab/window, and 2) ensuring all BarProp properties return !is_popup.
WritableStream controller AbortSignal
The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. This change permits an underlying sink to rapidly abort an ongoing write or close when requested by the writer.
self.structuredClone()
Enables using the HTML structured clone algorithm synchronously for cloning and transferring objects within a single realm.
Remove SDES key exchange for WebRTC
The SDES key exchange mechanism for WebRTC has been declared a MUST NOT in the relevant IETF standards since 2013. The SDES specification has been declared Historic by the IETF.
Its usage in Chrome has declined significantly over the recent year.
This intent is to deprecate and remove this code from Chromium and WebRTC.
chromium99 Features:15
Autofill in ShadowDOM
This feature allows autofill to look into ShadowDOM when collecting form controls within a form element.
With the adoption of web components, it is common to wrap form controls like input elements in ShadowDOM. When autofill traverses the children of form elements to collect form controls, it currently skips ShadowDOM, and makes these form controls never get autofilled. This feature will make autofill also traverse into ShadowDOM when collecting form controls.
Intl Enumeration API
Intl Enumeration API Specification is a new ECMA402 Stage 3 proposal which lists supported values of options in pre-existing API.
Intl Locale Info in ECMA402
Intl Locale Info API is a new Stage ECMAScript TC39 proposal to enhance the Intl.Locale object by exposing Locale information, such as week data (first day in a week, weekend start day, weekend end day, minimun day in the first week), and text direction hour cycle used in the locale. https://github.com/tc39/proposal-intl-locale-info
“audioworklet” destination for AudioWorklet
Sets the destination of script requests for AudioWorklet to “audioworklet”.
The specification defines script requests for AudioWorklet have “audioworklet” destination, but previously they had “script” destination. The destination is exposed to the Sec-Fetch-Dest HTTP request header and FetchEvent.request.destination on Service Workers. This helps servers to decide how to handle the requests.
“paintworklet” destination for PaintWorklet
Sets the destination of script requests for PaintWorklet to “paintworklet”.
The specification defines script requests for PaintWorklet have “paintworklet” destination, but previously they had “script” destination. The destination is exposed to the Sec-Fetch-Dest HTTP request header and FetchEvent.request.destination on Service Workers. This helps servers to decide how to handle the requests.
Allow infinity, -infinity and NaN in CSS calc()
CSS calc() math function should allow infinity and NaN values by ‘infinity’, ‘-infinity’, ‘NaN’ keywords or expressions that could be evaluated into infinity or NaN such as ‘calc(1/0)’.
Allow simple Range header values without preflight
Allows requests with simple range headers to go through without preflight.
CORS requests will be able to use the Range header in limited ways (only one valid range) without triggering a preflight.
CSS cascade layers
CSS cascade layers (@layer rule and layered @import syntax) provide a structured way to organize and balance concerns within a single origin. Rules within a single cascade layer cascade together without interleaving with style rules outside the layer. This allows authors to achieve a certain cascade ordering for same-origin rules in a proper way.
Convert adoptedStyleSheets to use ObservableArray
The prior specification for adoptedStyleSheets used a FrozenArray backing array. The spec was recently changed, so that the backing array is an ObservableArray. This makes the API easier to use and understand, since it is a true mutable JS array object. For example, normal array operations such as adoptedStyleSheets.push(sheet) can be used.
HTMLInputElement showPicker()
The HTMLInputElement showPicker() method allows web developers to programmatically show a browser picker for input elements (temporal, color, file, and those with suggestions like datalist or autofill).
Handwriting Recognition API
An API for web applications to make use of advanced handwriting recognition services (e.g. those on operating systems) to recognize text from handwriting drawings (inks) in real time. In this context, handwriting drawing means the temporal and positional information used to describe a human handwriting process.
New Canvas 2D API
Updated functionality for the Canvas2D API. Adds nine new features/functions to CanvasRenderingContext2D:
“ContextLost” and “ContextRestored” events
“willReadFrequently” option for canvases where lots of readback is expected
More CSS text modifier support
A reset function
A roundRect draw primitive
Conic gradients
Better support for SVG filters
https://github.com/fserb/canvas2d
Replace GamepadList with sequence for navigator.getGamepads() return value
We intend to replace GamepadList with sequence for the navigator.getGamepads() return value to follow the spec and match current Gecko and WebKit implementations.
Unprefixed text-emphasis properties
This feature introduces ‘text-emphasis’, ‘text-emphasis-color’, ‘text-emphasis-position’, and ‘text-emphasis-style’ CSS properties. They are unprefixed versions of ‘-webkit-text-emphasis’, ‘-webkit-text-emphasis-color’, ‘-webkit-text-emphasis-position’, and ‘-webkit-text-emphasis-style’.
Remove font-family -webkit-standard
Remove support for the font-family value “-webkit-standard”. This essentially behaves as an alias to the proprietary keyword “-webkit-body” and is only exposed as historical implementation details inherited from WebKit.
chromium100 Features:14
Allow cookie domain attributes to be the empty string
Updates the parsing of cookie strings to allow a cookie’s domain attribute to be set to the empty string. This change will also correct the failing web-platform tests related to an empty string domain. Additionally, it brings Chrome in alignment with the draft RFC6265bis specification, and will improve interoperability with Safari and Firefox by matching their treatment of an empty cookie domain attribute.
AbortSignal.prototype.throwIfAborted
Throws an AbortSignal’s reason if the signal is aborted. This convenience method can be used by signal-handling functions to check a signal’s abort status and propagate the abort reason, e.g. after async operations that might change a signal’s state.
Capability Delegation
Capability delegation means allowing a frame to relinquish its ability to call a restricted API and transfer the ability to another (sub)frame it trusts.
If an app wants to delegate its ability to call a restricted JS capability (e.g. popups, fullscreen, etc) to a known+trusted third-party frame, the app would utilize a Capability Delegation API to “transfer” the ability to the target frame in a time-constrained manner (unlike static mechanisms like
