Linux News

Google Chrome 94 Released with Sharing Hub feature

Pinterest LinkedIn Tumblr

Google has unveiled the release of the Chrome 94 web browser . At the same time , a stable release of the free Chromium 94 project is available , which serves as the basis for Chrome. The Chrome browser is distinguished by the use of Google logos, the presence of a system for sending notifications in case of a crash, modules for playing protected video content (DRM), a system for automatically installing updates and transmitting RLZ parameters when searching . The next release of Chrome 95 is scheduled for October 19th.

Starting with the release of Chrome 94, development has been moved to a new release cycle. Significant new releases will now be published every 4 weeks, rather than every 6 weeks, to accelerate the delivery of new features to users. It is noted that the optimization of the release preparation process and the improvement of the testing system make it possible to generate releases more often without compromising quality. For enterprises and for those who need more time to update, once every 8 weeks, the Extended Stable edition will be released separately, which will allow you to switch to new functional releases not once every 4 weeks, but once every 8 weeks.

Brave Browser offers video conferencing

Major changes in Chrome 94 :

  • Added HTTPS-First mode, which resembles the previously appearedin Firefox HTTPS Only mode. If the mode is activated in the settings when trying to open a resource without encryption via HTTP, the browser will first try to access the site via HTTPS, and if the attempt is unsuccessful, the user will be shown a warning about the lack of HTTPS support and will be prompted to open the site without encryption. In the future, Google is considering the possibility of activating HTTPS-First by default for all users, restricting access to some features of the web platform for pages opened via HTTP, and adding additional warnings to inform users about threats that arise when accessing sites without encryption. The mode is enabled in the “Privacy and security”> “Security”> “Advanced” settings.
  • For pages opened without HTTPS, it is prohibited to send requests (download resources) to local URLs (for example, “http: //router.local” and localhost) and internal address ranges (,, 10.0 .0.0 / 8, etc.). An exception is made only for pages downloaded from servers with internal IP. For example, a page loaded from server will not be able to access a resource hosted on IP or IP, while a page loaded from server will be able to. The change introduces an additional layer of protection against exploitation of vulnerabilities in handlers that accept requests on local IPs, as well as protection against DNS rebinding attacks .
  • Added “Sharing Hub” function to quickly share a link to the current page with other users. Provides the ability to generate a QR code from a URL, save a page, send a link to another device associated with a user account, and transfer the link to third-party sites such as Facebook, Whatsapp, Twitter and VK. The opportunity has not yet been brought to the attention of all users. To forcibly enable the “Share” button in the menu and address bar, you can use the settings “chrome: // flags / # sharing-hub-desktop-app-menu” and “chrome: // flags / # sharing-hub-desktop-omnibox” …
  • Restructured in the browser settings interface. Each section of settings is now displayed on a separate page, and not on one common page.
  • Support has been implemented for dynamic updating of the log of issued and revoked certificates ( Certificate Transparency ), which will now be updated without being tied to browser updates.
  • Added a “chrome: // whats-new” service page with an overview of user-visible changes in the new release. The page is displayed automatically immediately upon update, or is accessed via the What’s New button on the Help menu. The page currently mentions tab search, split profiles, and background color change, which are not specific to Chrome 94 and appeared in past releases. The page display is not yet enabled for all users: to manage activation, you can use the settings “chrome: // flags # chrome-whats-new-ui” and “chrome: // flags # chrome-whats-new-in-main-menu- new-badge “.
  • Deprecated calling the WebSQL API from content downloaded from third-party sites (for example, via an iframe). In Chrome 94, when trying to access WebSQL from third-party scripts, a warning is displayed, but starting from Chrome 97, such calls will be blocked. In the future, it is planned to phase out support for WebSQL altogether, regardless of the context of use. The WebSQL engine is based on SQLite code and could be used by attackers to exploit vulnerabilities in SQLite.
  • For security reasons and to prevent malicious activity, they began blocking the use of the legacy MK (URL: MK) protocol, once used by Internet Explorer and allowing web applications to extract information from compressed files.
  • Dropped support for syncing with older versions of Chrome (Chrome 48 and older).
  • The “display-capture” flag has been added to the Permissions-Policy HTTP header, intended to enable certain features and control access to the API, to control usage on the Screen Capture API page (by default, the ability to capture screen content from external iframes is blocked).
  • Several new APIs have been added in Origin Trials (experimental features requiring separate activation). Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or, or after registering and receiving a special token that is valid for a limited time for a specific site.
  • Added the WebGPU API , which replaces the WebGL API and provides the means to perform GPU operations such as rendering and computation. Conceptually, WebGPU is close to APIs Vulkan, Metal and Direct3D 12. Conceptually, WebGPU differs from WebGL in much the same way as the Vulkan graphics API differs from OpenGL, but it is not based on a specific graphics API, but is a universal layer using the same low-level primitives available in Vulkan, Metal and Direct3D 12.WebGPU provides JavaScript applications with a means of low-level control over the organization, processing and transmission of commands to the GPU, and also allows you to manage associated resources, memory, buffers, texture objects, and compiled graphics shaders. This approach allows you to achieve higher performance graphics applications by reducing overhead and improving the efficiency of the GPU. The API also makes it possible to create complex 3D projects for the Web that work no worse than standalone programs, but not tied to specific platforms.
  • For standalone PWA applications , the ability to register as URL handlers has been implemented . For example, the application can register itself as a URL handler https: //* and all transitions from external applications using these links, for example, from instant messengers and email clients, will lead to the opening of this PWA. applications, not a new tab in the browser.
  • Support has been implemented for the new HTTP response code 103 , which can be used to proactively display headers. Code 103 allows you to inform the client about the content of some HTTP headers immediately after the request, without waiting for the server to complete all operations related to the request and start serving the content. Likewise, you can provide hints about the elements that are associated with the page being rendered, which can be preloaded (for example, you can provide links to the css and javascript used on the page). Having received information about such resources, the browser will start loading them without waiting for the main page to finish serving, which reduces the overall time for processing the request.
  • Added WebCodecs API for low-level media manipulation, complementing the high-level HTMLMediaElement, Media Source Extensions, WebAudio, MediaRecorder and WebRTC APIs. The new API may be in demand in areas such as game streaming, client-side effects, stream transcoding and support for non-standard multimedia containers. Instead of implementing separate codecs in JavaScript or WebAssembly, the WebCodecs API provides access to out-of-the-box high-performance components built into the browser. Specifically, the WebCodecs API provides audio and video decoders and encoders, image decoders, and low-level video frame-specific functions.
  • Stabilized the Insertable Streams API, allowing you to manipulate raw media streams transmitted through the MediaStreamTrack API , such as camera and microphone data, screen capture, or intermediate codec decoding data. To represent raw frames, WebCodec interfaces are used, after which a stream is formed, similar to what the WebRTC Insertable Streams API generates based on RTCPeerConnections. On the practical side, the new API allows for functionality such as end-to-end encryption. WebRTC calls, applying machine learning techniques to identify or annotate objects in real time, or to add effects such as background clipping before encoding or after codec decoding.
  • The scheduler.postTask () method has been stabilized , which allows you to manage the scheduling of tasks (JavaScript callbacks) with different priority levels. Three levels of priority are provided: 1- execute first, even if user operations can be blocked; 2 – changes visible to the user are allowed; 3 – running in the background). You can use the TaskController object to change the priority and cancel tasks.
  • Stabilized and now distributed outside the Origin Trials Idle Detection API to detect user inactivity. The API allows you to define the time when the user is not interacting with the keyboard / mouse, a screen saver is running, the screen is locked, or work is being done on a different monitor. The application is informed about inactivity by sending a notification after the specified inactivity threshold is reached.
  • The process of color management in the CanvasRenderingContext2D and ImageData objects and the use of the sRGB color space in them has been formalized . Provides the ability to create CanvasRenderingContext2D and ImageData objects in non-sRGB color spaces such as Display P3 to take advantage of the advanced capabilities of modern monitors.
  • Added methods and properties to the VirtualKeyboard API to control showing and hiding the virtual keyboard, and to get information about the size of the displayed virtual keyboard.
  • JavaScript for classes provides the ability to use static initialization blocks to group code that is executed once when processing a class: class C { // The block will be launched when the class itself is processed static {console.log (“C’s static block”); } }
  • The flex-basis and flex CSS properties have implemented the keywords content, min-content, max-content, and fit-content to more flexibly control the size of the main Flexbox area.
  • Added the scrollbar-gutter CSS property to control reserving screen space for the scrollbar. For example, when content scrolling is not required, you can expand the output and occupy the area of ​​the scroll bar.
  • Added API Self Profiling with the implementation of a profiling system that allows you to measure JavaScript execution time on the user side to debug performance problems in JavaScript code without resorting to manual manipulations in the interface for web developers.
  • After removing the Flash plugin, it was decided to return empty values ​​in the navigator.plugins and navigator.mimeTypes properties, but as it turned out, some applications used them to check for plugins for displaying PDF files. Since Chrome has a built-in PDF viewer, from now on, the navigator.plugins and navigator.mimeTypes properties will return a fixed list of standard plugins and MIME types for PDF viewing – “PDF Viewer, Chrome PDF Viewer, Chromium PDF Viewer, Microsoft Edge PDF Viewer and WebKit built-in PDF “.
  • Improvements have been made to tools for web developers. Added Nest Hub and Nest Hub Max devices to the screen simulation list. A button has been added to the network activity inspection interface to invert filters (for example, when you install the “status-code: 404” filter, you can quickly view all other requests), and also provide the ability to view the initial values ​​of the Set-Cookie headers (allows you to evaluate the presence of incorrect values ​​removed when normalizing). Deprecated and will be removed in a future release from the sidebar in the web console. Added an experimental option to hide issues in the Issues tab. Added the ability to select the interface language in the settings.
  • In addition to innovations and bug fixes, the new version eliminates 19 vulnerabilities . Many of the vulnerabilities were identified as a result of automated testing with AddressSanitizer , MemorySanitizer , Control Flow Integrity , LibFuzzer and AFL… No critical issues have been identified that allow bypassing all levels of browser protection and executing code on the system outside of the sandbox environment. For the current release, Google has paid out 17 bonuses of $ 56,500 under the Vulnerability Cash Bounty Program (one $ 15,000, two $ 10,000, one $ 7,500, four $ 3,000, two $ 1,000). The amount of 7 rewards has not yet been determined.

Write A Comment

Exit mobile version