This week, Google launched Chrome 96 for all supported desktop OS systems and Android; the new version number is 96.0.4664.45. There is no mention of security updates in the release. Google intends to push the upgrade to all Chrome-enabled devices in the coming weeks. Desktop users can speed up the process by typing chrome:/settings/help into the URL bar of their browser. The page that appears displays the currently installed version and performs an update check. The latest version will be immediately detected and installed. To finish the operation, a restart is necessary.
HTTPS is used to connect to websites if an HTTPS record is available from the domain name service (DNS). Web applications may register as URL protocol handlers, e.g. to launch twitter links using the Twitter PWA, or FTP links using a web FTP application. Applications that capture other windows or tabs currently have no way to control whether the calling item or the captured item gets focus. (Think of a presentation feature in a video conference app.) Chrome 96 makes this possible with a subclass of MediaStreamTrack called FocusableMediaStreamTrack, which supports a new focus() method.
The official blog post on the Chrome Releases blog offers virtually no information on the release. It lists the version number and that the extended stable of Chrome has been promoted to Chrome 96 as well. Google switched to a 4-week release cycle for Chrome recently and created the extended channel to increase the release period to every other release (8-weeks). A Chrome 96 beta post on the Chromium blog reveals information on what is new in the new version. Here is a list of important changes:
Priority Hints introduces a developer-set “importance” attribute to influence the computed priority of a resource. Supported importance values are “auto”, “low”, and “high”. Priority Hints indicate a resource’s relative importance to the browser, allowing more control over the order resources are loaded. Back forward cache on desktop for faster navigations to “previously-visited pages after cross-site navigations”. New credentialless policy for Cross-Origin-Embedder-Policy. Cross-Origin-Embedder-Policy has a new credentialless option that causes cross-origin no-cors requests to omit credentials (cookies, client certificates, etc.). Similarly to COEP:require-corp, it can enable cross-origin isolation.
The appmanifest spec doesn’t explicitly define what uniquely identifies a PWA. Currently, on the desktop versions of Chromium-based browsers and Firefox on Android, PWAs are uniquely identified by app’s start_url and Android Chromium-based browsers use manifest_url instead. This is confusing to developers. Also it made developers unable to change their start_url and manifest_url.Having a stable id allows apps to update other metadata like start_url and manifest_url, and have a consistent way to reference apps across browser platforms, PWA stores and other external entities.This feature tracks the launch process for implementation on the desktop side, as the Android implementation will be done with a different timeline. They will both follow the same specification.
- Google Chrome 96 is now available: here’s what’s new
- Check all news and articles from the latest Security news updates.