Chrome 78 arrives with new APIs, dark mode improvements on Android and iOS

Join Transform 2021 this July 12-16.

Register fo

r

the AI event of the year

.


Google today

launched

Chrome 78 for Windows, Mac, Linux, Android, and iOS. The release includes the CSS Properties and Values API, Native File System API, new Origin Trials, and dark mode improvements on Android and iOS. You can update to the latest version now using Chrome’s built-in updater or download it directly from

google.com/chrome

.

With

over 1 billion users

, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome’s regular additions and changes, developers often have to stay on top of everything available — as well as what has been

deprecated or removed

. Chrome 78, for example, removes the XSS Auditor due to privacy concerns.

Xem thêm: Backup fails / Timesout / 500 Internal Server Error : InfiniteWP Support

Windows, Mac, and Linux

Chrome 78

implements

the CSS Properties and Values API to let developers register variables as full custom properties. That way, you can ensure they’re always a specific type, set a default value, or even animate them. The image below is a transition created with a CSS custom property. This transition is impossible to achieve without the new API, and it’s type safe.

The new

Native File System API

lets developers build web apps that interact with files on the user’s local device. That means IDEs, photo and video editors, text editors, and so on. After a user grants access, the API allows web apps to read or save changes directly to files and folders by invoking the platform’s own open and save dialog boxes.

Chrome 77

, released in September, introduced

Origin Trials

that let you try new features and provide feedback on usability, practicality, and effectiveness to the web standards community. Chrome 78 adds a few more, including

Signed Exchanges

and

SMS Receiver API

. The former allow a distributor to provide content signed by a publisher. The latter allows websites to access SMS messages that are delivered to the user’s phone.

Chrome 78 also includes a few features that are rolling out gradually. For example, Chrome users will soon be able to highlight and right-click a phone number link in Chrome and forward the call to their Android device. Some users might also see an option to share their clipboard content between their computers and Android devices. Clipboard sharing requires Chrome signed in on both devices with the same account, and Chrome Sync enabled. Google says that the text is end-to-end encrypted and the company can’t see the contents.

Chrome Google Drive integration

Chrome is also getting Google Drive integration. From Chrome’s address bar, you will be able to search for Google Drive files that you have access to. Again, if you don’t see any of these in Chrome 78, don’t fret. They are rolling out gradually.

Xem thêm: Cố Định Cột, Vùng Dữ Liệu Và Cố Định Dòng Trong Excel 2021

Android and iOS

Chrome 78 for Android is rolling out slowly on

Google Play

. The changelog is just one bullet point: “Dark theme for Chrome menus, settings, and surfaces. Find it in Settings > Themes.”

Chrome 78 for iOS is rolling out on

Apple’s App Store

. It includes three improvements:

  • The ability to switch Chrome to dark mode if your device has been upgraded to iOS 13.
  • Bookmarks, History, Recent Tabs, and Reading List are now presented as cards on iOS 13.
  • The ability to add a new credit card directly in Chrome from the settings page.

Clearly Google focused on dark mode for this mobile release.

Xem thêm: Hướng dẫn tăng chất lượng ảnh nền máy tính Windows

Security fixes

Chrome 78 implements 37 security fixes. The following were found by external researchers:

  • [$20000][

    1001503

    ] High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06

  • [$15000][

    998431

    ] High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28

  • [$1000][

    998284

    ] High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27

  • [$5000][

    991125

    ] Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois (phillip.langlois@nccgroup.com) and Edward Torkington (edward.torkington@nccgroup.com), NCC Group on 2019-08-06

  • [$3000][

    992838

    ] Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12

  • [$3000][

    1001283

    ] Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05

  • [$2000][

    989078

    ] Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30

  • [$2000][

    1001159

    ] Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 2019-09-05

  • [$1000][

    859349

    ] Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01

  • [$1000][

    931894

    ] Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani on 2019-02-13

  • [$1000][

    1005218

    ] Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn on 2019-09-18

  • [$500][

    756825

    ] Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod on 2017-08-18

  • [$500][

    986063

    ] Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20

  • [$500][

    1004341

    ] Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping on 2019-09-16

  • [$N/A][

    993288

    ] Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13

  • [$2000][

    982812

    ] Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10

  • [$500][

    760855

    ] Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-08-31

  • [$500][

    1005948

    ] Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 2019-09-19

  • [$N/A][

    839239

    ] Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent’s Xuanwu Lab on 2018-05-03

  • [$N/A][

    866162

    ] Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani on 2018-07-20

  • [$N/A][

    927150

    ] Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31

  • [

    1016016

    ] Various fixes from internal audits, fuzzing and other initiatives

Google thus spent at least $58,500‬ in bug bounties for this release. As always, the security fixes alone should be enough incentive for you to upgrade.

Developer features

Chrome 78 also has an

updated

V8 JavaScript engine. Version 7.8 includes script streaming on preload, faster object desctructuring, lazy source positions, faster RegExp match failures, WebAssembly C/C++ API, and improved WebAssembly startup time. Check out the

full changelog

for more information.

Other developer features in this release include:

  • Apply Opacity for the Default Style of INPUT/TEXTAREA placeholder:

    Changes the default style for ::placeholder

    from #757575 to rgba(0, 0, 0, 0.54).

  • Extend Byte-for-Byte Update Check to all Service Worker importScripts() Resources:

    Byte-for-byte checks are now available

    for service worker scripts imported by importScripts(). Currently, service workers update only when the service worker main script has changed. In addition to not conforming to the latest spec, this forces developers to build workarounds such as adding hashes to the imported script’s urls.

  • Faster Web Sockets:
    Chrome 78 improves the download speed of

    ArrayBuffer objects

    when used with

    WebSocket objects

    on desktop. Results depend on network speed and hardware so your results may be vary. Google has seen download speeds that are 4.1 times faster on Windows, 7.8 times faster on macOS, and 7.5 times faster on Linux.

  • More restrictive hasEnrolledInstrument() for Autofill Instruments: Improves the authorization of transactions by

    requiring unexpired cards and a billing address

    . This improves the quality of autofill data and increases the chances that PaymentRequest.hasEnrolledInstrument() returns true. This improves the user experience on transactions that use autofill data.

  • PaymentResponse.prototype.retry(): In cases where there is something wrong with the payment response’s data (for example, the shipping address is a PO box), the

    retry() method of a PaymentResponse

    instance now allows you to ask a user to retry a payment.

  • Percentage Opacity: Adds

    support for percentage values to the opacity properties

    , specifically, opacity, stop-opacity, fill-opacity, stroke-opacity, and shape-image-threshold. For example, opacity: 50% is equivalent to opacity: 0.5. This brings consistency and spec compliance. The rgba() function already accepts percentage alpha value, for example rgba(0, 255, 0, 50%).

  • Redact Address in PaymentRequest.onshippingaddresschange Event:

    Removes fine-grained information from the shipping address

    before exposing it to a merchant website in the ShippingAddressChange event. PaymentRequest.onshippingaddresschange is used to communicate the shipping address a user has selected to the merchant so they can make adjustments to the payment amounts such as shipping cost and tax. At this point, the user has not fully committed to the transaction, so the principle should be to return as little information as possible to the merchant. The redaction removes recipient, organization, addressLine and phoneNumber from the shipping address because these are not typically needed for shipping cost and tax computation.

  • Seeking:

    Adds a media session action handler

    for the seekto action. An

    action handler

    is an event tied specifically to a common media function such as pause or play. The seekto action handler is called when the site should move the playback time to a specific time.

  • User Timing L3:

    Extends the existing User Timing API

    to enable two new use cases. Developers can pass custom timestamps to performance.measure() and performance.mark(), so as to conduct measurement across arbitrary timestamps. Developers can report arbitrary metadata with performance.mark() and performance.measure(), which provides rich data to analytics via a standardized API.

For a full rundown of what’s new, check out the

Chrome 78 milestone hotlist

.

Google releases a new version of its browser every six weeks or so. Chrome 79 will arrive in early December.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as

    Transform 2021: Learn More

  • networking features, and more

Become a member

Chuyên mục: Hỏi đáp

admin