Weekly Platform News: WebAPK Limited to Chrome, Discernible Focus Rectangles, Modal Window API
October 24th, 2019
In this week’s roundup: “Add to home screen” has different meanings in Android, Chrome and Edge add some pop to focus rectangles on form inputs, and how third-party sites may be coming to a modal near you. Let’s get into the news. WebAPKs are not available to Firefox on Android On Android, both Chrome and…
Automatically lazy-loading offscreen images & iframes for Lite mode users
October 24th, 2019
In Chrome 76, we introduced native lazy-loading for images and iframes via the `loading` attribute – a developer opt-in. In Chrome 77, Chrome Android users with Lite Mode (Data Saver) enabled will benefit from native lazy-loading of images and iframes automatically. Lite mode has allowed Chrome to reduce users’ data usage by up to 60…
Developers: Get Ready for New SameSite=None; Secure Cookie Settings
October 23rd, 2019
In May, Chrome announced a secure-by-default model for cookies, enabled by a new cookie classification system (spec). This initiative is part of our ongoing effort to improve privacy and security across the web. Chrome plans to implement the new model with Chrome 80 on February 2020. Mozilla and Microsoft have also indicated an intent to…
Recent Site Isolation improvements
October 17th, 2019
In July 2018 we launched Site Isolation in Chrome as a way to secure desktop browsers against the risk of side-channel attacks like Spectre. We recently published a USENIX Security conference paper highlighting the benefits of this launch. Today, we are pleased to announce further improvements we’ve rolled out in Chrome 77: Chrome for Android…
DM Verity Algorithm Change
October 16th, 2019
One of the foundational security features of Chromebooks is Verified Boot, which protects our users from potentially malicious software being run on their devices. The last chain of verification in this process is to validate the integrity of the root file system (rootfs). This blog post describes a recent enhancement to this rootfs validation to…
Weekly Platform News: Tracking via Web Storage, First Input Delay, Navigating by Headings
October 3rd, 2019
In this week’s roundup, Safari takes on cross-site tracking, the delay between load and user interaction is greater on mobile, and a new survey says headings are a popular way for screen readers to navigate a webpage. Let’s get into the news. Safari’s tracking prevention limits web storage Some social networks and other websites that…
No More Mixed Messages About HTTPS
October 3rd, 2019
Today we’re announcing that Chrome will gradually start ensuring that https:// pages can only load secure https:// subresources. In a series of steps outlined below, we’ll start blocking mixed content (insecure http:// subresources on https:// pages) by default. This change will improve user privacy and security on the web, and present a clearer browser security…
Chrome UI for Deprecating Legacy TLS Versions
October 1st, 2019
Last October we announced our plans to remove support for TLS 1.0 and 1.1 in Chrome 81. In this post, we’re announcing a pre-removal phase in which we’ll introduce a gentler warning UI, and previewing the UI that we’ll use to block TLS 1.0 and 1.1 in Chrome 81. Site administrators should immediately enable TLS…
Preloading Pages Just Before They are Needed
September 27th, 2019
The typical journey for a person browsing a website: view a page, click a link, browser loads a new page. That’s assuming no funny business like a Single Page App, which still follows that journey, but the browser doesn’t load a new page — the client fakes it for the sake of a snappier transition….
What happens when you open a new install of browsers for the 1st time?
September 27th, 2019
Interesting research from Jonathan Sampson, where he watches the network requests a browser makes the very first time you launch it on a fresh install, and otherwise do nothing. This gives you a little insight into what kind of information that browser wants to collect and disseminate. This was all shared as tweets, but I’m…