.svg.png){kind=icon}
Chrome browser changes
Ad-hoc code signatures for PWA shims on macOS
Code signatures for the application shims that are created when installing a Progressive Web App (PWA) on macOS are changing to use ad-hoc code signatures that are created when the application is installed. The code signature is used by macOS as part of the application's identity. These ad-hoc signatures result in each PWA shim having a unique identity to macOS, where previously every PWA looked like the same application to macOS.
This update addresses problems when attempting to include multiple PWAs in the Open at Login preference pane on macOS, and permits future improvements to handling of user notifications within PWAs on macOS.
Admins should test for compatibility with any endpoint security or binary authorization tools they use (such as Santa). The feature can be enabled for this testing using chrome://flags/#use-adhoc-signing-for-web-app-shims. They can then install a Progressive Web App and ensure that it launches as expected.
If there is an incompatibility between the feature and their current security policies, the AdHocCodeSigningForPWAsEnabled policy can be used to disable the feature while they deploy an updated endpoint security policy. The enterprise policy is intended to be used to disable the feature only until endpoint security policies have been updated, at which point it should be unset.
Chrome 129 on macOS
Feature disabled behind a flag (chrome://flags/#use-adhoc-signing-for-web-app-shims) so that enterprises can test for compatibility with their endpoint security tools, such as Santa. If it is not currently compatible they can disable the feature via the enterprise policy while they update their endpoint security configurations. The enterprise policy is intended to be used to disable the feature only until endpoint security policies have been updated.
Chrome 133 on macOS
Feature will begin to roll out to stable 100%.
Chrome Sync stops support for Chrome versions more than four years old
Starting in February 2025, Chrome Sync (using and saving data in your Google Account) no longer supports Chrome versions that are more than four years old. To continue using Chrome Sync, you need to upgrade to a more recent version of Chrome. To read more, see this discussion: Chrome Sync will be sunset on versions of Chrome that are more than four years old.
Chrome 133 on Android, iOS, ChromeOS, Linux, macOS, Windows
This change affects only the old versions of Chrome and will be rolled out server-side. Chrome 133 is specified only to reflect the timeline when the change will make an effect.
New option in HttpsOnlyMode policy
Ask Before HTTP (ABH), previously named HTTPS Only/First Modes, allows Chrome to ask for user consent before sending insecure HTTP content over the wire. The HttpsOnlyMode policy allows force-enabling, or force-disabling, ABH.
In Chrome 129, we added a new middle-ground variant of ABH called "balanced mode". This variant aims to reduce user inconvenience by working like (strict) ABH most of the time, but not asking when Chrome knows that an HTTPS connection isn't possible (such as when connecting to a single-label hostname like internal/).
We are adding a force_balanced_enabled policy option to allow force-enabling this new variant. Setting force_balanced_enabled on browsers before Chrome 129 will result in the default behavior, which places no enterprise restrictions on the ABH setting.
To avoid unexpected impact, if you have previously set force_enabled, we recommend not setting force_balanced_enabled until your entire fleet has upgraded to Chrome 129 or higher. If you are not migrating from force_enabled to force_balanced_enabled, you will be unaffected by this change.
Chrome 129 on ChromeOS, Linux, macOS, Windows, Fuchsia
Chrome 133 on Android
Tab freezing on Energy saver
When Energy saver is active, Chrome freezes a tab that has been hidden and silent for >5 minutes and uses a lot of CPU, unless:
The tab provides audio- or video- conferencing functionality (detected via microphone, camera or screen/window/tab capture, or an RTCPeerConnection with an open RTCDataChannel or a live MediaStreamTrack).
The tab controls an external device (detected via usage of Web USB, Web Bluetooth, Web HID or Web Serial).
This will extend battery life and speed up Chrome through reduced CPU usage.
The feature can be tested using a flag, chrome://flags/#freezing-on-energy-saver. Alternatively, it can be tested with chrome://flags/#freezing-on-energy-saver-testing, which simulates Energy saver being active and all tabs using a lot of CPU; this allows you to verify whether tabs are eligible for freezing and would be frozen if using a lot of CPU.
Chrome 133 on ChromeOS, Linux, macOS, Windows
The feature will start rolling out to 1% of stable in Chrome 133.
Energy saver availability can be controlled via the BatterySaverModeAvailability policy (this change has no effect when Energy saver is inactive).
V8 security setting on Android
V8 is Chrome’s JavaScript and WebAssembly engine used to improve site performance. To reduce the attack surface of Chrome, Chrome 133 on Android now includes a new setting on chrome://settings/security to disable the V8 Just-in-Time (JIT) optimizers. This maintains compatibility with Web Assembly. Admins can continue to control this feature using the DefaultJavaScriptJitSetting enterprise policy, and the associated JavaScriptJitAllowedForSites and JavaScriptJitBlockedForSites policies.
Chrome 122 on ChromeOS, Linux, macOS, Windows, Fuchsia
The setting rolls out in Chrome 121. The enterprise policies have been available since Chrome 93.
Chrome 133 on Android
The setting is available on Android in Chrome 133, under Site Settings. The enterprise policies are no longer marked experimental.
Chrome Welcome page no longer triggered using initial_preferences
We have removed the Chrome Welcome page from initial_preferences because that page is redundant with the First Run Experience that triggers on desktop platforms. Including chrome://welcome in the first_run_tabs property of the initial_preferences file now has no effect.
For more details about the context of the initial_preferences file, see Configuring Other Preferences.
Chrome 133 on Windows, macOS, Linux
Support for non-special scheme URLs
Since Chrome 130, Chrome browser supports non-special scheme URLs, for example, git://example.com/path. Previously, the Chromium URL parser didn't support non-special URLs. The parser parses non-special URLs as if they had an opaque path, which is not aligned with the URL standard. In Chrome 133, the Chromium URL parser parses non-special URLs correctly, following the URL standard. For more details, see http://bit.ly/url-non-special.
Chrome 130 on Windows, macOS, Linux, Android
Chrome 133 on Windows, macOS, Linux, Android
Chrome 134 on Windows, macOS, Linux, Android: Feature flag being removed
New policies in Chrome browser
Policy - Description
LiveTranslateEnabled - Enable translation of live captions. Captions will be sent to Google for translation.
WebRtcIPHandling - This policy allows restricting which IP addresses and interfaces WebRTC uses when attempting to find the best available connection.
DefaultJavaScriptOptimizerSetting - Allows you to set whether Chrome browser will run the v8 JavaScript engine with more advanced JavaScript optimizations enabled.
JavaScriptOptimizerBlockedForSites - Allows you to set a list of site URL patterns that specify sites for which advanced JavaScript optimizations are disabled.
JavaScriptOptimizerAllowedForSites - Allows you to set a list of site URL patterns that specify sites for which advanced JavaScript optimizations are enabled.
SafeBrowsingAllowlistDomains - Setting the policy to Enabled means Safe Browsing will trust the domains you designate.
FilePickerChooseFromDriveSettings - Allow choosing files directly from Google Drive.
Removed policies in Chrome browser
Policy - Description
CSSCustomStateDeprecatedSyntaxEnabled - Controls whether the deprecated syntax for CSS custom state is enabled.
Chrome Enterprise Core changes
DownloadRestrictions policy support on iOS
DownloadRestrictions is a universal policy available to Chrome Enterprise Core users on Desktop platforms and on Android. DownloadRestrictions policy is now supported on iOS. This will allow admins to block all downloads on mobile Chrome on iOS.
Chrome 133 on iOS
Chrome Enterprise Premium changes
There are no updates to Chrome Enterprise Premium in Chrome 133.
Read more about the differences between Chrome Enterprise Core and Chrome Enterprise Premium.
Source: Google
Comments
Post a Comment