Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Chrome 103 Beta: Early Navigation Hints, a Host of Completed Origin Trials, and More

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Chrome 103 Beta: Early Navigation Hints, a Host of Completed Origin Trials, and More


๐Ÿ’ก Newskategorie: Programmierung
๐Ÿ”— Quelle: blog.chromium.org

Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 103 is beta as of May 26, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android.

Early Hints for Navigation

Chrome now supports the 103 Early Hints HTTP response code for navigation. (Note: the correspondence with the Chrome release number is a coincidence.) When a 103 response includes <link rel=preload> or other link headers Chromium tries to preload (and/or preconnect, prefetch) specified resources before the final response is received. This gives web developers a way to optimize core web vitals such as Largest Contentful Paint (LCP).

ย 
HTTP/2 introduced the concept of server push, a mechanism that allows a server to preemptively send data to the client. Server push was intended to improve site performance. In the years since, developers have generally preferred preloading from the client side of a web interaction. 103 early hints for navigation provides a new way to do that.

ย 
For information on the work that went into bringing this to the web, see Beyond Server Push: The 103 Early Hints Status Code.

Origin Trials

Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the Chrome Origin Trials dashboard. To learn more about origin trials in Chrome, visit the Origin Trials Guide for Web Developers. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the Microsoft Edge Origin Trials Developer Console.

New Origin Trials

Federated Credentials Management

The Federated Credential Management API allows users to log in to websites with their federated accounts in a privacy preserving manner. It allows the browser to understand the context in which the relying party and identity provider exchange information, inform the user about the information and privilege levels being shared and prevent unintended abuse.


Completed Origin Trials

The following features, previously in a Chrome origin trial, are now enabled by default.

Local Font Access

Web applications can now enumerate local fonts and metadata about each. The new API also gives web applications access to table data stored within local fonts, allowing those fonts to be rendered within their applications using custom text stacks.

Note: The Chrome 102 beta post erroneously listed this feature as shipping in that version.

Same-Origin Prerendering Triggered by the Speculation Rules API

Prerendering loads a web page before it is needed, so that when the actual navigation to that page occurs, it can be shown instantly. To speed up page loads. Chrome's previous prerender mechanism is now replaced with No State Prefetch. No State Prefetch doesn't generally result in an instant page load experience, but the new feature does. This feature is supported on Android only.

Update User-Agent Client Hints GREASE Implementation

The implementation of GREASE in User Agent Client Hints is now aligned with the current spec, which includes additional GREASE characters beyond the current semicolon and space, and which recommends varying the arbitrary version. This helps prevent bad assumptions from being built on top of User-Agent strings.

Other Features in this Release

AbortSignal.timeout() Static Method

Returns a new AbortSignal object that is automatically aborted after a given number of milliseconds. Use this method to easily implement timeouts for signal-accepting asynchronous APIs, such as fetch(). For example:

fetch(url, { signal: AbortSignal.timeout(10_000) });

ARIA Attribute Reflection for the role Attribute

The Element and ElementInternal interfaces now include an ARIA property called ariaRoleDescription which returns or modifies the ARIA role attribute directly. This feature is only supported on desktop.

avif is Now a Permitted Web Share File Extension

The avif image file format is now sharable by Web Share. Adding avif to the other allowed image file types helps spread the use of it. A website might like their users to be able to share pictures and other files through social media, email, chat, etc. The Web Share API is already shipped to more platforms such as ChromeOS and Windows, but avif is not supported yet.

"deflate-raw" Compression Format

Chrome supports a new compression format, deflate-raw, to give web developers access to the raw deflate stream without any headers or footers. This is needed, for example, to read and write zip files.

form rel Attribute

The 'rel' attribute has been added to form elements. This makes it possible to prevent window.opener from being present on websites navigated to by form elements which have rel=noopener. It also prevents the referer header from being sent with rel=noreferrer.

popstate Fires Before Load

Chromium now matches Firefox and by firing popstate immediately after URL changes so that the order of events is now popstate then hashchange across both platforms. Before this change, Chromium fired hashchange asynchronously after a task, and delayed popstate until the load event. This means the event order could be either hashchange then popstate, or popstate then hashchange, depending on how long a document took to load.

Restrict Gamepad Usage

The Gampepad API now requires a secure context. Additionally a new feature policy called 'gamepad' has been added with a default allowlist of 'self'.

SerialPort forget()

The SerialPort forget() method allows web developers to voluntarily revoke a permission to a serial port that was granted by a user. Some sites may not be interested in retaining long-term permissions to access serial ports. For example, for an educational web application used on a shared computer with many devices, a large number of accumulated user-generated permissions creates a poor user experience.

In addition to user agent mitigations to avoid this problem, such as defaulting to a session scoped permission on the first request or expiring infrequently used permissions, it should be possible for the site itself to clean up user-generated permissions it no longer needs.

This follows the recent additions of a forget() method for the HIDDevice and USBDevice interfaces.

Support visual-box on overflow-clip-margin

The overflow-clip-margin CSS property now supports visual-box, which specifies the box edge to use as the overflow clip edge origin. Valid values are content-box, padding-box (the default), or border-box. The overflow-clip-margin property specifies how far an element's content is allowed to paint before being clipped.

User Activation Required for SPC Credential Enrollment

A user activation requirement has been added for Secure Payment Confirmation credential enrollment in a cross-origin iframe. This is being done to help mitigate a privacy issue.

Deprecations, and Removals

This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of current deprecations and previous removals.

Block External Protocol in Sandboxed iframe

Sandboxed iframes are not blocked from opening external applications. Currently, developers sandbox untrusted content and block user navigation. Blocking probably should have also included links to external apps or to the Play store. This has now been fixed.

Sites that need navigation can add the following values to the <iframe> element's sandbox property:

  • allow-popups
  • allow-top-navigation
  • allow-top-navigation-with-user-activation

Remove Battery Status API on Insecure Origins

The Battery Status API is no longer supported on insecure contexts, specifically HTTP pages and HTTPS iframes embedded in HTTP pages. This is being removed in accordance with our policy of deprecating powerful features on insecure origins, This also follows a spec change.

Remove <param> Element

Given the removal of plugins from the web platform, and the relative lack of use of <param>, it is being removed from the web platform.

...



๐Ÿ“Œ Chrome 103 Beta: Early Navigation Hints, a Host of Completed Origin Trials, and More


๐Ÿ“ˆ 121.82 Punkte

๐Ÿ“Œ Chrome 103 Beta: Early Navigation Hints, a Host of Completed Origin Trials, and More


๐Ÿ“ˆ 121.82 Punkte

๐Ÿ“Œ New in Chrome 103: HTTP 103 early hints, Local Font Access, AbortSignal.timeout, and more!


๐Ÿ“ˆ 65.09 Punkte

๐Ÿ“Œ Chrome 102: Window Controls Overlay, a Host of Finished Origin Trials, PWAs as File Handlers and More


๐Ÿ“ˆ 45.37 Punkte

๐Ÿ“Œ Chrome 102: Window Controls Overlay, a Host of Finished Origin Trials, PWAs as File Handlers and More


๐Ÿ“ˆ 45.37 Punkte

๐Ÿ“Œ Chrome 77 Beta: New performance metrics, new form capabilities, capabilities in origin trials and more


๐Ÿ“ˆ 40.7 Punkte

๐Ÿ“Œ Chrome 84 Beta: Web OTP, Web Animations, New Origin Trials and More


๐Ÿ“ˆ 40.7 Punkte

๐Ÿ“Œ Chrome 90 Beta: AV1 Encoder for WebRTC, New Origin Trials, and More


๐Ÿ“ˆ 40.7 Punkte

๐Ÿ“Œ New in Chrome 80: Module Workers, Optional Chaining, New Origin Trials, and more!


๐Ÿ“ˆ 35.44 Punkte

๐Ÿ“Œ New in Chrome 95: URLPattern, the Eye Dropper API, new origin trials, and more!


๐Ÿ“ˆ 35.44 Punkte

๐Ÿ“Œ New in Chrome 81: App icon badging lands in stable, new origin trials, hit testing for WebXR & more!


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ New in Chrome 78: New origin trials, CSS Properties and Values API, and fresher service workers!


๐Ÿ“ˆ 32.48 Punkte

๐Ÿ“Œ Chrome 96 Beta: Conditional Focus, Priority Hints, and More


๐Ÿ“ˆ 32.46 Punkte

๐Ÿ“Œ Chrome 96 Beta: Conditional Focus, Priority Hints, and More


๐Ÿ“ˆ 32.46 Punkte

๐Ÿ“Œ HTTP 103 - An HTTP Status Code for Indicating Hints


๐Ÿ“ˆ 31.36 Punkte

๐Ÿ“Œ ClamAV Antivirus 0.103.0/0.103.1 PDF Parser buffer overflow


๐Ÿ“ˆ 30.05 Punkte

๐Ÿ“Œ ClamAV Antivirus 0.103.0/0.103.1 Excel XLM Macro Parsing Module denial of service


๐Ÿ“ˆ 30.05 Punkte

๐Ÿ“Œ CVE-2015-2544 | Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting (MS15-103 / MS15-103)


๐Ÿ“ˆ 30.05 Punkte

๐Ÿ“Œ CVE-2015-2543 | Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting (MS15-103 / MS15-103)


๐Ÿ“ˆ 30.05 Punkte

๐Ÿ“Œ CVE-2015-2505 | Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure (MS15-103 / MS15-103)


๐Ÿ“ˆ 30.05 Punkte

๐Ÿ“Œ What are Chrome's origin trials?


๐Ÿ“ˆ 28.92 Punkte

๐Ÿ“Œ Weblate: Race Condition allows to get more free trials and get more than 100 languages and strings for free


๐Ÿ“ˆ 27.65 Punkte

๐Ÿ“Œ New in Chrome 96: Improvements for installed PWAs, Priority Hints, and more!


๐Ÿ“ˆ 27.2 Punkte

๐Ÿ“Œ Chrome 98 Beta: Color Gradient Vector Fonts, Region Capture Origin Trial, and More


๐Ÿ“ˆ 26.07 Punkte

๐Ÿ“Œ Chrome 98 Beta: Color Gradient Vector Fonts, Region Capture Origin Trial, and More


๐Ÿ“ˆ 26.07 Punkte

๐Ÿ“Œ Google Chrome 29.0.1547.76 Transaction IDBTransaction.cpp Aborted/Completed Transaction memory corruption


๐Ÿ“ˆ 25.18 Punkte

๐Ÿ“Œ Now in Android: 103 - Android 15 Beta, Gemini in Android Studio, Google Drive improvements, & more!


๐Ÿ“ˆ 25.02 Punkte

๐Ÿ“Œ SISQUAL WFM 7.1.319.103 Host Header Injection


๐Ÿ“ˆ 24.96 Punkte

๐Ÿ“Œ [webapps] SISQUALWFM 7.1.319.103 - Host Header Injection


๐Ÿ“ˆ 24.96 Punkte

๐Ÿ“Œ A new default Referrer-Policy for Chrome: strict-origin-when-cross-origin


๐Ÿ“ˆ 24.25 Punkte

๐Ÿ“Œ Faster page loads using server think-time with Early Hints


๐Ÿ“ˆ 24.17 Punkte

๐Ÿ“Œ Actions on Google, Android P Developer Preview, New in Chrome 65 & More! - TL;DR 103


๐Ÿ“ˆ 24.11 Punkte

๐Ÿ“Œ Actions on Google, Android P Developer Preview, New in Chrome 65 & More! - TL;DR 103


๐Ÿ“ˆ 24.11 Punkte











matomo