No origin trials are beginning in this version of Chrome. However there are a number of ongoing origin trials which you can find on the Chrome Origin Trials dashboard. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To learn more about origin trials in Chrome, visit the Origin Trials Guide for Web Developers. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the Microsoft Edge Origin Trials Developer Console.
Completed Origin Trials
The following features, previously in a Chrome origin trial, are now enabled by default.
Media Source Extensions in Workers
The Media Source Extensions (MSE) API is now available from DedicatedWorker contexts to enable improved performance of buffering media for playback by an HTMLMediaElement on the main Window context. By creating a MediaSource object in a DedicatedWorker, an application may then obtain a MediaSourceHandle from it and call postMessage() to transfer it to the main thread for attaching to an HTMLMediaElement. The context that created the MediaSource object may then use it to buffer media.
Viewport-height Client Hint
Chrome supports the new Sec-CH-Viewport-Height client hint. This is a counterpart to the Sec-CH-Viewport-Width previously introduced in Chrome. Together they provide information about a viewport's size to an origin. To use these hints, pass Sec-CH-Viewport-Height or Sec-CH-Viewport-Width to the Accept-CH header.
Other Features in this Release
Accurate Screen Labels for Multi-Screen Window Placement
This release enhances the screen label strings provided by the Multi-Screen Window Placement API. Specifically, it refines ScreenDetailed.label property by replacing the previous placeholders with information from the device's Extended Display Identification Data (EDID) or from a higher-level operating system API. For example, instead of returning "External Display 1", the label property will now return something like "HP z27n" or "Built-in Retina Display". These more accurate labels match those shown by operating systems in display settings dialog boxes. The labels are only exposed to sites that have been granted the "window-placement" permission by the user.
CSS: Preventing Overscroll Effects for Fixed Elements
Setting an element's position CSS property to fixed (unless the element's containing block is not the root) will now prevent it from performing the effects specified by overscroll-behavior. In particular, fixed-position elements will not move during overscroll effects.
DisplayMediaStreamConstraints.systemAudio
A new constraint is being added to MediaDevices.getDisplayMedia() to indicate whether system audio should be offered to the user. User agents sometimes offer audio for capturing alongside video. But not all audio is created alike. Consider video-conferencing applications. Tab audio is often useful, and can be shared with remote participants. But system audio includes participants' own audio, and may not be appropriate to share back. To use the new constraint, pass systemAudio as a constraint. For example:
To conform with spec the TransformStreamDefaultController class is now available on the global scope. This class already exists and can be accessed using code such as
let TransformStreamDefaultController;
new TransformStream({ start(c) { TransformStreamDefaultController = c.constructor; } });
This change makes such code unnecessary since TransformStreamDefaultController is now on the global scope. Possible uses for this class include monkey patching properties onto TransformStreamDefaultController.prototype, or feature-testing existing properties of it more easily. Note that the class is not constructible. In other words, this throws an error:
new TransformStreamDefaultController()
HTML Sanitizer API
The HTML Sanitizer API is an easy to use and safe way to remove executable code from arbitrary, user-supplied content. The goal of the API is to make it easier to build web applications that are free of cross-site scripting vulnerabilities and ship part of the maintenance burden for such apps to the platform.
In this release, only basic functionality is supported, specifically Element.setHTML(). The Sanitize interface will be added at a later stage. Namespaced content (SVG + MathML) is not yet supported, only HTML. For more information on the API, see HTML Sanitizer API - Web APIs.
import.meta.resolve()
The import.meta.resolve() method returns the URL to which the passed specifier would resolve in the context of the current script. That is, it returns the URL that would be imported if you called import(). A specifier is a URL beginning with a valid scheme or one of /, ./, or ../. See the HTML spec for examples.
This method makes it easier to write scripts which are not sensitive to their exact location, or to the web application's module setup. Some of its capabilities are doable today, in a longer form, by combining new URL() and the existing import.meta.url() method. But the integration with import maps allows resolving URLs that are affected by import maps.
Improvements to the Navigation API
Chrome 105 introduces two new methods on the NavigateEvent of the Navigation API (introduced in 102) to improve on methods that have proved problematic in practice. intercept(), which let's developers control the state following the navigation, replaces transitionWhile(), which proved difficult to use. The scroll() method, which scrolls to an anchor specified in the URL, replaces restoreScroll() which does not work for all types of navigation. For explanations of the problems with the existing methods and examples of using the new, see Changes to NavigateEvent.
The transitionWhile() and restoreScroll() methods are also deprecated in this release. We expect to remove them in 108. See below for other deprecations and removals in this release.
onbeforeinput Global Event Handler Content Attribute
The nbeforeinput global content attribute is now supported in Chrome. The beforeinput form was already available via addEventListener(). Chrome now also allows feature detection by testing against document.documentElement.onbeforeinput
Opaque Response Blocking v0.1
Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of "no-cors" subresources.
Picture-in-Picture API Comes to Android
The Picture-in-Picture API allows websites to create a floating video window that is always on top of other windows so that users may continue consuming media while they interact with other sites or applications on their device. This feature has been available on desktop since Chrome 70. It's now available for Chrome running on Android 11 or later. This change only applies to <video> elements. For information on using the Picture-in-Picture API, see Watch video using Picture-in-Picture.
Response.json()
The Response() constructor allows for creating the body of the response from many types; however the existing response.json() instance method does not let you directly create a JSON object. The Response.json() static method fills this gap.
Response.json() returns a new Response object and takes two arguments. The first argument takes a string to convert to JSON. The second is an optional initialization object.
Syntax Changes to Markup Based Client Hints Delegation
New syntax: <meta http-equiv="delegate-ch" value="sec-ch-dpr https://foo.bar https://baz.qux; sec-ch-width https://foo.bar">
Writable Directory Prompts for the File System Access API
Chromium now allows returning a directory with both read and write permissions in a single prompt for the File System Access API. Previously, Window.showDirectoryPicker() returned a read-only directory (after showing a read access prompt), requiring a second prompt to get write access. This double prompt is a poor user experience and contributes to confusion and permission fatigue among users.
Deprecations, and Removals
This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of planned deprecations, current deprecations and previous removals.
Remove WebSQL in Non-secure Contexts
WebSQL in non-secure contexts is now removed. The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated it in 2019. The W3C encourages Web Storage and Indexed Database for those needing alternatives.
Developers should expect that WebSQL itself will be deprecated and removed when usage is low enough.
CSS Default Keyword is Disallowed in Custom Identifiers
The CSS keyword 'default' is no longer allowed within CSS custom identifiers, which are used for many types of user-defined names in CSS (for example, names created by @keyframes rules, counters, @container names, custom layout or paint names). This adds 'default' to the list of names that are restricted from use in custom identifiers, specifically 'inherit', 'initial', 'unset', 'revert', and 'revert-layer'.
Deprecations in the Navigation API
The transitionWhile() and restoreScroll() methods are also deprecated in this release, and we expect to remove them in 108. Developers who need this functionality should use the new intercept() and scroll() methods. For explanations of the problems with the existing methods and examples of using the new, see Changes to NavigateEvent .
Deprecate Non-ASCII Characters in Cookie Domain Attributes
To align with the latest spec (RFC 6265bis), Chromium will soon reject cookies with a Domain attribute that contains a non-ASCII character (for example, Domain=éxample.com).
Support for IDN domain attributes in cookies has been long unspecified, with Chromium, Safari, and Firefox all behaving differently. This change standardizes Firefox's behavior of rejecting cookies with non-ASCII domain attributes.
Since Chromium has previously accepted non-ASCII characters and tried to convert them to normalized punycode for storage, we will now apply stricter rules and require valid ASCII (punycode if applicable) domain attributes.
A warning is printed to the console starting in 105. Removal is expected in 106.
Remove Gesture Scroll DOM Events
The gesture scroll DOM events have been removed from Chrome, specifically, gesturescrollstart, gesturescrollupdate and gesturescrollend. These were non-standard APIs that were added to Blink for use in plugins, but had also been exposed to the web.
Media Queries enable responsive design, and the range features that enable testing the minimum and maximum size of the viewport are used by around 80% of sites that use media queries.
The Media Queries Level 4 specification includes a new syntax for these range queries. They can now be written using ordinary mathematical comparison operators. Also supported are the logical operators or and not, and nesting and evaluation of "unknown" features. For example, a media query previously written like this:
This version of Chromium supports the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chromium, including the ones described below, visit the Chrome Origin Trials dashboard. To learn more about origin trials in Chrome, visit the Origin Trials Guide for Web Developers. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the Microsoft Edge Origin Trials Developer Console.
New Origin Trials
Focusgroup
The focusgroup CSS property improves keyboard focus navigation using the keyboard arrow keys among a set of focusable elements. Adding this feature to browsers allows web developers to control focus navigation without custom solutions that can lead to a lack of consistency, accessibility, and interoperability. Sign up here for the Microsoft Edge origin trial. It's scheduled to last through 107.
Opt Out of Credit Card Storage
Secure Payment Confirmation now supports a means for users to opt out of storing their credit card data to make later purchases easier. To use the new feature, set showOptOut to true on methodData.data, which is passed as the first parameter of the PaymentRequest() constructor. For example:
To see an example in context check out the demo. You can sign up here for the origin trial. It's scheduled to last through Chrome 106.
Shared Element Transitions
Shared Element Transitions enables the creation of polished transitions in single-page applications (SPAs). Minimal development effort is required by devs to make transitions look nice; they can choose to use default animation properties, or they can customize their own transition effects to achieve the desired transition experience.Transitions are set declaratively using CSS properties. For more information, see Shared Element Transitions. Visit the dashboard to sign up for the origin trial.
Completed Origin Trials
The following features, previously in a Chrome origin trial, are now enabled by default.
Subresource loading with web bundles is a way to load many resources efficiently. To use the feature a web page declares that certain resources are provided by a web bundle at a particular URL. For example:
When cookies are set with an explicit Expires/Max-Age attribute the value will now be capped to no more than 400 days. Previously, there was no limit and cookies could expire as much as multiple millennia in the future. This follows a change in the spec.
400 days was chosen as a round number close to 13 months. This duration ensures that sites visited roughly once a year (for example, sites for choosing health insurance benefits) will continue to work.
CSS object-view-box
The object-view-box property allows authors to specify a portion of an image that should draw within the content box of a target replaced element. This enables creation of images with a custom glow or shadow applied, with proper ink-overflow behavior such as a CSS shadow would have. For more information, see First Look At The CSS object-view-box Property.
Fullscreen Capability Delegation
Fullscreen Capability Delegation allows a Window to transfer the ability to call requestFullscreen() to another Window it trusts after relinquishing the transient user activation at the sender Window. This feature is based on the general delegation mechanism that shipped in Chrome 100.
Fullscreen Companion Window allows sites to place fullscreen content and a popup window on separate screens from a single user activation. There is a demo available with source code on GitHub.
The overflow-clip-margin property specifies how far an element's content is allowed to paint before being clipped. This feature allows using visual-box values to configure the reference box that defines the overflow clip edge the content is clipped to.
Web Custom Formats for Async Clipboard API
Web Custom Formats lets websites read and write arbitrary unsanitized payloads using a standardized web custom format, as well as read and write a limited subset of OS-specific formats (for supporting legacy apps).
The name of the clipboard format is mangled by the browser in a standardized way to indicate that the content is from the web. This allows platform applications to opt-in to accepting the unsanitized content.
Some web app developers want to exchange data payloads between web and platform applications via operating system clipboards. The Clipboard API supports the most popular standardized data types (text, image, rich text) across all platforms. However, this API does not scale to the long tail of specialized formats. In particular, custom formats, non-web-standard formats like TIFF (a large image format), and proprietary formats like docx (a document format), are not supported by the current Web Platform.
The color space that content should be converted to when importing as a texture.
Before this version of Chrome, both of these defaulted to sRGB. Now they can also use "display-p3".
Deprecations, and Removals
This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of current deprecations and previous removals.
Block Third-Party Contexts Navigating to Filesystem URLs
Four client hints (dpr, width, viewport-width, and device-memory) have a default allowlist of self but behave as though they have a default allowlist of * on Android, contrary to the spec. This is now fixed, increasing privacy on Android by requiring explicit delegation of these hints.
Remove U2F API (Cryptotoken)
Chrome's legacy U2F API for interacting with security keys is no longer supported. U2F security keys themselves are not deprecated and will continue to work.
Affected sites should migrate to the Web Authentication API. Credentials that were originally registered via the U2F API can be challenged via web authentication. USB security keys that are supported by the U2F API are also supported by the Web Authentication API.
U2F is Chrome's original security key API. It allows sites to register public key credentials on USB security keys and challenge them for building phishing-resistant two-factor authentication systems. U2F never became an open web standard and was subsumed by the Web Authentication API (launched in Chrome 67). Chrome never directly supported the FIDO U2F JavaScript API, but rather shipped a component extension called cryptotoken, which exposes an equivalent chrome.runtime.sendMessage() method. U2F and Cryptotoken are firmly in maintenance mode and have encouraged sites to migrate to the Web Authentication API for the last two years.
The following features, previously in a Chrome origin trial, are now enabled by default.
Local Font Access
Web applications can now enumerate local fonts and metadata about each. The new API also gives web applications access to table data stored within local fonts, allowing those fonts to be rendered within their applications using custom text stacks.
Note: The Chrome 102 beta post erroneously listed this feature as shipping in that version.
Same-Origin Prerendering Triggered by the Speculation Rules API
Prerendering loads a web page before it is needed, so that when the actual navigation to that page occurs, it can be shown instantly. To speed up page loads. Chrome's previous prerender mechanism is now replaced with No State Prefetch. No State Prefetch doesn't generally result in an instant page load experience, but the new feature does. This feature is supported on Android only.
The implementation of GREASE in User Agent Client Hints is now aligned with the current spec, which includes additional GREASE characters beyond the current semicolon and space, and which recommends varying the arbitrary version. This helps prevent bad assumptions from being built on top of User-Agent strings.
Other Features in this Release
AbortSignal.timeout() Static Method
Returns a new AbortSignal object that is automatically aborted after a given number of milliseconds. Use this method to easily implement timeouts for signal-accepting asynchronous APIs, such as fetch(). For example:
The Element and ElementInternal interfaces now include an ARIA property called ariaRoleDescription which returns or modifies the ARIA role attribute directly. This feature is only supported on desktop.
avif is Now a Permitted Web Share File Extension
The avif image file format is now sharable by Web Share. Adding avif to the other allowed image file types helps spread the use of it. A website might like their users to be able to share pictures and other files through social media, email, chat, etc. The Web Share API is already shipped to more platforms such as ChromeOS and Windows, but avif is not supported yet.
"deflate-raw" Compression Format
Chrome supports a new compression format, deflate-raw, to give web developers access to the raw deflate stream without any headers or footers. This is needed, for example, to read and write zip files.
form rel Attribute
The 'rel' attribute has been added to form elements. This makes it possible to prevent window.opener from being present on websites navigated to by form elements which have rel=noopener. It also prevents the referer header from being sent with rel=noreferrer.
popstate Fires Before Load
Chromium now matches Firefox and by firing popstate immediately after URL changes so that the order of events is now popstate then hashchange across both platforms. Before this change, Chromium fired hashchange asynchronously after a task, and delayed popstate until the load event. This means the event order could be either hashchange then popstate, or popstate then hashchange, depending on how long a document took to load.
Restrict Gamepad Usage
The Gampepad API now requires a secure context. Additionally a new feature policy called 'gamepad' has been added with a default allowlist of 'self'.
SerialPort forget()
The SerialPort forget() method allows web developers to voluntarily revoke a permission to a serial port that was granted by a user. Some sites may not be interested in retaining long-term permissions to access serial ports. For example, for an educational web application used on a shared computer with many devices, a large number of accumulated user-generated permissions creates a poor user experience.
In addition to user agent mitigations to avoid this problem, such as defaulting to a session scoped permission on the first request or expiring infrequently used permissions, it should be possible for the site itself to clean up user-generated permissions it no longer needs.
This follows the recent additions of a forget() method for the HIDDevice and USBDevice interfaces.
Support visual-box on overflow-clip-margin
The overflow-clip-margin CSS property now supports visual-box, which specifies the box edge to use as the overflow clip edge origin. Valid values are content-box, padding-box (the default), or border-box. The overflow-clip-margin property specifies how far an element's content is allowed to paint before being clipped.
User Activation Required for SPC Credential Enrollment
A user activation requirement has been added for Secure Payment Confirmation credential enrollment in a cross-origin iframe. This is being done to help mitigate a privacy issue.
Deprecations, and Removals
This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of current deprecations and previous removals.
Block External Protocol in Sandboxed iframe
Sandboxed iframes are not blocked from opening external applications. Currently, developers sandbox untrusted content and block user navigation. Blocking probably should have also included links to external apps or to the Play store. This has now been fixed.
Sites that need navigation can add the following values to the <iframe> element's sandbox property:
This version of Chrome introduces the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the Chrome Origin Trials dashboard. To learn more about origin trials in Chrome, visit the Origin Trials Guide for Web Developers. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the Microsoft Edge Origin Trials Developer Console.
Continuing Origin Trials
The following origin trial is being extended to the listed version.
Media Source Extensions in Workers
Chrome is continuing an origin trial for making the Media Source Extensions (MSE) API available from dedicated workers. This feature improves performance when buffering playing media in an HTMLMediaElement on the main Window. By creating a MediaSource object in a dedicated worker, an application may then create an ObjectURL for it and call postMessage() to pass that URL to the main thread for attaching to an HTMLMediaElement. The context that created the MediaSource object may then use it to buffer media. Web authors have consistently requested that MSE be available from Worker contexts. This extended origin trial is expected to end in Chrome 103, in late July 2022.
Completed Origin Trials
The following feature, previously in a Chrome origin trial, is now enabled by default.
Digital Goods API
Chrome now provides an API for querying and managing digital products to facilitate in-app purchases from web applications. The new API works with the Payment Request API, which is used for the actual purchases. The API can be linked to a digital distribution service connected through the user agent. In Chromium, this is specifically a web API wrapper around the Android Play Billing API.
This API lets web apps in the Play Store accept purchases for digital goods. (Play policies prevent them from accepting payment via any other method.) Without this, websites that sell digital goods are not installable through the Play Store.
Chrome now throws an AbortSignal object's reason if the signal is aborted. This convenience method allows signal-handling functions to check a signal's abort status and propagate the abort reason. For example, it could be called after asynchronous operations that might change a signal's state.
Abort signal handling functions often need to check the signal's status and propagate the error if the signal has been aborted. This provides a convenient and consistent way to do this. An example is already available on MDN.
Capability Delegation
Capability delegation means allowing a frame to relinquish its ability to call a restricted API and transfer that ability to a (sub) frame it trusts. If an app wants to delegate its ability to call a restricted JavaScript feature (for example, popups, or fullscreen) to a known and trusted third-party frame, this API allows it to transfer this ability to the target frame for a specified period. This is in contrast to static mechanisms such as an iframe's allow attributes.
Many merchant websites host their online store on their own domain but outsource the payment collection and processing infrastructure to a payment service provider (PSP) to comply with security and regulatory complexities around card payments. This workflow is implemented as a "pay" button inside the top (merchant) frame where it can blend better with the rest of the merchant's website, and payment request code inside a cross-origin iframe from the PSP. The Payment Request API used by the PSP code is gated by transient user activation (to prevent malicious attempts like unattended or repeated payment requests). Because the top (merchant) frame's user interaction is not visible to the iframe, the PSP code needs to delegate in response to a click in the top frame before it can start payment processing.
HIDDevice forget()
The HIDDeviceforget() method allows web developers to voluntarily revoke a permission to an HIDDevice that was granted by a user. Some sites may not be interested in retaining long-term permissions to access HID devices. For example, for an educational web application used on a shared computer with many devices, a large number of accumulated user-generated permissions creates a poor user experience.
In addition to user agent mitigations to avoid this problem, such as defaulting to a session scoped permission on the first request or expiring infrequently used permissions, it should be possible for the site itself to clean up user-generated permissions it no longer needs.
mix-blend-mode: "plus-lighter"
The mix-blend-mode property now supports the "plus-lighter" value, which adds the source and destination colors multiplied by their respective alphas. This operation is useful when crossfading between two elements that contain common pixels. In that case, "plus-lighter" ensures that the common pixels do not change in appearance as opacity changes from 0 to 1 on one element and from 1 to 0 on the other.
Sec-CH-UA-WoW64 Client Hint
This hint serves solely as a backwards compatible shim for sites relying on "WoW64-ness" (32-bit apps running in 64-bit Windows) as they transition from the User-Agent string to UA-CH. It returns a boolean value.
SerialPort Integration with WritableStream Controller's Abort Signal
When using WritableStream, serial ports can now be closed without waiting for all write operations to finish. If the port is waiting for the peer device to provide a flow control signal it could be blocked indefinitely. The intent of aborting a WritableStream is to immediately stop writing data to the underlying sink.
TLS ALPN Extension in wss-schemed WebSockets Connections
The TLS ALPN extension is now included when initiating a new connection for wss-schemed WebSockets, offering just the default "http/1.1" protocol. Currently, unlike HTTPS connections, such connections do not offer ALPN at all. Changing this aligns with Firefox and Safari, hardens against cross-protocol attacks (ALPACA, for example), and makes wss eligible for the false start optimization. It also simplifies work on the HTTPS DNS record.
In WebTransport, the serverCertificateHashes option allows a website to connect to a web transport server by authenticating the certificate against the expected certificate hash instead of using the Web public key infrastructure (PKI).
This feature allows Web developers to connect to WebTransport servers that would normally find obtaining a publicly trusted certificate challenging, such as hosts that are not publically routable, or virtual machines that are ephemeral in nature.
