Unless otherwise noted, the following changes apply to the newest Chrome beta channel release for Android, ChromeOS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 128 is beta as of 24 July 2024. You can download the latest on Google.com for desktop or on Google Play Store on Android.
CSS
This release adds four new CSS features.
CSS ruby-align property
There are multiple ways to align characters when the length of ruby annotations
and the base characters don't match, and the ruby-align property
lets you choose the one that works best for your design. The property takes one of the
following keyword values:
space-aroundspace-betweenstartcenter
Line-breakable ruby
Makes line-breaks possible within elements with display: ruby.
Previously a single pair of a ruby-base and a ruby-text was not line-breakable, and would be pushed to the next line if the current line had not enough space for the entire pair. Now each of the ruby-base and the ruby-text can be split into multiple lines.
Minimum size of <option> within <select> dropdown
The WCAG accessibility guidelines specify that the size of pointer inputs must
be at least 24 by 24 CSS pixels. This changes makes the <option> element
within the <select> dropdown meet this height requirement.
Standardized CSS zoom property
Updates the existing implementation of the previously non-standard CSS
zoom
property to align with the new standard.
This changes various JavaScript APIs to align with the spec,
changes zoom to apply to iframe content documents,
and changes it to apply to all inherited length properties
(previously it only changed inherited font-size).
Web APIs
Additions to Attribution Reporting
Chrome 128 includes two additional features for Attribution Reporting. There are changes to source-destination-limit logic, with the aim of reducing the rate of transmission loss. Flexible contributions filtering will improve API report batching capabilities.
AudioContext.onerror
AudioContext creation and audio rendering errors are now reported to web
applications with a callback assigned to AudioContext.onerror.
Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies
Chrome 128 adds a cross-site ancestor bit to the keyring of the partitioned
cookie's CookiePartitionKey. This change unifies the partition key with the
partition key values used in storage partitioning and adds protection against
clickjacking attacks by preventing cross-site embedded frames from having access
to the top-level-site's partitioned cookies.
document.caretPositionFromPoint
Returns the current caret position from a given screen point in the form of a
CaretPosition object representing the caret position indicating current text
insertion point including the containing DOM node, caret's character offset, and
the client rectangle of caret range. This feature also supports getting the
CaretPosition inside Shadow DOM.
PointerEvent.deviceProperties for Multi-Pen Inking
Currently, developers have no way to distinguish between two individual pens on
an ink-enabled digitizer. The existing PointerEvent.id attribute is
implemented in different ways and does not always persist for each ink stroke or
interaction with the screen.
This change provides a secure and reliable way to identify individual pen
(pointers) interacting with the screen to set specific colors or pen shapes for
each device interacting with the digitizer. It extends the PointerEvent
interface to include a new attribute, deviceProperties. This contains the
attribute uniqueId, that represents a session-persistent, document isolated,
unique identifier that a developer can reliably use to identify individual pens
interacting with the page.
Private Aggregation API: client-side contribution merging
Modifies the Private Aggregation API to merge histogram contributions with the same bucket and filtering ID before embedding in the aggregatable report's encrypted payload.
Private Aggregation imposes a limit on the number of contributions that can be embedded in a single aggregatable report, with any additional contributions being dropped. By merging contributions where possible, we can get additional utility out of the limit. Note that, ignoring the dropping of excess contributions, merging these sorts of contributions shouldn't have any impact on the final summary reports.
Promise.try
Promise.try is a TC39 proposal for a
new static method. Promise.try(f) is shorthand for new Promise(resolve =>
resolve(f())).
SkipAd media session action
Supports the SkipAd media session action. This action lets browsers show a button in the system media controls or in the Picture-in-Picture window.
WebAuthn hints
The new hints parameter in WebAuthn requests lets sites provide guidance to
browsers to guide their UI. The canonical use case is enterprises that know
their internal sites use only security keys and want to be able to communicate
that so that browsers focus the UI on that case.
Hints also resolve a tension where the current authenticatorAttachment
parameter is strict: setting it to platform excludes all cross-platform
options.
Write image/svg+xml content in UTF-8 format on Windows
Switch to UTF-8 on Windows while writing image/svg+xml format to the
clipboard. HTML format already uses UTF-* on Windows and this will allow copying
and pasting SVG images from the clipboard.
On all other supported platforms, image/svg+xml is serialized into UTF-8
before it gets written to the clipboard.
Web Share API on macOS
The API enables web developers to build share buttons that display the same system share dialog boxes used by mobile applications. This previously shipped on Android, Windows, and ChromeOS, and is now also coming to macOS.
New origin trials
In Chrome 128 you can opt into the following new origin trials.
Deprecate 0.0.0.0 for Private Network Access (PNA)
We propose to block access to IP address 0.0.0.0 before PNA is fully deployed.
Chrome is deprecating direct access to private network endpoints from public
websites as part of the
PNA specification.
Services listening on
localhost (127.0.0.0/8) are considered private according to the
specification. Chrome's PNA protection can be bypassed using the IP address
0.0.0.0 to access services listening on the localhost on macOS and Linux.
This can also be abused in DNS rebinding attacks targeting a web application listening on the localhost.
Since 0.0.0.0 is not (and shouldn't be) used in practice, it's deprecated
separately from the rest of the private network requests deprecation.
Digital Credentials API
Websites can request credentials from mobile wallet apps through a variety of mechanisms today, for example custom URL handlers and QR code scanning. This feature lets sites request identity information from digital credentials inside wallets using Android's IdentityCredential CredMan system. It's extensible to support multiple credential formats (for example, ISO mDoc and W3C verifiable credential) and allows multiple wallet apps to be used. The API also includes mechanisms to reduce the risk of ecosystem-scale abuse of sensitive identity information.
Register for the Digital Credentials API origin trial.
FedCM multiple identity providers in single get() call
Allows FedCM to show multiple identity providers in the same dialog. This gives
developers a convenient way to present all supported identity providers to
users. We are planning to first tackle the case of having all providers
in the same get() call.
Register for the FedCM Multiple Identity Providers origin trial.
FedCM: Button Mode for Chrome on Android
Button Mode API adds a new FedCM UI. With the Button Mode API, identity providers can use FedCM API even if their users don't have active identity provider (IdP) sessions upon the API call.
Register for the FedCM Button Mode origin trial.
FedCM: Continuation API bundle for Chrome on Android
The Continuation API bundles a few features. Continuation API lets the IDP open a popup window to finish the sign-in flow after potentially collecting additional information. Parameters API lets RPs pass additional data to the ID assertion endpoint. Fields API lets RPs bypass the data sharing prompt in favor of the IdP prompting. Multiple configURLs lets IdPs use different config files in different contexts. Finally, account labels allow filtering the account list per config file without providing additional entropy to the IdP.
Register for the FedCM Continuation API origin trial.
Disable standardized CSS zoom
The implementation of the previously non-standard CSS zoom property has been
updated to align with the new standard. This changes various JavaScript APIs to
align with the specification, changes zoom to apply to iframe content
documents, and changes it to apply to all inherited length properties where
previously it only changed inherited font-size.
This trial lets you opt back into the previous behavior to have more time to adjust your code.
Register for the Disable Standardized CSS zoom origin trial.
WebGPU Subgroups experimentation
Adds subgroup functionality to WebGPU. Subgroup operations perform SIMT operations to provide efficient communication and data sharing among groups of invocations. These operations can be used to accelerate applications by reducing memory overheads incurred by inter-invocation communication.
Deprecations and removals
There are no deprecations or removals planned for Chrome 128.