Friday, 29 April, 2016 UTC


Summary

Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, Mac, and Windows.
Credential Management API
Many sites allow their users to sign in to receive personalized content. Today that requires remembering and typing credentials, which lowers account security when users reuse passwords across multiple sites. Modern browsers have credential managers that remember and autofill saved passwords, but these managers cannot account for custom login flows or remember federated identity preferences.


The latest version of Chrome now supports the Credential Management API, allowing sites to interact with the browser’s credential manager to improve the login experience for users. The API enables users to sign in with one tap and lets them automatically sign back in when returning to the site.

Signing in with one tap using the Credential Management API


Reducing the overhead of offscreen rendering
Modern websites commonly embed cross-origin content like videos, social widgets, and ads. Embedding these resources allows sites to offer compelling content experiences, but it also creates a lot of overhead that can jank the page in ways the embedding site can’t control. The latest version of Chrome no longer runs the rendering pipeline or requestAnimationFrame() callbacks for cross-origin frames that are offscreen. This eliminates unnecessary work and reduces power consumption by up to 30% on several popular mobile sites without affecting the user experience.
Additional features in this release
  • The Intersection Observer API allows sites to detect element intersections as an asynchronous event, eliminating the need for costly document monitoring.
  • The latest version of Chrome supports passive event listeners, which allow sites to run JavaScript in response to touch and wheel input without blocking scrolling.
  • Blobs are now constructed and transferred to the browser asynchronously, allowing large data files to be moved without janking the page.
  • The SameSite cookie attribute allows sites to restrict cookies to requests from the same domain.
  • Support for the AES_256_GCM cipher on TLS improves security on servers that choose cipher by key size, where legacy 256-bit ciphers were used over more secure, but smaller, ciphers.
  • Array.prototype.values() makes it easier to iterate over the elements of an array.
  • The function name property now infers useful names for properties and methods with computed property names, making debugging easier with clearer labels and error messages.
  • Iterators that are part of a for-of loop that terminates early now call a developer-provided close() method, making it easier to respond to the end of an iteration.
  • Symbol.species makes subclassing built-in classes such as Array and RegExp more powerful by allowing custom constructors to be called for derived objects.
  • RegExp subclasses can overwrite the exec() method to change the matching algorithm, making it easier to write custom subclasses.
  • Sites can now can implement their own Symbol.hasInstance() method to customize behavior of the instanceof operator.
  • Sites can now retrieve a service worker’s Client object using Clients.get(id).
  • ServiceWorker.postMessage() now fires an ExtendableMessageEvent on ServiceWorkerGlobalScope, allowing the message to extend the service worker lifetime and provide more accurate message sources.
  • The HTML referrerpolicy attribute allows sites to control what information is sent in the referrer headers of <a>, <area>, <img>, and <iframe> elements.
  • The UIEvents KeyboardEvent |key| attribute allows sites to reliably determine the meaning of the key being pressed.
  • Sites can now detect the duration of batched offline audio contexts using the OfflineAudioContext.length attribute.
Other changes
  • The ability to customize the message shown in the onbeforeunload dialog has been removed to protect users from malicious websites and align with other browsers.
  • Chrome on Android now uses the same media pipeline as desktop Chrome, improving  WebAudio support and allowing sites to interact with the playback rate on <audio> and <video> tags.
  • The latest version of Chrome improves web animations interoperability by supporting lists of values and removing dashed-names in keyframes.
  • Chrome now requires a border style to paint border images, improving spec compliance and interoperability.
  • Percentages can now be used for the sizes of flex item children.
  • DHE-based ciphers have been deprecated and will be removed in Chrome 52 in favor of ECDHE ciphers to improve TLS security.

Posted by Sabine Borsay and Mike West, Authenticator's Apprentices