Cross-Browser Testing Blog

Firefox 63 Released

Today Mozilla has released Firefox 63. It comes with a whole lot of performance and visual improvements as well as new features for users and developers. As soon as it appeared on Mozilla's ftp servers, we grabbed it and installed it on our browser cloud.

Firefox 63 About Dialog

Try Firefox 63 in Browserling now!

Performance and visual improvements for Windows users

  • Moved the build infrastructure of Firefox on Windows to the Clang toolchain, bringing important performance gains.
  • Firefox theme now matches the Windows 10 OS Dark and Light modes.

Performance improvements for macOS users

  • Improved reactivity.
  • Faster tab switching.
  • WebGL power preferences allow non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems.

New features

  • Added content blocking, a collection of Firefox settings that offer users greater control over technology that can track them around the web.
  • WebExtensions now run in their own process on Linux.
  • Firefox now warns about having multiple windows and tabs open when quitting from the main menu.
  • Firefox now recognizes the operating system accessibility setting for reducing animation.
  • Added search shortcuts for Top Sites: Amazon and Google appear as Top Sites tiles on the Firefox Home (New Tab) page (U.S. only).
  • Resolved an issue that prevented the address bar from autofilling bookmarked URLs in certain cases.
  • In the Library, the Open in Sidebar feature for individual bookmarks was removed.
  • The option to Never check for updates was removed from about:preferences.
  • The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and cycles through tabs in recently used order.
  • Refreshed visual style of Developer Tools menus to improve navigation and consistency.
  • The Dev Tools accessibility inspector is now enabled by default.
  • Added support for Web Components custom elements and shadow DOM.
  • The inspector now ships with a Font Editor that allows you to control non-variable as well as variable fonts.

For Android:

  • Added support for Picture-In-Picture video.
  • Started using notification channels.
  • Locales added: English from Canada (en-CA), and Ligurian (lij).
  • App now targets Oreo with security and performance improvements and support for new features.

Performance and visual improvements for Windows users

  • Moved the build infrastructure of Firefox on Windows to the Clang toolchain, bringing important performance gains.
  • Firefox theme now matches the Windows 10 OS Dark and Light modes.

Performance improvements for macOS users

  • Improved reactivity.
  • Faster tab switching.
  • WebGL power preferences allow non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems.

New features

  • Added content blocking, a collection of Firefox settings that offer users greater control over technology that can track them around the web.
  • WebExtensions now run in their own process on Linux.
  • Firefox now warns about having multiple windows and tabs open when quitting from the main menu.
  • Firefox now recognizes the operating system accessibility setting for reducing animation.
  • Added search shortcuts for Top Sites: Amazon and Google appear as Top Sites tiles on the Firefox Home (New Tab) page (U.S. only).

Fixes in Firefox 63

  • Resolved an issue that prevented the address bar from autofilling bookmarked URLs in certain cases.

Changes in Firefox 63

  • In the Library, the Open in Sidebar feature for individual bookmarks was removed.
  • The option to Never check for updates was removed from about:preferences.
  • The Ctrl+Tab shortcut now displays thumbnail previews of your tabs and cycles through tabs in recently used order.

Developer Tools Changes in Firefox 63

  • Refreshed visual style of Developer Tools menus to improve navigation and consistency.
  • The Dev Tools accessibility inspector is now enabled by default.
  • Added support for Web Components custom elements and shadow DOM.
  • The inspector now ships with a Font Editor that allows you to control non-variable as well as variable fonts.

Unresolved issues in Firefox 63

  • Quick Heal internet security software might crash 32-bit Firefox on Windows. A workaround is documented from this support article until a fixed version of Quick Heal is available.

Firefox 63 For Android

  • Added support for Picture-In-Picture video.
  • Started using notification channels.
  • Locales added: English from Canada (en-CA), and Ligurian (lij).
  • App now targets Oreo with security and performance improvements and support for new features.

Developer tools changes in Firefox 63

  • The Fonts tab in the Page Inspector now includes an editor that makes it easy to view and edit the settings of the fonts on your page. See Edit fonts for details.
  • The Accessibility inspector is now enabled by default.
  • When you hover over an object in the Accessibility Inspector, the item is highlighted and its role and name will be shown in an information bar on the page.
  • The command line in the Web Console is now shown immediately following the console output.
  • A new icon has been added to the content in the Network Monitor to indicate when a URL belongs to a known tracker — see Security icons.
  • The default value of devtools.aboutdebugging.showSystemAddons is now false, meaning that system add-ons will not be listed on the about:debugging page. You can change the settings by navigating to about:config.
  • The Responsive Design Mode toolbar was simplified, and we added the option to left-align the viewport.
  • The Page Inspector includes a link to the class definition for a custom element.

HTML changes in Firefox 63

  • Support for the <img> element's decoding attribute has been added.
  • Support for the the sidebar link type (rel="sidebar") has been removed.

CSS changes in FIrefox 63

  • Support for the :defined pseudo-class has been added.
  • Support for row-gap, column-gap and gap has been added in Flexbox layout.
  • Re-enabled support for webkit-prefixed pixel-density @media queries.
  • Support added for the CSS Flexible Box Layout (Flexbox) properties align-self, align-content, and align-items as well as the justify-content property.
  • Implemented the path() function for offset-path.
  • Implemented syntax improvements from the Media Queries Level 4 specification.
  • Renamed offset-* properties to inset-block-start, inset-block-end, inset-inline-start, and inset-inline-end.
  • Added support for the prefers-reduced-motion media feature.
  • Added flow relative values (block, inline) for the resize property.
  • Implemented flexbox layout for safe & unsafe values in align-self, align-content, and justify-content.
  • The logical properties (where appropriate) are now animatable.
  • Removed offset-block-start, offset-block-end, offset-inline-start and offset-inline-end; these have been renamed to inset-*, as described above.

JavaScript changes in Firefox 63

  • The Symbol.prototype.description property has been implemented.
  • The Object.fromEntries() method has been added.
  • When you try to access a property of an undefined object, the error message is now much improved.
  • Experimental WebAssembly Module IndexedDB serialization support has been removed.

APIs changes in Firefox 63

  • The Shadow DOM and Custom Elements APIs have been enabled by default;
  • The Media Capabilities API been implemented.
  • The Async Clipboard API has been implemented and enabled by default for all channels. As is the case with Chrome, Firefox currently implements only the writeText() and readText() methods; however, unlike Chrome, readText() is only available in browser extensions.
  • The SecurityPolicyViolationEvent interface is now supported.

DOM changes in Firefox 63

  • Enabled: The Animation properties ready and finished, specifying the Animation object's ready and finished Promises. (Web Animations API)
  • Enabled: The Animation object's effect property. (Web Animations API)
  • Enabled: The interfaces KeyframeEffect and AnimationEffect. (Web Animations API)
  • The Element.toggleAttribute() method has been implemented.
  • The historical, previously non-standard, Event.returnValue property is now supported for compatibility purposes.
  • We implemented the Window.event property to improve web compatibility, now that it's become standard.
  • To bring Firefox into alignment with Edge and Chrome, the navigator.platform property now returns "Win32" even when running on 64-bit Windows.
  • Prior to Firefox 63, links that open new windows that had rel="noopener", as well as calls to Window.open() with the noopener window feature enabled would default to having all window features disabled, so that you had to explicitly re-enable any standard features you wanted. Now these windows have the same set of features enabled as any other window, and you need to explicitly turn off any you don't want.

DOM events

  • Handling of the Alt key on the right side of the keyboard has been improved on Windows.

Media, Web Audio, and WebRTC

  • Microphone access now works simultaneously in multiple tabs, even within the same content process.
  • RTCDataChannel has been updated to support the sctp-sdp-21 data format for the data, in addition to the older sctp-sdp-05 format previously supported.
  • The ConstantSourceNode node type for Web Audio API now has a default channel count of 2 rather than 1, in order to match the specification.
  • The Web Audio API interface AudioScheduledSourceNode (and by extension, all the other node types based on it) now throw the correct exception when a negative value is specified for the node start time. That error is RangeError.
  • The minimum and maximum permitted values for an AudioParam object's value have been changed to the minimum negative single-precision floating-point value (-340,282,346,638,528,859,811,704,183,484,516,925,440) and the maximum positive single-precision floating-point value (+340,282,346,638,528,859,811,704,183,484,516,925,440) respectively.
  • The SourceBuffer.changeType method, which allows you to change codecs during an active stream, has been enabled by default.
  • The AudioParam.setValueCurveAtTime() method has been updated to correctly accept an array of floating-point values to indicate the parameter's values to change to over time. Previously, it required a Float32Array.
  • AudioParam.setValueCurveAtTime() has also been updated to correctly return a proper TypeError when a non-finite value is found in the values array.
  • In addition, setValueCurveAtTime() has been updated to ensure that, when the parameter finishes following the specified value curve after the duration elapses, the value of the parameter is set to the last value in the list of values to curve through.
  • The RTCRTPStreamStats dictionary has been renamed to RTCRtpStreamStats for consistency with other WebRTC dictionaries and the specification.
  • Support for the RTCRtpStreamStats dictionary's kind property has been added.
  • The RTCRtpStreamStats dictionary's isRemote property is deprecated and will be removed in Firefox 6

Canvas and WebGL

  • A new powerPreference context attribute has been added to HTMLCanvasElement.getContext(). On macOS this allows WebGL non-performance-critical applications and applets to request the low-power GPU instead of the high-power GPU in multi-GPU systems.

Removals in Firefox 63

  • The obsolete and non-standard Firefox-only methods Window.back() and Window.forward() have been removed. Please use the window.history.back() and window.history.forward() methods instead.
  • The createObjectURL() and revokeObjectURL() methods are no longer available on ServiceWorker instances due to the potential they introduced for memory leaks to occur.
  • Since it was deprecated in the specification anyway, the limited support for Doppler effects on PannerNode has been removed from the Web Audio API. The AudioListener properties dopplerFactor and speedOfSound have been removed, along with the PannerNode method setVelocity().

HTTP Changes in Firefox 63

  • The Clear-Site-Data header is implemented and no longer behind a preference.

Security

  • Site favicons are now subject to Content Security Policy, if one is configured for the site.
  • CSP script-src directive's 'report-sample' expression now recognized when generating violation reports. This directive indicates that a short sample of where the violation occurred should be included in the report. Previously, Firefox always included this sample.
  • Firefox now uses NSS 3.39.

WebDriver conformance (Marionette)

New Features:

  • Marionette now returns a setWindowRect capability in the WebDriver:NewSession response that is true if the browser window can be repositioned and resized, which e.g. is the case for Firefox but not any mobile applications.
  • Added support for the unhandledPromptBehavior capability, which allows to define a specific prompt behavior of the WebDriver specification.
  • Handling of user prompts has been added to the WebDriver:ExecuteScript and WebDriver:ExecuteAsyncScript commands.

API changes:

  • Deprecated command end-points without the WebDriver: prefix have been removed.
  • The WebDriver:NewSession command returns recommended strings (linux, mac, windows) for platformName as defined in the WebDriver specification.

Bug fixes:

  • Focus related events were missing on element interaction when Firefox was not running as the top-most application.
  • Performing a pointerDown and pointerUp action in a subsequent action sequence could trigger a double click because WebDriver:ReleaseActions didn't reset the double click tracker.
  • Executing pause actions repeatedly could cause an infinite hang.
  • Fixed a bug where returning an element collection from WebDriver:ExecuteScript and WebDriver:ExecuteAsyncScript would cause a cyclic reference error.
  • To prevent a race condition both the WebDriver:AcceptAlert and WebDriver:DismissAlert commands now wait until the user prompt has been closed.
  • Log entries as emitted by the frame script were no longer limited by MarionettePrefs.logLevel but logged everything.
  • WebDriver:TakeScreenshot raised an error when taking a screenshot of a window larger than 32767 pixels in width or height.
  • WebDriver:SendAlertText didn't replace default user prompt value if text to send is an empty string.

Other

  • Corrected the behavior of PerformanceObserver.observe() to simply do nothing if no valid entry types are found in the specified array of entry types to observe, or if the array is empty or missing.
  • In OpenSearch, Firefox now accepts application/json as a search URL type, as an alias of application/x-suggestions+json.

Changes for add-on developers

API changes

Theming:

  • The default text color for browserAction badges is now automatically set to black or white, to maximise contrast with the background.
  • The accentcolor and textcolor properties of the theme manifest key are now optional.
  • browserAction.getBadgeTextColor() and browserAction.setBadgeTextColor() enable you to get and set the text color of browser action badges.
  • The theme colors key in manifest.json now supports the ntp_text property to set the text color in a new tab, and the ntp_background property to set the color of a new tab.
  • Themes can now define the colors for sidebars, such as the bookmarks sidebar.
  • The method management.install() allows web extensions to install and enable signed browser themes.

Search:

  • The new search API enables you to retrieve the list of installed search engines and perform searches with them.
  • topSites.get() now takes an options parameter enabling you to set various options for the list of sites returned.

Tabs:

  • tabs.onHighlighted now supports multi-select.
  • tabs.highlight now includes an optional field in the highlightInfo object — populate — which defaults to true.
  • tabs.update now supports changing the selection status of a tab by including highlighted: true in the updateProperties parameter.
  • tabs.update supports changing the selection status of a tab without changing the focused tab by including both highlighted: true and active: false in the updateProperties parameter.
  • tabs.query now returns an array of tabs.Tab objects if multiple tabs are selected.
  • The tabs.Tab property now properly reflects which tabs in a browser window are selected (highlighted) and tabs.highlight supports changing the highlighted status of multiple tabs.
  • The isarticle property in the extraParameters object passed into tabs.onUpdated has been renamed to isArticle. The old name is retained but deprecated. This change was uplifted to Firefox 62.
  • The tabs.onUpdated event can be used to track when a tab is drawing the user's attention with attention property of the changeInfo object.

Menus:

  • Added menus.getTargetElement() to the menus API.
  • menus.create() now enables you to create invisible menu items, and menus.update() enables you to toggle menu item visibility.
  • Items created using the menus API now support access keys.
  • The targetUrlPatterns parameter of menus.create() andmenus.update() now supports any URL scheme, even those that are usually not allowed in a match pattern.

Other:

  • commands.onCommand is now treated as user input.
  • The webRequest API now enables you to filter for speculative connections.
  • webRequest.SecurityInfo adds two new properties, keaGroupName and signatureSchemeName.
  • cookies.Cookie now includes a property indicating the SameSite state of the cookie.
  • Match patterns for URLs now explicitly match the "data" URL scheme.

Security vulnerabilities fixed in Firefox 63

  • CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin.
  • CVE-2018-12392: Crash with nested event loops.
  • CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
  • CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
  • CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
  • CVE-2018-12397: Missing warning prompt when WebExtension requests local file access.
  • CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs.
  • CVE-2018-12399: Spoofing of protocol registration notification bar.
  • CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android.
  • CVE-2018-12401: DOS attack through special resource URI parsing.
  • CVE-2018-12402: SameSite cookies leak when pages are explicitly saved.
  • CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP.
  • CVE-2018-12388: Memory safety bugs fixed in Firefox 63.
  • CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.

Have fun cross-browser testing your apps in Firefox 63 and Browserling!

▶ Read the full post
Chrome 70 Released

We are more than happy to announce that Chrome 70 was released today. This very new Chrome version was imediatelly installed on our cross-browser testing platform and you can start testing your webapps in it already!

Chrome 70 About Dialog

Try it right now in our browser cloud:

What's new in Chrome 70?

  • Desktop Progressive Web Apps on Windows.
  • The credential management API adds support for Public Key Credentials.
  • Named workers.
  • Web Bluetooth is now available in Windows 10.
  • Chrome can send intervention and deprecation messages to your servers using the Report-To HTTP Response header field or surface them in the ReportingObserver interface.
  • Support for AV1 video decoder.
  • A bunch of tiny speed and ui/ux improvements.
  • A number of important deprecations.

For Android:

  • "Stability and performance improvements."
  • Cleaner, more modern design.

For iOS:

  • Bug fixes and design polish for the redesign.
  • Updates to how Chrome launches other apps to improve reliability and security.
  • Fixes to authentication issues caused by using out-of-date cookies.

Progressive Web Apps on Windows and Linux

Do you know what the term "browserification" would mean? We think it would mean this. You can now install "progressive web apps" on the desktop and run them just like you run all other installed apps. They page will appear without address bar or tabs. The service workers are there for you to ensure that those apps are fast. They will very much resemble desktop apps.

chrome-70-spotify-on-windows

Public Key Credentials

The Credential Management API simplifies user sign in more than ever. This API allows your sites to interact directly with the browser's credential manager or federated account services like Google and Facebook to sign. Chrome now supports third type of credential "called Public Key Credential", which is there to allow web applications to utilize strong cryptographically attested, and application-scoped credentials to strongly authenticate users, including fingerprint identification.

Named workers

Workers are an easy way to move JavaScript from the main thread to the background to maintain responsiveness, keeping your site interactive as the main thread won't freeze when some heavy computations are running in it. In this release, workers now can have a name. With the name attribute which is specified by an optional argument on the constructor.

const url = '/scripts/my-worker.js';

const wNYC = new Worker(url, {name: 'NewYork'});

const oSF = {name: 'SanFrancisco'};
const wSF = new Worker(url, oSF);

This lets you distinguish dedicated workers by name when you have multiple workers with the same URL. You can also print the name in the DevTools console, making it much easier to know which worker you’re debugging!

New Developer Features in Chrome 70

  • 'name' attribute for dedicated workers - This feature allows specifying the worker’s name in an optional constructor argument. This lets you distinguish dedicated workers by name when you have multiple workers with the same URL. Developers can print ‘name’ in the DevTools console which will make it easier to debug workers. When the ‘name’ param is omitted, an empty string is used as the default value.
  • AV1 Decoder - AV1 is a next generation codec developed by the Alliance for Open Media. AV1 improves compression efficiency by 30% over the current state-of-the-art video codec, VP9. The AV1 decoder will be added to Chrome Desktop x86 devices (Windows, macOS, Linux, Chrome OS) based on the official bitstream specification. At this time, support is limited to “Main” profile 0 and does not include encoding capabilities. The supported container is ISO-BMFF (MP4).
  • CSS logical flow relative values and box model properties - Complete support for the following sections of CSS Logical Properties and Values spec: 2. Flow-Relative Values: block-start, block-end, inline-start, inline-end, 4. Flow-Relative Box Model Properties (except 4.6 Four-Directional Shorthand Properties: the margin, padding, border-width, border-style, and border-color shorthands).
  • Custom Elements V0 - Method for registering (creating) custom elements in script. V0 is deprecated at M70, and will be removed in M73, around, April 2019. The spec is superceded by Custom Elements V1 and Blink is the only engine that implements V0 APIs.
  • Deprecate and remove navigator.getGamepads().item(index) - This change deprecates and removes the legacy item() accessor method for the array of Gamepads returned by navigator.getGamepads(). This change improves compatibility with Firefox which is so far the only browser to implement GamepadList.
  • Displaying a dialog will cause pages to lose fullscreen - Dialogs (e.g. authentication prompts, payments, filepickers) require proper context for users to make decisions. Fullscreen, by definition is immersive, and removes the context that a user needs to make a decision. Therefore, whenever a page causes a dialog to be shown, that page will lose any HTML5 fullscreen that it has entered.
  • HTML Imports - Import HTML documents into other HTML documents. HTML Imports are deprecated at M70, and will be removed in M73, around, April 2019.
  • Intervention Reports - An intervention is when a user agent does not honor an application request for security, performance, or annoyance reasons. With this change, Chrome will both send the report to your servers using the Report-To HTTP Response header field and surface the report in the ReportingObserver interface.
  • Options dictionary for postMessage methods - An optional PostMessageOptions object is being added to the postMessage() function for 6 of the 7 interfaces where it’s supported, specifically, DedicatedWorkerGlobalScope, Worker, ServiceWorker, ServiceWorker, and Window. This gives the function a similar interface on its definitions and allows it to be extended in the future. Since broadcastChannel.postMessage() doesn't take additional arguments (such as transfer) it is not being changed.
  • Picture-in-Picture (PiP) - The Picture-in-Picture API allows websites to create a floating video window that is always on top of other windows so that users may continue consuming media while they interact with other sites or applications on their device. This change only applies to <video> elements.
  • Priority Hints - Priority Hints provide developers a way to indicate a resource's relative importance to the browser, allowing more control over the order resources are loaded. Many factors influence a resource's priority in browsers. These include type, visibility, and preload status of a resource. Priority Hints introduces a developer-set "importance" attribute allowing developers to influence the computed priority of a resource. Supported importance values are auto, low, and high.
  • RTCPeerConnection.getConfiguration() - This change implements getConfiguration() according to the WebRTC 1.0. Specifically it returns the last configuration applied via setConfiguration(), or if setConfiguration() hasn't been called, the configuration the RTCPeerConnection was constructed with.
  • Remove AppCache from non-secure contexts - AppCache is now removed from insecure contexts. AppCache is a powerful feature that allows offline and persistent access to an origin, which is a powerful privilege escalation for an XSS. This will remove that attack vector by only allowing it over HTTPS. This feature was deprecated in Chrome 67.
  • Remove HTMLFrameSetElement's anonymous getter. - Deprecate and remove HTMLFrameSetElement's anonymous getter which is non-standard.
  • Remove OS build number from user-agent string - The OS build number (for example, “NJH47F” or “OPM4.171019.021.D1” on Android) has been removed from the user-agent identification (User-Agent header and navigator.userAgent) on Android and on iOS. The iOS change follows Safari's implementation and freezes the build number as "15E148" instead of removing it. This will prevent abuses of that information such as exploit targeting and fingerprinting. It'll also bring Chrome closer in line with RFC 7231 section 5.5.3.
  • Shadow DOM v0 - Chrome and other browsers implemented the new version. V0 is deprecated at M70, and will be removed in M73, around, April 2019. If you are still using this consider migrating to the new API or upgrading your Polymer library. Use --disable-blink-features=ShadowDOMV0 for testing if your site works without Shadow DOM V0 APIs.
  • Shape Detection API - Photos and images constitute the largest chunk of the Web, and many include recognisable features, such as human faces, text, or QR codes. Detecting these features is computationally expensive, but, particularly on mobile devices, hardware manufacturers have long been supporting these features. This API allows accessing hardware-accelerated detectors where available. This is expected to be in origin trials in Chrome 70.
  • Support Opus in mp4 (ISO-BMFF) with Media Source Extensions (MSE) - Opus is an audio codec already supported by the HTML5 src attribute on elements. This applies to mp4, ogg, and webm containers as well as in webm containers using Media Source Extensions. This change adds support for the Opus codec in the mp4 container to MSE.
  • Support codec and container switching with MSE using SourceBuffer.changeType() - This change adds the SourceBuffer.changeType() method to improve cross-codec or cross-bytestream transitions during playback with Media Source Extensions.
  • Support for Touch ID as a platform authenticator via the Web Authentication API - This feature is a built-in Web Authentication/CTAP platform authenticator for Chrome on macOS based on the Touch ID fingerprint sensor and secure element in Macbook Pros with Touch bars. It allows users to use Touch ID for 2-factor authentication on sites that implement this via the Web Authentication API.
  • Symbol.prototype.description - A description property is being added to Symbol.prototype. This provides a more ergonomic way of accessing the description of a Symbol. Previously, the description could be only be accessed indirectly through the Symbol.protoype.toString().
  • TLS 1.3 - TLS 1.3 is an overhaul of the TLS protocol with a simpler, less error-prone design that improves both efficiency and security. The new design reduces the number of round-trips required to establish a connection and removes legacy insecure options, making it easier to securely configure a server. It additionally encrypts more of the handshake and makes the resumption mode more resilient to key compromise.
  • The <rp> element defaults to display:none - The default style of the element is changed to "display:none" instead of "display:inline" even if it is not inside the element as defined in HTML specification. This behavior is implemented in the UA style sheet, but the web author can override it. Behavior in other browsers: Edge: display:inline (outside ), display:none (inside <ruby>), Firefox: display:none, Safari: display:inline, display:none (inside <ruby>)
  • *The ontouch APIs default to disabled on desktop* - To avoid confusion on touch feature detection, ontouch members on window, document, and element are disabled by default on desktop devices (Mac, Windows, Linux, ChromeOS). Note that this is not disabling touches, and usage such as addEventListener("touchstart", ...) is not being affected.
  • Update behavior of CSS Grid Layout percentage row tracks and gutters - This updates the behavior of percentage row tracks and gutters in grid containers with indefinite heights. Previously, these were behaving similarly to percentage heights in regular blocks, but the CSS WG has resolved to make them behave the same as for columns, making them symmetric. Percentages are now ignored when computing intrinsic height and resolved afterwards against that height. That way both column and row axes will have symmetric behavior to resolve percentages tracks and gutters.
  • WebAssembly Worker Based Threads - The WebAssembly Threads feature allows multiple WebAssembly instances in separate Web Workers to share a single WebAssembly.Memory object. As with SharedArrayBuffers in JavaScript, this allows very fast communication between the Workers. This can be used to offload computation to another thread to keep the main thread and its UI responsive.
  • WebUSB on Dedicated Workers - WebUSB is enabled inside dedicated worker contexts. This allows developers to perform heavy I/O and processing of data from a USB device on a separate thread to reduce the performance impact on the main thread.

Bug fixes in Chrome 70

  • High CVE-2018-17463: Remote code execution in V8. Reported by Samuel Gross working with Beyond Security's SecuriTeam Secure Disclosure program.
  • High CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab.
  • High CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian.
  • High CVE-2018-17466: Memory corruption in Angle. Reported by Omair.
  • Medium CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani.
  • Medium CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James Lee of Kryptos Logic.
  • Medium CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou of NSFOCUS Security Team.
  • Medium CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin?Luyao Liu from Chengdu Security Response Center.
  • Medium CVE-2018-17471: Security UI occlusion in full screen mode. Reported by Lnyas Zhang.
  • Medium CVE-2018-17472: iframe sandbox escape on iOS. Reported by Jun Kokatsu.
  • Medium CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani.
  • Medium CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin, Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.
  • Low CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew.
  • Low CVE-2018-17476: Security UI occlusion in full screen mode. Reported by Khalil Zhani.
  • Low CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by Yannic Bonenberger.
  • Low CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton.
  • Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyen.

Happy cross-browser testing in Chrome 70!

▶ Read the full post
Opera 56 Released

The new Opera 56 has arrived with major innovations regarding multitasking. It is based on Chromium 69 and we've already installed it on our cross-browser testing platform, so that you can see how your web apps would look in it.

Cross-browser testing in Opera 56

Try Opera 56 in Browserling now!

New Features in Opera 56

Volume control in the video pop-up window

In 2016 Opera announced the feature that lets you watch videos easily, while simultaneously doing something else, by embedding the videos in a pop-up window. What Opera 56 adds now is a volume control integrated in the pop-up window for easier, hence faster access.

Opera 56 Volume Control

Scrolling to the top of the page by clicking the active tab is now configurable

..or should we say - turn offable. Many users requested that the feature has to be configurable. Now you can decide whether clicking on the active tab will scroll to the top of the page. Clicking again would scroll to the previous position as you know. To turn this feature on or off go to Settings > Advanced > Browser > User Interface, you won't miss to see it.

New zoom level indicator

You can now zoom pages in and out and see much more clearly the zoom level you're at.

Easier bug reporting

Now you can report any issues with the browser by going to O Menu > Help. There you will find the report an issue section. Clicking on it will redirect you to Opera's bug report wizard.

Nicer About page

About pages always somehow make an impression. Opera team already seems to know this and as per Opera 56, the About page has been nicely redesigned. If you wish to check for an available update to your Opera browser, go to Update and Recovery… in the O Menu for Windows and Linux and Opera in the toolbar for Mac.

Opera 56 about dialog

Categories in Settings page

Opera 56 separates the settings into four categories:

  • Basic
  • Privacy and security
  • Features
  • Browser

That way you can navigate to the options you look for easier than before.

New Developer Features in Opera 56

CSS changes in Opera 56

Conic gradients

The web already has linear gradients where the colour depends on the distance to a line, and radial gradients where the colour depends on the distance to a point. Now it also gets conic gradients where the colour depends on the angular distance to a line through the new conic-gradient function.

Logical margin, paddings and border properties

Blink, the Chromium/Opera browser engine, has gotten some new CSS properties that adapt to text direction. So padding-inline-start will apply to either left or right depending on what side you start reading. Other examples of newly added properties are border-block-end-color, margin-inline-start and padding-inline-end.

Scroll Snap

CSS Scroll Snap allows the page author to determine what is suitable places in a document to snap to. This could be used to avoid cutting off content or to align content that is as large as the viewport correctly. This is a common problem in a tile based user interface.

Previously this problem has been solved through JavaScript but doing it in CSS allows a much smoother user experience.

Display cutouts

“Cutouts” is an area on a mobile phone where only part of the screen is available to the web page, like the notch at the top of some phones. With the display cutout support, it becomes possible to layout content around the cutout in an adaptive way. In CSS the necessary data can be extracted from the env function.

Grid Layout

The interpretation of height percentages for row tracks and gutters will change to be compliant with the specification in the next release, but already in Opera 56 you will see warnings if you are using height calculations that might change.

Media changes in Opera 56

OffscreenCanvas

OffscreenCanvas is a canvas intended to be used in workers. Sometimes painting requires heavy calculation more suitable for a webworker and then OffsceenCanvases will come in handy. They have almost the same API as ordinary canvases so moving code to a worker should be easy.

stalled removed from HTMLMediaElements

There used to be an event stalled that fired for Media Source Extension (MSE) players if no data had been added for 3 seconds. This was not useful since the media player can be fine receiving data less often depending on buffer sizes and transfer chunk sizes. The event has now been removed.

EME (Encrypted Media Extensions)

It is now possible for a web developer to query the browser about what encryption schemes it supports through EME. This is useful because there is no general agreement across all platforms about what encryption schemes should be supported.

DOM Changes in Opera 56

Element.toggleAttribute() added

With Element.toggleAttribute an attribute can be removed if it exists or added if it does not. This is especially useful for boolean attributes such as disabled or readonly. Example:

// Switch disabled mode of "the button".
var theButton = document.getElementById("the-button");
theButton.toggleAttribute("disabled");

document.createTouchList() removed

The official way to create Touch objects is through the Touch() constructor so document.createTouchList() had no use and is now removed.

ReportingObserver

Through the ReportingObserver API it becomes possible to collect information such as deprecation warnings and manually (through scripts) handle them. For instance by sending them to a server.

JavaScript Array.prototype.flat() / flatMap()

V8, the JavaScript engine, now has support for flat() andflatMap() on arrays, allowing code to easily expand sub-arrays in place.

Keyboard Map API

The Keyboard Map API allows web applications to get a descriptive string for different keyboard keys. This can be of use when telling a user what key to press, in for instance a game.

Network Info API / HTTP Client Hints

Approximate network information is now available through both JavaScript and HTTP Client Hints. More details can be found on the Chromium feature status page.

Web Locks API

Web Locks allows better synchronization between tabs that share the same resource, something that has become more important as more APIs are asynchronous. This is most useful when storage resources such as IndexedDB and WebSQL are used in a non-atomic way, but can be used for any purpose.

Happy cross-browser testing in Opera 56!

▶ Read the full post
Firefox 62 Released

Mozilla has a new release for us - Firefox 62 with a whole lot of new features and fixes. We just added it in our cross-browser testing platform. If you don't have Firefox 62 installed you can easily try it out on our machines and you can test your web apps in it as well.

Firefox 62 About Dialog

Try Firefox 62 in Browserling now!


New features in Firefox 62

  • Firefox Home (the default New Tab) now allows users to display up to 4 rows of top sites, Pocket stories, and highlights.
  • “Reopen in Container” tab menu option appears for users with Containers that lets them choose to reopen a tab in a different container.
  • In advance of removing all trust for Symantec-issued certificates in Firefox 63, a preference was added that allows users to distrust certificates issued by Symantec.
  • Added FreeBSD support for WebAuthn.
  • Improved graphics rendering for Windows users without accelerated hardware using Parallel-Off-Main-Thread Painting.
  • Support for CSS Shapes, allowing for richer web page layouts. This goes hand in hand with a brand new Shape Path Editor in the CSS inspector.
  • CSS Variable Fonts (OpenType Font Variations) support, which makes it possible to create beautiful typography with a single font file.
  • Updates for enterprise environments: AutoConfig is sandboxed to the documented API by default.
  • Added Canadian English (en-CA) locale.
  • Removed the description field for bookmarks.
  • Dark theme is automatically enabled in macOS 10.14 dark mode.
  • Changed the default setting to Enforce (3) for the security.pki.name_matching_mode preference.
  • Adobe Flash applets now run in a more secure mode using process sandboxing on macOS.
  • Users disconnecting from Sync are now offered the option to wipe their Firefox profile data (including bookmarks, passwords, history, cookies, and site data) from their desktop computer.
  • Changed how WebRTC handles screen sharing: When screen-sharing a window, the window will be brought to front.
  • Three-pane Inspector in Developer Tools separates the rules into its own panel.
  • Changes affecting developers.

For Android:

  • Improved scrolling performance.
  • Faster page load times over WiFi connections by loading from the network cache if disk cache is slow.
  • “Product and feature tips” toggle in Notifications settings, allowing for more control over which notifications are shown.
  • WebRTC video sessions between Firefox for Android and Safari browsers works again.

Changes in Firefox 62

  • Removed the description field for bookmarks. Users who have stored descriptions using the field may wish to export these descriptions as html or json files, as they will be removed in a future release.
  • Dark theme is automatically enabled in macOS 10.14 dark mode
  • Changed the default setting to Enforce (3) for the security.pki.name_matching_mode preference
  • Adobe Flash applets now run in a more secure mode using process sandboxing on macOS. Learn how this may affect features here.
  • Users disconnecting from Sync are now offered the option to wipe their Firefox profile data (including bookmarks, passwords, history, cookies, and site data) from their desktop computer
  • Changed how WebRTC handles screen sharing: When screen-sharing a window, the window will be brought to front

Unresolved issues in Firefox 62

  • Unvisited bookmarks will not be autofilled in the address bar
  • File management can fail on macOS Mojave (10.14)

Developer Tools Changes in Firefox 62

  • The Shape Path Editor is now available by default.
  • You can now split the Rules view out into its own pane, separate from the other tabs on the CSS pane.
  • The Grid inspector has updated features, and all new documentation.
  • You now have four options for the location of the Developer Tools. In addition to the default location on the bottom of the window, you can choose to locate the tools on either the left or right sides of the main window or in a separate window.
  • The Accessibility Inspector has had a couple of minor updates - it no longer exposes the help property, which isn't properly implemented in Gecko and the keyboardShortcut property now correctly exposes any keyboard shortcut available to activate the currently inspected node.
  • A close button has been added to the split console toolbar.
  • If the option to "Select an iframe as the currently targeted document" is checked, the icon will appear in the toolbar while the Settings tab is displayed, even if the current page doesn't include any iframes.
  • The Network Monitor's Cookies tab now shows the cookie samesite attribute.
  • Responsive design mode now works inside container tabs.
  • When CORS errors occur and are reported on the console, Firefox now provides a link to the corresponding page in our CORS error documentation.
  • You can create a screenshot of the current page (with an optional filename) from the Console tab using the :screenshot command.
  • The Developer Toolbar/GCLI (accessed with Shift + F2) has been removed from Firefox. Both the Developer Toolbar UI and the GCLI upstream library have become unmaintained, some of its features are broken (some ever since e10s), it is blocking the unsafeSetInnerHTMLwork, usage numbers are very low, alternatives exist for the most used commands.

CSS Changes in Firefox 62

  • :-moz-selection has been unprefixed to ::selection.
  • x is now supported as a unit for the <resolution> ) type.
  • shape-margin, shape-outside , and shape-image-threshold are now enabled by default.
  • Removed all XUL display values with the exception of -moz-box and -moz-inline-boxhave been removed from non-XUL documents.

Javascript Changes in Firefox 62

  • The WebAssembly.Global() constructor is now supported, along with global variables in WebAssembly.
  • The Array.prototype.flat() and Array.prototype.flatMap() methods are now enabled by defaul.
  • The import.meta property has been implemented to expose context-specific metadata to a JavaScript module.
  • JavaScript string literals may now directly contain the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR characters. As a consequence, JSON syntax is now a subset of JavaScript literal syntax.
  • For out-of-bounds typed array indexes, Reflect.defineProperty() and Reflect.set() will now return false instead of true .
  • Removed DOMPoint and DOMPointReadOnly constructors no longer support an input parameter of type DOMPointInit; the values of the properties must be specified using the x, y, z, and w parameters.
  • Removed URL.createObjectURL() method no longer supports creating object URLs to represent a MediaStream. This capability has been obsolete for some time now, since you can now simply set HTMLMediaElement.srcObject to the MediaStream directly.

APIs Changes in Firefox 62

New APIs:

  • The Speech Synthesis API (Text-to-Speech) is now enabled by default on Firefox for Android.

DOM Updates:

  • The DOMPointReadOnly interface now supports the static function DOMPointReadOnly.fromPoint(), which creates a new point object from a dictionary that's compatible with DOMPointInit, which includes any DOMPoint object. This function is also available on DOMPoint.
  • For compatibility purposes, the Event.srcElement property is now supported. It is an alias for Event.target.
  • Navigator.registerProtocolHandler() now must only be called from a secure context.
  • The Navigator.registerContentHandler() method has been disabled by default in preparation for being removed entirely, as it's been obsolete for some time.
  • The DataTransfer() constructor has been implemented.
  • Document.domain can no longer return null. If the domain cannot be identified, then domain returns an empty string instead of null.
  • Added the Console.timeLog() method to display the current value of a console timer while continuing to track the time.
  • Added Console.countReset() to reset a console counter value.

Media, Web Audio, and WebRTC Updates:

  • The "media.autoplay.enabled" preference now controls automatic playback of both audio and video media, instead of just video media.
  • The ChannelSplitterNode has been fixed to correctly default to having 6 channels with the channelInterpretation set to "discrete" and the channelCountMode set to "explicit", as per the specification.

API Removals:

  • The userproximity and deviceproximity events have been disabled by default behind the device.sensors.proximity.enabled preference.
  • The devicelight event has been disabled by default behind the device.sensors.ambientLight.enabled preference.
  • The DOMSubtreeModified and DOMAttrModified mutation events are no longer thrown when the style attribute is changed via the CSSOM.
  • Support for CSSStyleDeclaration.getPropertyCSSValue() has been removed.
  • Support for CSSValue, CSSPrimitiveValue, and CSSValueList has been removed.
  • window.getComputedStyle() no longer returns null when called on a Windowwhich has no presentation.

HTTP Changes in Firefox 62

  • The deprecated CSP referrer directive has been removed. Please use the Referrer-Policy header instead.

WebDriver conformance (Marionette)

New features

  • Command "WebDriver:ElementSendKeys" has been made WebDriver conforming for file uploads.
  • User prompts as raised by "beforeunload" events are automatically dismissed for "WebDriver:Get", "WebDriver:Back", "WebDriver:Forward", "WebDriver:Refresh", and "WebDriver:Close" commands.
  • "WebDriver:PerformActions" for Ctrl + Click synthesizes a contextmenuevent.
  • Removed obsolete endpoints including "getWindowPosition", "setWindowPosition", "getWindowSize", and "setWindowSize".
  • WebDriver commands which return success with data "null" now return an empty dictionary.
  • "WebDriver:ExecuteScript" caused cyclic reference error for WebElement collections.
  • Dispatching a "pointerMove" or "pause" action primitive could cause a hang, and the command to never send a reply.

Add-on Developers Changes in Firefox 62

  • Added the webRequest.getSecurityInfo() API to examine details of TLS connections.
  • Added the browserSettings.newTabPosition to customize where new tabs open.
  • windowTypes has been deprecated in windows.get(), windows.getCurrent(), and windows.getLastFocused().
  • It's now possible to modify a browser action on a per-window basis.

Manifest changes:

  • New open_at_install property of the sidebar_action manifest key enables extensions to control whether their sidebars should open automatically on install or not.
  • Changes to the browser_style property of various manifest keys:
    • In page_action and browser_action it defaults to false.
    • In sidebar_action and options_ui it defaults to true.

Theme changes:

  • New tab_background_separator property of the theme manifest key enables extensions to change the color of the tab separator.

Removals:

  • Support for unpacked sideloaded extensions has been removed.
  • The warning about browser_style displayed when temporarily loading an extension for testing is no longer displayed.

Security vulnerabilities fixed in Firefox 62

  • CVE-2018-12377: Use-after-free in refresh driver timers.
  • CVE-2018-12378: Use-after-free in IndexedDB.
  • CVE-2018-12379: Out-of-bounds write with malicious MAR file.
  • CVE-2017-16541: Proxy bypass using automount and autofs.
  • CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation.
  • CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android.
  • CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords.
  • CVE-2018-12375: Memory safety bugs fixed in Firefox 62.
  • CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2.

Have fun cross-browser testing your apps in Firefox 62 and Browserling!

▶ Read the full post
Chrome 69 Released

We are happy to announce that Chrome 69 was released today. At Browserling we immediately installed it, got familiar with its features in-depth, and launched it on our cross-browser testing platform so that you can try it too and test your webapps in it!

Chrome 59 Version

Try it yourself right away!


What's new in Chrome 69?

The most notable features are as follows:

  • A new browser interface.
  • CSS Scroll Snap allows you to create smooth, slick, scroll experiences.
  • Display Cutouts lets you use the full area of the screen, including any space behind the display cutout, sometimes called a notch.
  • The Web Locks API allows you to asynchronously acquire a lock, hold it while work is performed, then release it.
  • From the CSS4 spec, you can now create color transitions around the circumference of a circle, using conic gradients.
  • New toggleAttribute() method on elements toggles the existence of an attribute, similar to classList.toggle().
  • JavaScript arrays are getting two new methods: flat() and flatMap().
  • OffscreenCanvas moves work off the main thread in a worker, helping to eliminate performance bottlenecks.
  • A number of fixes and improvements.

For Android:

  • Secure and easy mobile payments via 3rd party payment apps.
  • Password generation now works on more sites.

For iOS:

  • New bottom toolbar: easier to reach frequently used functions, like Back, Search, tabs, and the menu.
  • New tab grid: see bigger previews of your tabs, including tabs open on other devices.
  • Features like Bookmarks and Reading Lists are now easily accessible on the New Tab Page.
  • Press firmly on the app icon to see shortcuts (3D Touch).
  • Credit cards you enter on your device are now securely synced to Google Pay for use on other devices (if enabled).

New browser interface

You can easily spot Chrome 69 by its new and completely renovated material design theme - No sharp edges.

Windows10 chrome 69 design

Backgrounds on the new blank page tab

Another cool thing about the design is the option to change the background of a new tab. To set a custom background, click the gear icon at the bottom right corner of the new tab page. Select “Chrome Backgrounds” to choose one of Google’s backgrounds, or click “Upload an Image” to put any background image you like there. This is an example:

example background

Quick-access shortcuts

In the new blank tab page you can now also see a shortcuts bar, which is more or less just a quick-access bookmarks bar. Chrome’s New Tab page previously had a “most visited” section below the search box, showing you the web pages you most frequently visited. That’s now replaced by the quick access shortcuts bar.

shortcuts bar

Better password manager

Passwords. Sounds important, doesn't it? Google did a wonderful job at improving the password manager even more. Now it is equipped with a fully-functional integrated password generator tool. Just right-click a password field and select “Generate Password.” Google has also improved the autofill feature.

Improved "Omnibox"

For chrome, the address bar is not just an address bar. And since version 69, the address bar - "Omnibox" got significantly improved as well. Many answers to searches now instantly appear in the Omnibox as you start typing, just as they do when searching on Google’s website. Want to see it in action? Type for example: "weather Norway" or "5 cm in inch" or "6 ^ 3". And it gets smarter every day. Furthermore, it can suggest you to switch to already existing tab instead of running the same one again.

chrome omnibar


Developer features and updates in Chrome 69

  • Add RTCRtpParameters.headerExtensions - This change adds support for the RTCRtpParameters.headerExtensions dictionary entry which is returned by RTCRtpSender.getParameters(). This is a read-only field that allows inspection of the parameters that are set on a PeerConnection after negotiation.
  • Array.prototype.{flat,flatMap} - JavaScript arrays are getting two new methods. Array.prototype.flat() returns a new array with all sub-array elements concatenated into it recursively up to the specified depth. The sub-array elements become members of the new array. Array.prototype.flatMap() first maps each element using a mapping function, then flattens the result into a new array. This method is functionally equivalent to a map followed by a flatten of depth 1.
  • CSS Scroll Snap Points - The CSS scroll snap specification introduces snap points as a way to "enforce the scroll offsets that a scroll container's visual viewport may end at after a scrolling operation has completed". Scroll snapping applies to both user scroll operations such as touch, wheel scrolling, or scrollbar dragging, and programmatic scroll operations such as Element.scrollTo(). This improves the user experience by allowing scrollable zones to easily stop at predefined points.
  • CSS conic-gradient - Support was added for CSS conic (angular/sweep) gradients. Conic gradients allow color transitions around a center rather than radiating from it. This allows, for example, a web developer to create a hue wheel using only two CSS properties.
  • CSS logical flow relative margins, paddings and borders - Chrome now implements logical margin, padding, and border CSS properties using standard names, specifically margin-{block,inline}-{start,end}, padding-{block,inline}-{start,end} and border-{block,inline}-{start,end}-{width,style,color}. These capabilities were previously supported through -webkit prefixes and non-standard names. Shorthand properties are only added for border-{block,inline}-{start,end}.
  • Cookie Store API - The Cookie Store API exposes HTTP cookies to service workers and offers an asynchronous alternative to document.cookie.
  • Deprecation Reports - A new feature of the Reporting API gives developers more insight into the functioning of their code on client machines. Deprecation reports allow deprecation warnings, currently only available in developer tool consoles, to be sent to the back end, or captured in callbacks using ReportingObserver.
  • Display cutout and CSS env() support - Display cutouts are now supported in Chrome through CSS environment variables and the viewport-fit meta tag. This allows developers to take advantage of the entire screen on devices that have a display cutout.
  • EME Extension: HDCP Policy Check - This feature provides applications the ability to query whether a certain HDCP policy can be enforced so that playback can be started at the optimum resolution for the best user experience.
  • EME: Query what encryption schemes are supported - A new method will allow applications to query whether a specific encryption scheme is supported by Encrypted Media Extensions (EME).
  • ES Modules for dedicated workers ('module' type option) - JavaScript will support modules in dedicated workers. Using a new value for the constructor's type attribute, worker scripts are loaded as ES6 modules and the import statement is available on worker contexts. With this feature, web developers can more easily write programs in a composable way and share them among a page and workers.
  • Element.toggleAttribute - A new method named Element.toggleAttribute() allows toggling the existence of an element’s attribute in a way similar to Element.classList.toggle. An optional force parameter forces toggling the attribute even if it doesn't exist. This makes managing boolean attributes much simpler as the interface doesn't use strings as does Element.setAttribute().
  • Feature Policy: JavaScript API - Expose JavaScript API for feature policy. document.policy.allowedFeatures() // what are the allowed features in this document document.policy.allowsFeature('geolocation', <origin>?) // is geolocation allowed in this document/origin? document.policy.getAllowlistForFeature('geolocation') // what origins are allowed to use geolocation?
  • Fetch API: Request.isHistoryNavigation - Add a boolean property to request objects to indicate whether the particular request is a history navigation. This allows a service worker to know whether a request was due to a back/forward navigation. An example of how this might be used is that a service worker could respond to such a navigation with a cached response.
  • Keyboard Map - This API returns a map which translates from KeyboardEvent.code values into strings that can be shown to the user to identify each key. This is not possible with existing web platform APIs because the value that should be shown to the user depends on the keyboard layouts that the user has installed and activated.
  • Network Error Logging - This feature defines a mechanism that enables developers to declare a network error reporting policy for a web application via the NEL header. A user agent can use this policy to report encountered network errors that prevented it from successfully fetching requested resources. This is done through the common Reporting API.
  • OffscreenCanvas - OffscreenCanvas is a new interface that allows canvas rendering contexts (2D and WebGL) to be used in Workers. Making canvas rendering contexts available to workers increases parallelism in web applications, leading to improved performance on multi-core systems. As part of the required tooling for this to work, this also launches DedicatedWorker.requestAnimationFrame(), allowing animation-like events to be triggered the same on dedicated workers as they are in Window.
  • RTCRtpSender / RTCRtpReceiver.getCapabilities() - The getCapabilities() method returns the most optimistic view of the capabilities of the system for sending media of the given kind. It does not reserve any resources, ports, or other state but is meant to provide a way to discover the types of capabilities of the browser including which codecs or RTP extensions may be supported.
  • Remove 'stalled' events for HTMLMediaElements using MediaSourceExtensions - The HTMLMediaElement.stalled event fires when media download has failed to progress for at least 3 seconds. In Media Source Extensions, the web app manages the download and the media element is not aware of its progress. Since some apps append media data in chunks larger than 3 seconds, stalled was being fired at inappropriate times. To solve this, stalled has been removed for Media Source Extensions.
  • Remove document.createTouchList - The document.createTouchList() method is being removed because the Touch() constructor has been supported since Chrome 48.
  • Remove extra form data , if "value" attribute is present with non-empty value for - As per spec, the constructed "form data set" should not include the value of the image button
  • Reporting API - The Reporting API defines a generic reporting framework which allows web developers to associate a set of named reporting endpoints with an origin. Various platform features (like Content Security Policy, Network Error Reporting, and others) will use these endpoints to deliver feature-specific reports in a consistent manner.
  • ReportingObserver - A new feature of the Reporting API gives developers more insight into the functioning of their code on client machines. The ReportingObserver API allows JavaScript to capture reports in callback, which can be used to save custom reporting data to page analytics.
  • ServiceWorkerRegistration.update() resolves with a registration. - ServiceWorkerRegistration.update() previously resolved with undefined. Now it resolves to the registration object as required by the specification.
  • Support for CTAP2 FIDO devices via the Web Authentication API - This feature adds support for CTAP2 devices, which provide advanced security capabilities such as biometric authentication and resident keys (keys stored on the device). The WebAuthentication API formerly only supported Universal 2nd Factor (U2F, also known as CTAP1 ) devices at the transport layer. This change doesn't alter the API surface itself but enables richer device interactions via the existing Web Authentication API.
  • Three new network quality client hints - Support for the “rtt”, “downlink”, and “ect” client hint values and HTTP request headers have been added to Chrome to convey Chrome’s network connection speed to servers. These network quality hints provide the same values as existing Network Information APIs navigator.connection.rtt, navigator.connection.downlink, and navigator.connection.effectiveType.
  • Web Locks API - This API allows scripts running in one tab to asynchronously acquire a lock, hold it while work is performed, then release it. While held, no other script in the origin can acquire the same lock. A lock represents some potentially shared resource, identified by a name chosen by the web app. For example, if a web app running in multiple tabs wants to ensure that only one tab is syncing to the network, each tab could try to acquire a "my_net_sync" lock, but only one tab will succeed.
  • WebRTC RTCRtpTransceiver in Unified Plan - When spec-complaint SDP format "Unified Plan" is used, RTCRtpTransceiver describes each sender-receiver pair that is added to the RTCPeerConnection. This represents the components used to send and receive media. Exposing the transceiver gives the application the ability to receive media early and provides more control over the generated SDP. APIs that are shipping include RTCRtpTransceiver, RTCPeerConnection.addTransceiver() and RTCPeerConnection.getTransceivers().
  • WebSocket: permit connection reuse for auth - When receiving a 401 HTTP response during the WebSocket handshake, Chrome will attempt to continue authentication on the same socket. Windows HTTP authentication usually requires a single connection to be reused for authentication to succeed. Until now, Chrome has always closed the connection on a 401 status response, so Windows authentication has not worked. Windows authentication support is mostly useful in enterprise environments where single-sign-on is used.
  • performance.memory improvements - The performance.memory property is a non-standard API, seeing significant usage from some of our partners. With this change, if the renderer is locked to a site reported values will not contain coarse quantization and delay. This will allow developers to detect performance regressions from user data more easily because the memory measurements will be more accurate and can be taken more frequently.
  • service worker: Don't expose the API to insecure contexts. - Because of a technical limitation, navigator.serviceWorker was previously exposed on insecure contexts and threw a Security Error when used. After this change, navigator.serviceWorker will return undefined. This aligns with the specification.
  • window.confirm() will not activate parent page - If a document in a background tab calls window.confirm() then the call to confirm() will return immediately with false, and no dialog will be shown to the user. If the tab is active, then the call will show a dialog. Specifically, this removes the ability to use window.confirm() to bring a tab to the front against the user’s will.

Bug fixes

High-threat bug fixes:

  • CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka on 2018-07-26
  • CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer on 2018-05-29
  • CVE-2018-17457: Use after free in WebAudio. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-31
  • CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-07-05
  • CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand of Google Project Zero on 2018-08-23
  • CVE-2018-16069:Out of bounds read in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-05-31
  • CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-06-01
  • CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-21

Medium-threat bug fixes:

  • CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer. Reported by Jun Kokatsu (@shhnjk) on 2018-07-17
  • CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun Kokatsu (@shhnjk) on 2018-07-12
  • CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun Kokatsu (@shhnjk) on 2018-07-13
  • Out of bounds read in Little-CMS. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on 2018-07-18
  • CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila (@cgvwzq) on 2017-11-27
  • CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2018-07-25
  • CVE-2018-16077: Content security policy bypass in Blink. Reported by Manuel Caballero on 2014-05-27
  • CVE-2018-16078: Credit card information leak in Autofill. Reported by Cailan Sacks on 2018-06-28
  • CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus Vervier and Michele Orrù (antisnatchor) on 2017-05-17
  • CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani on 2018-06-29
  • CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn of Google Project Zero on 2016-11-17
  • CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair on 2018-06-11
  • CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-26
  • Cross origin read. Reported by Luan Herrera (@lbherrera_) on 2018-05-31

Low-threat bug fixes:

  • CVE-2018-16084: User confirmation bypass in external protocol handling. Reported by Jun Kokatsu (@shhnjk) on 2018-07-18
  • CVE-2018-16086: Script injection in New Tab Page. Reported by Alexander Shutov (Dark Reader extension) on 2018-05-18
  • CVE-2018-16085: Use after free in Memory Instrumentation. Reported by Roman Kuksin of Yandex on 2018-06-26
  • CVE-2018-16087: Multiple download restriction bypass.
  • CVE-2018-16088: User gesture requirement bypass.

[source]


Bonus

If you want to take a rest from all the work and maybe have some fun while your internet connection is down, then you can play the Chrome’s dinosaur game. This is an Easter egg, and it appears when you don’t have an Internet connection. On the “No internet” page that features a dinosaur icon, press the Spacebar (or tap on mobile) to begin the game, which is also edited in Chrome 69.

dino game

▶ Read the full post
Opera 55 Released (August 16, 2018)
Chrome 68 Released (July 24, 2018)
Opera 54 Released (June 28, 2018)
Firefox 61 Released (June 26, 2018)
Chrome 67 Released (May 31, 2018)
Opera 53 Released (May 10, 2018)
Firefox 60 Released (May 9, 2018)
Chrome 66 Released (April 17, 2018)
Opera 52 Released (March 14, 2018)
Firefox 59 Released (March 13, 2018)
Chrome 65 Released (March 6, 2018)
Opera 51 Released (February 7, 2018)
Chrome 64 Released (January 24, 2018)
Firefox 58 Released (January 23, 2018)
Opera 50 Released (January 4, 2018)
Happy browserful Holidays! (December 23, 2017)
Chrome 63 Released (December 6, 2017)
Firefox 57 Released (November 14, 2017)
Opera 49 Released (November 8, 2017)
Astronomy (New comic) (November 5, 2017)
Chrome 62 Released (October 19, 2017)
Firefox 56 Released (September 28, 2017)
Opera 48 Released (September 27, 2017)
Chrome 61 Released (September 5, 2017)
Opera 47 Released (August 9, 2017)
Firefox 55 Released (August 8, 2017)
Chrome 60 Released (July 25, 2017)
There Are 225 Developer Tools Now! (June 25, 2017)
Opera 46 Released (June 23, 2017)
Firefox 54 Released (June 13, 2017)
Chrome 59 Released (June 5, 2017)
Front End vs Back End (Comic) (April 25, 2017)
Chrome 58 Added to Browser Cloud (April 20, 2017)
Firefox 53 Added to Browser Cloud (April 19, 2017)
Opera 45 Released: Codename Opera Reborn (April 10, 2017)
Opera 44 Released and Deployed to Browserling (March 22, 2017)
Chrome 57 Released and available for testing (March 13, 2017)
New Feature: Quick access to latest browsers (March 10, 2017)
Firefox 52 is now available for cross-browser testing (March 7, 2017)
Chrome is a Hungry Browser (Browser comic) (March 3, 2017)
Android 7.1 Added to Browserling for Mobile Testing (March 2, 2017)
Grace Hopper (Computer Scientist Comic) (February 24, 2017)
LISP Winners (Programming comic) (February 16, 2017)
Announcing a new comic series about famous computer scientists (February 10, 2017)
Opera 43 is now available for cross-browser testing (February 7, 2017)
New comic - Programmer (February 2, 2017)
New comic - Two Floats Walk in a Bar (January 26, 2017)
Firefox 51 Cross-Browser Testing Available (January 25, 2017)
Chrome 56 Browser Testing Available (January 25, 2017)
New cartoon - Nordic Programmer (January 17, 2017)
New cartoon - Titanic and Iceberg CSS Pun (January 10, 2017)
Partying with Browsers is a Bad Idea (January 3, 2017)
Happy Holidays! (December 25, 2016)
Opera 42 is now available for online browser testing (December 13, 2016)
New comic - Hide and Seek (December 3, 2016)
Chrome 55 is now available for cross-browser testing (December 1, 2016)
New comic - Browser Wars (November 26, 2016)
New comic - Jon Maddog Hall (November 18, 2016)
Firefox 50 Testing Now Available (November 15, 2016)
New comic - Adobe Love Story (November 11, 2016)
New comic - ASCII/ANSI (November 4, 2016)
New comic - DOM and jQuery (October 28, 2016)
Opera 41 available for browser testing (October 26, 2016)
New cartoon - Euler's Number (October 21, 2016)
New cartoon - Hammer (October 14, 2016)
Chrome 54 released and deployed to browser testing cloud (October 12, 2016)
New cartoon - Bytes (October 6, 2016)
Android Nougat added to mobile browser testing cloud (October 3, 2016)
New cartoon - Peter375 (September 29, 2016)
New cartoon - Lego (September 21, 2016)
Opera 40 released and added to our testing cloud (September 20, 2016)
Firefox 49 is now available for cross-browser testing (September 20, 2016)
New cartoon - Opera (September 15, 2016)
New cartoon - Mendeleev CSS Joke (September 9, 2016)
New cartoon - Threads (September 2, 2016)
Edge 38 (aka Edge 14) released and added to our browser cloud (September 1, 2016)
Chrome 53 Available For Testing (August 31, 2016)
Happy 25th Birthday, Linux! (August 25, 2016)
New cartoon - CSS Ghost (August 18, 2016)
New cartoon - Browserling CEO (August 12, 2016)
New cartoon - Fortran (August 5, 2016)
Opera 39 released and added to browser testing cloud (August 2, 2016)
Firefox 48 released and added to browser testing cloud (August 2, 2016)
New cartoon - Big Bang (July 27, 2016)
New cartoon - Mermaid (July 21, 2016)
Chrome 52 Released and Deployed to our Browser Cloud (July 20, 2016)
New cartoon - Internet Explorer (July 14, 2016)
New cartoon - Ninja (July 7, 2016)
We've added a bunch more programmer tools! (July 1, 2016)
New cartoon - Home Sweet Home (June 30, 2016)
New cartoon - Brexit (June 23, 2016)
New cartoon - Pisa Tower (June 17, 2016)
New cartoon - Attack Vectors (June 11, 2016)
Opera 38 installed and ready for browser testing (June 8, 2016)
Firefox 47 Released (and available for web testing) (June 7, 2016)
New cartoon - Refreshments (June 4, 2016)
New cartoon - Binary (May 28, 2016)
Chrome 51 Available For Cloud Testing (May 25, 2016)
New cartoon - Titanic (May 21, 2016)
New cartoon - Home Sweet Home (May 13, 2016)
New cartoon - Computer Chips (May 6, 2016)
Opera 37 released and added to our browser-testing cloud (May 4, 2016)
New cartoon - Cold Computer (April 29, 2016)
Firefox 46 available for testing (April 26, 2016)
New cartoon - The Terminator (April 22, 2016)
New cartoon - Bitmask (April 14, 2016)
Chrome 50 is now available for web testing (April 13, 2016)
New cartoon - Dinosaurs (April 8, 2016)
New cartoon - Home Sweet Home (April 1, 2016)
New cartoon - Twins (March 24, 2016)
New cartoon - 1023MB (March 18, 2016)
Opera 36 released and deployed to our browser cloud (March 15, 2016)
Announcing Browserling's Safari Extension! (March 14, 2016)
New cartoon - Keyboard (March 9, 2016)
Firefox 45 Released and Ready for Testing (March 8, 2016)
Chrome 49 added to our cloud (March 2, 2016)
New cartoon - 4:04 AM (March 2, 2016)
Android 6.0 Marshmallow Now Available! (February 25, 2016)
New cartoon - Hobbit (February 24, 2016)
New cartoon - Java (February 17, 2016)
New cartoon - Home IPv6 (February 10, 2016)
New cartoon - SQL Query (February 3, 2016)
Opera 35 Now Available For Web Testing (February 2, 2016)
New cartoon - Computer Virus (January 27, 2016)
Firefox 44 is now available for testing (January 26, 2016)
Chrome 48 Released Today (and available for testing) (January 20, 2016)
New cartoon - Dates (January 20, 2016)
New cartoon - VIM (January 14, 2016)
We've added 7 more programming tools! (January 7, 2016)
New cartoon - Table Layout (January 6, 2016)
New cartoon - Glasses (January 1, 2016)
We've added 6 more web developer tools! (December 28, 2015)
Merry Christmas & Happy New Year from Browserling! (December 25, 2015)
New cartoon - Incognito (December 23, 2015)
New cartoon - Spaghetti (December 18, 2015)
We've added even more webdev tools! (December 17, 2015)
Firefox 43 Released! (December 15, 2015)
We've added more webdev tools! (December 10, 2015)
New cartoon - Full Stack (December 9, 2015)
Opera 34 added to our browser cloud (December 8, 2015)
Chrome 47 Added to Browserling (December 5, 2015)
New cartoon - Shopping (December 2, 2015)
Announcing Browserling's Web Developer Tools! (December 1, 2015)
New cartoon - Newspaper (November 25, 2015)
We added a new cartoon to our web comic - Home (November 18, 2015)
New web cartoon - SEO Expert (November 11, 2015)
Announcing Browserling's Firefox Extension! (November 5, 2015)
New web cartoon - Bathroom (November 5, 2015)
Firefox 42 Installed In Our Browser Testing Cloud (November 3, 2015)
Announcing Browserling's Opera Addon! (October 30, 2015)
New cartoon - Browser History (October 28, 2015)
Opera 33 available for cross-browser testing (October 27, 2015)
New cartoon - Cookie Monster (October 21, 2015)
Chrome 46 Added to Browserling (October 15, 2015)
New cartoon - Java Cafe (October 14, 2015)
A new webdev cartoon: Internet Explorer (October 5, 2015)
A new webdev cartoon: Hotel (September 30, 2015)
A new webdev cartoon: Bar (September 29, 2015)
Announcing Browserling's Webcomic! (September 28, 2015)
Mozilla Firefox 41 Released and Added to Browserling (September 22, 2015)
More Web Developer Jokes (September 17, 2015)
Opera 32 Released and Added to Browserling (September 15, 2015)
Web Developer Jokes (September 7, 2015)
Chrome 45 Released and Added to Browserling (September 1, 2015)
Browserling now has bookmarklets! (August 28, 2015)
Mozilla Firefox 40 Released and Added to Browserling (August 11, 2015)
Opera 31 Released and Added to Browserling (August 6, 2015)
Announcing Browserling's Chrome Extension! (August 5, 2015)
Browser sharing URL scheme now includes OS platform (July 30, 2015)
Announcing quick /b/ (browse) URLs (July 25, 2015)
Bug Hunter now has Imgur support (July 24, 2015)
Chrome 44 Released and Added to Browserling (July 21, 2015)
Announcing Browserling's Bug Hunter! (July 9, 2015)
Mozilla Firefox 39 Released and Added to Browserling (July 2, 2015)
Live API now supports Windows 8.1 (June 26, 2015)
Browserling now has Windows 8.1 support (June 16, 2015)
Opera 30 Released and Added to Browserling (June 10, 2015)
Live API now supports multiple OS platforms (June 9, 2015)
Browserling now supports multiple operating systems (June 5, 2015)
Chrome 43 Added to Browserling (May 20, 2015)
Firefox 38 Added to Browserling (May 12, 2015)
Live API now supports right click and middle click (wheel click) (May 8, 2015)
Introducing short URLs (May 7, 2015)
Right Click and Wheel Click Now Work in Browserling (May 5, 2015)
New Feature - Browser Sharing through Tools (May 1, 2015)
Opera 29 Added to Browserling (April 29, 2015)
Announcing Browserling's Live API (April 20, 2015)
Google Chrome 42 Added to Browserling (April 14, 2015)
Firefox 37 Added to Browserling (March 31, 2015)
New Feature - Basic Screenshots (March 26, 2015)
New Feature - On-Screen Keyboard (March 25, 2015)
Android 5.1 Lollipop Added! (March 20, 2015)
Opera 28 Added to Browserling (March 10, 2015)
Google Chrome 41 Added to Browserling (March 4, 2015)
Firefox 36 Added to Browserling (February 25, 2015)
Local Cross-Browser Testing Tutorial for Linux and Mac (February 18, 2015)
Local Cross-Browser Testing Tutorial for Windows (February 14, 2015)
New Security Feature - Login Rate Limiting (February 7, 2015)
Opera 27 Added to Browserling (January 28, 2015)
Chrome 40 Added to Browserling (January 27, 2015)
Firefox 35 Now Available (January 13, 2015)
Android 4.4 KitKat Added! (December 29, 2014)
Browserling's now much faster - We've upgraded servers to SSDs and 2xRAM and 2xCPU (December 7, 2014)
Opera 26 Added to Browserling (December 3, 2014)
Firefox 34 Now Available (December 1, 2014)
We've added Android 5.0 Lollipop to Browserling (November 25, 2014)
Chrome 39 Added to Browserling (November 18, 2014)
New Pricing Signup Form (November 5, 2014)
Opera 25 Added to Browserling (October 15, 2014)
Firefox 33 Added (October 13, 2014)
Chrome 38 Now Available (October 8, 2014)
Browser Sharing URL Scheme (September 20, 2014)
Opera 24 Now Available (September 4, 2014)
Firefox 32 Added to Browserling (September 3, 2014)
Chrome 37 Added to Browserling (August 26, 2014)
Opera 23 Now Available (July 25, 2014)
Firefox 31 Now Available at Browserling (July 24, 2014)
Chrome 36 Added to Browserling (July 16, 2014)
We just added Firefox 30 to Browserling (June 11, 2014)
Opera 22 Now Available (June 3, 2014)
Chrome 35 Now Available (May 20, 2014)
Opera 21 Added to Browserling (May 6, 2014)
Firefox 29 Added for Testing (April 29, 2014)
Chrome 34 Added to Browserling (April 10, 2014)
Firefox 28 Added for Browser Testing (March 18, 2014)
Opera 20 Added to Browserling (March 5, 2014)
Chrome 33 Added to Browserling (February 21, 2014)
Firefox 27 Added for Cloud Testing (February 4, 2014)
Internet Explorer 11 Added to Browserling (January 30, 2014)
Opera 19 Released (January 29, 2014)
Chrome 32 Added to Browserling (January 14, 2014)
Firefox 26 Added to Browserling (December 10, 2013)
Opera 18 Added to Browser Cloud (November 19, 2013)
Chrome 31 Just Added! (November 12, 2013)
Mozilla Firefox 25 Released (October 29, 2013)
Opera 17 Released and Added to Our Testing Cloud (October 8, 2013)
Chrome 30 Now Available (October 2, 2013)
Firefox 24 Released (September 17, 2013)
Opera 16 Added to Browser Testing Cloud (August 27, 2013)
Chrome 29 Added for Web Testing (August 20, 2013)
Firefox 23 Released (August 6, 2013)
Chrome 28 Added to Cloud Testing Platform (July 9, 2013)
Opera 15 Released (Opera Switches to Chrome!) (July 2, 2013)
Firefox 22 Released (June 25, 2013)
Chrome 27 Available for Browser Testing (May 21, 2013)
Firefox 20 Released (April 2, 2013)
Chrome 26 Added to Browserling (March 26, 2013)
Google Chrome 25 Released (February 21, 2013)
Chrome 24 Released (January 10, 2013)
We just added Internet Explorer 10 (December 11, 2012)
Chrome 23 Released (November 6, 2012)
Chrome 22 released (September 25, 2012)
Chrome 21 released (July 31, 2012)
Chrome 20 Released (June 26, 2012)
Opera 12 Released (June 14, 2012)
Chrome 19 Released (May 15, 2012)
Chrome 18 Released (March 28, 2012)
Chrome 17 Released (February 8, 2012)
Firefox 9 Released (December 20, 2011)
Chrome 16 Released (December 13, 2011)
Chrome 15 Released (October 25, 2011)
Chrome 14 Released (September 16, 2011)
Chrome 13 Released (August 2, 2011)
We just added Firefox 3 to Browserling (January 5, 2011)
We have a blog! (December 1, 2010)