This week, Google launched Chrome 96 for all supported desktop operating systems and Android; the new version number is 96.0.4664.45. There is no mention of security updates in the release. Google intends to push the upgrade to all Chrome-enabled devices in the coming weeks. Desktop users can speed up the process by typing chrome:/settings/help into their browser’s URL bar. The page that appears displays the currently installed version and performs an update check. The latest version will be immediately detected and installed. To complete the operation, a reboot is required.

HTTPS is used to connect to websites if an HTTPS record is available from the domain name service (DNS). Web applications can register as URL protocol handlers, for example to launch Twitter links using Twitter PWA, or FTP links using an FTP web application. Applications that capture other windows or tabs currently have no way of controlling whether the calling element or the captured element gets focus. (Think of a presentation feature in a video conferencing application.) Chrome 96 makes this possible with a subclass of MediaStreamTrack called FocusableMediaStreamTrack, which supports a new focus() method.

The official blog post on the Chrome Releases blog offers almost no release information. It lists the version number and indicates that the Extended Chrome Stable has also been promoted to Chrome 96. Google recently moved to a 4 week release cycle for Chrome and created the Extended Channel to increase the release period to all other versions (8 weeks). A Chrome 96 beta post on the Chromium Blog reveals information about what’s new in the new release. Here is a list of important changes:

Priority hints introduce a developer-defined “importance” attribute to influence the calculated priority of a resource. Supported importance values ​​are “auto”, “low”, and “high”. Priority hints indicate the relative importance of a resource to the browser, allowing greater control over the order in which resources are loaded. Back cache on the desktop for faster navigations to “previously visited pages after cross-site navigations”. New policy without credentials for Cross-Origin-Embedder-Policy. Cross-Origin-Embedder-Policy has a new no-credentials option that causes cross-origin no-cors requests to omit credentials (cookies, client certificates, etc.). Similar to COEP:require-corp, it can enable cross-origin isolation.

The appmanifest specification does not explicitly define what uniquely identifies a PWA. Currently, on desktop versions of Chromium-based browsers and Firefox on Android, PWAs are uniquely identified by the app’s start_url, and Android Chromium-based browsers use manifest_url instead. It’s confusing for developers. Also, developers couldn’t modify their start_url and manifest_url. Having a stable identifier allows apps to update other metadata such as start_url and manifest_url, and has a consistent way to reference apps across browser platforms, PWA stores, and other external entities. This feature follows the release process for the desktop-side implementation, as the Android implementation will be on a different schedule. They will both follow the same specifications.

Summary of news:

• Google Chrome 96 is now available: here’s what’s new
• Check out all the news and articles from the latest security news updates.