Notification

Stai pianificando la tua strategia di ritorno al lavoro in ufficio? Scopri come Chrome OS può aiutarti.

La pagina richiesta al momento non è disponibile nella tua lingua. Puoi selezionare una lingua diversa nella parte inferiore della pagina oppure tradurre istantaneamente qualsiasi pagina web nella lingua che preferisci tramite la funzionalità di traduzione integrata di Google Chrome.

Previous release notes

Note: For information about the current Chrome version and targeted releases, see Chrome Enterprise release notes.
 

For administrators who manage Chrome browser or ChromeOS devices for a business or school.

 

 

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

 

Note: For information about the current Chrome version and targeted releases, see Chrome Enterprise release notes.
Open all   |   Close all

Chrome 123

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Third-Party Cookie Deprecation (3PCD)     
Generative AI features    
Resume tabs  
Chrome on Android and iOS: cross-device resumption    
Resume the last opened tab on any device     
Change in behavior of the JavaScript JIT policies    
Chrome Sync ends support for Chrome 81 and earlier  
New idle timeout policies on iOS    
Cross-profile password reuse detection    
Telemetry for permission prompts and accepting notification permissions    
ServiceWorker static routing API    
Private network access checks for navigation requests: warning-only mode    
Local passwords stored in Play services    
Zstd content encoding    
Force Sign-in flows revamp    
Google Update changes    
New and updated policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
ChromeOS Flex Bluetooth migration    
Customizing keyboard shortcuts    
Mouse button customization    
Faster Split Screen setup    
ChromeOS Tether Hotspot    
Per-app language preferences on Android    
New natural-sounding voices for text-to-speech    
Data Processor mode rollout for Norway and Belgium    
Per-app privacy settings    
Enhanced Android security for new enterprise customers    
Admin console updates Security/ Privacy User productivity/ Apps Management
Enhanced Settings page experience    
Remote log collection for ChromeOS devices    
Inactive browser deletion in Chrome Browser Cloud Management    
Chrome crash report    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Default Search Engine choice screen    
User link capturing on PWAs - Windows, MacOS and Linux    
Permissions prompt for Web MIDI API    
Three Chrome extensions will be upgraded to Manifest V3  
Bookmarks and reading list improvements on Android    
Deprecate enterprise policy used for throttling    
Chrome Desktop support for Windows ARM64    
Remove enterprise policy used for GREASE    
Network Service on Windows will be sandboxed    
Deprecate and remove WebSQL    
Form controls support direction value in vertical writing mode    
Remove enterprise policies used for TLS handshake and RSA key usage    
Shadow root cloneable attribute    
Remove enterprise policy used for Base URL inheritance    
Intent to deprecate: mutation events    
Remove enterprise policy used for legacy same site behavior    
All extensions must be updated to leverage Manifest V3 by June 2025    
Chrome will no longer support macOS 10.15    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Record GIFs with Screen capture    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Legacy Technology report    
Policy parity: Custom Configurations for IT admins    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    As previously announced, Chrome 120 started to restrict third-party cookies by default for 1% of Chrome users to facilitate testing, and subsequent releases will ramp up to 100% of users as early as Q3 2024. The ramp up to 100% of users is subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA). Browsers that are part of the 1% experiment group also see new Tracking Protection user controls. You can try out these changes in Chrome 120 or higher by enabling chrome://flags/#test-third-party-cookie-phaseout.

    This testing period allows sites to meaningfully preview what it's like to operate in a world without third-party cookies. As bounce-tracking protections are also a part of 3PCD, the users in this group with third-party cookies blocked have bounce tracking mitigations taking effect, so that their state is cleared for sites that get classified as bounce trackers. Most enterprise users are excluded from this 1% experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out managed browsers ahead of the experiment. This gives enterprises time to make the changes required to avoid relying on this policy or on third-party cookies. 

    We are launching the Legacy Technology Report to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to false to re-enable third-party cookies for all sites but this will prevent users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue receiving third-party cookies. 

    For enterprise end users that are pulled into this experiment group and that are not covered by either enterprise admin policy, they can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site, when necessary. See this Help Center article for more details on how to toggle these settings for the desired configuration.

    Bounce tracking protections are also covered by the same policies as cookies and these protections are enforced when the bouncing site is not permitted to use 3P cookies. So setting the BlockThirdPartyCookies policy to false, or setting the CookiesAllowedForUrls policy for a site, prevents bounce tracking mitigations from deleting state for sites. 

    Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.

    The heuristics feature grants temporary third-party cookie access in limited scenarios based on user behavior. This mitigates site breakage caused by third-party cookie deprecation in established patterns, such as identity provider pop ups and redirects.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, MacOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • Generative AI features back to top 

    In Chrome 122, 3 Generative AI (GenAI) features became available for managed users that have signed into Chrome browser: Tab Organizer, Create themes, and Help me write (not available on ChromeOS). Initially, these 3 features are only available to users (18+) in English in the USA. Admins can control these by using the TabOrganizerSettings, CreateThemesSettings and HelpMeWriteSettings policies. 

    Starting in Chrome 123, we will gradually roll out these features and some users will no longer need to opt in to Experimental AI to use the features if admins set the policies to enabled. 

    • Chrome 122 on ChromeOS, Linux, Mac, Windows: GenAI features (Tab Organizer, Create themes) become available to managed users in the USA. Users need to turn on Experimental AI. 
    • Chrome 123 on ChromeOS, Linux, Mac, Windows: Features (Tab Organizer, Create themes) become available to managed users in the USA. Some users will have the feature enabled by default; others will still be able to manually opt in via the Experimental AI settings page. In both cases, the features will not be available if disabled via policy.

   

  • Resume tabs back to top 

    Chrome 123 introduces a new card on the New tab page, which helps users continue with tab suggestions from other devices. Using the NTPCardsVisible policy, admins can control this feature, and other cards on the New tab page. 

    • Chrome 123 on ChromeOS, Linux, Mac, Windows

    Resume tabs

   

  • Chrome on Android and iOS: cross-device resumption back to top 

    To help users resume tasks originating from other devices, Chrome now provides cross-device tab suggestions on the New tab page or Home surfaces on Chrome on Android and Chrome on iOS.

    • Chrome 123 on Android, iOS: Feature launches

   

  • Resume the last opened tab on any device back to top 

    For the last open tab on any device within the last 24 hours with the same signed-in user profile, Chrome now offers users a quick shortcut to resume that tab. Admins can control this feature using an existing enterprise policy called SyncTypesListDisabled.

    • Chrome 123 on iOS: Feature launches

   

  • Change in behavior of the JavaScript JIT policies back to top 

    As early as Chrome 122, enabling the DefaultJavaScriptJitSetting policy and disabling JavaScript JIT no longer resulted in WebAssembly being fully disabled. The V8 optimizing JIT will continue to be disabled by setting this policy. This allows Chrome to render web content in a more secure configuration.

   

  • Chrome Sync ends support for Chrome 81 and earlier back to top 

    Chrome Sync will no longer support Chrome 81 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome Sync.

    • Chrome 123 on Android, iOS, ChromeOS, Linux, MacOS, Windows: The change will be implemented.

   

  • New idle timeout policies on iOS back to top 

    Enterprises are now able to enforce taking an action after Chrome has been idle for some amount of time on iOS devices. Admins can use the IdleTimeout policy to set a timeout period and the IdleTimeoutActions policy to specify actions on timeout. The setting will be available as a platform policy and will be available per user profile at a future date. 

    • Chrome 123 on iOS: Policies available on iOS.

   

  • Cross-profile password reuse detection back to top 

    Previously, password reuse detection of corporate credentials was only detectable in the corporate profile. In Chrome 123, password reuse detection will detect corporate credential reuse across all non-Incognito profiles on the managed browser.

   

  • Telemetry for permission prompts and accepting notification permissions back to top 

    When Enhanced Protection is turned on, and a user visits a page that prompts the user to accept a notification permission, attributes of that page might be sent to Safe Browsing. If the telemetry is sent and the page is deemed dangerous, users will see a Safe Browsing warning. 

    When Enhanced Protection or Safe Browsing Extended Reporting is turned on, and a user accepts a notification permission for a blocklisted page, this event will be sent to Safe Browsing.

    These features can be controlled by the SafeBrowsingProtectionLevel and SafeBrowsingExtendedReportingEnabled policies.

    • Chrome 123 Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia: Feature rolls out to enterprises that have MetricsReportingEnabled set to enabled.

   

  • ServiceWorker static routing API back to top 

    This API allows developers to configure the routing, and allows them to offload simple things ServiceWorkers do. If the condition matches, the navigation happens without starting ServiceWorkers or executing JavaScript, which allows web pages to avoid performance penalties due to ServiceWorker interceptions.

    • Chrome 123 on Windows, Mac, Linux, Android

   

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website navigates to a destination site in a user's private network, Chrome will do the following:

    1. Checks whether the original navigation request has been initiated from a secure context.

    2. Sends a preflight request, and checks whether the destination site responds with a header that allows private network access.

     

    The above checks are made to protect the user's private network. Since this feature operates in warning-only mode, we do not fail the requests if any of the checks fail. Instead, a warning will be shown in DevTools Chrome console, to help developers prepare for the coming enforcement. To read about these changes, see Private Network Access (PNA) for Navigation Requests. To learn more, see the PNA specification.

    • Chrome 123 on Android (except for WebView), ChromeOS, Linux, MacOS, Windows: Warning-only mode.
    • Earliest Chrome 130 on Android (except for WebView), ChromeOS, Linux, MacOS, Windows: Requests will fail.

   

  • Local passwords stored in Play services back to top 

    Chrome changes the way local (not syncable) passwords are stored. Previously they were stored in the Chrome profile. Now they are gonna be migrated to the local password storage of the Google Play services similarly to how the Google account passwords are already stored. It also changes the management UI for them to be provided by Google Play services. The Chrome policy PasswordManagerEnabled is still valid but it doesn't control the behavior outside the Chrome binary. Thus, the new password management UI allows users to import or add passwords there manually.

    • Chrome 123 on Android: The feature kicks-in for users without local passwords 
    • Chrome 124 on Android: All local passwords are migrated to the Google Play services.

   

  • Zstd content encoding back to top 

    Chrome is adding support for Zstandard (zstd) as a data compression mechanism. Supporting zstd content encoding in the browser allows sites to spend less time and CPU or power on compression on their servers, resulting in reduced server costs. A temporary enterprise policy ZstdContentEncodingEnabled is available to turn off the zstd content encoding feature.

    • Chrome 123 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia: Support for zstd is added.

   

  • Force sign-in flows revamp back to top 

    When the BrowserSignin policy is set to Force users to sign-in to use the browser, users now sign in to Chrome browser by following the standard sign-in procedure through the Profile Picker.

    Previously, the Force sign-in flow had a specific UI dialog that did not follow typical Chrome style or standards. Now the flows are aligned with the regular sign-in flows. We’ve also improved error handling by displaying sign-in errors in a regular dialog with actionable buttons.

    • Chrome 123 on Mac, Windows: Full launch

    Force sign-in

   

  • Google Update changes back to top 

    We are in the process of rolling out a new version of Google Update. As part of this change, the location for GoogleUpdate.exe on Windows will change and will be named updater.exe. Note that the previous path will continue to persist until the transition is fully completed.

    • Previous: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    • Current: C:\Program Files (x86)\Google\GoogleUpdater\VERSION\updater.exe

   

ChromeOS updates

   

  • ChromeOS Flex Bluetooth migration  back to top

    In ChromeOS 123, ChromeOS Flex will upgrade to the Floss Bluetooth stack. As part of this upgrade, the listed devices no longer support Bluetooth functionality. If Bluetooth functionality is critical for these devices, we recommend moving these devices to the LTS channel to extend the Bluetooth functionality through to October 2024. 

    • HP Probook 4530s
    • Lenovo ThinkPad T420
    • HP Elitebook 8460p
    • Apple iMac 11,2
    • Lenovo ThinkPad x220
    • Dell Vostro 3550
    • HP 3115m
    • HP Elitebook 2560p
    • HP ProBook 6465b
    • Lenovo ThinkPad L420
     

    If your devices are unable to connect to Bluetooth after updating to ChromeOS 123, switch the Chrome flag Use Floss instead of BlueZ to Disabled.

     

    Floss vs Bluetooth

 

   

  • Customizing keyboard shortcuts  back to top

    Using shortcuts boosts productivity, and we all have our favorites. In ChromeOS 123, with shortcut customization, you will be able to assign your preferred key combination to personalize your shortcuts. Whether you want them to be easier to do with one hand, simpler to remember, or identical to the ones you're familiar with, this feature will simplify your day-to-day workflows. 

       

    Customize keyboard shortcuts

 

   

  • Mouse button customization  back to top

    Mouse button customization on Chromebook helps users complete quick actions with the click of a button. If your mouse has more than two buttons, you can now assign those to a set list of actions such as taking a screenshot, muting and unmuting, inserting emojis, and so on. You can also select a key combination to assign to your buttons any action performed by a keyboard shortcut.

     

    Customize mouse shortcuts

 

   

  • Faster Split Screen setup  back to top

    Chromebooks provide a variety of ways to arrange the windows on your screen to help make you more productive — one of which is Split Screen. Just as it sounds, Faster Split Screen setup offers a quicker way to set up your window layout by showing an overview of your open windows on the other side of the screen. With Faster Split Screen, once you snap (or lock) a window in place on one side, you can choose an already-open window from Overview to snap into the other side, or select something from the shelf (the row of apps located at the bottom or side of your screen).

     

    Split screen

 

   

  • ChromeOS Tether Hotspot  back to top  

    Hotspot is now available on ChromeOS! You can now share your cellular network on your Chromebook as a hotspot to other devices without an internet connection! Enable your first hotspot by opening Network Settings and toggling on Hotspot. In ChromeOS 123, we only support T-Mobile in the US but we are working to add other networks in future releases.

     

   

  • Per-app language preferences on Android  back to top

    You can now change to your preferred language for your Android apps. These new settings are available in Settings > Apps > Manage your apps > App language

     

   

  • New natural-sounding voices for text-to-speech  back to top

    In ChromeOS 123, we’ve added new natural sounding TTS voices that work offline and are available in 31 languages.  

    TTS natural voices

 

   

  • Data Processor mode rollout for Norway and Belgium  back to top

    In August 2023, data processor mode for ChromeOS was launched in the Netherlands to give organizations more transparency and control over data sent to, and processed by Google. As interest in this space increased recently, we are making data processor mode generally available in additional countries, starting with Norway and Belgium. This product is available in the Admin console through Device > Chrome > Compliance. For more information, see our Help Center article.

     

   

  • Per-app privacy settings  back to top

    ChromeOS 123 makes privacy controls on Chromebooks easier to manage by consolidating app permissions and privacy controls. This gives users more transparency by showing what apps need access to privacy sensors, and how app permissions are affected by privacy control states. Now with the per-app permissions, for microphone and camera, instead of going to two separate places (privacy controls and app settings), users can directly go to privacy settings to view what apps need access to these sensors and modify app permissions.

 

   

  • Enhanced Android security for new enterprise customers  back to top

    ChromeOS 123 enhances the default app security level for enterprise customers. On new enterprise domains, ChromeOS now deactivates Android apps for unaffiliated ChromeOS users by default. Unaffiliated ChromeOS users are users on unmanaged devices or on devices that are managed by a different domain than the user.

    Existing enterprise domains will not be affected by this change. Any new or existing education customer will not be affected.

    Enterprise customers who want to change the default setting, see our Help Center article.

     

Admin console updates

   
  • Enhanced Settings page experience   back to top

    Starting in March 2024, all admins will use our updated Settings page experience–that means you’ll no longer be able to use the legacy Settings page experience. Most of you already use the updated experience. This just means that admins will no longer be able to access the legacy view, but you'll still have access to all the same functionality in the updated view.

    Enhanced settings page
   
  • Remote log collection for ChromeOS devices   back to top

    If you experience problems with a managed ChromeOS device, you can troubleshoot by capturing additional logs from the Device details page in the Admin console.You can remotely collect logs for following use cases : 

    • Kiosk devices
    • Affiliated and unaffiliated signed-in users
    • Managed guest sessions
    • Login and Locked screen

    For more information, see this Help Center article, Remote log collection for ChromeOS devices.

    Remote log collection

   

  • Inactive browser deletion in Chrome Browser Cloud Management   back to top

    The Inactive period for browser deletion policy is now available for early access in the Admin console. For IT admins who find the 18 month default inadequate, this will allow them to explicitly set a policy value (inactivity period of time) a few weeks before the actual deletion starts. 

    Starting in April 2024 until May 2024, the Inactive period for browser deletion policy will start rolling out and automatically delete enrolled browsers in the Admin console that have been inactive for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time will have a default value of 540 days. Meaning that by default, all enrolled browsers that have been inactive for more than 540 days will be deleted from your account. Administrators can change the inactive period value using this policy. The maximum value to determine the browser inactivity period will be 730 days and the minimum value is 28 days. 

    If you lower the set policy value, it might have a global impact on any currently enrolled browsers. All impacted browsers will be considered inactive and, therefore, be irreversibly deleted. To ensure the deleted browsers re-enroll automatically next time they restart, set the Device Token Management policy value to Delete token before lowering the value of this policy. The enrollment tokens on these browsers need to still be valid at the time of the restart.
   
  • Chrome crash report   back to top

    In Chrome 123, you can visualize crash events in the Admin console using the new Chrome crash report page. In this report, you will find a dynamic chart representing Chrome crash events over time, grouped by versions of Chrome. Additional filtering is available for the following fields: OS platforms, Chrome channels and dates. This report helps you proactively identify potential Chrome issues within your organization.

    • Chrome 121 on Linux, MacOS, Windows: Trusted Tester program
    • Chrome 123 on Linux, MacOS, Windows: Feature rolls out
    Crash report

   

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

    

  • Default Search Engine choice screen back to top 

    As part of our Digital Markets Act (DMA) compliance, Google is introducing choice screens for users to choose their default search engine within Chrome. The choice from the prompt controls the default search engine setting, currently available at chrome://settings/search.

    For enterprises that have chosen to have their administrator set their enterprise users’ search settings using the enterprise policies DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, those policies continue to control their enterprise’s search settings. Where the administrator has not set their enterprise users’ search settings by policy, enterprise users might see a prompt to choose their default search engine within Chrome.

    Read more about these policies and the related atomic group.

    • Chrome 120 on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: 1% users might start getting the choice screen with Chrome 120. 
    • Later this year on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: full roll-out for applicable users.

   

  • User link capturing on PWAs - Windows, MacOS and Linux back to top 
     

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

    Some issues were discovered with the current implementation, so we will not launch this feature in Chrome 123 as initially announced. We definitely plan to launch link capturing this year (bug).

    • Chrome 121 on Linux, MacOS, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Future milestone in 2024 on Linux, MacOS, Windows: We will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).

    Linked webapps

   

  • Permissions prompt for Web MIDI API back to top 
     

    The Web MIDI API connects to and interacts with Musical Instrument Digital Interface (MIDI) Devices. There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (see related Chromium bug). To address this problem, the W3C Audio Working Group decided to place an explicit permission on general Web MIDI API access. Originally, the explicit permission was only required for advanced Web MIDI usage in Chrome, including the ability to send and receive system exclusive (SysEx) messages, with gated access behind a permissions prompt. We now intend to expand the scope of the permission to regular Web MIDI API usage.

    In Chrome 124, all access to the Web MIDI API will require a user permission. No policies will be available to control these changes. If you encounter any issues, file a bug here.

    • Chrome 124 on Windows, MacOS, Linux, Android 

   

   

  • Bookmarks and reading list improvements on Android back to top 
     

    On Chrome 124 on Android, some users who sign in to Chrome from the Bookmark manager will be able to use and save bookmarks and reading list items in their Google Account. Relevant enterprise policies, such as BrowserSignin, SyncTypesListDisabled, EditBookmarksEnabled, ManagedBookmarks and ShoppingListEnabled will continue to work as before, to configure whether users can use and save items in their Google Account.

    • Chrome 124 on Android: Feature rolls out.

   

  • Deprecate enterprise policy used for throttling back to top 
     

    The underlying code change (throttling same-process, cross-origin display:none iframes) that the ThrottleNonVisibleCrossOriginIframesAllowed enterprise policy overrides has been enabled in stable releases since early 2023. Since known issues have been dealt with, we intend to remove the ThrottleNonVisibleCrossOriginIframesAllowed enterprise policy by Chrome 124. The discussions around the throttling issue (and its resolution) can be found in this Chromium bug.

    • Chrome 124: Policy is removed.

   

  • Chrome Desktop support for Windows ARM64 back to top 
     

    Chrome is rolling out support for Windows ARM64. We are working on publishing the Enterprise installers. You can continue to test the Canary channel and report bugs there. Note that this is subject to change based on overall stability, as well as feedback from customers. If you encounter any issues, file a bug here

    • Chrome 124 on Windows (ARM): New Enterprise installers are available.

   

  • Remove enterprise policy used for GREASE back to top 
     

    We plan to deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year. The policy will eventually be removed. 

    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows: Policy is deprecated.
    • Chrome 126 on Android, ChromeOS, Linux, MacOS, Windows: Policy is removed.

   

  • Network Service on Windows will be sandboxed back to top 
     

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

    • Chrome 124 on Windows: Network Service sandboxed on Windows.

   

  • Deprecate and remove WebSQL back to top 
     

    With SQLite over WASM as its official replacement, we plan to remove WebSQL entirely. This will help keep our users secure.

    The Web SQL database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. 

    • Chrome 101: In Chrome 101 the WebSQLAccess policy is added. WebSQL will be available when this policy is enabled, while the policy is available until Chrome 123.
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a deprecation trial token is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy, or a deprecation trial token.
    • Chrome 124: on ChromeOS, LaCrOS, Linux, MacOS, Windows, Android: Starting in Chrome 124, the policy WebSQLAccess and the deprecation trial, which allows for WebSQL to be available, will no longer be available.

   

  • Form controls support direction value in vertical writing mode back to top 

    The CSS property writing-mode allows elements to go vertical, but users cannot set the direction in which the value changes. With this feature, we are allowing the form control elements (meter, progress and range) input type to have vertical writing mode and choose the form control's value direction. If direction is rtl, the value is rendered from bottom to top. If direction is ltr, the value is rendered from top to bottom. For more information, see this Chrome for Developers blog post.

    • Chrome 124 on Windows, Mac, Linux, Android

   

   

  • Shadow root cloneable attribute back to top 
     

    The shadow root clonable attribute enables individual control over whether a shadow root is cloneable (via standard platform cloning commands such as `cloneNode()`). Imperative shadow roots can now be controlled via a parameter to `attachShadow({clonable:true})`. Declarative shadow roots can be controlled via a new attribute, `<template shadowrootmode=open shadowrootclonable>`

     

    Breakage can occur if you are:

    1. using declarative shadow DOM
    2. cloning templates that contain DSD and
    3. expecting those clones to contain cloned shadow roots
     
    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows

   

   

  • Intent to deprecate: mutation events back to top 
     

    Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. Starting in Chrome 124, a temporary enterprise policy, MutationEventsEnabled, will be available to re-enable deprecated or removed mutation events. If you encounter any issues, file a bug here.

    • Chrome 127 on Android, ChromeOS, Linux, MacOS, Windows: Mutation events will stop functioning in Chrome 127, around July 30, 2024.

   

   

  • All extensions must be updated to leverage Manifest V3 by June 2025 back to top 
     

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 

     

    Beginning June 2024, Chrome will gradually disable Manifest V2 extensions running in the browser. An Enterprise policy - ExtensionManifestV2Availability - is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.

     

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. Read more on the Manifest timeline, including: 

    • Chrome 110 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Chrome 127 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Chrome will gradually disable Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.

   

  • Chrome will no longer support macOS 10.15 back to top 
     

    Chrome will no longer support macOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems to continue to use Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 will no longer support macOS 10.15.

    • Chrome 129 on MacOS: Chrome no longer supports macOS 10.15

↑ back to top  

Upcoming ChromeOS changes

   

  • Record GIFs with Screen capture back to top

    As early as ChromeOS 124, Screen capture will let you record your screen in .GIF format to easily capture, share, and play the recording inline in chat, slides, docs, and more. 

 

↑ back to top  

Upcoming Admin console changes

       
  • Legacy Technology report back to top

    As early as Chrome 124, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, third-party cookies, SameSite cookie changes, and older security protocols like TLS 1.0/1.1 and third-party cookies. This information will enable IT administrators to work with developers to plan required tech migrations before the deprecation feature removals goes into effect.


    This feature is currently released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
     
    • As early as Chrome 124 on Linux, MacOS, Windows: Legacy Technology report will be available in the Admin console.
    Legacy tech report
   
  • Policy parity: Custom Configurations for IT admins back to top

    The Custom Configurations page allows IT admins to configure Chromium policies that are not yet in the Admin console, using JSON scripts. As a result, all Chrome policies are now configurable in Chrome Browser Cloud Management in the Admin console, either using the Settings page or the Custom Configurations page.

     

    • As early as Chrome 124 on Android, iOS, Linux, Mac, Windows: Trusted Tester access
    • As early as Chrome 125 on Android, iOS, Linux, Mac, Windows: Feature rolls out

↑ back to top  

Chrome 122

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Third-Party Cookie Deprecation (3PCD)     
Generative AI features    
Simplified sign-in and sync experience on iOS  
SharedImages for PPAPI Video Decode    
New download URLs for Chrome browser (Enterprise)      
New V8 security setting    
Read aloud    
Removal of enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed    
Asynchronous server-side Safe Browsing check    
Improved download warnings on the Chrome Downloads page    
Skip unload events    
Autofill: security code updates     
Removing unenrollment from Unified Password Manager    
Chrome on iOS: bottom address bar    
DefaultSearchProvider policy changes    
Change in behavior of the JavaScript JIT policies    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Content scanning with BCE    
Battery Saver    
Enhanced SAML reauthentication flows    
Badge-based authentication    
Edit your recordings with Screencast    
IkeV2 VPN support  
Mandatory extensions in Incognito  
New look for ChromeOS media player    
Admin console updates Security/ Privacy User productivity/ Apps Management
Inactive browser deletion in Chrome Browser Cloud Management    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Default Search Engine choice screen    
User link capturing on PWAs - Windows, MacOS and Linux    
Resume tabs    
Chrome on Android or iOS: cross-device resumption    
Resume the last opened tab on any device     
Permissions prompt for Web MIDI API    
Network Service on Windows will be sandboxed     
Chrome Sync ends support for Chrome 81 and earlier  
Deprecate and remove WebSQL    
IdleTimeout and IdleTimeoutActions Policies on iOS    
Cross Profile Password Reuse Detection    
Telemetry for permission prompts and accepting notification permissions     
ServiceWorker static routing API    
Private network access checks for navigation requests: warning-only mode    
Bookmarks and reading list improvements on Android    
Deprecate enterprise policy ThrottleNonVisibleCrossOriginIframesAllowed    
Remove support for UserAgentClientHintsGREASEUpdateEnabled    
Intent to deprecate: Mutation Events    
Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy    
Extensions must be updated to leverage Manifest V3
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
ChromeOS Flex Bluetooth Migration    
Customizing keyboard shortcuts    
Record GIFs with Screen capture    
Faster Split Screen setup    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Enhanced Settings page experience    
Chrome crash report    
Legacy Technology report    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top

    As previously announced, Chrome 120 started to restrict third-party cookies by default for 1% of Chrome users to facilitate testing, and subsequent releases will ramp up to 100% of users as early as Q3 2024. The ramp up to 100% of users is subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA). Browsers that are part of the 1% experiment group also see new Tracking Protection user controls. You can try out these changes in Chrome 120 or higher by enabling chrome://flags/#test-third-party-cookie-phaseout.

    This testing period allows sites to meaningfully preview what it's like to operate in a world without third-party cookies. As bounce-tracking protections are also a part of 3PCD, the users in this group with third-party cookies blocked have bounce tracking mitigations taking effect, so that their state is cleared for sites that get classified as bounce trackers. Most enterprise users are excluded from this 1% experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out managed browsers ahead of the experiment. This gives enterprises time to make the changes required to avoid relying on this policy or on third-party cookies. 

    We are launching the Legacy Technology Report to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to false to re-enable third-party cookies for all sites but this will prevent users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue receiving third-party cookies. 

    For enterprise end users that are pulled into this experiment group and that are not covered by either enterprise admin policy, they can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site, when necessary. See this help article for more details on how to toggle these settings for the desired configuration.

    Bounce tracking protections are also covered by the same policies as cookies and these protections are enforced when the bouncing site is not permitted to use 3P cookies. So setting the BlockThirdPartyCookies policy to false, or setting the CookiesAllowedForUrls policy for a site, prevents bounce tracking mitigations from deleting state for sites. 

    Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.

    The heuristics feature grants temporary third-party cookie access in limited scenarios based on user behavior. This mitigates site breakage caused by third-party cookie deprecation in established patterns, such as identity provider pop ups and redirects.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, MacOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • Generative AI features back to top

    Starting in Chrome 122, there are 3 Generative AI (GenAI) features that are now also available for managed users that have signed into Chrome browser: 

    • Tab organizer: Chrome can automatically suggest tab groups for users based on the URL and title of opened websites. To use this feature, right-click on a tab, and select Organize similar tabs.
    • Create themes with AI: Chrome lets users create a unique Chrome theme (a combination of a color and a wallpaper image) using GenAI. To use the feature, open a new tab, and at the bottom right, click Customize Chrome. On the side panel, select Change theme > Create with AI. Users can then choose from preset options for subject, mood, style, and color.
    • Get help writing on the web with AI: This feature helps users write with more confidence and kickstart the writing process in free-form text fields on the web. To use this feature, right-click on a text field, and select Help me write (not available on ChromeOS).

    Initially, these 3 features are only available to users in English in the US. Admins can control these by using the TabOrganizerSettings, CreateThemesSettings and HelpMeWriteSettings policies. For each feature, you have the following options for your organization:  

    •   0 = Enable the feature and send data to help improve AI models
    •   1 = Enable the feature but don’t send data to help improve AI models
    •   2 = Fully disable feature
     

    You can find more information in the Tab group suggestions, Create themes, and Help me write help center articles.

   

  • Simplified sign-in and sync experience on iOS back to top

    Starting in Chrome 122, existing users on iOS with Chrome sync turned on now experience a simplified and consolidated version of sign-in and sync in Chrome. Chrome sync no longer appears as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As before, the functionality that saves and accesses Chrome data in the Google Account can be turned off fully (via SyncDisabled) or partially (via SyncTypesListDisabled). Sign-in to Chrome can be required or disabled via BrowserSignin as before.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

    • Chrome 117: no longer shows Chrome sync as a separate feature for users who didn't have Chrome sync enabled at the time.
    • Chrome 122: no longer shows Chrome sync as a separate feature for users who had Chrome sync enabled by migrating them to an equivalent state.

     

   

  • SharedImages for PPAPI video decoder back to top

    Chrome 122 removes the PPAPISharedImagesForVideoDecoderAllowed policy, used to control the recent refactor for VideoDecoder APIs in PPAPI plugin. This policy was introduced on a temporary basis in Chrome 119.

    • Chrome 119 on ChromeOS, LaCrOS: Introduces escape hatch policy.
    • Chrome 122 on ChromeOS, LaCrOS: Escape hatch policy and corresponding old code paths are removed.

   

   

  • New V8 security setting back to top

    Chrome 122 adds a new setting on chrome://settings/security to disable the V8 JIT optimizers, to reduce the attack surface of Chrome browser. This behavior continues to be controlled by the DefaultJavaScriptJitSetting enterprise policy, and the associated JavaScriptJitAllowedForSites and JavaScriptJitBlockedForSites policies. The setting is integrated into Site Settings. The enterprise policies have been available since Chrome 93.

    • Chrome 122 on ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia

   

  • Read aloud back to top

    Read aloud allows users of Chrome on Android to listen to web pages using text to speech technology. Users can now access this feature via the overflow menu and control playback via audio controls. 

    Read aloud sends the page URL to Google servers to power playback, and users who use it need to enable the settings menu item Make searches and browsing better

    Setting the ListenToThisPageEnabled policy to true allows users to have eligible web pages read aloud using text-to-speech. This is achieved by server side content distillation and audio synthesis. Setting to false disables this feature, and if this policy is set to default or left unset, Read aloud is enabled.

    • Chrome 122 on Android: Feature launches

   

  • Removal of enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed back to top

    Chrome 122 removes the temporary enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed, which was made available in Chrome 116 to give enterprises time to address possible breakage related to Chrome Apps webview usage changes. 

    • Chrome 122 on Linux, MacOS, Windows, ChromeOS: Enterprise Policy ChromeAppsWebViewPermissiveBehaviorAllowed removed 

   

  • Asynchronous server-side Safe Browsing check back to top

    Today Safe Browsing checks are on the blocking path of page loads, meaning that users cannot see the page until the checks are complete. To improve Chrome's loading speed, checks with the server-side Safe Browsing list no longer block page loads in Chrome 122. 

    We have evaluated the risk and put mitigations in place: 

    1) To protect against direct exploits against the browser, local list checks are still conducted in a synchronous manner so that malicious payloads cannot run until the local list check is complete. 

    2) To protect against phishing attacks, we've looked at data and concluded that it is unlikely the user would have significantly interacted with the page (for example, typed a password) by the time we show a warning.

    • Chrome 122 on Android, ChromeOS, LaCrOS, Linux, MacOS, Windows: Feature launches 

   

  • Improved download warnings on the Chrome Downloads page back to top

    To help reduce consequences of downloading malware, we’re cleaning up desktop download warning strings and patterns to be clear and consistent.

    • Chrome 122 on ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia: Feature launches
    Chrome Web Store Chrome Web Store

   

  • Skip unload events back to top

    The presence of unload event listeners is a primary blocker for back/forward cache on Chromium based browsers and for Firefox on desktop platforms. On the other hand, for mobile platforms, almost all browsers prioritize the bfcache by not firing unload events in most cases. To improve the situation, we’ve been working with lots of partners and successfully reduced the use of unload event listeners over the last few years. To further accelerate this migration, we propose to have Chrome for desktop gradually skip unload events. 

    In case you need more time to migrate away from unload events, we’ll offer temporary opt-outs in the form of a Permissions-Policy API and an enterprise policy ForcePermissionPolicyUnloadDefaultEnabled, which allow you to selectively keep the behavior unchanged.

    • Chrome 117 on ChromeOS, Linux, MacOS, Windows: Dev Trial
    • Chrome 119 on ChromeOS, Linux, MacOS, Windows: Introduces ForcePermissionPolicyUnloadDefaultEnabled policy
    • Chrome 122 -132 on ChromeOS, Linux, MacOS, Windows: Deprecation trial (general rollout of deprecation will be limited scope until deprecation trial is ready)
    • Chrome 122 unload handlers will be gradually skipped for 1% of users on top-50 sites, as proposed here.

   

  • Autofill: security code updates back to top

    In Chrome 122, payments autofill allows you to save security codes for local and server cards to improve user experience. Security codes are only saved if a user consents to saving it. Users always have the option to turn security code saving off in Chrome Settings.

    • Chrome 122 on Android, MacOS: feature rolls out

   

  • Removing unenrollment from Unified Password Manager back to top

    Chrome 122 removes unenrollment from Unified Password Manager on Android. When Google Play Services responds with an error users lose access to Password Manager features (password saving or updating, password generation) until the error is resolved. For some errors, there is an error message with an action button to resolve the problem. Other issues are supposed to be temporary (for example, during Google Play Services update).

    • Chrome 122 on Android: feature rolls out
    Chrome Web Store

   

  • Chrome on iOS: bottom address bar on iPhone back to top

    We recently launched a customizable address bar that allows users to choose between a top and a bottom address bar on iPhone. The address bar position picker screen is now added to the First Run Experience. 

    • Chrome 122 on iOS: feature rolls out
    Chrome Web Store

   

  • DefaultSearchProvider policy changes back to top

    In Chrome 122, we are making some changes to the DefaultSearchProvider*  policies. We have removed the DefaultSearchProviderIconURL on all platforms because Chrome now uses the favicon image provided by the search engine. DefaultSearchProviderKeyword and DefaultSearchProviderNewTabURL are not supported on iOS and Android, alongside (but support continues on) Linux, Mac OS and Windows. We fixed the supported platform set to reflect this.

   

  • Change in behavior of the JavaScript JIT policies back to top

    In Chrome 122, enabling the DefaultJavaScriptJitSetting policy and disabling JavaScript JIT no longer results in WebAssembly being fully disabled. The V8 optimizing JIT continues to be disabled by setting the DefaultJavaScriptJitSetting policy. This allows Chrome to render web content in a more secure configuration.

   

  • New and updated policies in Chrome browser back to top 
    Policy Description
    InsecureFormsWarningsEnabled Enable warnings for insecure forms (now available on iOS)
    ListenToThisPageEnabled Enable read aloud (text distillation and text-to-speech synthesis) for web pages

   

  • Removed policies in Chrome browser   back to top
     
    Policy Description
    PPAPISharedImagesForVideoDecoderAllowed Allow Pepper to use shared images for video decoding.
    ChromeAppsWebViewPermissiveBehaviorAllowed Restore permissive Chrome Apps webview behavior
    DefaultSearchProviderIconURL Default search provider icon (removed on all platforms)
    DefaultSearchProviderKeyword Default search provider keyword (removed on Android and iOS only)
    DefaultSearchProviderNewTabURL Default search provider new tab page URL (removed on Android and iOS only)

ChromeOS updates

   

  • Content scanning with BCE back to top
    ChromeOS data controls are a set of controls that are applied by the admin, which protect users from data leakage on endpoints using a Data Loss Prevention (DLP) layer in ChromeOS. For details, see this help center article.  BeyondCorp Enterprise (BCE) enables continuous and real-time end-to-end protection. Content scanning with BCE is a new way to evaluate and enforce data controls restrictions on file transfers based on signals from BeyondCorp Enterprise.

   

  • Battery Saver  back to top

    As early as ChromeOS 122, Battery Saver is available to reduce brightness on both display and keyboard backlight, throttle display refresh rate and available compute budget, and also turn off certain energy-intensive background functions to allow users squeeze more battery life out of their devices. This helps when users need that last couple minutes to finish a task and don't have a charger handy. When enabled, Battery Saver switches on automatically when the user's battery level reaches 20%. You can control this feature using the BatterySaverModeAvailability enterprise policy.

    Battery saver

   

  • Enhanced SAML reauthentication flows back to top

    To optimize the sign-on experience of our customers, we've introduced certain internal changes to our SAML single sign-on implementation. These changes will impact customers with misconfigured SAML settings.

    In particular if you set the policy LoginAuthenticationBehavior to Redirect to SAML IdP by default, ensure that the Single Sign-on policy is set to Enable SAML, otherwise your SAML-based IdP won’t be loaded anymore.

   

  • Badge-based authentication back to top

    From ChromeOS 122, certain third-party Identity Management Providers (IdPs) can use badge authentication on ChromeOS devices. Users can simply start a session with a badge tap, and leave the session with another badge tap. The solution is focused on frontline workers in various industries including retail, hospitality, and manufacturing. 

    In ChromeOS 122, we are starting with the Ilex Card Management System, but we aim to add additional reader and authentication partners in the upcoming months. If you want to learn more, see Set up badge-based authentication.

   

  • Edit your recordings with Screencast back to top

    With ChromeOS Screencast, users can create and share transcribed screen recordings. As early as ChromeOS 122, users can trim their screencasts sentence-by-sentence, add and remove paragraph breaks, mute segments of their recordings, and title sections to make long recordings easier to navigate.  

   

  • IKEv2 VPN support back to top

    ChromeOS 122 includes new options in the Admin console for Internet Key Exchange Protocol Version 2 (IKEv2) VPN protocol.

    Chrome Web Store

   

  • Mandatory extensions in Incognito back to top

    Admins can now specify if there are certain extensions that users must turn on to use Incognito mode. There is a new toggle in Admin console > Apps & extensions that can be applied for individual extensions. This allows enterprises that have debugging or multi-account use cases that rely on Incognito mode to safely leave it enabled across their managed fleet. If they want to use Incognito mode, users need to turn on Allow in Incognito for all required enterprise extensions.

    Chrome Web Store

   

  • New look for ChromeOS media player back to top

    ChromeOS media player will soon have bigger buttons and colors to match your wallpaper. The media player will appear when you are playing any video or audio (like Spotify or YouTube) in Quick Settings. You will be able to click the pin icon to move the media player to the shelf. In addition to controlling media that is being cast, you will be able to start casting web media to any speakers or screens on your local network.

     

 

Admin console updates

   

  • Inactive browser deletion in Chrome Browser Cloud Management   back to top

    As early as March 2024, the Inactive period for browser deletion policy will automatically delete browser data in the Admin console for managed browsers that have not contacted the server for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time will have a default value of 540 days. All enrolled browsers that have been inactive for more than 540 days will be deleted from your account shortly after the release of this policy. Administrators can change the inactive period value using this policy. The maximum value to determine the browser inactivity period will be 730 days and the minimum value is 28 days. 

     

    If you lower the set policy value, it might have a global impact on any currently enrolled browsers. All impacted browsers will be considered inactive and, therefore, be irreversibly deleted. To ensure the deleted browsers re-enroll automatically next time they restart, set the Device Token Management policy value to Delete token before lowering the value of this policy. The enrollment tokens on these browsers need to still be valid at the time of the restart.

    • As early as Chrome 122: The Inactive period for browser deletion policy UI will be available for early access in the Admin console. For IT admins who find the 18 month default inadequate, this will allow them to explicitly set a policy value (inactivity period of time) a few weeks before the actual deletion starts.

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • User link capturing on PWAs - Windows, MacOS and Linux back to top 
    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it more seamless to move between the browser and installed web apps. When the user clicks on a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. Clicking on the chip either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking on a link always automatically opens the app.
     
    • Chrome 121 on Linux, MacOS, Windows: When some users click on a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 123 on Linux, MacOS, Windows: Based on the outcome of the experiment in Chrome 121, we will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).


   

  • Resume tabs back to top

    Chrome 123 will introduce a new card on the New tab page, which will help users continue with tab suggestions from other devices. Using the NTPCardsVisible policy, admins will be available to control this feature.
    • Chrome 123 on ChromeOS, Linux, Mac, Windows

   

  • Chrome on Android/iOS: cross-device resumption back to top 
     

    To help users resume tasks originating from other devices, Chrome will provide cross-device tab suggestions on the New tab page or Home surfaces on Chrome on Android and Chrome on iOS. This component will be displayed within the existing continue browsing card on Start and the Magic Stack on Chrome on Android and Chrome on iOS.

    • Chrome 123 on Android, iOS: Feature launches

   

  • Resume the last opened tab on any device back to top 

    For the last open tab on any device within the last 24 hours with the same signed-in user profile, Chrome will offer users with a quick shortcut to resume that tab. Admins will be able to control this feature using an existing enterprise policy called SyncTypesListDisabled.
    • Chrome 123 on iOS: Feature launches

   

  • Permissions prompt for Web MIDI API back to top 

    The Web MIDI API connects to and interacts with Musical Instrument Digital Interface (MIDI) Devices. There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (see related Chromium bug). To address this problem, the W3C Audio Working Group decided to place an explicit permission on general Web MIDI API access. Originally, the explicit permission was only required for advanced Web MIDI usage in Chrome, including the ability to send and receive system exclusive (SysEx) messages, with gated access behind a permissions prompt. We now intend to expand the scope of the permission to regular Web MIDI API usage.

    In Chrome 123, all access to the Web MIDI API will require a user permission. No policies will be available to control these changes. If you encounter any issues, file a bug here.

    • Chrome 123 on Windows, MacOS, Linux, Android

   

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

    • Chrome 123 on Windows: Network Service sandboxed on Windows
 

   

  • Chrome Sync ends support for Chrome 81 and earlier back to top 

    Chrome Sync will no longer support Chrome 81 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome Sync.

    • Chrome 123 on Android, iOS, ChromeOS, Linux, MacOS, Windows: The change will be implemented.
 

   

  • Deprecate and remove WebSQL back to top 

    With SQLite over WASM as its official replacement, we plan to remove WebSQL entirely. This will help keep our users secure.

    The Web SQL database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. 

    • Chrome 101: In Chrome 101 the WebSQLAccess policy is added. WebSQL will be available when this policy is enabled, while the policy is available until Chrome 123.
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a deprecation trial token is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy, or a deprecation trial token.
    • Chrome 123: on ChromeOS, LaCrOS, Linux, MacOS, Windows, Android: Starting in Chrome 123, the policy WebSQLAccess and the deprecation trial, which allows for WebSQL to be available, will no longer be available.
 

   

  • IdleTimeout and IdleTimeoutActions policies on iOS back to top 

    Enterprises are now able to enforce taking an action after Chrome has been idle for some amount of time on iOS devices. Admins can use the IdleTimeout policy to set a timeout period and the IdleTimeoutActions policy to specify actions on timeout. The setting will be available as a platform policy and will be available per profile at a future date. 

    • Chrome 123 on iOS: policies available on iOS
 

   

  • Cross-profile password reuse detection back to top 

    Previously, password reuse detection of corporate credentials was only detectable in the corporate profile. In Chrome 123, password reuse detection will detect corporate credential reuse across all non-Incognito profiles on the managed browser.

    • Chrome 123: feature rolls out
 

   

  • Telemetry for permission prompts and accepting notification permissions back to top 

    When Enhanced Protection is turned on, and a user visits a page that prompts the user to accept a notification permission, attributes of that page might be sent to Safe Browsing. If the telemetry is sent and the page is deemed dangerous, users will see a Safe Browsing warning. 

    When Enhanced Protection or Safe Browsing Extended Reporting is turned on, and a user accepts a notification permission for a blocklisted page, this event will be sent to Safe Browsing.

    These features can be controlled by the SafeBrowsingProtectionLevel and SafeBrowsingExtendedReportingEnabled policies.

    • Chrome 123 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia

   

  • ServiceWorker static routing API back to top 

    This API allows developers to configure the routing, and allows them to offload simple things ServiceWorkers do.  If the condition matches, the navigation happens without starting ServiceWorkers or executing JavaScript, which allows web pages to avoid performance penalties due to ServiceWorker interceptions.

    • Chrome 123 on Windows, Mac, Linux, Android
 

   

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website navigates to a destination site in a user's private network, Chrome will do the following:

    1. Checks whether the original navigation request has been initiated from a secure context.

    2. Sends a preflight request, and checks whether the destination site responds with a header that allows private network access.

     

    The above checks are made to protect the user's private network. Since this feature operates in warning-only mode, we do not fail the requests if any of the checks fail. Instead, a warning will be shown in DevTools Chrome console, to help developers prepare for the coming enforcement. To read about these changes, see  Private Network Access (PNA) for Navigation Requests. To learn more, see the PNA specification.

    • Chrome 123 on Android (except for WebView), ChromeOS, Linux, MacOS, Windows
 

   

  • Bookmarks and reading list improvements on Android back to top 

    On Chrome 124 on Android, some users who sign in to Chrome from the bookmark manager will be able to use and save bookmarks and reading list items in their Google Account. Relevant enterprise policies, such as BrowserSignin, SyncTypesListDisabled, EditBookmarksEnabled, ManagedBookmarks and ShoppingListEnabled will continue to work as before, to configure whether users can use and save items in their Google Account.

    • Chrome 124 on Android: Feature rolls out
 

   

 

   

  • Remove support for UserAgentClientHintsGREASEUpdateEnabled back to top 

    We plan to deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year. The policy will eventually be removed. 

    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows: Policy is deprecated
    • Chrome 126 on Android, ChromeOS, Linux, MacOS, Windows: Policy is removed

   

  • Intent to deprecate: Mutation Events back to top 

    Synchronous Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be removed or migrated to Mutation Observer.
    • Chrome 127 on Android, ChromeOS, Linux, MacOS, Windows: Mutation Events will stop functioning in Chrome 127, around July 30, 2024.
 

   

 

   

  • Extensions must be updated to leverage Manifest V3 by June 2025 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 
    Beginning June 2024, Chrome will gradually disable Manifest V2 extensions running in the browser. An Enterprise policy - ExtensionManifestV2Availability - is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.
    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. Read more on the Manifest timeline, including: 
    • Chrome 110 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Chrome 127 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Chrome will gradually disabled Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.

↑ back to top  

Upcoming ChromeOS changes

   

  • ChromeOS Flex Bluetooth Migration back to top

    In ChromeOS 123, ChromeOS Flex will be upgrading to the Floss Bluetooth stack. As part of this upgrade the following devices will no longer support Bluetooth functionality. If Bluetooth functionality is critical for these devices, we recommend moving these devices to the LTS channel to extend the Bluetooth functionality through to October 2024. 
    • HP Probook 4530s
    • Lenovo ThinkPad T420
    • HP Elitebook 8460p
    • Apple iMac 11,2
    • Lenovo ThinkPad x220
    • Dell Vostro 3550
    • HP 3115m
    • HP Elitebook 2560p
    • HP ProBook 6465b
    • Lenovo ThinkPad L420

    If your devices are unable to connect to Bluetooth after updating to ChromeOS 123,  switch the Chrome flag Use Floss instead of BlueZ to Disabled.

 

   

  • Customizing keyboard shortcuts back to top

    Using shortcuts boosts productivity, and we all have our favorites. As early as ChromeOS 123, with shortcut customization, you will be able to assign your preferred key combination to personalize your shortcuts. Whether you want them to be easier to do with one hand, simpler to remember, or identical to the ones you're familiar with, this feature will simplify your day-to-day workflows.

   

  • Record GIFs with Screen capture back to top

    As early as ChromeOS 124, Screen capture will let you record your screen in .GIF format to easily capture, share, and play the recording inline in chat, slides, docs, and more. 

   

  • Faster Split Screen setup back to top

    Chromebooks provide a variety of ways to arrange the windows on your screen to help make you more productive — one of which is Split Screen. Just as it sounds, Faster Split Screen Setup will offer a quicker way to set up your window layout by showing an overview of your open windows on the other side of the screen. With Faster Split Screen, once you "snap" (or lock) a window in place on one side, you can choose an already-open window from Overview to snap into the other side, or select something from the shelf (the row of apps located at the bottom or side of your screen).

 

Refer to the ChromeOS release schedule for release dates and updates.

↑ back to top  

Upcoming Admin console changes

   

  • Enhanced Settings page experience back to top

    Starting in March 2024, all admins will use our updated Settings page experience–that means you’ll no longer be able to use the legacy Settings page experience. Most of you already use the updated experience. This just means that admins will no longer be able to access the legacy view, but you'll still have access to all the same functionality in the updated view.

    Chrome Web Store    

       

  • Chrome crash report back to top

    As early as Chrome 123, you will be able to visualize crash events in the Admin console using the new Chrome crash report page. In this report, you will find a dynamic chart representing Chrome crash events over time, grouped by versions of Chrome. Additional filtering is available for the following fields: OS platforms, Chrome channels and dates. This report will help you proactively identify potential Chrome issues within your organization.
     
    This feature is now released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
    • Chrome 121 on Linux, MacOS, Windows: Trusted Tester program
    • Chrome 123 on Linux, MacOS, Windows: Feature rolls out

   

   

  • Legacy Technology report back to top

    As early as Chrome 123, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, third-party cookies, SameSite cookie changes, and older security protocols like TLS 1.0/1.1 and third-party cookies. This information will enable IT administrators to work with developers to plan required tech migrations before the deprecation feature removals goes into effect.

    This feature is currently released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
    • As early as Chrome 123 on Linux, MacOS, Windows
    Legacy tech report

↑ back to top  

Chrome 121

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Third-Party Cookie Deprecation (3PCD)     
Rename FirstPartySets Enterprise Policies to RelatedWebsiteSets  
Tab organizer    
Create themes with AI    
Safer encrypted archives for Standard Safe Browsing users    
User Link Capturing on PWAs - Windows, MacOS and Linux    
Side Panel Navigation: Pinning or unpinning    
Autofill: display in server cards and local cards    
Autofill: changes in card verification      
CSS Highlight Inheritance    
Chrome user policies for iOS    
Skip unload events    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
ChromeOS Flex End of Device Support    
Enable dictation using the keyboard    
ChromeVox Accessibility service    
No more onboarding messages for Assistant    
New trackpad gesture on ChromeOS    
Integrate the DLP events rule Id and name into the security investigation tool     
Enterprise DataControls (DLP) file restrictions    
Borderless printing    
Admin console updates Security/ Privacy User productivity/ Apps Management
Configure IP address on device with Ethernet adapter  
Apps & Extensions usage report: Highlight extensions removed from the Chrome Web Store    
Chrome crash report    
Fix for certain Android WiFi certificates    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Default Search Engine choice screen    
Get help writing on the web with AI    
Simplified sign-in and sync experience  
Permissions prompt for Web MIDI API    
SharedImages for PPAPI Video Decode    
V8 security setting    
Read aloud    
Network Service on Windows will be sandboxed     
Removal of enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed    
Asynchronous server-side Safe Browsing check    
Improved download warnings on the Chrome Downloads page    
Resume the last opened tab on any device     
Chrome Sync ends support for Chrome 81 and earlier  
Deprecate and remove WebSQL    
Deprecate enterprise policy ThrottleNonVisibleCrossOriginIframesAllowed    
Remove support for UserAgentClientHintsGREASEUpdateEnabled    
Intent to deprecate: Mutation Events    
Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy    
Extensions must be updated to leverage Manifest V3
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
ChromeOS Flex Bluetooth Migration    
New look for ChromeOS media player    
App disablement by Admin in MGS    
Battery Saver    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Inactive browser deletion in Chrome Browser Cloud Management    
Legacy Technology report    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top

    As previously announced, Chrome 121 restricts third-party cookies by default for 1% of Chrome users to facilitate testing, and plans to ramp up to 100% of users from Q3 2024. The ramp up to 100% of users is subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA). Browsers that are part of the 1% experiment group will also see new Tracking Protection user controls. You can try out these changes in Chrome 121 or higher by enabling chrome://flags/#test-third-party-cookie-phaseout.

    This testing period allows sites to meaningfully preview what it's like to operate in a world without third-party cookies. As bounce-tracking protections are also a part of 3PCD, the users in this group with third-party cookies blocked have bounce tracking mitigations taking effect, so that their state is cleared for sites that get classified as bounce trackers. Most enterprise users should be excluded from this 1% experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out their managed browsers ahead of the experiment. This gives enterprises time to make the changes required to not rely on this policy or third-party cookies. 

    We are launching the Legacy Technology Report to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to false to re-enable third-party cookies for all sites but this will prevent users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue receiving third-party cookies. 

    For enterprise end users that are pulled into this experiment group and that are not covered by either enterprise admin policy, they can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site, when necessary. See this help article for more details on how to toggle these settings for the desired configuration.

    Bounce tracking protections are also covered by the same policies as cookies and these protections are enforced when the bouncing site is not permitted to use 3P cookies. So setting the BlockThirdPartyCookies policy to false, or setting the CookiesAllowedForUrls policy for a site, prevents bounce tracking mitigations from deleting state for sites. 

    Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial for continued access to third-party cookies for a limited period of time.

    The heuristics feature grants temporary third-party cookie access in limited scenarios based on user behavior. This mitigates site breakage caused by third-party cookie deprecation in established patterns, such as identity provider pop ups and redirects.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, MacOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

   

  • Tab organizer back to top

    Tab organizer is a GenAI-powered feature where Chrome automatically suggests and creates tab groups for users based on the URL and title of opened websites. To use this feature, right-click on a tab, and select Organize similar tabs.

    Starting in Chrome 121, a limited set of signed-in users in the US can turn on Tab organizer in Chrome settings. This feature is initially available to unmanaged users only, and is inaccessible to managed Chrome Enterprise & Education users in Chrome 121. To learn more, read this blog post. In the coming weeks, we will provide more details about Tab organizer in the Chrome Enterprise & Education help center. 

    In advance of this feature rolling out to managed users, Admins can control Tab organizer using the TabOrganizerSettings policy. You have the following options for your organization:

      0 = Enable the feature and send data to help improve AI models
      1 = Enable the feature but don’t send data to help improve AI models
      2 = Fully disable feature

   

  • Create themes with AI back to top

    Create themes with AI in Chrome lets users create a unique Chrome theme (a combination of a color and a wallpaper image) using GenAI. To use the feature, open a new tab, and at the bottom right, click Customize Chrome. On the side panel, select Change theme > Create with AI. Users can then choose from preset options for subject, mood, style, and color.

    Starting in Chrome 121, a limited set of signed-in users in the US can create themes with AI by turning on the feature in Chrome settings. This feature is initially available to unmanaged users only, and is inaccessible to managed Chrome Enterprise & Education users in Chrome 121. To learn more, read this blog post. In the coming weeks, we will provide more details about Create themes with AI in the Chrome Enterprise & Education help center.

    In advance of this feature rolling out to managed users, Admins can control Create themes with AI using the CreateThemesSettings policy. You have the following options for your organization:

      0 = Enable the feature and send data to help improve AI models
      1 = Enable the feature but don’t send data to help improve AI models
      2 = Fully disable feature

   

  • Safer encrypted archives for Standard Safe Browsing users back to top

    On some encrypted archive downloads, Chrome prompts Standard Safe Browsing users for a password (not shared with Google and cleared after retrieving the metadata). This collects more metadata about the download (such as contained file hashes and executable signatures), which is sent to Google for better quality verdicts. The password remains local and not shared with Google. You can control this feature with the SafeBrowsingDeepScanningEnabled policy. 

    • Chrome 121 on Linux, MacOS, Windows 

   

  • User Link Capturing on PWAs - Windows, MacOS and Linux back to top

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it more seamless to move between the browser and installed web apps. When the user clicks on a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. Clicking on the chip either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking on a link always automatically opens the app.

    • Chrome 121 on Linux, MacOS, Windows: When some users click on a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar; clicking on the chip launches the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 123 on Linux, MacOS, Windows: Based on the outcome of the experiment in Chrome 121, we will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).
    Link to PWA

   

  • Side Panel Navigation: Pinning or unpinning back to top

    As early as Chrome 121, Chrome removes the side panel icon in favor of evolving the side panel navigation to offer customization through toolbar pinning. This allows for efficient direct access to a suite of panels. You can open most side panel features through the Chrome menu ().

    • Chrome 121 on Chrome OS, LaCrOS, Linux, MacOS, Windows, Fuchsia
    Side panel nav

   

  • Autofill: display in server cards and local cards back to top

    Autofill helps users seamlessly fill out their card information into payment forms. Credit or debit cards, which can be autofilled, are stored on the Chrome client. There are 2 types: Server cards and Local cards. A server card only has the last 4 digits and the expiry date of the card whereas a local card has all the digits of a card along with the expiry date.

    There are instances when a local and server card of the same card exist on the same client. When that happens, Chrome typically dedupes the server card and only offers the local card for autofilling. With this change, the opposite is true, and server card usage is now offered to users instead. This brings the security and usability benefits of GPay server cards to users with duplicate cards, as well as makes the experience more consistent across devices.

    • Chrome 121 on Chrome OS, LaCrOS, Linux, MacOS, Windows, Fuchsia 

   

  • Autofill: security code updates back to top

    In Chrome 121, to improve user experience, payments autofill now unmasks card information using Google’s industry leading verification methods instead of relying on security codes to verify and unmask cards. Users can choose to turn on device unlock if they want to add an extra layer of security for unmasking their card.

    • Chrome 121 on Android, MacOS 

   

  • CSS Highlight Inheritance back to top

    With CSS Highlight Inheritance, the CSS Highlight pseudo classes, such as ::selection and ::highlight, inherit their properties through the pseudo highlight chain, rather than the element chain. The result is a more intuitive model for inheritance of properties in highlights. Specifically, when any supported property is not given a value by the cascade, its specified value is determined by inheritance from the corresponding highlight pseudo-element of its originating element’s parent element. For more details, see the Highlight Pseudo-elements specification.

    • Chrome 121 on Windows, MacOS, Linux, Android 

   

  • Chrome user policies for iOS back to top

    With Chrome user policies for iOS, admins can apply policies and preferences across a user's devices. Settings apply whenever the user signs in to Chrome browser with their managed account on any device, including personal devices. 

    In Chrome 120, we began rollout but rolled back due to a non-impacting bug. Starting in Chrome 121, managed end-users start to see a management notice stating that their organization manages the account they are signing into. Admins can turn on this functionality in the Admin console under the Chrome on iOS setting. For more information, see Set Chrome policies for users or browsers.

    • Chrome 120 on iOS: Started rollout to 5%, rolled back due to non-impacting bug
    • Chrome 121 on iOS: Begin gradual rollout, targeting 100% by M122
    iOS users

   

  • Skip unload events back to top

    The presence of unload event listeners is a primary blocker for back/forward cache on Chromium based browsers and for Firefox on desktop platforms. On the other hand, for mobile platforms, almost all browsers prioritize the bfcache by not firing unload events in most cases. To improve the situation, we’ve been working with lots of partners and successfully reduced the use of unload event listeners over the last few years. To further accelerate this migration, we propose to have Chrome for desktop gradually skip unload events. 

    In case you need more time to migrate away from unload events, we’ll offer temporary opt-outs in the form of a Permissions-Policy API and an enterprise policy ForcePermissionPolicyUnloadDefaultEnabled, which allow you to selectively keep the behavior unchanged.

    • Chrome 117 on Chrome OS, Linux, MacOS, Windows: Dev Trial
    • Chrome 119 on Chrome OS, Linux, MacOS, Windows: Introduces ForcePermissionPolicyUnloadDefaultEnabled policy
    • Chrome 121 -131 on Chrome OS, Linux, MacOS, Windows: Deprecation trial (general rollout of deprecation will be limited scope until deprecation trial is ready)

   

   

  • Removed policies in Chrome browser   back to top
     
    Policy Description
    ChromeRootStoreEnabled Determines whether the Chrome Root Store and built-in certificate verifier will be used to verify server certificates
    ContextAwareAccessSignalsAllowlist Enable the Chrome Enterprise Device Trust Connector attestation flow for a list of URLs
    WebRtcAllowLegacyTLSProtocols Allow legacy TLS/DTLS downgrade in WebRTC
    OffsetParentNewSpecBehaviorEnabled Control the new behavior of HTMLElement.offsetParent
    SendMouseEventsDisabledFormControlsEnabled Control the new behavior for event dispatching on disabled form controls
    AttestationEnabledForDevice Enable remote attestation for the device

ChromeOS updates

   

  • ChromeOS Flex End of Device Support back to top

    As of January 01, 2024, devices scheduled to end support in 2023 will no longer be supported. Decertified devices include those listed below; for the full list of devices ending support you can review our Certified models list.
    • HP Compaq 6005 Pro
    • HP Compaq Elite 8100
    • Lenovo ThinkCentre M77
    • HP ProBook 6550b
    • HP 630
    • Dell Optiplex 980
     
    The devices will continue to receive ChromeOS Flex updates but these updates will no longer be tested or maintained by the Flex team. We recommend that customers upgrade to newer ChromeOS Flex certified models or ChromeOS devices to benefit from new features and security improvements. You can learn more about supported devices in our help center.

   

  • Enable dictation using the keyboard back to top

    Logitech keyboards with a dictation button and other keyboards using the Search + D shortcut now turn on the Dictation accessibility feature if it is off. If Dictation is already on, then the key (and the shortcut) will activate Dictation. When enabling dictation, a dialog will appear to inform users they are about to enable Dictation, certain speech files might be downloaded and how to use the dictation feature once it is enabled.

    iOS users

   

  • ChromeVox Accessibility service back to top

    Users of App Streaming on Chromebooks will now be able to use ChromeVox to navigate the streaming Android app. The streaming Android app's accessibility tree is streamed in tandem with the app itself and can be interacted with using ChromeOS screen reader capabilities.

   

  • No more onboarding messages for Assistant back to top

    ChromeOS 121 removes the welcome or onboarding messages offered to a new user when launching Assistant on ChromeOS for the first time. This is a deprecation.

   

  • New trackpad gesture on ChromeOS back to top

    ChromeOS 121 launches a new trackpad gesture to help users dismiss notification popups in the notification center.

   

  • Integrate the DLP events rule Id and name into the security investigation tool back to top

    ChromeOS Data Control events will have additional fields to enrich admin insights in the security investigation tool. 

   

  • Enterprise DataControls (DLP) file restrictions back to top

    In ChromeOS 121, ChromeOS Data Controls enable IT and Security teams to protect important business and customer data. It is available for events like copy and paste, screen capture, screen sharing, and printing. IT administrators can create an information protection strategy with rules based on the data source, destination and user.
    We now have new functionality to control what users can do with files on ChromeOS devices through source and destination based rules. 

   

  • Borderless printing back to top

    ChromeOS now supports borderless printing. With a compatible printer, you can now print photographs on photograph paper, without borders.

Admin console updates

   

  • Configure IP address on device with Ethernet adapter   back to top

    The Admin console setting Allow IP address to be configured on the device (ChromeOS only) and Allow users to modify these values (in DNS settings) is now also respected for Ethernet adapters.

    Ethernet ip addr

   

  • Apps & Extensions usage report: Highlight extensions removed from the Chrome Web Store   back to top

    In Chrome 121, new information on the Apps & Extensions usage report is available to help you identify if an extension was recently removed from the Chrome Web Store via a new notifications column and a new Chrome Web Store column that represents the listing status of an extension.  On the App Details page, you can find the reason why an extension was removed from the Chrome Web Store. This feature will help IT administrators identify the impact of using the policy to disable unpublished extensions. 
    • Chrome 120 on Linux, MacOS, Windows: Trusted Tester program
    • Chrome 121 on Linux, MacOS, Windows: Feature rolls out
     

    Extensions & apps usage report:

    Extensions and apps usage report

    App Details page:

    Apps details page  

   

  • Chrome crash report   back to top

    As early as Chrome 122, you will be able to visualize crash events in the Admin console using the new Chrome crash report page. In this report, you will find a dynamic chart representing Chrome crash events over time, grouped by versions of Chrome. Additional filtering is available for the following fields: OS platforms, Chrome channels and dates. This report will help you proactively identify potential Chrome issues within your organization.

    This feature is now released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
     
    • Chrome 121 on Linux, MacOS, Windows: Trusted Tester program
    • Chrome 122 on Linux, MacOS, Windows: Feature rolls out
      Chrome crash report

   

  • Fix for certain Android WiFi certificates (early Feb 2024)   back to top

    Required as of Android 13, for certain WiFi configurations using enterprise authentication (802.1X), a new required field, called DomainSuffixMatch, was added for additional security. Before updating your fleet to Android 13, you need to edit the new field of that network's settings, Server Certificate Authority, to add at least one Server Certificate Domain Suffix Match. The device will only connect to the WiFi network if the server certificate presented by the remote end has a Subject CommonName or DNS Name SubjectAlternativeName (SAN) that matches the provided suffix. 

    Android 13 wifi config

 

   

  • New policies in Admin console   back to top
     
    Policy Name Pages Supported on Category/Field
    AllowChromeDataInBackups User & Browser Chrome (iOS) Other Settings
    OopPrintDriversAllowed User & Browser Chrome (Linux, MacOS, Windows) Printing

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • Default Search Engine choice screen back to top 

    Starting Chrome 120, enterprise end-users might be prompted to choose their default search engine within Chrome.

    As part of our building for DMA compliance, some users will be prompted to choose their default search engine for Chrome. This prompt controls the default search engine setting, currently available at chrome://settings/search. The enterprise policies, DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, will continue to control this setting as it does today, if it is set by the IT admin. Read more on this policy and the related atomic group.
    • Chrome 120 on iOS, Chrome OS, LaCrOS, Linux, MacOS, Windows: 1% users might start getting the choice screen with Chrome 120. 
    • Chrome 122 on iOS, Chrome OS, LaCrOS, Linux, MacOS, Windows: full roll-out for applicable users.

   

  • Get help writing on the web with AI back to top

    In Chrome 122, we’ll roll out an experimental GenAI-powered feature to help users write on the web. This tool can help users write with more confidence and kickstart the writing process for users in free-form text fields on the web.

    Starting in Chrome 122, a limited set of signed-in users in the US will be able to turn on Help me write in Chrome settings. In Chrome 122, this feature will initially be available to unmanaged users only, and will be inaccessible to managed Chrome Enterprise & Education users. To learn more, read this blog post. In the coming weeks, we will provide more details about Help me write in the Chrome Enterprise & Education help center.

    Admins will be able to control Help me write using the HelpMeWriteSettings policy. You will have the following options for your organization:

      0 = Enable the feature and send data to help improve AI models
      1 = Enable the feature but don’t send data to help improve AI models
      2 = Fully disable feature

   

  • Simplified sign-in and sync experience back to top 

    Starting in Chrome 122, existing users with Chrome sync turned on will experience a simplified and consolidated version of sign-in and sync in Chrome. Chrome sync will no longer be shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.
    As before, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be turned off fully (via SyncDisabled) or partially (via SyncTypesListDisabled). Sign-in to Chrome can be required or disabled via BrowserSignin as before.
    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.
    • Chrome 117: sunset Chrome sync for users who didn't have Chrome sync enabled at the time.
    • Chrome 122: sunset Chrome sync for users with Chrome sync enabled by migrating them to an equivalent state.
 

   

  • Permissions prompt for Web MIDI API back to top 

    There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (bugs). To address this problem, the Audio WG decided to place an explicit permission on the general MIDI API access. Originally, the explicit permission was only required for advanced MIDI usage (System Exclusive (SysEx) messages) in Chrome, with gated access behind a permissions prompt. We plan to  expand the scope of the permission to regular MIDI API usage.
    Today the use of SysEx messages with the Web MIDI API requires an explicit user permission. With this implementation, even access to the Web MIDI API without SysEx support will require a user permission. Three new policies—DefaultMidiSetting, MidiAllowedForUrls and MidiBlockedForUrls—will be available to allow administrators to pre-configure user access to the API.
    • Chrome 122 on Windows, MacOS, Linux, Android 
 

   

  • SharedImages for PPAPI Video Decode back to top 

    Chrome 119 introduces a new PPAPISharedImagesForVideoDecoderAllowed policy to control the recent refactor for VideoDecoder APIs in PPAPI plugin. 
    • Chrome 119 on ChromeOS, LaCrOS: Introduces escape hatch policy.
    • Chrome 122 on ChromeOS, LaCrOS: Escape hatch policy and corresponding old code paths are removed.
 

   

  • V8 security setting back to top 

    Add a setting on chrome://settings/security to disable the V8 JIT optimizers, in order to reduce the attack surface of Chrome. This behavior continues to be controlled by the DefaultJavaScriptJitSetting enterprise policy, and the associated JavaScriptJitAllowedForSites and JavaScriptJitBlockedForSites policies. The setting is integrated into Site Settings. The setting rolls out in Chrome 122. The enterprise policies have been available since Chrome 93.
    • Chrome 122 on ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia
 

   

  • Read aloud back to top 

    Read aloud will allow users of Chrome on Android to listen to web pages via text to speech technology. Users will be able to access this feature via the overflow menu and control playback via audio controls. 
    Read aloud will send the page URL to Google servers to power playback, and users who use it will need to enable the settings menu item "make searches and browsing better". 
    Setting the ListenToThisPageEnabled policy to true will allow users to have eligible web pages read aloud using text-to-speech. This is achieved by server side content distillation and audio synthesis. Setting to false disables this feature, and if this policy is set to default or left unset, Read aloud will be enabled.
    • Chrome 122 on Android: Feature launches
 

   

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.
    • Chrome 122 on Windows: Network Service sandboxed on Windows
 

   

  • Removal of enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed back to top 

    In Chrome 116, Chrome Apps webview usage have the following restrictions:
    Using the webview NewWindow event to attach to a webview element in another App window causes the window reference returned by the window.open call in the originating webview to be invalidated. A temporary enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed was made available to give enterprises time to address possible breakage related to these changes. This policy will be removed in Chrome 122.
 

   

  • Asynchronous server-side Safe Browsing check back to top 

    Today Safe Browsing checks are on the blocking path of page loads, meaning that the user cannot see the page until the checks are completed. To improve Chrome's loading speed, checks with the server-side Safe Browsing list will no longer block page loads after Chrome 122.
    We have evaluated the risk and put mitigations in place:
    1. To protect against direct exploits against the browser, local list checks will still be conducted in a synchronous manner so that malicious payloads cannot run until the local list check is completed.
    2. To protect against phishing attacks, we've looked at data and concluded that it is unlikely the user would have significantly interacted with the page (e.g. typed a password) by the time we show the warning.
     
    • Chrome 122 on Android, ChromeOS, LaCrOS, Linux, MacOS, Windows: Feature launches
 

   

  • Improved download warnings on the Chrome Downloads page back to top 

    To help reduce consequences of downloading malware, we’re cleaning up desktop download warning strings and patterns to be clear and consistent.
     
    • Chrome 122 on ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia: Feature launches
      Download warnings   Download warnings

   

  • Resume the last opened tab on any device back to top 

    For the last open tab on any device within the last 24 hours with the same signed-in user profile, Chrome will offer users with a quick shortcut to resume that tab. Admins will be able to control this feature using an existing enterprise policy called SyncTypesListDisabled.
    • Chrome 123 on iOS: Feature launches
 

   

  • Chrome Sync ends support for Chrome 81 and earlier back to top 

    Chrome Sync will no longer support Chrome 81 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome Sync.
     
    • Chrome 123 on Android, iOS, Chrome OS, Linux, MacOS, Windows: The change will be implemented.
 

   

  • Deprecate and remove WebSQL back to top 

    With SQLite over WASM as its official replacement, we plan to remove WebSQL entirely. This will help keep our users secure.
    The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 
    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. 
    • Chrome 101: In Chrome 101 the WebSQLAccess policy is added. WebSQL will be available when this policy is enabled, while the policy is available until Chrome 123.
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a deprecation trial token is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy, or a deprecation trial token.
    • Chrome 123: on Chrome OS, LaCrOS, Linux, MacOS, Windows, Android: Starting in Chrome 123, the policy WebSQLAccess and the deprecation trial, which allows for WebSQL to be available, will no longer be available.
 

   

 

   

  • Remove support for UserAgentClientHintsGREASEUpdateEnabled back to top 

    We plan to deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year. The policy will eventually be removed. 
     
    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows: Policy is deprecated
    • Chrome 126 on Android, ChromeOS, Linux, MacOS, Windows: Policy is removed
     

   

  • Intent to deprecate: Mutation Events back to top 

    Synchronous Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be removed or migrated to Mutation Observer.
    • Chrome 127 on Android, ChromeOS, Linux, MacOS, Windows: Mutation Events will stop functioning in Chrome 127, around July 30, 2024.
 

   

 

   

  • Extensions must be updated to leverage Manifest V3 by June 2025 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 
    Beginning June 2024, Chrome will gradually disable Manifest V2 extensions running in the browser. An Enterprise policy - ExtensionManifestV2Availability - is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.
    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. Read more on the Manifest timeline, including: 
    • Chrome 110 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Chrome 127 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Chrome will gradually disabled Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.

↑ back to top  

Upcoming ChromeOS changes

 

   

  • ChromeOS Flex Bluetooth Migration back to top

    ChromeOS Flex will be upgrading to the Floss bluetooth stack in ChromeOS 122. As part of this upgrade the following devices will no longer support bluetooth functionality, if bluetooth functionality is critical for these devices we recommend moving these devices to the LTS channel to extend the bluetooth functionality through to October 2024. 
    • HP Probook 4530s
    • Lenovo ThinkPad T420
    • HP Elitebook 8460p
    • Apple iMac 11,2
    • Lenovo ThinkPad x220
    • Dell Vostro 3550
    • HP 3115m
    • HP Elitebook 2560p
    • HP ProBook 6465b
    • Lenovo ThinkPad L420

   

  • New look for ChromeOS media player back to top

    ChromeOS media player will soon have bigger buttons and colors to match your wallpaper. The media player will appear when you are playing any video or audio (like Spotify or YouTube) in Quick Settings. You will be able to click the pin icon to move the media player to the shelf. In addition to controlling media that is being cast, you will be able to start casting web media to any speakers or screens on your local network.
     

     

   

  • App disablement by Admin in MGS back to top

    Up until now, Managed Guest Sessions (MGS) include a set of applications (Explore, Gallery, and Terminal apps) that are available to the user. With the SystemFeaturesDisableList policy, Admins will soon be able to disable these apps, blocking and hiding them from users across your enterprise.
 

   

  • Battery Saver back to top

    As early as ChromeOS 122, Battery Saver will be available to reduce brightness on both display and keyboard backlight, throttle display refresh rate and available compute budget, and also turn off certain energy-intensive background functions to allow users squeeze more battery life out of their devices. This will help when they need that last couple minutes to finish a task and don't have a charger handy. The feature will automatically be enabled when the user's battery level reaches 20%.

↑ back to top  

Upcoming Admin console changes

   

  • Inactive browser deletion in Chrome Browser Cloud Management back to top

    As early as Chrome 124, the Inactive period for browser deletion policy will automatically delete browser data in the Admin console for managed browsers that have not contacted the server for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time will have a default value of 540 days. All enrolled browsers that have been inactive for more than 540 days will be deleted from your account shortly after the release of this policy. Administrators can change the inactive period value using this policy. The maximum value to determine the browser inactivity period will be 730 days and the minimum value is 28 days. 

     

    If you lower the set policy value, it might have a global impact on any currently enrolled browsers. All impacted browsers will be considered inactive and, therefore, be irreversibly deleted. To ensure the deleted browsers re-enroll automatically next time they restart, set the Device Token Management policy value to Delete token before lowering the value of this policy. The enrollment tokens on these browsers need to still be valid at the time of the restart.

     
    • As early as Chrome 122: The Inactive period for browser deletion policy UI will be available for early access in the Admin console. For IT admins who find the 18 month default inadequate, this will allow them to explicitly set a policy value (inactivity period of time) a few weeks before the actual deletion starts.

   

   

  • Legacy Technology report back to top

    As early as Chrome 122, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, third-party cookies, SameSite cookie changes, and older security protocols like TLS 1.0/1.1 and third-party cookies. This information will enable IT administrators to work with developers to plan required tech migrations before the deprecation feature removals goes into effect.

    This feature is currently released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.

    • As early as Chrome 122 on Linux, MacOS, Windows
  • Legacy tech report

↑ back to top  

Chrome 120

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Default Search Engine choice screen    
Chrome Third-Party Cookie Deprecation (3PCD)     
Rename FirstPartySets Enterprise Policies to RelatedWebsiteSets  
Chrome Web Store: UX Improvements    
Revamped Safety Check on Desktop    
Chrome Desktop responsive toolbar    
Chrome on Android no longer supports Android Nougat    
Package tracking (iOS only)    
Unprefix -webkit-background-clip for text and make it an alias    
Chrome user policies for iOS    
Chrome profile separation: new policies    
Migrate away from data URLs in SVGUseElement  
Password Manager: password sharing  
Remove recommended support from multiple policies    
Save images to Google Photos on iOS    
Remove same-origin blanket enforcement in CSPEE    
Close requests for CloseWatcher, <dialog>, and popover=""    
Deprecate and remove Theora support    
Unmanaged device signals consent    
Printing interactions moved to a service process    
URL-Based Permission Suggestions Service    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
New controls for mouse scroll acceleration    
Enhanced Alt + click behavior    
XDR Authentication Events    
Pinch-to-Resize PiP     
New look for Emoji Picker    
Keyboard Shortcuts - Enabling F11-F12 keys    
Deprecate support for legacy ChromeOS media containers and codecs    
ChromeOS Virtual Desk button    
App Details in App Management    
Admin console updates Security/ Privacy User productivity/ Apps Management
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Generative AI features    
Safer encrypted archives for Standard Safe Browsing users    
Permissions prompt for Web MIDI API    
Network Service on Windows will be sandboxed     
User Link Capturing on PWAs - Windows, Mac and Linux    
Side Panel Navigation: Pinning/Unpinning    
SharedImages for PPAPI Video Decode    
Skip unload events    
Resume the last opened tab on any device     
Remove support for UserAgentClientHintsGREASEUpdateEnabled    
Chrome Sync ends support for Chrome 81 and earlier  
Deprecate and remove WebSQL    
Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy    
Intent to deprecate: Mutation Events    
Extensions must be updated to leverage Manifest V3 by June 2025
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
ChromeOS Flex End of Device Support    
ChromeOS Flex Bluetooth Migration    
Set the screensaver duration    
New look for ChromeOS media player    
Integrate the DLP events into the security investigation tool     
ChromeOS Data Controls file restrictions    
Enhanced notifications for pinned apps    
New ChromeOS sync options  
App disablement by Admin in MGS    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Inactive browser deletion in Chrome Browser Cloud Management    
Apps & Extensions usage report: Highlight extensions removed from the Chrome Web Store    
Legacy Technology report    
Chrome crash report    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Default Search Engine choice screen back to top

    Starting Chrome 120, enterprise end-users might be prompted to choose their default search engine within Chrome.

    As part of our building for DMA compliance, some users will be prompted to choose their default search engine for Chrome. This prompt controls the default search engine setting, currently available at chrome://settings/search. The enterprise policies, DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, will continue to control this setting as it does today, if it is set by the IT admin. Read more on this policy and the related atomic group.
     
    • Chrome 120 on iOS, Chrome OS, LaCrOS, Linux, Mac, Windows: 1% users might start getting the choice screen with Chrome 120. 100% by Chrome 122 for applicable users.

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top

    In Chrome 120 and beyond (Jan 2024), Chrome will globally disable third-party cookies for 1% of Chrome traffic as part of our Chrome-facilitated testing in collaboration with the CMA. The facilitated testing period allows sites to meaningfully preview what it's like to operate in a world without third-party cookies. As bounce-tracking protections are also a part of 3PCD, the users in this group with third-party cookies blocked will have bounce tracking mitigations take effect, so that their state is cleared for sites that get classified as a bounce tracker. Most enterprise users should be excluded from this experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out their managed browsers ahead of the experiment. This will give enterprises time to make the changes required to not rely on this policy or third-party cookies. 

    We plan to provide more tooling (such as the Legacy Tech Report)  to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to false to re-enable third-party cookies for all sites but this will prevent users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue receiving third-party cookies.

    For enterprise end users that are pulled into this experiment group and that are not covered by either enterprise admin policy, they can use the User Bypass control (the “eye icon” in the omnibox)  to temporarily re-enable third-party cookies for 90 days on a given site when necessary. Enterprise admin policies override User Bypass controls, for example, setting BlockThirdPartyCookies policy to true will disable third-party cookies for all sites and prevent users from using this User Bypass control.

    Bounce tracking protections are also covered by the same policies as cookies and enforced when the bouncing site is not permitted to have/receive 3P cookies. Thus, setting the BlockThirdPartyCookies policy to false, or setting the CookiesAllowedForUrls policy for a site, will prevent bounce tracking mitigations from deleting state for sites.

    Enterprise SaaS integrations used in a cross-site context for non-advertising use cases will be able to register for the third-party cookie deprecation trial for continued access to third-party cookies for a limited period of time.

    The heuristics feature will grant temporary third-party cookie access in limited scenarios based on user behavior. This mitigates site breakage caused by third-party cookie deprecation in established patterns such as identity provider pop ups and redirects.

    For more details on how to prepare, provide feedback and report potential site issues, refer to the Mode B: 1% third-party cookie deprecation blog section and the Preparing for the end of third-party cookies blog.
     
    • Chrome 120 on ChromeOS, Linux, Mac, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

   

  • Chrome Web Store: UX improvements back to top

    The Chrome team is unveiling a redesigned Chrome Web Store that simplifies the process of finding and managing extensions. Alongside a refreshing, modern interface, the store introduces new extension categories, including AI-powered extensions and Editors' spotlight. These enhancements will be gradually rolled out over the coming months. 

    Users can temporarily switch back to the original store layout by clicking the three dots next to their profile avatar and selecting Revert to original store. This temporary option will be disabled in January 2024 and cannot be centrally controlled by administrators.
      Chrome Web Store  

    Enterprises will continue to have access to their enterprise policies within the new Chrome Store UX.

    The revamped Chrome Web Store will also feature a dedicated section for extensions specific to your domain. For more details on publishing private extensions, see Enterprise Publishing Options

    Note that there is a known issue with ExtensionSettings, where the blocked_install_message does not appear correctly in the redesigned Chrome Store UX that we are working on fixing.  

   

  • Revamped Safety Check on Desktop back to top

    In Chrome 120, we begin to roll out a new proactive Safety Check that regularly checks the browser for safety-related issues and informs users when there's anything that needs their attention. This launch also introduces a new page with Chrome’s proactive safety-related actions and information tailored to each user, designed to make it easier for users to stay safe online.
     
    • Chrome 120 on ChromeOS, LaCrOS, Linux, Mac, Windows
     
    Safety check settings

   

  • Chrome Desktop responsive toolbar back to top

    Chrome Desktop customers across devices and input modes (for example, Mouse or Touch) now experience a toolbar that seamlessly responds to changing window sizes. This happens when users manually select and resize a window or use OS-specific window management tools in addition to an overflow menu.
     
    • Chrome 120 on ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • Chrome on Android no longer supports Android Nougat back to top

    The last version of Chrome that supports Android Nougat is Chrome 119, and it includes a message to affected users informing them to upgrade their operating system. 

    Chrome 120 does not support nor ship to users running Android Nougat.
     
    • Chrome 120 on Android: Chrome on Android no longer supports Android Nougat
     

   

  • Package tracking (iOS only) back to top

    Users can enable a new package tracking feature that results in estimated delivery dates and package status appearing in a new card on the New tab page. This feature is only supported for en-US users and only for packages fulfilled via FedEx and USPS. If needed, you can turn off the feature using a new policy called ParcelTrackingEnabled
     
    • Chrome 120 on iOS: feature launches
      notification for delivery tracking

   

  • Unprefix -webkit-background-clip for text and make it an alias back to top

    Chrome allows the use of the unprefixed version for background-clip: text and makes -webkit-background-clip an alias for background-clip. Also, it drops support for non-suffixed keywords (content, padding and border)..
     
    • Chrome 120 on Windows, Mac, Linux, Android

   

  • Chrome user policies for iOS back to top

    With Chrome user policies for iOS, admins can apply policies and preferences across a user's devices. Settings apply whenever the user signs in to Chrome browser with their managed account on any device, including personal devices. 

    Starting in Chrome 120, to bring consistency to iOS, managed end-users start to see a management notice stating that their organization manages the account they are signing into. In Chrome 121, admins can turn on this functionality in the Admin console under the Chrome on iOS setting. For more information, see Set Chrome policies for users or browsers.
     
    • Chrome 120 on iOS: Feature starts gradual roll out.
      managed account sign-in

   

   

  • Migrate away from data URLs in SVGUseElement back to top

    The SVG spec was recently updated to remove support for data: URLs in SVGUseElement. This improves security of the Web platform as well as compatibility between browsers as Webkit does not support data: URLs in SVGUseElement. To read more, see this blog post.

    Assigning data: URLs in SVGUseElement can lead to Cross-Site Scripting (XSS) and Trusted Types bypass.

    For enterprises that need additional time to migrate, the DataUrlInSvgUseEnabled policy will be available until Chrome 128 to re-enable support for data: URLs in SVGUseElement.
     
    • Chrome 120 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia: Remove support for data: URLs in SVGUseElement

   

  • Password Manager: password sharing back to top

    Password Manager allows users to share their passwords with members of their Google Family Group (as configured in their Google Account). Users  can only share one password at a time. It is not possible to share passwords in bulk. The shared password cannot be updated or revoked by the sender.

    As an enterprise admin, you can use the PasswordSharingEnabled policy to switch off the share feature for all users.
     
    • Chrome 120 on iOS, Chrome OS, LaCrOS, Linux, Mac, Windows, Fuchsia

   

  • Remove recommended support from multiple policies back to top

    Some policies can be applied as recommended, allowing admins to set an initial value that  users can later change. In Chrome 119, recommended support was removed from multiple policies that users had no way of configuring.

    Any affected policies that were previously set as recommended now need to be set as mandatory to ensure they continue to take effect.
     

   

  • Save images to Google Photos on iOS back to top

    When a signed-in user long-presses on an image in Chrome, they can save it directly to Google Photos. They have the option to save it to any account logged in on the device. You can use the ContextMenuPhotoSharingSettings policy to turn on this feature.


     
    • Chrome 119 on iOS: Users can directly save images to Google photos
    • Chrome 120 on iOS: A new policy, ContextMenuPhotoSharingSettings , is introduced to control this functionality


    Save in Photos

   

  • Remove same-origin blanket enforcement in CSPEE back to top

    Chrome 120 removes a special treatment for same-origin iframes from CSP Embedded Enforcement.

    This aligns the behavior of CSP Embedded Enforcement for cross-origin iframes and same-origin iframes. To read more, see ChromeStatus.
     
    • Chrome 120 on Windows, Mac, Linux, Android

   

  • Close requests for CloseWatcher, <dialog>, and popover="" back to top

    Close requests are a new concept where a user requests to close something currently open, using the Esc key on desktop or the back gesture or button on Android. Integrating Close requests into Chromium comes with two changes:
     
    • CloseWatcher, a new API for directly listening and responding to close requests.
    • Upgrades to <dialog> and popover="" to use the new close request framework, so that they respond to the Android back button.
     
    • Chrome 120 on Windows, Mac, Linux, Android

   

  • Deprecate and remove Theora support back to top

    Chrome 120 deprecates and removes support for the Theora video codec in Chrome desktop, due to emerging security risks. Theora's low (and now often incorrect) usage no longer justifies support for most users. Ogg containers will remain supported. Our plan is to begin escalating experiments turning down Theora support in Chrome 120. If users encounter problems playing specific videos, they can reactivate support via chrome://flags/#theora-video-codec if needed until Chrome 123. You can find more info in Chrome Status.
     
    • Chrome 120 on ChromeOS, LaCrOS, Windows, Mac, Linux

   

  • Unmanaged device signals consent back to top

    This feature introduces a new consent popup dialog, which collects users' consent on whether they allow Chrome to collect device signals from their device.

    The dialog is only displayed for users who satisfy the following conditions:

    - user is managed

    - user's current device is unmanaged

    - user's admin enabled the device trust service

    - user's admin did not specifically disable this feature and its corresponding policy

     
    • Chrome 120 on Linux, Mac, Windows
      Shared profile

   

  • Printing interactions moved to a service process back to top

    In Chrome 120, some users have the printing interactions with the operating system performed in a separate service process. Moving these interactions out of the browser process improves browser stability. It also improves the responsiveness of the Print Preview user interface. An enterprise policy OopPrintDriversAllowed is available to revert to making platform printing interactions from the browser process.

   

  • URL-Based Permission Suggestions Service back to top

    Chrome is upgrading its Permission Suggestions Service. Earlier the requests to Chrome servers for permission suggestion service didn't contain URLs. Now Chrome will add URL based signals to the suggestion service. Earlier admins could disable sending requests to Chrome by setting the SafeBrowsingProtectionLevel policy to 1, 0 or unset. After this update the SafeBrowsingProtectionLevel policy will no longer enable/disable the Permission Suggestion Service.

    The Permission Suggestions Service is now gated behind the existing URL-keyed anonymized data collection policy: UrlKeyedAnonymizedDataCollectionEnabled.
     
    • Chrome 120 on ChromeOS, Linux, Mac, Windows: 1% stable experiment

   

   

  • Removed policies in Chrome browser   back to top
     
    Policy Description
    NativeClientForceAllowed Forces Native Client (NaCl) to be allowed to run.
    ChromeRootStoreEnabled Determines whether the Chrome Root Store and built-in certificate verifier   will be used to verify server certificates

ChromeOS updates

   

  • New controls for mouse scroll acceleration back to top

    ChromeOS 120 adds new controls to let users disable mouse scroll acceleration and adjust the speed of the scrolling. 

    mouse acceleration  

   

  • Enhanced Alt + click behavior back to top

    You can configure right-click behavior using the keyboard and touchpad. You can also configure settings for actions such as Home, End, and Page Up, in the Customize keyboard keys subpage. 

    touchpad speed  

   

  • XDR Authentication Events back to top

    Authentication events (login/out lock/unlock) can now be enabled as part of Extended Detection and Response (XDR) on ChromeOS. Once rollout is complete, XDR systems will be able to use these events to provide insights on the device security posture.
     

   

  • Pinch-to-Resize PiP back to top

    Picture-in-Picture (PiP) windows can now be resized with a pinch. Simply place two fingers on the window and pinch them together or spread them apart to find the perfect size for your screen.
     

   

  • New look for Emoji Picker back to top

    ChromeOS 120 brings a new dynamic color palette to the floating Emoji and GIF Picker.

    emoji picker

   

  • Keyboard Shortcuts - Enabling F11-F12 keys back to top

    Most ChromeOS keyboards lack F11 and F12 keys, which are expected functionality in many applications. This proposal adds options to remap F11 and F12 keys in the Keyboard key remapping section in Settings.

   

  • Deprecate support for legacy ChromeOS media containers and codecs back to top

    Deprecated support for MPEG4 Part 2 video codec and AVI container in ChromeOS 120. Users needing this functionality may temporarily re-enable support using chrome://flags/#cros-legacy-media-formats until ChromeOS 125, after which support will be removed.
     

   

  • ChromeOS Virtual Desk Button (Bento Button) back to top

    Bento Button is a shelf button that's available for all users who utilize virtual desks. The button will allow quick access to desk operations for desk visualizing, desk switching, desk creation and desk ordering. If the user has previously saved desks, they would be able to go to the desk library as well.

     

   

  • App Details in App Management back to top

    Settings now include additional details about installed apps. Navigate to Settings > Apps > Manage your apps, select an app to view the app's storage usage, version number, and information about how it was installed.

   

  • ChromeOS Flex end of device support back to top

    As of January 01, 2024, devices scheduled to end support in 2023 will no longer be supported. Decertified devices include those listed below; for the full list of devices ending support you can review our Certified models list.
    • HP Compaq 6005 Pro HP
    • Compaq Elite 8100
    • Lenovo ThinkCentre M77
    • HP ProBook 6550b
    • HP 630
    • Dell Optiplex 980

    The devices will continue to receive ChromeOS Flex updates but these updates will no longer be tested or maintained by the Flex team. We recommend customers upgrade to newer ChromeOS devices to benefit from new features and security improvements.
     

Admin console updates

 

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • Generative AI features back to top 

    In Chrome 115, Google introduced its first Generative AI (GenAI) integration in the Search Side Panel. As early as Chrome 121, additional GenAI features will be rolled out to Chrome. You’ll be able to opt in through a new chrome://settings page. Enterprise policies will be available at roll-out to control these features. More details will be shared in upcoming milestones.
     
    • (Earliest) Chrome 121 on ChromeOS, Linux, Mac, Windows

   

  • Safer encrypted archives for Standard Safe Browsing users back to top 

    Standard Safe Browsing users will be prompted for a password to some encrypted archive downloads. This will be used to collect more metadata about the download (such as contained file hashes and executable signatures), which will be sent to Google for better quality verdicts. The password will remain local. You can control this feature with the SafeBrowsingDeepScanningEnabled policy.
     
    • Chrome 121 on Linux, Mac, Windows

   

  • Permissions prompt for Web MIDI API back to top 

    There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (bugs). To address this problem, the Audio WG decided to place an explicit permission on the general MIDI API access. Originally, the explicit permission was only required for advanced MIDI usage (System Exclusive (SysEx) messages) in Chrome, with gated access behind a permissions prompt. We plan to  expand the scope of the permission to regular MIDI API usage.

    Today the use of SysEx messages with the Web MIDI API requires an explicit user permission. With this implementation, even access to the Web MIDI API without SysEx support will require a user permission. Three new policies—DefaultMidiSetting, MidiAllowedForUrls and MidiBlockedForUrls—will be available to allow administrators to pre-configure user access to the API.
     
    • Chrome 121 on Windows, Mac, Linux, Android 

   

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.
     
    • Chrome 121 on Windows: Network Service sandboxed on Windows

   

  • User Link Capturing on PWAs - Windows, Mac and Linux back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome will make it more seamless to move between the browser and installed web apps. When the user clicks on a link that could be handled by an installed web app, Chrome will add a chip in the address bar to suggest switching over to the app. Clicking on the chip would either launch the app directly, or open a grid of apps that can support that link. For some users, clicking on a link will always automatically open the app.
     
    • Chrome 121 on Linux, Mac, Windows: When some users click on a link, it will always open in an installed PWA, while some users will see the link open in a new tab with a chip in the address bar clicking on which will launch the app. This is an experiment to determine if users prefer having links launched by default. The experiment will run on Canary/Dev/Beta and 1% of Stable.
     
    • Chrome 123 on Linux, Mac, Windows: Based on the outcome of the experiment in Chrome 121, we will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).

   

  • Side Panel Navigation: Pinning/Unpinning back to top 

    As early as Chrome 121, the side panel icon is being removed in favor of evolving the side panel navigation to offer customization through toolbar pinning. This will allow for efficient direct access to a suite of panels.
     
    • Chrome 121 on Chrome OS, LaCrOS, Linux, Mac, Windows, Fuchsia
      Side panel nav

   

  • SharedImages for PPAPI Video Decode back to top 

    Chrome 119 introduces a new PPAPISharedImagesForVideoDecoderAllowed policy to control the recent refactor for VideoDecoder APIs in PPAPI plugin.
     
    • Chrome 119 on ChromeOS, LaCrOS: Introduces escape hatch policy.
    • Chrome 122 on ChromeOS, LaCrOS: Escape hatch policy and corresponding old code paths are removed.

   

  • Skip unload events back to top 

    The presence of unload event listeners is a primary blocker for back/forward cache on Chromium based browsers and for Firefox on desktop platforms. On the other hand, for mobile platforms, almost all browsers prioritize the bfcache by not firing unload events in most cases. To improve the situation, we’ve been working with lots of partners and successfully reduced the use of unload event listeners over the last few years. To further accelerate this migration, we propose to have Chrome for desktop gradually skip unload events.

    In case you need more time to migrate away from unload events, we’ll offer temporary opt-outs in the form of a Permissions-Policy API and an enterprise policy ForcePermissionPolicyUnloadDefaultEnabled, which will allow you to selectively keep the behavior unchanged.
     
    • Chrome 117 on Chrome OS, Linux, Mac, Windows: Dev Trial
    • Chrome 119 on Chrome OS, Linux, Mac, Windows: Introduces ForcePermissionPolicyUnloadDefaultEnabled policy
    • Chrome 121 -131 on Chrome OS, Linux, Mac, Windows: Deprecation trial (general rollout of deprecation will be limited scope until deprecation trial is ready)

   

  • Resume the last opened tab on any device back to top 

    For the last open tab on any device within the last 24 hours with the same signed-in user profile, Chrome will offer users with a quick shortcut to resume that tab. Admins will be able to control this feature using an existing enterprise policy called SyncTypesListDisabled.
     
    • Chrome 122 on iOS: Feature launches

   

  • Remove support for UserAgentClientHintsGREASEUpdateEnabled back to top 

    We plan to deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year. The policy will eventually be removed.
     
    • Chrome 122 on Android, ChromeOS, Linux, Mac, Windows: Policy is deprecated
    • Chrome 125 on Android, ChromeOS, Linux, Mac, Windows: Policy is removed

   

  • Chrome Sync ends support for Chrome 81 and earlier back to top 

    Chrome Sync will no longer support Chrome 81 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome Sync.
     
    • Chrome 123 on Android, iOS, Chrome OS, Linux, Mac, Windows: The change will be implemented.

   

  • Deprecate and remove WebSQL back to top 

    With SQLite over WASM as its official replacement, we plan to remove WebSQL entirely. This will help keep our users secure.

    The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database.

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team.
     
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a policy, WebSQLAccess, is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy.
    • Chrome 123: on Chrome OS, LaCrOS, Linux, Mac, Windows: Starting in Chrome 123, the policy WebSQLAccess, which allows for WebSQL to be available, will no longer be available.

   

   

  • Intent to deprecate: Mutation Events back to top 

    Synchronous Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be removed or migrated to Mutation Observer.
     
    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: Mutation Events will stop functioning in Chrome 127, around July 30, 2024.

   

  • Extensions must be updated to leverage Manifest V3 by June 2025 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3.
     

    Beginning June 2024, Chrome will gradually disable Manifest V2 extensions running in the browser. An Enterprise policy - ExtensionManifestV2Availability - is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.

     

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. Read more on the Manifest timeline, including: 

    • Chrome 110 on ChromeOS, LaCrOS, Linux, Mac, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Chrome 127 on ChromeOS, LaCrOS, Linux, Mac, Windows: Chrome will gradually disabled Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, Mac, Windows: Remove ExtensionManifestV2Availability policy.

↑ back to top  

Upcoming ChromeOS changes

   

  • ChromeOS Flex End of Device Support back to top

    As of the 1st Jan 2024, devices scheduled to end support in 2023 will no longer be supported. Devices include those detailed below, for the full list of devices ending support please review our certified devices list .
     
    • HP Compaq 6005 Pro
    • HP Compaq Elite 8100
    • Lenovo ThinkCentre M77
    • HP ProBook 6550b
    • HP 630
    • Dell Optiplex 980


    The devices will continue to receive ChromeOS Flex updates but these updates will no longer be tested or maintained by the Flex team.

    We recommend customers look to upgrade to newer ChromeOS devices to benefit from new features and security improvements.

   

  • ChromeOS Flex Bluetooth Migration back to top

    ChromeOS Flex will be upgrading to the Floss bluetooth stack in ChromeOS 121. As part of this upgrade the following devices will no longer support bluetooth functionality. 
     
    • HP Probook 4530s
    • Lenovo ThinkPad T420
    • HP Elitebook 8460p
    • Apple iMac 11,2
    • Lenovo ThinkPad x220
    • Dell Vostro 3550
    • HP 3115m
    • HP Elitebook 2560p
    • HP ProBook 6465b
    • Lenovo ThinkPad L420

   

  • Set the screensaver duration back to top

    As early as ChromeOS 120, you will be able to set the duration for screensaver while charging. Users can now choose how long their screensaver runs while their device is charging (not on battery). You can control this using a new enterprise policy. The default setting is Forever, and can be reduced using drop-down options.

   

  • New look for ChromeOS media player back to top

    As early as ChromeOS 121, the media player will have bigger buttons and colors to match your wallpaper. The media player will appear when you are playing any video or audio (like Spotify or YouTube) in Quick Settings. You will be able to click the pin icon to move the media player to the shelf. In addition to controlling media that is being cast, you will be able to start casting web media to any speakers or screens on your local network.    

    new media design

   

  • Integrate the DLP events rule Id and name into the security investigation tool back to top

    ChromeOS Data Control events, for Data Loss Prevention (DLP), will have additional fields to enrich admin insights in the security investigation tool. 

   

  • ChromeOS Data Controls file restrictions back to top

    In ChromeOS 121, ChromeOS Data Controls, for DLP, will enable IT and Security teams to protect important business and customer data. It will be available for events like copy and paste, screen capture, screen sharing, and printing. IT administrators will be able to create an information protection strategy with rules based on the data source, destination and user.

    We will have new functionality to control what users can do with files on ChromeOS devices through source and destination based rules. 

   

  • Enhanced notifications for pinned apps back to top

    As early as ChromeOS 121, you will be able to visually separate pinned notifications from other notifications. We will change the visual specs, buttons, and notification text to fit within fixed size bubbles. This significantly differentiates the visual look of pinned notifications from typical notifications to reflect their significant difference in purpose (notifying the user of an ongoing process rather than an instantaneous event).

   

  • New ChromeOS sync options back to top

    ChromeOS will soon deliver an updated device setup experience that lets users customize sync settings for apps, settings, wi-fi networks, and wallpaper.

   

  • App disablement by Admin in MGS back to top

    Up until now, Managed Guest Sessions (MGS) include a set of applications (Explore, Gallery, and Terminal apps) that are available to the user. With the SystemFeaturesDisableList policy, Admins will soon be able to disable these apps, blocking and hiding them from users across your enterprise.

↑ back to top  

Upcoming Admin console changes

   

  • Inactive browser deletion in Chrome Browser Cloud Management back to top

    As early as Chrome 123, the Inactive period for browser data deletion policy will be added to the Admin Console and it will automatically delete browsers that have not contacted the server for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time will have a default value of 18 months. All enrolled browsers that have been inactive for more than 18 months will be deleted from your account shortly after the release of this policy. The maximum value to determine the browser inactivity period will be 730 days and the minimum value is 28 days.

    Note. Shortening the period significantly will cause more enrolled browsers to be considered inactive and deleted, and should be done with caution. To mitigate this, you can set the Device Token Management policy value to “Delete token” ahead of time, which allows deleted browsers to automatically re-enroll in Chrome Browser Cloud Management the next time the browser restarts (if the enrollment token is still valid). You can find the Device Token Management policy here.
     
    • As early as Chrome 121: The Inactive period for browser data deletion policy UI will be available for early access in the Admin console. For IT admins who find the 18 month default inadequate, this will allow them to explicitly set a policy value (inactivity period of time) a few weeks before the actual deletion starts.

   

  • Apps & Extensions usage report: Highlight extensions removed from the Chrome Web Store back to top

    As early as 121, Chrome is adding new information on the Apps & Extensions usage report to help you identify if an extension was recently removed from the Chrome Web Store via a new notifications column and a new Chrome Web Store column that represents the listing status of an extension.  On the App Details page, you can find the reason why an extension was removed from the Chrome Web Store. This feature will help IT administrators identify the impact of using the policy to disable unpublished extensions.

    This feature is available to test for the members of the Chrome Enterprise Trusted Tester program. You can sign up for our Trusted Tester program here.
     
    • Chrome 120 on Linux, Mac, Windows: Trusted Tester program
    • Chrome 121 on Linux, Mac, Windows: Feature rolls out
     

    Apps & Extensions usage report:

    usage report

    App Details page:

    App details

   

  • Legacy Technology report back to top

    As early as Chrome 121, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, SameSite cookie changes, older security protocols like TLS 1.0/1.1 and third-party cookies. This information will enable IT administrators to work with developers to plan required tech migrations before the deprecation goes into effect.

    This feature will be released in our Trusted Tester program as early as Chrome 120. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
     
    • As early as Chrome 121 on Linux, Mac, Windows
    Legacy tech report

   

  • Chrome crash report back to top

    As early as Chrome 122, you will be able to visualize crash events in the Admin console using the new Chrome crash report page. In this report, you will find a dynamic chart representing Chrome crash events over time, grouped by versions of Chrome. Additional filtering is available for the following fields: OS platforms, Chrome channels and dates. This report will help you proactively identify potential Chrome issues within your organization.

    This feature will be released in our Trusted Tester program as early as Chrome 121. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
     
    • Chrome 121 on Linux, Mac, Windows: Trusted Tester program
    • Chrome 122 on Linux, Mac, Windows: Feature rolls out
      Crash report

↑ back to top  

Chrome 119

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome release schedule changes    
Deprecate and remove WebSQL    
Native Client support updates    
Remove Sanitizer API    
Tab groups can be saved, recalled, and synced    
Deprecate non-standard shadowroot attribute for declarative shadow DOM    
Shifting UI strings in Chrome from Clear to Delete when getting rid of data    
DevTools internal errors reported to Chrome internal crash reporting    
Skip unload events    
SharedImages for PPAPI Video Decode    
Remove Authorization header upon cross-origin redirect    
Dedicated setting for Permission Suggestions Service    
Hash-prefix real-time lookups    
Remove recommended support from multiple policies    
Standard-compliant URL host punctuation characters    
Save images to Google Photos on iOS    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Privacy Hub    
ChromeOS Admin templates    
Using Drive offline on Chromebook Plus  
Admin console updates Security/ Privacy User productivity/ Apps Management
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Default Search Engine choice screen    
Rename FirstPartySets Enterprise Policies to RelatedWebsiteSets  
Revamped Safety Check on Desktop    
Chrome Desktop responsive toolbar    
Chrome on Android will no longer support Android Nougat    
Chrome Third-Party Cookie Deprecation     
Package tracking (iOS only)    
Network Service on Windows will be sandboxed    
Display banner allowing to resume last tab from other devices    
Resume the last opened tab on any device     
Unprefix -webkit-background-clip for text and make it an alias    
Chrome user policies for iOS    
Chrome profile separation: new policies    
Migrate away from data URLs in SVGUseElement  
Password Manager: password sharing  
Permissions prompt for Web MIDI API    
IP Protection Phase 0 for Chrome    
Apps & Extensions Usage Report: Highlight extensions removed from the Chrome Web Store    
Legacy Technology Report    
Remove support for UserAgentClientHintsGREASEUpdateEnabled    
Chrome Sync ends support for Chrome 81 and earlier      
Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy    
Intent to deprecate: Mutation Events    
Extensions must be updated to leverage Manifest V3
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Set the screensaver duration    
New controls for mouse scroll acceleration    
Enhanced Alt + click behavior    
New look for ChromeOS media player    
Enhanced notifications for pinned apps    
New ChromeOS sync options  
App disablement by Admin in MGS    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome release schedule changes back to top

    Chrome 119 and all subsequent releases will be moved forward by one week. For example, Chrome 119 has its early stable release on October 25 instead of Nov 1. Beta releases will also be moved forward by one week starting in Chrome 119.

    For more details, see the Chrome Release Schedule.
     
    • Chrome 119 on Android, iOS, ChromeOS, Linux, Mac, Windows

   

  • Deprecate and remove WebSQL back to top

    With SQLite over WASM as its official replacement, we plan to remove WebSQL entirely. This will help keep our users secure.

    The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. 
     
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a policy, WebSQLAccess, is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy.
    • Chrome 123: on Chrome OS, LaCrOS, Linux, Mac, Windows: Starting in Chrome 123, the policy WebSQLAccess, which allows for WebSQL to be available will no longer be available.

   

  • Native Client support updates back to top

    Chrome 119 removes a temporary enterprise policy, NativeClientForceAllowed, which allowed Native Client to continue to be used.
     
    • Chrome 117 on Linux, Mac, Windows: Removes Native Client NaCl support from extensions on Windows, macOS, Linux.
    • Chrome 119 on Linux, Mac, Windows: Removes NativeClientForceAllowed policy.

   

  • Remove Sanitizer API back to top

    To prevent the current Sanitizer API from becoming entrenched, we plan to remove the current implementation. We expect to re-implement the Sanitizer API when the proposed specification stabilizes again.

    The Sanitizer API aims to build an easy-to-use, always secure, browser-maintained HTML sanitizer into the platform. We shipped an initial version of the Sanitizer API in Chrome 105, based on the then-current specification draft. However, the standards discussion has meanwhile moved on and the proposed API shape has changed substantially. 
     
    • Chrome 119 on Windows, Mac, Linux, Android 

   

  • Tab Groups can be saved, recalled, and synced back to top

    Users can now save tab groups, which allows them to close and re-open the tabs in the group, as well as sync them across devices. You can disable syncing Tab Groups using the  SyncTypesListDisabled policy.
     
    • Chrome 119 on ChromeOS, Linux, Mac, Windows

   

  • Deprecate non-standard shadowroot attribute for declarative Shadow DOM back to top

    The standards-track shadowrootmode attribute, which enables declarative Shadow DOM, was shipped in Chrome 111 (ChromeStatus). The older, non-standard shadowroot attribute is now deprecated. During the deprecation period, both attributes are functional, however the shadowroot attribute does not enable the new streaming behavior, whereas shadowrootmode allows streaming of content. There is a straightforward migration path: replace shadowroot with shadowrootmode

    The old shadowroot attribute is deprecated as of Chrome 112, and it will be removed (no longer supported) in Chrome 119. Chrome 119 goes to Stable on October 31, 2023. 
     
    • Chrome 119 on Windows, Mac, Linux, Android 

   

  • Shifting UI strings in Chrome from Clear to Delete when getting rid of data back to top

    Chrome is updating settings text to reflect delete instead of clear when referring to the destruction of data. We expect this change to improve users’ understanding of the associated effect on data. Users who intend to get rid of data should feel reassured that the data is actually deleted, not just cleared from one view but possibly accessible elsewhere. 
     
    • Chrome 119 on Android, iOS, ChromeOS, Mac, Windows: The earliest milestone that users may see these changes is 119. 

   

  • DevTools internal errors reported to Chrome internal crash reporting back to top

    To improve Chrome's stability, DevTools internal errors are now reported through Chrome's existing crash reporting pipeline. This provides visibility of the stability of Chrome DevTools. Admins can control all crash reporting, including these errors, using the MetricsReportingEnabled enterprise policy.
     
    • Chrome 119 on ChromeOS, Linux

   

  • Skip unload events back to top

    The presence of unload event listeners is a primary blocker for back/forward cache on Chromium based browsers and for Firefox on desktop platforms. On the other hand, for mobile platforms, almost all browsers prioritize the bfcache by not firing unload events in most cases. To improve the situation, we’ve been working with lots of partners and successfully reduced the use of unload event listeners over the last few years. To further accelerate this migration, we propose to have Chrome for desktop gradually skip unload events. 

    In case you need more time to migrate away from unload events, we’ll offer temporary opt-outs in the form of a Permissions-Policy API and an enterprise policy ForcePermissionPolicyUnloadDefaultEnabled, which will allow you to selectively keep the behavior unchanged.
     
    • Chrome 117 on Chrome OS, Linux, Mac, Windows: Dev Trial
    • Chrome 119 on Chrome OS, Linux, Mac, Windows: Introduces ForcePermissionPolicyUnloadDefaultEnabled policy
    • Chrome 120-131 on Chrome OS, Linux, Mac, Windows: Deprecation trial (general rollout of deprecation will be limited scope until deprecation trial is ready)

   

  • SharedImages for PPAPI Video Decode back to top

    Chrome 119 introduces a new PPAPISharedImagesForVideoDecoderAllowed policy to control the recent refactor for VideoDecoder APIs in PPAPI plugin. 
     
    • Chrome 119 on ChromeOS, LaCrOS: Introduces escape hatch policy.
    • Chrome 122 on ChromeOS, LaCrOS: Escape hatch policy and corresponding old code paths are removed.

   

  • Remove Authorization header upon cross-origin redirect back to top

    The Fetch standard has been updated to remove Authorization header on cross origin redirects. Chrome 119 implements this change to the specification. Prior to Chrome 119, when a cross origin redirect, such as from foo.test to bar.test, happened with an Authorization header, Chrome preserved the Authorization header and bar.test could receive the header. Starting Chrome 119, Chrome removes Authorization headers when cross origin redirects happen, meaning that bar.test no longer receives the Authorization header.

    • Chrome 119 on ChromeOS, Windows, Mac, Linux, Android

   

  • Dedicated setting for Permission Suggestions Service back to top

    The settings page for notification and geolocation permissions now has an additional option to explicitly enable the Permission Suggestions Service. Permission Suggestions Service is an already existing feature, but it didn’t have its dedicated setting. It was tied to standard Safe Browsing settings being enabled. Now the users can choose between four different states:
    1. Always show the notification/geolocation permission prompt
    2. Let Permission Suggestion Service quieten unwanted notification/geolocation requests (new)
    3. Always quieten notification permission requests
    4. Always block notifications/geolocation permission requests
    Admins can use the existing policies to either always allow or always block notifications or geolocation requests globally or for particular sites.  
    • Chrome 119 on Linux, Mac, Windows
     
    notification for permissions suggestions service

   

  • Hash-prefix real-time lookups back to top

    For standard Safe Browsing protection users, visited URLs now have their safety checked in real time instead of against a less frequently updated local list of unsafe URLs. This is done by sending partial hashes of the URLs to Google Safe Browsing through a proxy via Oblivious HTTP, so that the user’s IP address is not linked to the partial hashes. This change improves security while maintaining privacy for users. If needed, the feature can be disabled through the policy SafeBrowsingProxiedRealTimeChecksAllowed.
     
    • Chrome 119 on Android, iOS, Chrome OS, LaCrOS, Linux, Mac, Windows

   

  • Remove recommended support from multiple policies back to top

    Some policies can be applied as recommended, allowing administrators to set an initial value which end-users can later change. Beginning in Chrome 119, recommended support will be removed from multiple policies which end-users currently have no way of configuring.

    Any affected policies that were previously set as recommended will need to be set as mandatory to ensure they continue to take effect.
     

   

  • Standard-compliant URL host punctuation characters back to top

    Chrome 119 continues our efforts to make Chrome's handling of URL host punctuation characters standard-compliant. Here is a summary of changes in Chrome 119:
     

    Notation:

    - 'ESC': Allowed, but Chrome escapes it, which is non-compliant.

    - '-':  Allowed.

    - '0': Forbidden. URL will be invalid if the host contains a forbidden character.

    Warning:

    - SPACE and ASTERISK are still non-compliant.

    URL character map
    • Chrome 119 on Windows, Mac, Linux, Android

   

  • Save images to Google Photos on iOS back to top

    When a signed-in user long-presses on an image in Chrome, they can save it directly to Google Photos. They have the option to save it to any account logged in on the device.
     
    • Chrome 119 on iOS: Users can directly save images to Google photos
    • Chrome 120 on iOS: A policy is introduced to control this functionality
      save images iOS

   

   

  • Removed policies in Chrome browser   back to top

    Policy Description
    ChromeCleanupEnabled Enable Chrome Cleanup on Windows
    DownloadBubbleEnabled Enable download bubble UI
    ChromeCleanupReportingEnabled Control how Chrome Cleanup reports data to Google

ChromeOS updates

   

  • Privacy Hub back to top

    Users can now manage their camera and microphone settings across the operating system from one place in Settings>Security and Privacy>Privacy controls. Now it only takes one click for users to completely turn off their camera or microphone all from one place when they need extra confidence in staying on mute.
    privacy hub  

   

  • ChromeOS Admin templates back to top

    With App Launch Automation, admins can now configure groups of applications, windows and tools that can be launched automatically on startup or on-demand by users throughout their day. With App Launch Automation, you can get users up and running quickly at the start of their day, provide users with a way to easily get to an optimal starting point for new tasks, and remember the window layout each user sets up for their individual workflows for future use.

    You can turn on this feature using the #app-launch-automation flag, and then create templates in the Admin console.
      admin templates  

   

  • Using Drive offline on Chromebook Plus devices back to top

    Enterprise users on Chromebook Plus devices can now easily make all of their files in the My Drive section of Google Drive available offline. You can control this using the DriveFileSyncAvailable enterprise policy.
      Drive access files  

Admin console updates

 

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • Default Search Engine choice screen back to top 

    As early as Chrome 120, enterprise end-users might be prompted to choose their default search engine within Chrome.

    As part of our building for DMA compliance, some users will be prompted to choose their default search engine for Chrome. This prompt controls the default search engine setting, currently available at chrome://settings/search. The enterprise policies, DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, will continue to control this setting as it does today, if it is set by the IT admin. Read more on this policy and the related atomic group.
     
    • Chrome 120 on iOS, Chrome OS, LaCrOS, Linux, Mac, Windows: 1% users will start getting the choice screen with Chrome 120. 100% by Chrome 122.
 

   

  • Rename FirstPartySets enterprise policies to RelatedWebsiteSets back to top 

    The FirstPartySetsEnabled and FirstPartySetsOverrides enterprise policies are renamed to RelatedWebsiteSetsEnabled and RelatedWebsiteSetsOverrides respectively. There is no change in the policies’ behavior. The new policies become available from Chrome 120. Administrators should use them going forward. To learn more about the rename, follow https://developer.chrome.com/blog/related-website-sets/
     
    • Chrome 120 on Android, Chrome OS, LaCrOS, Linux, Mac, Windows, Fuchsia
 

   

  • Revamped Safety Check on Desktop back to top 

    We plan to introduce a new proactive Safety Check that regularly checks the browser for safety-related issues and informs users when there's anything that needs their attention. This launch also introduces a new page with Chrome’s proactive safety-related actions and information tailored to each user, designed to make it easier for users to stay safe online.
     
    • Chrome 120 on ChromeOS, LaCrOS, Linux, Mac, Windows
    safety check  
 

   

  • Chrome Desktop responsive toolbar back to top 

    As early as Chrome 120, Chrome Desktop customers across devices and input modes (for example, Mouse or Touch) will experience a toolbar that seamlessly responds to changing window sizes, when users manually select and resize a window or use OS-specific window management tools.
     
    • Chrome 120 on ChromeOS, LaCrOS, Linux, Mac, Windows
 

   

  • Chrome on Android will no longer support Android Nougat back to top 

    The last version of Chrome that supports Android Nougat is Chrome 119, and it includes a message to affected users informing them to upgrade their operating system. 
     

    Chrome 120 will not support nor ship to users running Android Nougat.
     

    • Chrome 120 on Android: Chrome on Android no longer supports Android Nougat
 

   

  • Chrome Third-Party Cookie deprecation back to top 

    In Chrome 120 and beyond (Jan 2024), Chrome will globally disable third-party cookies for 1% of Chrome traffic as part of our Chrome-facilitated testing in collaboration with the CMA. This will allow sites to meaningfully preview what it's like to operate in a world without third-party cookies. Most enterprise users will be excluded from this experiment group automatically. But for the few that might be affected, admins will be able to use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out their managed browsers ahead of the experiment. This will give enterprises time to make the changes required to not rely on this policy or third-party cookies. 

    We plan to provide more tooling to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to false to re-enable third-party cookies for all sites but this will prevent users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue receiving third-party cookies.

    For more details on how to prepare, provide feedback and report potential site issues, refer to the Mode B: 1% third-party cookie deprecation blog section and the Preparing for the end of third-party cookies blog.
     
    • Chrome 120 on ChromeOS, Linux, Mac, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.
 

   

  • Package tracking (iOS only) back to top 

    Users will be able to enable a new package tracking feature that results in estimated delivery dates and package status appearing in a new card on the New tab page. This feature is only supported for en-US users and only for packages fulfilled via FedEx and USPS. If needed, you will be able to turn off the feature using a new policy called ParcelTrackingEnabled
     
    • Chrome 120 on iOS: feature launches
    parcel delivery check  
 

   

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.
     
    • Chrome 120 on Windows: Network Service sandboxed on Windows
 

   

  • Display banner allowing to resume last tab from other devices back to top 

    To help signed-in users resume tasks when they have to switch devices immediately, Chrome will offer to pick up tabs recently used on the previous device. Admins will be able to control this feature using an existing enterprise policy called SyncTypesListDisabled.
     
    • Chrome 120 on iOS: Feature launches
    display banner  

   

  • Resume the last opened tab on any device back to top 

    For the last open tab on any device within the last 24 hours with the same signed-in user profile, Chrome will offer users with a quick shortcut to resume that tab. Admins will be able to control this feature using an existing enterprise policy called SyncTypesListDisabled.
     
    • Chrome 120 on iOS: Feature launches
 

   

  • Unprefix -webkit-background-clip for text and make it an alias back to top 

    Chrome will allow the use of the unprefixed version for background-clip: text and will make -webkit-background-clip an alias for background-clip. Also, it drops support for non-suffixed keywords (content, padding and border) for better round-trip with alias.
     
    • Chrome 120 on Windows, Mac, Linux, Android
 

   

  • Chrome user policies for iOS back to top 

    Admins can apply policies and preferences across a user's devices. Settings apply whenever the user signs in to Chrome browser with their managed account on any device. This functionality already exists on Windows, Mac, Linux, ChromeOS and Android.  We are in the process of bringing this functionality to iOS.
     
    • Chrome 120 on iOS: The earliest milestone for this capability is 120. 
 

   

 

   

  • Migrate away from data URLs in SVGUseElement back to top 

    The SVG spec was recently updated to remove support for data: URLs in SVGUseElement. This improves security of the Web platform as well as compatibility between browsers as Webkit does not support data: URLs in SVGUseElement. You can read more in this blog post. 

    Assigning a data: URL in SVGUseElement can cause XSS. And this also led to a Trusted Types bypass.

    For enterprises that need additional time to migrate, the DataUrlInSvgUseEnabled policy will be available until Chrome 128 to re-enable Data URL support for SVGUseElement.
     
    • Chrome 120 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia: Remove support for data: URLs in SVGUseElement
 

   

  • Password Manager: password sharing back to top 

    Password Manager allows users to share their passwords with members of their Google Family Group (as configured in their Google Account). Users  can only share one password at a time. It is not possible to share passwords in bulk. The shared password cannot be updated or revoked by the sender.

    Enterprise admins can use the PasswordSharingEnabled policy to switch off the share feature for all their employees.
     
    • Chrome 120 on iOS, Chrome OS, LaCrOS, Linux, Mac, Windows, Fuchsia
 

   

  • Permissions prompt for Web MIDI API back to top 

    There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (bugs). To address this problem, the Audio WG decided to place an explicit permission on the general MIDI API access. Originally, the explicit permission was only required for the advanced MIDI usage, for example,  system exclusive (SysEx) message in Chrome, with gated access behind a permissions prompt. We plan to  expand the scope of the permission to regular MIDI API usage.

    Today the use of SysEx messages with the Web MIDI API requires an explicit user permission. With this implementation, even access to the Web MIDI API without SysEx support will require a user permission. Three new policies—DefaultMidiSetting, MidiAllowedForUrls and MidiBlockedForUrls—will be available to allow administrators to pre-configure user access to the API.
     
    • Chrome 121 on Windows, Mac, Linux, Android 
 

   

  • IP Protection Phase 0 for Chrome back to top 

    As early as Chrome 122, Chrome might route traffic for some network requests to Google-owned resources through a privacy proxy. This is an early milestone in a larger effort to protect users' identities by masking their IP address from known cross-site trackers. More information is available in this explainer on GitHub. Enterprise policies will be in place to allow admins to turn off the feature before it’s launched.
     
    • Chrome 122 on ChromeOS, Linux, Mac, Windows, Android
 

   

  • Apps & Extensions Usage report: Highlight extensions removed from the Chrome Web Store back to top 

    As early as 122, Chrome is adding new information on the Apps & Extensions Usage Report to help you identify if an extension was recently removed from the Chrome Web Store. On the App Details page, you can find the reason why an extension was removed from the Chrome Web Store. This feature will help IT administrators identify the impact of using the policy to disable unpublished extensions.
     
    • Chrome 122 on LaCrOS, Linux, Mac, Windows
 

   

  • Legacy Technology report back to top 

    As early as Chrome 122, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, SameSite cookie changes, or older security protocols like TLS 1.0/1.1. This gives admins the ability to work with developers to plan required tech migrations before the deprecation goes into effect.  If you’re interested in helping us test this feature, you can sign up for our Trusted Tester program here.
     
    • Chrome 122 on LaCrOS, Linux, Mac, Windows
 

   

  • Remove support for UserAgentClientHintsGREASEUpdateEnabled back to top 

    We plan to deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year. The policy will eventually be removed. 
     
    • Chrome 122 on Android, ChromeOS, Linux, Mac, Windows: Policy is deprecated
    • Chrome 125 on Android, ChromeOS, Linux, Mac, Windows: Policy is removed
 

   

  • Chrome Sync ends support for Chrome 81 and earlier back to top 

    Chrome Sync will no longer support Chrome 81 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome Sync.
     
    • Chrome 123 on Android, iOS, Chrome OS, Linux, Mac, Windows: The change will be implemented.
 

   

  • Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy back to top 
    In Chrome 79, we introduced the LegacySameSiteCookieBehaviorEnabledForDomainList policy to revert the SameSite behavior of cookies to legacy behavior on the specified domains. The LegacySameSiteCookieBehaviorEnabledForDomainList policy’s lifetime has been extended and will be removed on the milestone listed below.
     
    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy

   

  • Intent to deprecate: Mutation Events back to top 

    Synchronous Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be removed or migrated to Mutation Observer.
     
    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: Mutation Events will stop functioning in Chrome 127, around July 30, 2024.

   

  • Extensions must be updated to leverage Manifest V3 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. As mentioned earlier in our blog post , the Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed. During the timeline review, existing Manifest V2 extensions can still be updated, and still run in Chrome. However, all new extensions submitted to the Chrome Web Store must implement Manifest V3. An Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. Read more on the Manifest timeline, including: 
     
    • Chrome 98 on ChromeOS, LaCrOS, Linux, Mac, Windows: Chrome Web Store stops accepting new Manifest V2 extensions with visibility set to "Public" or "Unlisted". The ability to change Manifest V2 extensions from "Private" to "Public" or "Unlisted" is removed.
    • Chrome 103 on ChromeOS, LaCrOS, Linux, Mac, Windows: Chrome Web Store stops accepting new Manifest V2 extensions with visibility set to "Private".
    • Chrome 110 on ChromeOS, LaCrOS, Linux, Mac, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Future milestone on ChromeOS, LaCrOS, Linux, Mac, Windows: Remove ExtensionManifestV2Availability policy.

↑ back to top  

Upcoming ChromeOS changes

   

  • Set the screensaver duration back to top

    As early as ChromeOS 120, you will be able to set the duration for screensaver while charging. Users can now choose how long their screensaver runs while their device is charging (not on battery). You can control this using a new enterprise policy. The default setting is Forever, and can be reduced using drop-down options.

   

  • New controls for mouse scroll acceleration back to top

    ChromeOS 120 will add new controls to let users disable mouse scroll acceleration and adjust the speed of the scrolling.

   

  • Enhanced Alt + click behavior back to top

    In ChromeOS 120, you will be able to configure right-click behavior using the keyboard and touchpad. You can also configure settings for actions such as Home, End, and Page Up, in the Customize keyboard keys subpage. 
    alt click enhancements
     
    alt click enhancements

   

  • New look for ChromeOS media player back to top

    As early as ChromeOS 121, the media player will have bigger buttons and colors to match your wallpaper. The media player will appear when you are playing any video or audio (like Spotify or YouTube) in Quick Settings. You will be able to click the pin icon to move the media player to the shelf. In addition to controlling media that is being cast, you will be able to start casting web media to any speakers or screens on your local network.    
    new media design

   

  • Enhanced notifications for pinned apps back to top

    As early as ChromeOS 121, you will be able to visually separate pinned notifications from other notifications. We will change the visual specs, buttons, and notification text to fit within fixed size bubbles. This significantly differentiates the visual look of pinned notifications from typical notifications to reflect their significant difference in purpose (notifying the user of an ongoing process rather than an instantaneous event).

   

  • New ChromeOS sync options back to top

    ChromeOS will soon deliver an updated device setup experience that lets users customize sync settings for apps, settings, wi-fi networks, and wallpaper.

   

  • App disablement by Admin in MGS back to top

    Up until now, Managed Guest Sessions (MGS) include a set of applications (Explore, Gallery, and Terminal apps) that are available to the user. With the SystemFeaturesDisableList policy, Admins will soon be able to disable these apps, blocking and hiding them from users across your enterprise.

↑ back to top  

Chrome 118

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Remove ForceMajorVersionToMinorPositionInUserAgent policy    
Remotely disable malicious off-store extensions    
Remove RendererCodeIntegrityEnabled policy    
Support for passkeys in iCloud Keychain on macOS  
Hash-prefix real-time lookups    
Updates to the red Safe Browsing interstitials  
Form controls support vertical writing mode    
Block all cookies set via JavaScript that contain control characters    
Clearer Safe Browsing protection level settings text and images    
WebUSB in Extension Service Workers    
Include chrome.tabs API calls in extension telemetry reports    
Remove non-standard appearance keywords    
Enrollment for Privacy Sandbox     
Discounts shown on product pages and on Quests on the New Tab Page    
Encrypted archive deep scanning for Enhanced Safe Browsing users    
Flag for enabling the chrome://policy/test page    
TLS Encrypted Client Hello (ECH)    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Password recovery    
Tabbed PWAs    
Printer setup assistance    
Imprivata integration v4  
Touch text editing redesign    
Admin console updates Security/ Privacy User productivity/ Apps Management
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Chrome release schedule changes    
Deprecate and remove WebSQL    
Native Client support updates    
Migrate away from data URLs in SVG <use> element  
Network Service on Windows will be sandboxed    
Display banner allowing to resume last tab from other devices    
Remove Sanitizer API    
Tab groups can be saved, recalled, and synced    
Chrome profile separation: new policies    
Private Network Access restrictions for automotive    
Deprecate non-standard shadowroot attribute for declarative shadow DOM    
Remove support for UserAgentClientHintsGREASEUpdateEnabled    
Default Search Engine choice screen    
Shifting UI strings in Chrome from Clear to Delete when getting rid of data    
DevTools internal errors will be reported to Chrome internal crash reporting    
SharedImages for PPAPI Video Decode    
Private Aggregation API bundled enhancements  
Remove Authorization header upon cross-origin redirect    
Revamped Safety Check on Desktop    
Permissions prompt for Web MIDI API    
Desktop Responsive Toolbar    
Chrome on Android will no longer support Android Nougat    
Chrome Third-Party Cookie Deprecation (3PCD)    
IP Protection Phase 0 for Chrome    
Apps & Extensions Usage Report: Highlight extensions removed from the Chrome Web Store    
Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy    
Intent to deprecate: Mutation Events    
Extensions must be updated to leverage Manifest V3
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Privacy Hub    
ChromeOS Admin templates    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
URL-keyed anonymized data collection in Kiosk mode    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Remove ForceMajorVersionToMinorPositionInUserAgent policy back to top

    Chrome 118 removes the ForceMajorVersionToMinorPositionInUserAgent policy. This policy was introduced in Chrome 99 to control whether the User-Agent string major version would be frozen at 99, in case of User-Agent string parsing bugs when the version changed to 100. Fortunately, we did not need to deploy this feature and only encountered a few minor 3-digit version parsing issues that have all since been fixed. Given that, we can now remove this policy. If you have any feedback about this policy removal, or are aware of intranet functionality that depends on the policy, comment on this bug. 

   

  • Remotely disable malicious off-store extensions back to top

    When Enhanced Safe Browsing is enabled, where users have a malicious off-store extension installed,  the extension is disabled when the decision is entered on the Safe Browsing servers via either manually or by an automated detection system.
    • Chrome 118 on ChromeOS, Linux, Mac, Windows: Feature launches

   

  • Remove RendererCodeIntegrityEnabled policy back to top

    The Renderer Code Integrity security feature is no longer controlled by the RendererCodeIntegrityEnabled policy; it is now switched on by default. We recommend that you verify any potential incompatibilities with third party software by no longer using the policy in advance of this release. To report any issues you encounter, submit a bug here.
    • Chrome 118 on Windows: This policy is deprecated and will no longer take effect

   

  • Support for passkeys in iCloud Keychain on macOS back to top

    Chrome on macOS ≥ 13.5 now supports creating and using passkeys from iCloud Keychain. When signing in using WebAuthn, passkeys from iCloud Keychain are listed as options once the user has granted Chrome the needed permission. If permission has not been granted, a generic iCloud Keychain option appears that prompts for permission before showing iCloud Keychain passkeys. If permission is denied, the iCloud Keychain can still be used, but it has to be manually selected each time. 

    When a site asks to create a platform passkey, Chrome might default to creating the passkey in iCloud Keychain based on whether iCloud Drive is in use and whether WebAuthn credentials from the current profile have been recently used. This can be controlled with a setting on chrome://password-manager/settings, and with the enterprise policy CreatePasskeysInICloudKeychain.
    • Chrome 118 on Mac: Chrome 118 supports iCloud Keychain. Whether Chrome defaults to creating platform passkeys in iCloud Keychain can be altered by Chrome Variations during the lifetime of 118.

   

  • Hash-prefix real-time lookups back to top

    For standard Safe Browsing protection users, visited URLs now have their safety checked in real time, instead of less frequently using an updated local list of unsafe URLs. This is done by sending partial hashes of the URLs to Google Safe Browsing through a proxy via Oblivious HTTP, so that the user’s IP address is not linked to the partial hashes. This change improves security while maintaining privacy for users. If needed, you can control this feature using the SafeBrowsingProxiedRealTimeChecksAllowed policy.
    • Chrome 118 on iOS, ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • Updates to the red Safe Browsing interstitials back to top

    In Chrome 118, users see minor updates to the red Safe Browsing interstitials. The main body text now includes an explicit recommendation from Chrome and site ID is specified in the details section instead of the main body. The danger icon replaces the previous warning icon, and styling is now consistent with the latest product standards. These changes improve user comprehension of warnings.
    • Chrome 118 on Android, iOS, ChromeOS, LaCrOS, Linux, Mac, Windows
    red safe browsing

   

  • Form controls support vertical writing mode back to top

    The CSS property writing-mode should be enabled for form controls elements as it allows lines of text to be laid out horizontally or vertically and it sets the direction in which blocks progress. 

    With this feature, we are allowing the form control elements select, meter, progress, button, textarea and input to have vertical-rl or vertical-lr writing mode. As needed for Web compatibility, we now begin to slowly roll out the change for a number of form controls in 118, and we will continue in future milestones.

    You can control this feature with the following command line flags:

    --enable-features= FormControlsVerticalWritingModeSupport
    --enable-features= FormControlsVerticalWritingModeTextSupport
    • Chrome 118 on Windows, Mac, Linux, Android 

   

  • Block all cookies set via JavaScript that contain control characters back to top

    Updates how control characters in cookies set via JavaScript are handled. Specifically, all control characters cause the entire cookie to be rejected (previously a NULL character, a carriage return character, or a line feed character in a cookie line caused it to be truncated instead of rejected entirely, which could have enabled malicious behavior in certain circumstances). This behavior aligns Chrome with the behavior indicated by the latest drafts of RFC6265bis

    You can control this feature  using the --disable-features=BlockTruncatedCookies or the BlockTruncatedCookies enterprise policy, which will be available for several milestones in case this change causes any breakage.
    • Chrome 118 on Windows, Mac, Linux, Android 

   

  • Clearer Safe Browsing protection level settings text and images back to top

    In Chrome 118, some users see new text describing the Safe Browsing protection level on both the Security Settings page and the Privacy Guide. The update clarifies the Enhanced Protection level by adding a table and linking to a help center article where users can learn more. The new table helps users understand the trade-offs when selecting that option versus choosing the other options. The descriptions for Standard Protection, No Protection and the password compromise warnings toggle have been simplified to make the options clearer. The Safe Browsing protection level is an existing feature, still controlled by the SafeBrowsingProtectionLevel policy.
    • Chrome 118: Some users see the updated text and images on the Chrome Security Settings page and on the Privacy Guide.
      clearer safe browsing

   

  • WebUSB in Extension Service Workers back to top

    Web developers can use the WebUSB API when responding to extension events by exposing WebUSB API to Service Workers registered by browser extensions. This API is not yet exposed to Service Workers registered by sites but the implementation experience gained by supporting the API for extensions will be valuable for such a future project.
    • Chrome 118 on Windows, Mac, Linux, ChromeOS 

   

  • Include chrome.tabs API calls in extension telemetry reports back to top

    When you switch on Enhanced Safe Browsing, Chrome now collects telemetry information about chrome.tabs API calls made by extensions. This information is analyzed on Google servers and further improves the detection of malicious and policy violating extensions. It also allows better protection for all Chrome extension users. You can turn off this functionality along with the extension telemetry feature by setting SafeBrowsingProtectionLevel to any value other than 2, which turns off Enhanced Safe Browsing.
    • Chrome 118 on ChromeOS, Linux, Mac, Windows: Feature launches

   

  • Remove non-standard appearance keywords back to top

    Since only standard appearance keywords should be supported, Chrome 118 removes appearance (and -webkit-appearance) keywords, including: 
     

    * inner-spin-button 

    * media-slider

    * media-sliderthumb 

    * media-volume-slider 

    * media-volume-sliderthumb 

    * push-button 

    * searchfield-cancel-button 

    * slider-horizontal 

    * sliderthumb-horizontal 

    * sliderthumb-vertical 

    * square-button 


    Note that value slider-vertical will not be removed as part of this patch; it is used for allowing <input type=range> vertical. It will be removed once feature FormControlsVerticalWritingModeSupport is enabled in Stable. 

    Previously, if using any of the above keywords, a console warning appeared, but the keyword was  recognized as a valid value. With the feature enabled, the appearance property will be ignored and set to the empty string. As needed for Web compatibility, we will progressively remove the appearance keywords based on their counter usages on Chrome Status Metrics. 

    For Chrome 118, we start with the following keywords, currently at page load usage below 0.001%: 
     

    * media-slider at 0.000361 

    * media-sliderthumb at 0.000187% 

    * media-volume-slider at 0.000143% 

    * media-volume-sliderthumb at 0.000109% 

    * sliderthumb-horizontal at 0.000182% 

    * sliderthumb-vertical at 0.000014%

    • Chrome 118 on Windows, Mac, Linux, Android  

   

  • Enrollment for Privacy Sandbox  back to top

    As the Privacy Sandbox relevance and measurement APIs start ramping up for general availability, we want to make sure these technologies are used as intended and with transparency. The APIs include Attribution Reporting, the Protected Audience API, Topics, Private Aggregation and Shared Storage. Privacy Sandbox is introducing a new Developer Enrollment process for Privacy Sandbox relevance and measurement APIs. Chrome will fetch the enrolled-sites list from the enrollment server (via component updater) and use it to gate access to the Privacy Sandbox APIs.
    • Chrome 118 on Windows, Mac, Linux, Android

   

  • Discounts shown on product pages and on Quests on the New tab page back to top

    Starting in Chrome 118, users sometimes see discounts, shown as annotations on page visits, in the Quests cards shown on the New tab page. Clicking through on the discount shows the relevant information on the product page. Quests as a whole are controlled by the NTPCardsVisible policy. Users also sometimes see discounts directly on the product page, available through an icon in the Omnibox.
    • Chrome 118 on ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • Encrypted archive deep scanning for Enhanced Safe Browsing users back to top

    Google Chrome offers deep scanning of some suspicious downloads to users who have opted in to Enhanced Safe Browsing. This sends the file content to Safe Browsing for a real-time evaluation of the file's safety. Starting in Chrome 118, deep scans of encrypted archives, for example, ZIP and RAR files, prompt the user to provide the archive password along with the file content. This is necessary for Safe Browsing to provide a useful verdict about the contents of the archive. Enterprises who do not want to see this prompt can prevent users from enabling Enhanced Safe Browsing with the SafeBrowsingProtectionLevel policy. Starting in Chrome 119, enterprises who want to switch off file deep scans while still enabling Enhanced Safe Browsing can do so with the SafeBrowsingDeepScanningEnabled policy.
    • Chrome 118 on ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • Flag for enabling the chrome://policy/test page back to top

    The #enable-policy-test-page flag allows admins and developers to use the chrome://policy/test page to more easily test policies on the Beta, Dev, Canary channels. 
    • Chrome 118 on Android, iOS, ChromeOS, Linux, Mac, Windows

   

  • TLS Encrypted Client Hello (ECH) back to top

    The TLS Encrypted ClientHello (ECH) extension allows clients to encrypt ClientHello messages, which are normally sent in cleartext, under a server’s public key. This allows websites to opt-in to avoid leaking sensitive fields, like the server name, to the network by hosting a special HTTPS RR DNS record. (Earlier iterations of this extension were called Encrypted Server Name Indication, or ESNI.) If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it. You can enable the new behavior by navigating to chrome://flags and enabling the #encrypted-client-hello flag. If you notice any incompatibilities, you can use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH.
    • Chrome 118 on Chrome OS, Linux, Mac, Windows: Rolled out to 100% of users

   

   

  • Removed policies in Chrome browser   back to top
    Policy Description
    ForceMajorVersionToMinorPositionInUserAgent Freeze User-Agent string major version at 99
    RendererCodeIntegrityEnabled Enable Renderer Code Integrity

ChromeOS updates

   

  • Password recovery back to top

    ChromeOS users who have forgotten their password can now recover their account along with all associated local data. Gone are the days where all local data is lost when a password has been forgotten! You can control this feature with the RecoveryFactorBehavior policy.
     

   

  • Tabbed PWAs back to top

    Developers can now choose to display their Progressive Web App (PWA) in tabbed mode, allowing users to manage and navigate multiple documents within a single window using a familiar tab strip. Developers should also specify a home tab where appropriate, which provides a consistent place for users to access documents and settings.
     

   

  • Printer setup assistance back to top

    To simplify a user's printing journey, ChromeOS provides more in context help when it comes to using their printer: an easier way to save printers, new set up instructions and help content, printer status directly integrated on the settings page. Moreover, we now also provide users an easy route to manage their printer when they face issues with it while trying to print.
     

   

  • Imprivata integration v4 back to top

    For caregivers, Imprivata OneSign compatibility with Google ChromeOS devices and the Chrome browser means fast, secure access, and better cost efficiency. This fourth version of Imprivata integration,  Imprivata v4, adds deployment, stability, and workflow improvements. It improves support for assigned devices by allowing for Imprivata sign-in to ChromeOS user sessions. In addition, ChromeOS 118 now supports all 12 languages of Imprivata and SPINE workflows.

   

  • Touch text editing redesign back to top

    Improved text editing interaction with user's fingers on the touchscreen, including a much more intuitive gesture system, usability improvements around gesture intentions and text legibility, a brand new magnifier that automatically shows cursor position with precision.

Admin console updates

 

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • Chrome release schedule changes back to top 

    Chrome 119 and all subsequent releases will be shifted forward by one week. For example, Chrome 119 will have its early stable release on October 25 instead of Nov 1. Beta releases will also be shifted forward by one week starting in Chrome 119.
    • Chrome 119 on Android, iOS, ChromeOS, Linux, Mac, Windows
 

   

  • Deprecate and remove WebSQL back to top 

    The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 
     

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebsQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. With SQLite over WASM as its official replacement, we want to remove WebSQL entirely.

    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117, the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a policy, WebSQLAccess, is needed for the feature to be available.
    • Chrome 119: Starting with Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy.
 

   

  • Native Client support updates back to top 

    Native Client NaCl support was removed from extensions on Windows, macOS, and Linux. A temporary enterprise policy is available, NativeClientForceAllowed, which allows Native Client to continue to be used.
    • Chrome 117 on Linux, Mac, Windows: Removal of Native Client NaCl support from extensions on Windows, macOS, Linux.
    • Chrome 119 on Linux, Mac, Windows: Removal of NativeClientForceAllowed policy
 

   

  • Migrate away from data URLs in SVG <use> element back to top 

    The SVG spec was recently updated to remove support for data: URLs in SVG <use> element. This improves security of the Web platform as well as compatibility between browsers as Webkit does not support data: URLs in SVG <use> element. You can read more in this blog post. 
     

    For enterprises that need additional time to migrate, the DataUrlInSvgUseEnabled policy will be available until Chrome 128 to re-enable Data URL support for SVG <use> element.

    • Chrome 119 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia: Remove support for data: URLs in SVG <use> element
 

   

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.
    • Chrome 119 on Windows: Network Service sandboxed on Windows
 

   

  • Display banner allowing to resume last tab from other devices back to top 

    Help signed in users resume tasks when they have to switch devices immediately by offering to pick up tabs recently used on the previous device. Admins can control this feature via the existing enterprise policy called SyncTypesListDisabled.
    • Chrome 119 on iOS: Feature launches
    display banner

   

  • Remove Sanitizer API back to top 

    The Sanitizer API aims to build an easy-to-use, always secure, browser-maintained HTML sanitizer into the platform. We shipped an initial version of the Sanitizer API in Chrome 105, based on the then-current specification draft. However, the standards discussion has meanwhile moved on and the proposed API shape has changed substantially. To prevent the current API from becoming entrenched, we plan to remove the current implementation. We expect to re-implement the Sanitizer API when the proposed specification stabilizes again. 
    • Chrome 119 on Windows, Mac, Linux, Android 

   

  • Tab Groups can be saved, recalled, and synced back to top 

    Users will be able to save tab groups, which will allow them to close and re-open the tabs in the group, as well as sync them across devices. You can disable syncing Tab Groups using the  SyncTypesListDisabled policy.
    • Chrome 119 on ChromeOS, Linux, Mac, Windows

   

  • Chrome profile separation: new policies back to top 

    Three new policies will be created to help enterprises configure enterprise profiles: ProfileSeparationSettings, ProfileSeparationDataMigrationSettings, ProfileSeparationSecondaryDomainAllowlist. These policies will be simpler to use and will replace ManagedAccountsSigninRestriction and EnterpriseProfileCreationKeepBrowsingData.
    • Chrome 119 on Linux, Mac, Windows: New profile separation policies available: ProfileSeparationSettings, ProfileSeparationDataMigrationSettings, ProfileSeparationSecondaryDomainAllowlist.

   

  • Private Network Access restrictions for automotive back to top 

    This ships Private Network Access restrictions to Android Automotive (if BuildInfo::is_automotive), including:  Private Network Access preflight requests for subresources and Private Network Access for Workers. Note that the two above features were shipped in warning only mode, but these features will enforce the restriction, that is, failing the main request if restrictions are not satisfied.
    • Chrome 119 on Android 

   

  • Deprecate non-standard shadowroot attribute for declarative shadow DOM back to top 

    The standards-track shadowrootmode attribute, which enables declarative Shadow DOM, was shipped in Chrome 111 (ChromeStatus). The older, non-standard shadowroot attribute is now deprecated. During the deprecation period, both attributes are functional, however the shadowroot attribute does not enable the new streaming behavior, whereas shadowrootmode allows streaming of content. There is a straightforward migration path: replace shadowroot with shadowrootmode

    The old shadowroot attribute is deprecated as of Chrome 112, and it will be removed (no longer supported) in Chrome 119, which goes to Stable on November 1, 2023. 

    • Chrome 119 on Windows, Mac, Linux, Android 

   

  • Remove support for UserAgentClientHintsGREASEUpdateEnabled back to top 

    Deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year and then eventually remove it. 
    • Chrome 119 on Android, ChromeOS, Linux, Mac, Windows: Policy is deprecated
    • Chrome 122 on Android, ChromeOS, Linux, Mac, Windows: Policy is removed

   

  • Default Search Engine choice screen back to top 

    As early as Chrome 119, enterprise end-users may be prompted to choose their default search engine within Chrome.

    As part of our building for DMA compliance, some users will be prompted to choose their default search engine for Chrome. This prompt controls the default search engine setting, currently available at chrome://settings/search. The enterprise policies, DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, will continue to control this setting as it does today, if it is set by the IT admin. Read more on this policy and the related atomic group.
    • Chrome 119 on iOS, ChromeOS, LaCrOS, Linux, Mac, Windows: 1% users will start getting the choice screen with Chrome 119. 100% by Chrome 122

   

  • Shifting UI strings in Chrome from Clear to Delete when getting rid of data back to top 

    Chrome is updating settings text to reflect delete instead of clear when referring to the destruction of data. We expect the change will improve user comprehension. Users who intend to get rid of data should feel reassured that the data is actually deleted and not just cleared from one view but accessible elsewhere. 
    • Chrome 119 on Android, iOS, ChromeOS, Mac, Windows: The earliest milestone that users may see these changes is 119. 

   

  • DevTools internal errors will be reported to Chrome internal crash reporting back to top 

    To improve Chrome's stability, DevTools internal errors will be reported through Chrome's existing crash reporting pipeline. This will provide visibility into the stability of the Chrome DevTools. Admins can control all crash reporting, including these errors, using the MetricsReportingEnabled enterprise policy.
    • Chrome 119 on ChromeOS, Linux, Mac, Windows

   

  • SharedImages for PPAPI Video Decode back to top 

    The PPAPISharedImagesForVideoDecoderAllowed policy controls the recent refactor for VideoDecoder APIs in PPAPI plugin. The migration only affects internal implementation details and should not change any behavior. However, this policy can be used in case any PPAPI applications do not work as expected.

    When the policy is left unset or set to Enabled, the browser will decide which implementation is used.

    When the policy is set to Disabled, Chrome will use the old implementation until the policy expires.

     

    NOTE: Only newly-started renderer processes will reflect changes to this policy while the browser is running.

    • Chrome 119 on ChromeOS, LaCrOS: Escape hatch policy introduced.
    • Chrome 122 on ChromeOS, LaCrOS: Escape hatch policy and corresponding old code paths are removed.

   

  • Private Aggregation API bundled enhancements back to top 

    We're planning a few bundled changes to Private Aggregation:
     

    - Null report fixes: Currently reports with no contributions are inadvertently dropped. This change ensures that, when a context ID is specified, a null report is sent even if budget is denied. Separately, it fixes a bug causing budget to always be denied for null reports.

    - Debug mode eligibility changes: Currently, debug mode is always available. This change only allows debug mode for callers that are allowed access to third-party cookies, silently dropping the debug mode otherwise. Note that this will allow debug mode to automatically sunset when third-party cookies are deprecated.

    - Padding report payloads: To avoid the payload size being dependent on the number of contributions, we will pad it with 'null' contributions to a fixed length. Note that this change will also affect Attribution Reporting reports.

    - Reducing delay: When a context ID is specified, we remove the randomized 10-60 minute delay, which is superfluous as a report is always sent in this case. Instead, we just wait until the Shared Storage operation timeout.

    • Chrome 119 on Windows, Mac, Linux, Android

   

  • Remove Authorization header upon cross-origin redirect back to top 

    The Fetch standard has been updated to remove Authorization header on cross origin redirects. Chrome should follow the spec change.
    • Chrome 119 on Windows, Mac, Linux, Android

   

  • Revamped Safety Check on Desktop back to top 

    We plan to introduce a new proactive Safety Check that regularly checks the browser for safety related issues and informs users when there's anything that needs their attention. Our Safety Check launch also introduces a new page with Chrome’s proactive safety-related actions and information tailored to each user, designed to make it easier for users to stay safe online.
    • Chrome 120 on ChromeOS, LaCrOS, Linux, Mac, Windows
      safety check  

   

  • Permissions prompt for Web MIDI API back to top 

    This feature gates the Web MIDI API access behind a permissions prompt. Today, the use of SysEx messages with the Web MIDI API requires an explicit user permission. With this implementation, even access to the Web MIDI API without SysEx support will require a user permission. Three new policies—DefaultMidiSetting, MidiAllowedForUrls and MidiBlockedForUrls—will be available to allow administrators to pre-configure user access to the API.
    • Chrome 120 on Windows, Mac, Linux, Android 

   

  • Desktop Responsive Toolbar back to top 

    As early as Chrome 120, Chrome Desktop customers across form factors and input modalities (e.g. Mouse, Touch) will experience a toolbar that seamlessly responds to changing window sizes albeit by manually selecting and dragging a window smaller/larger or using operating system specific window management tools.
    • Chrome 120 on ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • Chrome on Android will no longer support Android Nougat back to top 

    The last version of Chrome that will support Android Nougat will be Chrome 119, and it includes a message to affected users informing them to upgrade their operating system. Chrome 120 will not support nor ship to users running Android Nougat.
    • Chrome 120 on Android: Chrome on Android no longer supports Android Nougat

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    In Chrome 120 and beyond (Jan 2024), Chrome will globally disable third-party cookies for 1% of Chrome traffic as part of our Chrome-facilitated testing in collaboration with the CMA, to allow sites to meaningfully preview what it's like to operate in a world without third-party cookies (3PCs). Most enterprise end users will be excluded from this experiment group automatically. But for the few that may be affected, enterprise admins will be able to utilize an enterprise policy to opt out their managed browsers ahead of the experiment and give enterprises time to make necessary changes to not rely on this policy or third party cookies. 
    We plan to provide more details about this policy and provide more tooling to help identify 3PC use cases. In the meantime, refer to the Mode B: 1% third-party cookie deprecation blog section for more details on how to prepare, provide feedback and report potential site issues.
    • Chrome 120 on ChromeOS, Linux, Mac, Windows
      1% of global traffic has third party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • IP Protection Phase 0 for Chrome back to top 

    As early as Chrome 122, Chrome may route traffic for some network requests to Google-owned resources through a privacy proxy. This is an early milestone in a larger effort to protect users' identities by masking their IP address from known cross-site trackers. More information (including enterprise policies) can be found in the explainer.  Enterprise policies will be in place to allow admins to disable the feature before it’s launched.
    • Chrome 122 on ChromeOS, Linux, Mac, Windows, Android

   

  • Apps & Extensions Usage Report: Highlight extensions removed from the Chrome Web Store back to top 

    Chrome is adding new information on the Apps & Extensions Usage Report to help you identify if an extension was recently removed from the Chrome Web Store. On the App Details page, you can find the reason why an extension was removed from the Chrome Web Store. This feature will help IT administrators identify the impact of using the policy to disable unpublished extensions.
    • Chrome 122 on LaCrOS, Linux, Mac, Windows

   

  • Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy back to top 
    In Chrome 79, we introduced the LegacySameSiteCookieBehaviorEnabledForDomainList policy to revert the SameSite behavior of cookies to legacy behavior on the specified domains. The LegacySameSiteCookieBehaviorEnabledForDomainList policy’s lifetime has been extended and will be removed on the milestone listed below.
    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy

   

  • Intent to deprecate: Mutation Events back to top 
    Synchronous Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be removed or migrated to Mutation Observer.
    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: Mutation Events will stop functioning in Chrome 127, around July 30, 2024.

   

  • Extensions must be updated to leverage Manifest V3 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. As mentioned earlier in our blog post , the Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed. During the timeline review, existing Manifest V2 extensions can still be updated, and still run in Chrome. However, all new extensions submitted to the Chrome Web Store must implement Manifest V3. An Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. Read more on the Manifest timeline, including: 
    • Chrome 98 on ChromeOS, LaCrOS, Linux, Mac, Windows: Chrome Web Store stops accepting new Manifest V2 extensions with visibility set to "Public" or "Unlisted". The ability to change Manifest V2 extensions from "Private" to "Public" or "Unlisted" is removed.
    • Chrome 103 on ChromeOS, LaCrOS, Linux, Mac, Windows: Chrome Web Store stops accepting new Manifest V2 extensions with visibility set to "Private".
    • Chrome 110 on ChromeOS, LaCrOS, Linux, Mac, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.

    Future milestone on ChromeOS, LaCrOS, Linux, Mac, Windows: Remove ExtensionManifestV2Availability policy.

↑ back to top  

Upcoming ChromeOS changes

   

  • Privacy Hub back to top

    Later this year, users will be able to manage their camera and microphone settings across the operating system from one place in Settings. This way it only takes one click for users to completely turn off their camera or microphone all from one place when they need extra confidence in staying on mute.  
    privacy hub

   

  • ChromeOS Admin templates back to top

    App Launch Automation can be configured by Administrators in the Admin console to contain groups of applications, windows and tools that can be launched automatically on startup or on-demand by users throughout their day. With App Launch Automation, you can: get users up and running quickly at the start of their day, provide users with a way to easily get to an optimal starting point for new tasks, and remember the window layout each user sets up for their individual workflows for future use.
      admin templates

↑ back to top  

Upcoming Admin console changes

   

  • URL-keyed anonymized data collection in Kiosk mode back to top

    The policy for URL-keyed anonymized data collection, UrlKeyedAnonymizedDataCollectionEnabled, will soon be supported in the Admin console. This policy will be enforced starting October 1st and will remain disabled until then.

↑ back to top  

Chrome 117

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Skip unload events    
Chrome no longer supports macOS 10.13 and macOS 10.14    
Update to lock icon    
Network service is sandboxed on Linux and ChromeOS    
TLS Encrypted Client Hello (ECH)    
User surveys related to SafeBrowsing warnings    
Simplified onboarding experience    
Warnings on insecure downloads    
Service Worker static routing API    
Chrome browser integration with Symantec Endpoint DLP    
Require X.509 key usage extension for RSA certificates chaining to local roots    
Simplified sign-in and sync experience    
Updates to Clear Browsing Data on Android    
Allow users to review and optionally remove potentially unsafe extensions    
New Chrome Desktop visual refresh in Chrome 117    
Native Client support updates    
Deprecate and remove WebSQL    
Revamp permission usage or lockage indicators    
Price tracking    
Price insights on Chrome desktop    
Auth on entry to Password Manager on iOS    
Improved download warnings    
Storage Access API with prompts    
Chrome on Android trackpad support    
Port overflow check in URL setters    
Deprecate TLS SHA-1 server signatures    
URL standard-compatible IPv4 embedded IPv6 host parser    
Form-filler accessibility mode    
Clear client hints via Clear-Site-Data header    
Remove WebRTC getStats datachannelIdentifier -1    
Remove WebRTC getStats encoderImplementation/decoderImplementation unknown    
Unship callback-based legacy getStats() in WebRTC    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
ChromeOS battery state sounds    
Avoid content control escapes on the login or lock screen    
Emoji Picker with GIF support    
ChromeOS gets a makeover    
ChromeOS Personalization App    
Color correction settings on ChromeOS    
Tabbed PWAs on ChromeOS    
System answer cards in Launcher search    
Nudge managed users towards enrolling non-ZTE devices  
Replacing the Bluetooth stack on ChromeOS    
Time-lapse recording    
Enhanced options in clipboard history    
ChromeVox dialog changes    
Steam enabled on all capable devices    
Up Next Calendar view with Join video call integration    
Adaptive Charging     
Admin console updates Security/ Privacy User productivity/ Apps Management
Printing reports now available in Chrome Management Reports API    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Chrome will introduce a chrome://policy/test page    
Network Service on Windows will be sandboxed     
Remove ForceMajorVersionToMinorPositionInUserAgent policy    
Remotely disable malicious off-store extensions    
Remove RendererCodeIntegrityEnabled policy    
Support for passkeys in iCloud Keychain on macOS  
Hash-prefix real-time lookups    
Red interstitial facelift  
Form controls support vertical writing mode    
Block all cookies set via JavaScript that contain control characters    
Clearer Safe Browsing protection level settings text and images    
WebUSB in Extension Service Workers    
Include chrome.tabs API calls in extension telemetry reports    
Remove non-standard appearance keywords    
Chrome release schedule changes    
Permissions prompt for Web MIDI API    
Migrate away from data URLs in SVG <use> element  
Chrome Browser Cloud Management: Crash report    
IP protection Phase 0 for Chrome    
Display banner to allow resume last tab from other devices    
Remove Sanitizer API    
Tab groups can be saved, recalled, and synced    
Chrome profile separation: new policies    
Chrome on Android will no longer support Android Nougat    
Replace dangling markup in target name to _blank    
Private Network Access restrictions for automotive    
Deprecate non-standard shadowroot attribute for declarative shadow DOM    
Chrome Third-Party Cookie Deprecation (3PCD)    
Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy     
Intent to deprecate: Mutation events    
Extensions must be updated to leverage Manifest V3
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Privacy Hub    
ChromeOS Admin templates    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
URL-keyed anonymized data collection in Kiosk mode    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Skip unload events back to top 

    The presence of unload event listeners is a primary blocker for back/forward cache on Chromium based browsers and for Firefox on desktop platforms. On the other hand, for mobile platforms, almost all browsers prioritize the bfcache by not firing unload events in most cases. To improve the situation, we’ve been working with lots of partners and successfully reduced the use of unload event listeners over the last few years. To further accelerate this migration, we propose to have Chrome for desktop gradually skip unload events. In case you need more time to migrate away from unload events, we’ll offer temporary opt-outs in the form of an API and a group policy, which will allow you to selectively keep the behavior unchanged.
    • Chrome 117 on Chrome OS, Linux, Mac, Windows: Dev Trial.
 

   

  • Chrome no longer supports macOS 10.13 and macOS 10.14 back to top 

    Chrome will no longer support macOS 10.13 and macOS 10.14, which are already outside of their support window with Apple. Users have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.13 or 10.14, Chrome continues to show an infobar that reminds users that Chrome 117 will no longer support macOS 10.13 and macOS 10.14.
    • Chrome 117 on Mac: Chrome no longer supports macOS 10.13 and macOS 10.14.
 

   

  • Update to lock icon back to top 

    We plan to replace the lock icon with a variant of the tune icon, which is commonly used to indicate controls and settings. Replacing the lock icon with a neutral indicator prevents the misunderstanding that the lock icon is associated with the trustworthiness of a page, and emphasizes that security should be the default state in Chrome. Our research has also shown that many users never understood that clicking the lock icon showed important information and controls. We think the new icon helps make permission controls and additional security information more accessible, while avoiding the misunderstandings that plague the lock icon. 
    The new icon is scheduled to launch as part of a general design refresh for desktop platforms. Chrome will continue to alert users when their connection is not secure. You can enable the tune icon pre-release in Chrome for Desktop if you enable Chrome Refresh 2023 at chrome://flags#chrome-refresh-2023, but keep in mind this flag enables work that is still actively in-progress and under development, and does not represent a final product. 

    We will also replace the icon on Android. On iOS, the lock icon is not tappable, so we will be removing the icon. You can read more in this blog post.
    • Chrome 117 on Linux, Mac, Windows: The new icon is scheduled to launch in Chrome 117.
      New lock icon

   

  • Network service is sandboxed on Linux and ChromeOS back to top 

    The network service is sandboxed on Linux and ChromeOS to improve security. On Linux, it's possible that third party software (likely data loss prevention or antivirus software) is injecting code into Chrome's processes and will be blocked by this change. This may result in Chrome crashing for your users. 
    If this happens, you should work with the vendor of the third party software to stop it from injecting code into Chrome's processes. In the meantime, you will be able to use the NetworkServiceSandboxEnabled policy to defer the sandboxing. This is a temporary measure intended to help enterprises surprised by the change; the policy will be removed in a future version of Chrome.
    • Chrome 117 on Chrome OS, Linux: The network service sandboxed on Linux and ChromeOS to improve security.

   

  • TLS Encrypted Client Hello (ECH) back to top 

    The TLS Encrypted ClientHello (ECH) extension enables clients to encrypt ClientHello messages, which are normally sent in cleartext, under a server’s public key. This allows websites to opt-in to avoid leaking sensitive fields, like the server name, to the network by hosting a special HTTPS RR DNS record. (Earlier iterations of this extension were called Encrypted Server Name Indication, or ESNI.) If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it. You can enable the new behavior by navigating to chrome://flags and enabling the #encrypted-client-hello flag. On Windows and Linux, you also need to enable Secure DNS for the flag to have an effect.
    If you notice any incompatibilities, you can use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH.
    • Chrome 117 on Chrome OS, Linux, Mac, Windows

   

  • User surveys related to SafeBrowsing warnings back to top 

    After a user adheres to or bypasses a SafeBrowsing warning, Chrome may ask them about their satisfaction with the experience. You can control this with the SafeBrowsingSurveysEnabled policy.
    • Chrome 117 on Chrome OS, Linux, Mac, Windows

   

  • Simplified onboarding experience back to top 

    Some users may see a simplified onboarding experience with a more intuitive way to sign into Chrome. Enterprise policies like BrowserSignin, SyncDisabled, EnableSyncConsent, RestrictSigninToPattern and SyncTypesListDisabled will continue to be available as before to control whether the user can sign into Chrome and turn on sync. The PromotionalTabsEnabled policy can be used to skip the onboarding altogether. DefaultBrowserSettingEnabled is respected in the same way as before.
    • Chrome 117 on Linux, Mac, Windows

   

  • Warnings on insecure downloads back to top 

    Chrome will begin showing warnings on some downloads if those files were downloaded over an insecure (i.e. not HTTPS) connection. These warnings do not prevent downloading and can be bypassed by the user. Enterprises can test their downloads by enabling warnings via chrome://flags/#insecure-download-warnings. Enterprises can also disable warnings for sites that can not deliver files securely by adding the downloading site to InsecureContentAllowedForUrls.
    • Chrome 117 on Android, Chrome OS, LaCrOS, Linux, Mac, Windows, Fuchsia: Chrome shows warnings on some downloads.
      Insecure downloads
     

   

  • Service Worker static routing API back to top 

    Chrome releases the Service Worker static routing API; it enables developers to optimize how Service Workers are loaded. Specifically, it allows developers to configure the routing, and allows them to offload simple things ServiceWorkers do. If the condition matches, the navigation happens without starting ServiceWorkers or executing JavaScript, which allows web pages to avoid performance penalties due to ServiceWorker interceptions.
    • Chrome 116 on Android, Chrome OS, Linux, Mac, Windows: Origin Trial for Service Worker static routing API.
    • Chrome 117 on Android, Chrome OS, Linux, Mac, Windows: Release of the Service Worker static routing API.

   

  • Chrome browser integration with Symantec Endpoint DLP back to top 

    This feature provides a secure native integration that transfers content (file or text) between Chrome and Broadcom’s Symantec DLP agent without the need for deploying an extension. When a CBCM or CDM managed user performs an action that sends data via Chrome, Symantec Endpoint DLP can monitor for data exfiltration and apply allow/block controls based on customer's DLP policies.
    • Chrome 117 on Windows

   

  • Require X.509 key usage extension for RSA certificates chaining to local roots back to top 

    X.509 certificates used for HTTPS should contain a key usage extension that declares how the key in a certificate may be used. Such instructions ensure certificates are not used in an unintended context, which protects against a class of cross-protocol attacks on HTTPS and other protocols. For this to work, HTTPS clients must check that server certificates match the connection's TLS parameters, specifically that the key usage flag for “digitalSignature” and possibly “keyEncipherment” (depending on TLS ciphers in use) are asserted when using RSA. 
    Chrome 117 will begin enforcing that the key usage extension is set properly on RSA certificates chaining to local roots. Key usage is already required for ECDSA certificates, and for publicly trusted certificates. Enterprises can test and temporarily disable key usage enforcement using the RSAKeyUsageForLocalAnchorsEnabled policy (available in Chrome 116).
    • Chrome 116 on Android, Chrome OS, Linux, Mac, Windows: The RSAKeyUsageForLocalAnchorsEnabled policy is added.
    • Chrome 117 on Android, Chrome OS, Linux, Mac, Windows: Chrome begins enforcing that the key usage extension is set properly on RSA certificates chaining to local roots. Key usage is already required for ECDSA certificates, and for publicly trusted certificates.

   

  • Simplified sign-in and sync experience back to top 

    Chrome launches a simplified and consolidated version of sign-in and sync in Chrome. Chrome sync will no longer be shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.  As before, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be turned off fully (via SyncDisabled) or partially (via SyncTypesListDisabled). Sign-in to Chrome can be required or disabled via BrowserSignin as before. 
    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.
    • Chrome 117 on iOS: Simplified sign-in and sync experience launches on iOS.
     



     

   

  • Updates to Clear browsing data on Android back to top 

    Chrome enhances the browser data deletion controls by making it easier and quicker for users to complete their ‘Clear browsing data’ journeys, while maintaining the granular controls for advanced data deletion needs.
    • Chrome 117 on Android

   

  • Allow users to review and optionally remove potentially unsafe extensions back to top 

    A new review panel will be added in chrome://extensions, which appears whenever there are potentially unsafe extensions that need the user's attention, such as extensions that are malware, policy violating or are no longer available in the Chrome Web Store. The user can choose to remove or keep these extensions. 
    There is also a count of risky extensions needing review that is presented in the Chrome Privacy & Security settings page. As an administrator, you can preemptively control the availability of potentially unsafe extensions using the ExtensionUnpublishedAvailability policy.
    • Chrome 117 on Chrome OS, Linux, Mac, Windows

   

  • New Chrome Desktop visual refresh in Chrome 117 back to top 

    With Google’s design platform moving to Google Material 3, we have an opportunity to modernize our desktop browser across OS’s, leveraging updated UI elements or styling, enhancing personalization through a new dynamic color system, and improving accessibility. The first wave of UI updates will roll out in Chrome 117. 
    The three dot Chrome menu will also be refreshed, providing a foundation to scale personalization and customization experiences in Chrome by enabling customers proximate access to tools and actions.. The menu will be updated in phases starting in Chrome 117.
    • Chrome 117 on Linux, Mac, Windows: Rollout starts for all users.

   

  • Native Client support updates back to top 

    We will remove Native Client NaCl support from extensions on Windows, macOS, Linux. An enterprise policy will be available, NativeClientForceAllowed, which will allow Native Client to continue to be used.
    • Chrome 117 on Linux, Mac, Windows: Removal of Native Client NaCl support from extensions on Windows, macOS, Linux.
    • Chrome 119 on Linux, Mac, Windows: Removal of NativeClientForceAllowed policy.

   

  • Deprecate and remove WebSQL back to top 

    The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebsQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. With SQLite over WASM as its official replacement, we want to remove WebSQL entirely.
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a policy, WebSQLAccess, is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy.

   

  • Revamp permission usage or blockage indicators back to top 

    In-use activity indicators are visual cues that let users know that an origin is actively using a permission-gated feature. They can be used to indicate things like whether geolocation is accessed, or video and audio are being captured. Chrome is changing the life cycle of the activity indicators, updating how long they appear in the address bar.
    • Chrome 117 on Chrome OS, Linux, Mac, Windows

   

  • Price tracking back to top 

    Starting in Chrome 117, when users bookmark a price-trackable product, price tracking will be enabled by default when available. Users will be able to disable price tracking per item, and administrators can disable the feature entirely with the ShoppingListEnabled policy.
    • Chrome 117 on Chrome OS, Linux, Mac, Windows

   

  • Price insights on Chrome desktop back to top 

    Some users will see a chip in the address bar which enables them to see price information about a product they're shopping for.
    • Chrome 117 on Chrome OS, Linux, Mac, Windows

   

  • Auth on entry to Password Manager on iOS back to top 

    To improve security, re-auth is now required when entering Google Password Manager on Chrome on iOS. Previously, re-auth was required only when viewing password details or notes. The device unlock method will be offered, i.e. FaceID, TouchID, or Passcode. If a Passcode is not set-up, the user will be prompted to do so.
    • Chrome 117 on iOS: Re-auth required anytime when entering Google Password Manager on Chrome on iOS.

   

  • Improved download warnings back to top 

    To help reduce cookie theft and other consequences of downloading malware, we’re cleaning up desktop download warning strings and patterns to be clear and consistent.
    • Chrome 117 on LaCrOS, Linux, Mac, Windows: Strings, icons, and colors, as well as warning messages for some downloads, will be updated.
     

   

  • Storage Access API with prompts back to top 

    Allow frames to request access to third-party cookies through the Storage Access API (SAA) when third-party cookies are blocked.
    • Chrome 117 on Chrome OS, LaCrOS, Linux, Mac, Windows: Support the Storage Access API by implementing all the behaviors listed in the specification, i.e. with user prompts, and additionally having its own user-agent-specific behaviors.

   

  • Chrome on Android trackpad support back to top 

    Chrome on Android now has advanced keyboard and trackpad or mouse support, similar to desktop Chrome.
    • Chrome 117 on Android: Enabled shortcuts for web content edit, cursor movements and media. 

   

  • Port overflow check in URL setters back to top 

    The port value is now checked when setting url.port. All the values that overflow the 16-bit numeric limit are no longer valid. For instance the following script behaves differently after the change: ``` u = new URL("http://test.com"); u.port = 65536; console.log(u.port); ``` Before the change, the output is 65536. After the change, the output will be 80.
    • Chrome 117 on Windows, Mac, Linux, Android

   

  • Deprecate TLS SHA-1 server signatures back to top 

    Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported. SHA-1 can be temporarily re-enabled via the temporary InsecureHashesInTLSHandshakesEnabled enterprise policy. This policy will be removed in Chrome 123.
    • Chrome 117 on Windows, Mac, Linux, Android
     

   

  • URL standard-compatible IPv4 embedded IPv6 host parser back to top 

    The behavior of parsing IPv4 embedded IPv6 host parser will be updated to strictly follow the web URL standard: https://url.spec.whatwg.org/#concept-ipv6-parser The introduced restrictions on the IPv6 address are: * The embedded IPv4 address shall always consist of 4 parts. Addresses with less than 4 parts like http://[::1.2] will be no longer valid. The feature is a part of the URL interop 2023.
    • Chrome 117 on Windows, Mac, Linux, Android

   

  • Form-Filler Accessibility Mode back to top 

    This feature improves performance by providing a subset of the full accessibility API to form-filler apps.
    • Chrome 117 on Android: A subset of the full accessibility API is provided to form-filler apps.

   

  • Clear client hints via Clear-Site-Data header back to top 

    Websites will now be able to clear the client hints cache using `Clear-Site-Data: “clientHints”`. Client hints will also now be cleared when cookies, cache, or * are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.
    • Chrome 117 on Windows, Mac, Linux, Android

   

  • Remove WebRTC getStats datachannelIdentifier -1 back to top 

    The WebRTC getStats API exposes a dataChannelIdentifier property. It will no longer provide the value "-1" in cases where statistics are queried before the datachannel connection is established. Instead, the dictionary member will be omitted. This follows the general pattern not to return meaningless information described in this article.
    • Chrome 117 on Windows, Mac, Linux, Android
     

   

  • Remove WebRTC getStats encoderImplementation or decoderImplementation unknownback to top 

    The WebRTC getStats API exposes the encoder and decoder implementation names for outbound and inbound video: https://w3c.github.io/webrtc-stats/#dom-rtcoutboundrtpstreamstats-encoderimplementation 
    It will no longer provide the value unknown in cases where statistics are queried before a video frame was encoded or decoded. Instead, the dictionary member will be omitted. This follows the general pattern not to return meaningless information described in this article. 
    • Chrome 117 on Windows, Mac, Linux, Android

   

  • Unship callback-based legacy getStats() for WebRTC back to top 

    RTCPeerConnection has two versions of getStats(), one that is spec-compliant returning the report via resolving a promise, and one that is non-standard returning a very different report via a callback as the first argument. The callback-based one will soon be removed. Removal target: Chrome 117. A deprecation trial is available Chrome 113- Chrome 121 for apps that need more time. In the Chrome 114+ the method will throw an exception in Canary/Beta unless using the trial.
    • Chrome 117 on Windows, Mac, Linux, Android

   

   

  • Removed policies in Chrome browser   back to top

    Policy

    Description

    DeviceTargetVersionSelector

    Allow devices to select a specific target version of Google ChromeOS they will update to

ChromeOS updates

   

  • ChromeOS battery state sounds back to top

    In Chrome 117, audible sounds now indicate battery status. Users can turn on and off these sounds and Admins can control them using the DeviceLowBatterySoundEnabled policy.

    When the device is not plugged in, you hear warning sounds if:

    • Battery level goes down to 15 minutes of charge time left, and another one when there is 5 minutes left.

    When the device is plugged in, you hear an information beep when:

    • Battery level - 0-15% (low) 
    • Battery level - 16-79% (med) 
    • Battery level - 80-100% (high)

    In the case where the device is connected to a low power charger, you’ll hear warnings when the battery goes down to 10%, then again at 5%.

     

   

  • Avoid content control escapes on the login or lock screen back to top

    Administrators can now control and limit the available content on end-users login and lock screens when identity federation is used with a third party identity provider (using SAML or OIDC). This is achieved by introducing two new policies to block or allow external URLs on login and lock screens, DeviceAuthenticationURLAllowlist and DeviceAuthenticationURLBlocklist. As a result, you can prevent content control escapes.
     

   

  • Emoji Picker with GIF support back to top

    The emoji picker now supports GIFs. Search and find the perfect GIF to express yourself. 

    For managed devices, this feature is switched off by default.

   

  • ChromeOS gets a makeover back to top

    Thanks to Google Material 3, Google’s new design platform, ChromeOS 117 brings with it:
    • A new set of themes which dynamically update to reflect your wallpaper and style.
    • A new look for almost all system surfaces with updated text, menus, icons or elements.

    You can control the new look using the ChromeOS Personalization App.

     

   

  • ChromeOS Personalization App back to top

    With this launch, your ChromeOS now has accent colors that match your wallpapers, creating a unique theme for your device. The accent colors also adapt to the light and dark modes.
     

   

  • Color correction settings on ChromeOS back to top

    ChromeOS now has built-in color correction settings that make it easier for users to see colors on their screens. In ChromeOS Accessibility settings, under Display and Magnification, you can enable color filters for protanopia, deuteranopia or tritanopia, or to view the display in grayscale. Users can use a slider to customize the filters' intensity to meet their needs.
     

   

  • System answer cards in Launcher search back to top

    When users search for the status of their OS version, battery, RAM, storage, or CPU, in Launcher, they can now see that information previewed in the search results. 

     

   

  • Nudge managed users towards enrolling non-ZTE devices back to top

    This feature enables administrators to demand managed users to enroll their non-zero touch devices by introducing a new user policy, UserEnrollmentNudging, which can be configured to require enrollment of the given user. If the policy is enabled and the managed user misses the enrollment step and performs first sign in on the device, a pop-up is shown suggesting to either switch to enrollment flow or use another email for sign-in, essentially preventing the managed user from signing in without enrollment. 
     

   

  • Replacing the Bluetooth stack on ChromeOS back to top

    Starting in ChromeOS 117, and gradually applying to all ChromeOS devices, this Bluetooth software change brings the Android Bluetooth stack, Fluoride, to ChromeOS. The transition happens seamlessly on login, preserving existing paired devices, and should work with Bluetooth devices today with no interruptions. If you experience issues, please file feedback and, if necessary, disable the new stack via chrome://flags/#bluetooth-use-floss.
     

   

  • Time-lapse recording back to top

    The built-in Camera App now supports Time-Lapse recording. To use the feature, open the Camera App, select Video, then Time-Lapse. Recording can continue for as long as there is available storage space. Camera app determines the right speed for the time-lapse video based on duration recorded, to ensure your video always looks great.
     

     

   

  • Enhanced options in clipboard history back to top

    Enhancements to Clipboard History menu including introducing new entry points, ways to discover the feature and simplifying feature comprehension making it easier to discover and use. You can now see more detail for items in your clipboard history and can access clipboard history items nested directly in context menus. For users discovering Clipboard History for the first time, we are also introducing educational information to help with understanding this feature.
     

   

  • ChromeVox dialog changes back to top

    We’ve made some changes to the initial out-of-the-box experience (OOBE) dialog that explains what ChromeVox is, who might benefit from activating ChromeVox and requires pressing space instead of offering an on-screen button. With this update, we hope to reduce the number of users who inadvertently activate ChromeVox.
     

   

  • Up Next Calendar view with Join video call integration back to top

    See your upcoming events directly from the calendar view and join any digital meetings directly with the new Join button.
     

   

  • Adaptive Charging back to top

    Adaptive Charging is a new ChromeOS power management feature. Devices with Adaptive Charging enabled via Settings charge to 80% and then complete charging to 100% based on an ML model’s prediction for when the user will unplug their device. Reducing the time a device spends at 100% charge helps preserve the battery's health and ability to hold a charge over the lifetime of the device. 
     

Admin console updates

 

   

  • Printing reports now available in Chrome Management Reports API   back to top

    Chrome 117 includes additional endpoints to Chrome Management Reports API that allow access to printing reports. The new endpoints provide per-user and per-printer summary printing reports, as well as a listing of all print jobs submitted to managed printers. The data provided by the new endpoints corresponds to the data in the Print Usage page of the Admin console. This update exposes the same data in the third-party Reports API.

 

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • Chrome will introduce a chrome://policy/test page  back to top

    chrome://policy/test will allow customers to test out policies on the Beta, Dev, Canary channels. If there is enough customer demand, we will consider bringing this functionality to the Stable channel.
    • Chrome 118 on Android, iOS, Chrome OS, Linux, Mac, Windows
     

   

  • Network Service on Windows will be sandboxed  back to top

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.
    • Chrome 118 on Windows: Network Service sandboxed on Windows
     

   

  • Remove ForceMajorVersionToMinorPositionInUserAgent policy  back to top

    Chrome plans to remove the ForceMajorVersionToMinorPositionInUserAgent policy. This policy was introduced in Chrome 99 to control whether the User-Agent string major version would be frozen at 99, in case of User-Agent string parsing bugs when the version changed to 100. Fortunately, we did not need to deploy this feature and only encountered a few minor 3-digit version parsing issues that have all since been fixed. Given that, we intend to remove this policy. If you have any feedback about this policy removal, or are aware of intranet breakage that depends on the policy, please comment on this bug.   

   

  • Remotely disable malicious off-store extensions  back to top

    When Enhanced Safe Browsing is enabled, users found to have a malicious off-store extension installed will have it disabled when the decision is entered on the Safe Browsing servers via either manually or by an automated detection system.
    • Chrome 118 on Chrome OS, Linux, Mac, Windows: Feature launches
     

   

  • Remove RendererCodeIntegrityEnabled policy  back to top

    The RendererCodeIntegrityEnabled policy will be removed. We recommend that you verify any potential incompatibilities with third party software by no longer applying the policy in advance of this release. You can report any issues you encounter by submitting a bug here.
    • Chrome 118 on Windows: This policy is deprecated and will no longer take effect
     

   

  • Support for passkeys in iCloud Keychain on macOS  back to top

    Chrome on macOS ≥ 13.5 will gain support for creating and using passkeys from iCloud Keychain. When signing in using WebAuthn, passkeys from iCloud Keychain will be listed as options once the user has granted Chrome the needed permission. If permission has not been granted then a generic "iCloud Keychain" option will appear that will prompt for permission before showing iCloud Keychain passkeys. If permission is denied then iCloud Keychain can still be used, but will have to be manually selected each time. When a site asks to create a platform passkey, Chrome might default to creating the passkey in iCloud Keychain based on whether iCloud Drive is in use and whether WebAuthn credentials from the current profile have been recently used. This can be controlled with a setting on chrome://password-manager/settings, and with the enterprise policy CreatePasskeysInICloudKeychain.
    • Chrome 118 on Mac: The ability to use iCloud Keychain will be enabled in Chrome 118. Whether Chrome defaults to creating platform passkeys in iCloud Keychain may be altered by Finch during the lifetime of 118.
     

   

  • Hash-prefix real-time lookups  back to top

    For standard Safe Browsing protection users, visited URLs now have their safety checked in real time instead of against a less frequently updated local list of unsafe URLs. This is done by sending partial hashes of the URLs to Google Safe Browsing through a proxy via Oblivious HTTP, so that the user’s IP address is not linked to the partial hashes. This change improves security while maintaining privacy for users. If needed, the feature can be disabled through the policy SafeBrowsingProxiedRealTimeChecksAllowed.
    • Chrome 118 on iOS, Chrome OS, LaCrOS, Linux, Mac, Windows: This will start with a 1% rollout and then proceed to 100% of users.
     

   

  • Red interstitial facelift  back to top

    In Chrome 118, users will see minor updates to the red Safe Browsing interstitials. The main body text will include an explicit recommendation from Chrome and site ID will be specified in the details section instead of the main body. The warning icon will be replaced by the danger icon and styling will be updated to be consistent with the latest product standards. These changes will improve user comprehension of warnings.
    • Chrome 118 on Android, iOS, Chrome OS, LaCrOS, Linux, Mac, Windows
     

   

  • Form Controls support vertical writing mode  back to top

    CSS property writing-mode should be enabled for form controls elements as it will allow lines of text to be laid out horizontally or vertically and it sets the direction in which blocks progress. With this feature, we are allowing the form control elements select, meter, progress, button, textarea and input to have vertical-rl or vertical-lr writing mode. As needed for Web compatibility, we will slowly rollout the change for a number of form controls in 118 and continue in future milestones.
    • Chrome 118 on Windows, Mac, Linux, Android 
     

   

  • Block all cookies set via JavaScript that contain control characters  back to top

    Updates how control characters in cookies set via JavaScript are handled. Specifically, all control characters cause the entire cookie to be rejected (previously a NULL character, a carriage return character, or a line feed character in a cookie line caused it to be truncated instead of rejected entirely, which could have enabled malicious behavior in certain circumstances). This behavior aligns Chrome with the behavior indicated by the latest drafts of RFC6265bis. This change can be disabled using the `--disable-features=BlockTruncatedCookies` or the BlockTruncatedCookies enterprise policy, which will exist for several milestones in case this change causes any breakage.
    • Chrome 118 on Windows, Mac, Linux, Android 
     

   

  • Clearer Safe Browsing protection level settings text and images  back to top

    In Chrome 118, some users will see new text describing the Safe Browsing protection level on both the Security Settings page and the Privacy Guide. The update clarifies the Enhanced Protection level by adding a table and linking to a help center article where users can learn more. The new table helps users understand the trade-offs when selecting that option versus choosing the other options. The descriptions for Standard Protection, No Protection and the password compromise warnings toggle have been simplified to make the options clearer. The Safe Browsing protection level is an existing setting and continues to be controlled by the SafeBrowsingProtectionLevel policy value.
    • Chrome 118: Some users will see the updated text and images on the Chrome Security Settings page and on the Privacy Guide.
     

   

  • WebUSB in Extension Service Workers  back to top

    Allows web developers to use WebUSB API when responding to extension events by exposing WebUSB API to Service Workers registered by browser extensions. This API will not yet be exposed to Service Workers registered by sites but the implementation experience gained by supporting the API for extensions will be valuable for such a future project.
    • Chrome 118 on Windows, Mac, Linux 
     
 

   

  • IP Protection Phase 0 for Chrome  back to top

    As early as Chrome 118, Chrome may route traffic for some network requests to Google-owned resources through a privacy proxy. This is an early milestone in a larger effort to protect users' identities by masking their IP address from known cross-site trackers. More information (including enterprise policies) will be provided in the near future.
     

   

  • Include chrome.tabs API calls in extension telemetry reports  back to top

    When you enable Enhanced Safe Browsing, Chrome will now collect telemetry information about chrome.tabs API calls made by extensions. This information is analyzed on Google servers and further improves the detection of malicious and policy violating extensions. It will also allow better protection for all Chrome extension users. This functionality along with the entire extension telemetry feature can be turned off by setting SafeBrowsingProtectionLevel to any value other than 2 (ie. disable Enhanced Safe Browsing).
    • Chrome 118 on Chrome OS, Linux, Mac, Windows: Feature launches
     

   

  • Remove non-standard appearance keywords  back to top

    Since only standard appearance keywords should be supported, we are removing the appearance (and -webkit-appearance) keywords that shouldn't be supported anymore: 

    * inner-spin-button 

    * media-slider

    * media-sliderthumb 

    * media-volume-slider 

    * media-volume-sliderthumb 

    * push-button * searchfield-cancel-button 

    * slider-horizontal * sliderthumb-horizontal 

    * sliderthumb-vertical 

    * square-button 

    Note that value slider-vertical will not be removed as part of this patch; it is used for allowing <input type=range> vertical. It will be removed once feature FormControlsVerticalWritingModeSupport is enabled in Stable. 

    Previously, if using any of the above keywords, a console warning will be shown, but the keyword will be recognized as a valid value. With the feature enabled, the appearance property will be ignored and set to the empty string. As needed for Web compatibility, we will progressively remove the appearance keywords based on their counter usages on Chrome Status Metrics. For release 118, we will start with the following keywords, currently at page load usage below 0.001%: 

    * media-slider at 0.000361 

    * media-sliderthumb at 0.000187% 

    * media-volume-slider at 0.000143% 

    * media-volume-sliderthumb at 0.000109% 

    * sliderthumb-horizontal at 0.000182% 

    * sliderthumb-vertical at 0.000014%

    • Chrome 118 on Windows, Mac, Linux, Android 
     

   

  • Chrome release schedule changes  back to top

    Chrome 119 and all subsequent releases will be shifted forward by one week. For example, Chrome 119 will have its early stable release on October 25 instead of Nov 1. Beta releases will also be shifted forward by one week starting in Chrome 119.
    • Chrome 119 on Android, iOS, Chrome OS, Linux, Mac, Windows
     

   

  • Permissions Prompt for Web MIDI API  back to top

    This feature gates the Web MIDI API access behind a permissions prompt. Today the use of SysEx messages with the Web MIDI API requires an explicit user permission. With this implementation, even access to the Web MIDI API without SysEx support will require a user permission. Three new policies—DefaultMidiSetting, MidiAllowedForUrls and MidiBlockedForUrls—will be available to allow administrators to pre-configure user access to the API.
    • Chrome 119 on Windows, Mac, Linux, Android 
     

   

  • Migrate away from data URLs in SVG <use> element  back to top

    The SVG spec was recently updated to remove support for data: URLs in SVG <use> element. This improves security of the Web platform as well as compatibility between browsers as Webkit does not support data: URLs in SVG <use> element. You can read more in this blog post. 

    For enterprises that need additional time to migrate, the DataUrlInSvgUseEnabled policy will be available temporarily to re-enable Data URL support for SVG <use> element.

    • Chrome 119 on Android, Chrome OS, LaCrOS, Linux, Mac, Windows, Fuchsia: Remove support for data: URLs in SVG <use> element
     

   

  • Chrome Browser Cloud Management: Crash report  back to top

    The Crash Report is a new Chrome Browser Cloud Management report in the Admin console where IT admins can find a chart to easily visualize the number of crash events over time, based on the versions of Chrome that are running.
    • Chrome 119 on Android, iOS, Linux, Mac, Windows: Crash Report launched in Chrome Browser Cloud Management
     

   

  • Display banner to allow resume last tab from other devices  back to top

    Help signed in users resume tasks when they have to switch devices during an immediate transition by offering to pick up tabs recently used on the previous device. Admins can control this feature via the existing enterprise policy called SyncTypesListDisabled.
    • Chrome 119 on iOS: Feature launches

     

   

  • Remove Sanitizer API  back to top

    The Sanitizer API aims to build an easy-to-use, always secure, browser-maintained HTML sanitizer into the platform. It is a cross-browser standardization effort starting in Q2/2020. We shipped an initial version of the Sanitizer API in Chrome 105, based on the then-current specification draft. However, the discussion has meanwhile moved on and the proposed API shape has changed substantially. In order to prevent the current API from becoming entrenched we would like to remove the current implementation. 

    We expect to re-implement the Sanitizer API when the proposed specification stabilizes again. 

    • Use counters: The Sanitizer API is currently used on 0.000000492% of page visits. 
    • Old vs new API: * Old explainer, API as implemented in "MVP" since Chrome 105: https://github.com/WICG/sanitizer-api/blob/e72b56b361a31b722b4e14491a83e2d25943ba58/explainer.md * 
    • New explainer (still in progress): https://github.com/WICG/sanitizer-api/blob/main/explainer.md
    • Chrome 119 on Windows, Mac, Linux, Android 
     

   

  • Tab Groups can be saved, recalled, and synced  back to top

    Users will be able to save tab groups, which will allow them to close and re-open the tabs in the group, as well as sync them across devices.
    • Chrome 119 on Chrome OS, Linux, Mac, Windows
     

   

  • Chrome profile separation: new policies  back to top

    Three new policies will be created to help enterprises configure enterprise profiles: ProfileSeparationSettings, ProfileSeparationDataMigrationSettings, ProfileSeparationSecondaryDomainAllowlist. These policies will basically be replacements for ManagedAccountsSigninRestriction, EnterpriseProfileCreationKeepBrowsingData.
    • Chrome 119 on Linux, Mac, Windows: New profile separation policies available: ProfileSeparationSettings, ProfileSeparationDataMigrationSettings, ProfileSeparationSecondaryDomainAllowlist.
     

   

  • Replace dangling markup in target name to `_blank`  back to top

    This change replaces the navigable target name (which is usually set by target attribute) to `_blank`, if it contains a dangling markup (i.e. `\n` and `<`). Which fixes a bypass in the dangling markup injection mitigation.
    • Chrome 119 on Windows, Mac, Linux, Android 
     

   

  • Private Network Access restrictions for automotive  back to top

    This ships Private Network Access restrictions to Android Automotive (if BuildInfo::is_automotive), including: - Private Network Access preflight requests for subresources and Private Network Access for Workers. See Note that the two above features were shipped in warning only mode, but this features will enforce the restriction, i.e. failing the main request if restrictions are not satisfied.
    • Chrome 5 on Windows, Mac, Linux 
    • Chrome 119 on Android 
     

   

  • Deprecate non-standard `shadowroot` attribute for declarative shadow DOM  back to top

    The standards-track `shadowrootmode` attribute, which enables declarative Shadow DOM, was shipped in Chrome 111 [1]. The older, non-standard `shadowroot` attribute is now deprecated. During the deprecation period, both attributes are functional, however the `shadowroot` attribute does not enable the new streaming behavior, whereas `shadowrootmode` allows streaming of content. There is a straightforward migration path: replace `shadowroot` with `shadowrootmode`. The old `shadowroot` attribute is deprecated as of Chrome Chrome 112, and it will be removed (no longer supported) in Chrome 119, which goes to Stable on November 1, 2023. [1] https://chromestatus.com/feature/5161240576393216
    • Chrome 119 on Windows, Mac, Linux, Android 
     

   

  • Chrome on Android will no longer support Android Nougat  back to top

    The last version of Chrome that will support Android Nougat will be Chrome 119, and it includes a message to affected users informing them to upgrade their operating system. Chrome 120 will not support nor ship to users running Android Nougat.
    • Chrome 120 on Android: Chrome on Android no longer supports Android Nougat
     

   

  • Chrome Third-Party Cookie Deprecation (3PCD)  back to top

    In Chrome 120 and beyond (Jan 2024), Chrome will globally disable third-party cookies for 1% of Chrome traffic as part of our Chrome-facilitated testing in collaboration with the CMA, to allow sites to meaningfully preview what it's like to operate in a world without third-party cookies (3PCs). Most enterprise end users will be excluded from this experiment group automatically. But for the few that may be affected, enterprise admins will be able to utilize an enterprise policy to opt out their managed browsers ahead of the experiment and give enterprises time to make necessary changes to not rely on this policy or third party cookies. We plan to provide more details about this policy and provide more tooling to help identify 3PC use cases. In the meantime, refer to the 'Mode B: 1% third-party cookie deprecation' blog section for more details on how to prepare, provide feedback and report potential site issues.
    • Chrome 120 on Chrome OS, Linux, Mac, Windows
      1% of global traffic has third party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.
     

   

   

  • Intent to deprecate: Mutation events  back to top

    Synchronous Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be removed or migrated to Mutation Observer.
    • Chrome 127 on Android, Chrome OS, Linux, Mac, Windows: Mutation Events will stop functioning in Chrome 127, around July 30, 2024.
     

   

  • Extensions must be updated to leverage Manifest V3  back to top

    Extensions must be updated to leverage Manifest V3 back to top Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. As mentioned earlier in our blog post (https://developer.chrome.com/blog/more-mv2-transition/) the Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed. During the timeline review, existing Manifest V2 extensions can still be updated, and still run in Chrome. However, all new extensions submitted to the Chrome Web Store must implement Manifest V3. An Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. For more information on the Manifest timeline: https://developer.chrome.com/docs/extensions/migrating/mv2-sunset/
    • Chrome 98 on Chrome OS, LaCrOS, Linux, Mac, Windows: Chrome Web Store stops accepting new Manifest V2 extensions with visibility set to "Public" or "Unlisted". The ability to change Manifest V2 extensions from "Private" to "Public" or "Unlisted" is removed.
    • Chrome 103 on Chrome OS, LaCrOS, Linux, Mac, Windows: Chrome Web Store stops accepting new Manifest V2 extensions with visibility set to "Private".
    • Chrome 110 on Chrome OS, LaCrOS, Linux, Mac, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.

    Future milestone on Chrome OS, LaCrOS, Linux, Mac, Windows: Removal of ExtensionManifestV2Availability policy.

↑ back to top  

Upcoming ChromeOS changes

   

  • Privacy Hub back to top

    Later this year, users will be able to manage their camera and microphone settings across the operating system from one place in Settings. This way it only takes one click for users to completely turn off their camera or microphone all from one place when they need extra confidence in staying on mute.
     

     

   

  • ChromeOS Admin templates back to top

    App Launch Automation can be configured by Administrators in the Admin console to contain groups of applications, windows and tools that can be launched automatically on startup or on-demand by users throughout their day. With App Launch Automation, you can: get users up and running quickly at the start of their day, provide users with a way to easily get to an optimal starting point for new tasks, and remember the window layout each user sets up for their individual workflows for future use.
     

↑ back to top  

Upcoming Admin console changes

   

  • URL-keyed anonymized data collection in Kiosk mode back to top

    The policy for URL-keyed anonymized data collection, UrlKeyedAnonymizedDataCollectionEnabled, will soon be supported in the Admin console. This policy will be enforced starting October 1st and will remain disabled until then.

↑ back to top  

Chrome 116

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Enterprises can sign up for security fix notifications    
Chrome increases release velocity with security improvements planned for each week    
Share Sheet migration    
Google Search side panel    
X25519Kyber768 key encapsulation for TLS    
Improving performance: Memory Saver and Energy Saver modes  

Anti-phishing telemetry expansion    
Enabling BFCache for pages that set Cache-Control: no-store    
Idle Timeout policies on Desktop    
OS-native Passkey changes on Windows 11    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Data processor mode on ChromeOS (including Chrome browser running on managed ChromeOS)     
Removal of permissive Chrome Apps webview behaviors    
ChromeOS OCR in PDFs for screen reader users    
Move ChromeVox settings pages to ChromeOS settings    
Customizing input peripherals per device settings    
Managing Android App permissions    
ChromeOS Kerberos integration enhancements    
Commercial launch of screensaver    
Enhanced autocorrect features    
Additional input method support for Linux apps    
URL-keyed anonymized data collection in Kiosk mode    
Admin console updates Security/ Privacy User productivity/ Apps Management
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Extensions Review panel     
Native Client Support updates    
Updates to Clear Browsing Data on Android    
Skip unload events    
Require X.509 key usage extension for RSA certificates chaining to local roots    
Network service will be sandboxed on Linux and ChromeOS    
Bounce Tracking mitigations    
Restricting the use of --load-extension    
Service Worker static routing API    
Enable access to WebUSB API from extension service workers    
Simplified sign-in and sync experience    
IP Protection Phase 0 for Chrome    
Web MIDI permission prompt    
Network service will be sandboxed on Windows    
Removal of the RendererCodeIntegrityEnabled policy    
Chrome 117 will no longer support macOS 10.13 and macOS 10.14    
New Chrome Desktop visual refresh in Chrome 117    
Update to the lock icon    
Storage Access API with Prompts    
Extensions must be updated to leverage Manifest V3
Removal ForceMajorVersionToMinorPositionInUserAgent policy    
Chrome release schedule changes    
Chrome 119 to phase out support for Web SQL    
Migrate away from data URLs in SVG <use> element  
Chrome profile separation  
Removal LegacySameSiteCookieBehaviorEnabledForDomainList policy     
Intent to deprecate: Mutation Events    
Warnings on insecure downloads    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
ChromeOS battery state sounds    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Enterprises can sign up for security fix notifications back to top 

    Using this sign-up form, you can opt in to receive email notifications whenever there's a Chrome release that contains high or critical security fixes, including zero-day fixes. Chrome uses a fast release cycle to keep you ahead of bad actors, and so you can expect such a release approximately every week. By default, Chrome applies updates automatically when they're made available, so no action is required from admins who keep Chrome's default update behavior. You can read more about Chrome updates strategies for enterprises here.

   

  • Chrome increases release velocity with security improvements planned for each week back to top 

    In Chrome 115 and previous releases, Chrome maintained a four-week release cycle with a minor release halfway between each major release containing security improvements and minor bug fixes. Major releases continue to be planned for approximately every four weeks, but starting in Chrome 116, minor releases are now planned every week. This allows us to deliver security improvements even faster. If you have auto-updates turned on (the default behavior of Chrome, and our recommendation), then no action is required. Chrome might still release some unplanned updates in response to critical fixes, zero-day fixes, or other unforeseen circumstances. If you want to be notified of the security fixes contained in each release of Chrome, you can sign up for notifications here. Read more about Chrome Security and why we're making this change in our blog post

   

  • Share Sheet migration back to top 
     

    Shared sheet migration  

    Chrome is migrating Share functionality from its custom share sheet to the Android system share sheet for Android U+ users. In this migration, we’ve deprecated some functionality such as stylized cards for shared highlights and a redundant button for short (non full-page) screenshots. On Pre-U Android, Chrome still shows the custom share sheet and users can navigate to the system share sheet using the More (...) button.

   

  • Google Search side panel back to top 

    Chrome is introducing the Search side panel, a new contextual side panel experience that allows users to delve into the content of the page they're currently viewing. The new side panel gives users new tools to get more context about the page they're viewing. We launched the Search side panel to some users in Chrome 115 and subsequently plan to roll out to all users in Chrome 116. You can control access to the Search side panel using the GoogleSearchSidePanelEnabled policy. 

   

  • X25519Kyber768 key encapsulation for TLS back to top 

    As early as Chrome 116, Chrome introduces a post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard. This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. However, some TLS middleboxes might be unprepared for the size of a Kyber key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. This cipher will be used for both TLS and QUIC connections.

↑ back to top  

   

  • Improving performance: Memory Saver and Energy Saver modes back to top 

    In Chrome 108, we introduced features designed to improve the performance of Chrome and extend battery life under the following enterprise policies: TabDiscardingExceptions, BatterySaverModeAvailability and HighEfficiencyModeEnabled. In Chrome 116, we expand the capabilities of the Memory Saver feature to help users further understand and use tab discarding to their benefit.

    Users with Memory Saver enabled (policy HighEfficiencyModeEnabled) now have increased visibility of discarded tabs in the tab strip and more insight into memory usage of active and inactive tabs. 

    Additionally, this release makes the management of exceptions (policy TabDiscardingExceptions) more intuitive for users who have access to manage their own exceptions:

    1. In settings, users can add exceptions based on currently open tabs (in addition to manual entry which exists today)

    2. In the page action chip of a discarded tab, users can opt the site out from future discarding.

   

  • Anti-phishing telemetry expansion back to top 

    In this feature, we log user-interaction data to Chrome servers and to Safe Browsing servers, which will fill knowledge gaps about how users interact with Safe Browsing phishing warnings and phishing pages. This additional telemetry will help inform where we should concentrate our efforts to improve phishing protection because it will allow us to understand the user better. Admins can opt out by using the Enterprise policies MetricsReportingEnabled and SafeBrowsingProtectionLevel.

   

  • Enabling BFCache for pages that set Cache-Control: no-store back to top 

    Documents with a Cache-Control: no-store header (CCNS) are blocked from entering BFCache. Chrome 116 will start BFCaching these documents, except for the ones with sensitive information (Github). 

    The AllowBackForwardCacheForCacheControlNoStorePageEnabled policy controls if a page with Cache-Control: no-store header can be stored in back/forward cache. The website setting this header might not expect the page to be restored from back/forward cache since some sensitive information could still be displayed after the restoration even if it is no longer accessible.

    If the policy is enabled or unset, the page with Cache-Control: no-store header might be restored from back/forward cache unless the cache eviction is triggered, for example, when there is HTTP-only cookie change to the site.

    If the policy is disabled, the page with Cache-Control: no-store header will not be stored in back/forward cache.

↑ back to top  

   

  • Idle Timeout policies on Desktop back to top

    In Chrome 116, admins can now enforce taking an action, for example, closing the browser, clearing cookies or moving to the profile picker, after Chrome has been idle for some amount of time. You can use the IdleTimeout policy to set a timeout period and the IdleTimeoutActions policy to specify actions on timeout.

   

  • OS-native Passkey changes on Windows 11 back to top 

    An update to Windows 11 later in 2023 adds support for cross-device passkeys flows in Windows webauthn.dll v6. Chrome 116 recognizes this version of Windows and stops offering its own cross-device support in Chrome UI, deferring to Windows instead. This results in users seeing a different UI, as shown below. This can be tested with Chrome 116 running on Windows Insider Dev Build 23486 or later.

    Win11 passkey  

   

 

   

  • Removed policies in Chrome browser   back to top
     
    Policy Description
    EventPathEnabled Re-enable the Event.path API 

↑ back to top  

ChromeOS updates

   

  • Data processor mode on ChromeOS (including Chrome browser running on managed ChromeOS) back to top

    In ChromeOS 116, ChromeOS is releasing a data processor mode for a suite of ChromeOS features and services called Essential Services, switching Google’s role from that of a data controller over personal data, to primarily that of a data processor. Features and services for which Google remains solely a data controller are called “Optional Services”. IT admins who manage ChromeOS devices used by managed Dutch Education accounts will see these new terms and features available to select from August 18, 2023.

    These are the new tools available in data processor mode for ChromeOS:
    • Data processor mode landing page in the Admin console
    • The ability to turn-on/off individual Optional Services
    • Tools to assist customers with Data Subject Access Requests (DSARs)
    • A tool to assist customers with data subject deletion requests

   

  • Removal of permissive Chrome Apps webview behaviors back to top

    As early as Chrome 116, Chrome Apps webview usage have the following restrictions:
    • Using the webview NewWindow event to attach to a webview element in another App window causes the window reference returned by the window.open call in the originating webview to be invalidated.

    A temporary enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed is available to give enterprises time to address possible breakage related to these changes. To test whether this change is the cause of any breakage, without needing to set the enterprise policy, you can restore the previous behavior from Chrome 112 and earlier by navigating to chrome://flags and disabling chrome://flags/#enable-webview-tag-mparch-behavior.

    This change was originally scheduled for Chrome 113, but was postponed. Previous release notes mentioned a change to the handling of SSL errors within webviews, but this is no longer part of this change.

   

  • ChromeOS OCR in PDFs for screen reader users back to top

    Through Optical Character Recognition (OCR), users can convert images to text, so that they can access and read them.

    OCR pdf  

   

  • ChromeVox settings move to ChromeOS setting back to top

    In Chrome 116, you now access the existing settings for ChromeVox under the ChromeOS Accessibility settings pages.

    chromevox  

   

  • Customizing input peripherals per device settings back to top

    Users can now manage settings for their input peripherals, such as their mouse and keyboard, at the device level and apply different values for different devices. This provides more control over the peripheral experience on ChromeOS.

   

  • Managing Android App permissions back to top

    In Chrome 116, users have a better view of what data Android apps can access by reviewing allowed app permissions on the Apps page in ChromeOS Settings. Now, users can see a detailed view of the data an Android app can access on the Apps page in Settings, and they can easily manage those permissions. 

↑ back to top  

   

  • ChromeOS Kerberos integration enhancements back to top

    Starting with M116, we streamline the end user configuration flows for ChromeOS Kerberos customers. Many users use Kerberos on ChromeOS  to access corporate resources. The new UI enhancements guide users through the configuration of their Kerberos accounts in a guided flow, similar to Password Manager. For details, see this help center article.

   

  • Commercial launch of screensaver back to top

    With M116, ChromeOS represents your organization even better. The commercial launch of screensaver for the login screen or MGS lock screen allows admins to customize the appearance of idle devices. Newly added admin settings include the abilities to turn on/off the screensaver, to provide a list of screensaver images, and to customize idle times.

   

  • Enhanced autocorrect features back to top

    We've enhanced Autocorrect in ChromeOS! Autocorrect is now enabled by default for English in compatible apps, automatically fixing typos, spelling, and other errors. In addition to the new Autocorrect for physical keyboards, this update also enhances the performance of the virtual keyboard's Autocorrect and other Assistive features.

    Autocorrect  

   

  • Additional input method support for Linux apps back to top

    Linux on ChromeOS now supports complex input methods, such as Japanese and Korean. This means that you can now use the same input methods that you're already using in Chrome to type in your Linux applications. Not all applications are supported yet, but support for additional applications is coming soon.

   

  • URL-keyed anonymized data collection in Kiosk mode back to top

    The policy for URL-keyed anonymized data collection is now supported in Kiosk mode. This policy will be added to the Admin console in a future release.

↑ back to top  

Admin console updates

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • Extensions Review panel  back to top

    A new review panel will be added in chrome://extensions, which will appear whenever there are potentially unsafe extensions that need the user's attention. The initial launch will highlight extensions that are malware, policy violating or are no longer available in the Chrome Web Store. The user can choose to remove or keep these extensions.

    There will also be a count of risky extensions needing review that is presented in the Chrome Privacy & Security settings page.

    The ExtensionsUnpublishedAvailability policy will disable extensions that have been unpublished by the developer or violate Chrome Web Store policy. Note that these extensions might also appear in the Extensions Module's review panel but only if they are not installed by policy. The user can choose to remove or keep them. 

   

  • Native Client Support updates  back to top

    As early as Chrome 117, we will remove Native Client NaCl support from extensions on Windows, macOS, Linux. An enterprise policy will be available, NativeClientForceAllowed, which will allow Native Client to continue to be used until Chrome 119. 

   

  • Updates to Clear Browsing Data on Android  back to top

    We’re making it easier to find and use the browsing data deletion tools that Chrome offers. 

    We’re adding more entry points to Clear Browsing Data, including on the main Chrome menu. We’re also introducing a new quick deletion affordance to enable users to quickly delete their recent history. We’ll maintain and further enhance the more granular ‘Advanced’ Clear Browsing Data page on Privacy Settings.

    Clear browsing data  

   

  • Skip unload events  back to top

    The presence of unload event listeners is a primary blocker for back/forward cache on Chromium based browsers and for Firefox on desktop platforms. On the other hand, for mobile platforms, almost all browsers prioritize the bfcache by not firing unload events in most cases. To improve the situation, we’ve been working with lots of partners and successfully reduced the use of unload event listeners over the last few years. 

    As early as Chrome 117, to further accelerate this migration, we propose to have Chrome for desktop gradually skip unload events. In case you need more time to migrate away from unload events, we’ll offer temporary opt-outs in the form of an API and a group policy which will allow you to selectively keep the behavior unchanged. 

   

  • Require X.509 key usage extension for RSA certificates chaining to local roots  back to top

    X.509 certificates used for HTTPS should contain a key usage extension that declares how the key in a certificate may be used. Such instructions ensure certificates are not used in an unintended context, which protects against a class of cross-protocol attacks on HTTPS and other protocols. For this to work, HTTPS clients must check that server certificates match the connection's TLS parameters, specifically that the key usage flag for “digitalSignature” and possibly “keyEncipherment” (depending on TLS ciphers in use) are asserted when using RSA.

    Chrome 117 will begin enforcing that the key usage extension is set properly on RSA certificates chaining to local roots. Key usage is already required for ECDSA certificates, and for publicly trusted certificates. Enterprises can test and temporarily disable key usage enforcement using the RSAKeyUsageForLocalAnchorsEnabled policy (available in Chrome 116). 

   

  • Network service will be sandboxed on Linux and ChromeOS  back to top

    As early as Chrome 117, the network service will be sandboxed on Linux and ChromeOS to improve security. On Linux, it's possible that third party software (likely data loss prevention or antivirus software) is injecting code into Chrome's processes and will be blocked by this change. This may result in Chrome crashing for your users.

    If this happens, you should work with the vendor of the third party software to stop it from  injecting code into Chrome's processes. In the meantime, you will be able to use the NetworkServiceSandboxEnabled policy to defer the sandboxing. This is a temporary measure intended to help enterprises surprised by the change; the policy will be removed in a future version of Chrome.

   

  • Bounce Tracking mitigations  back to top

    As early as Chrome 116, Chrome will launch bounce tracking mitigations. Bounce tracking mitigations will only take effect when the policy is set to true (Block 3rd party cookies). You can use the BlockThirdPartyCookies policy to control this feature. Alternatively, if 3rd party cookies are blocked by default you can exempt specific sites by using the CookiesAllowedForUrls policy.

   

  • Restricting the use of --load-extension  back to top

    The --load-extension command-line switch provides a very low bar for cookie theft malware to load malicious extensions without an installation prompt. Chrome will gradually phase out this switch to reduce this attack vector for malware. Starting in Chrome 116, --load-extension will be ignored for users that have enabled Enhanced Safe Browsing.

   

  • Service Worker static routing API  back to top

    Chrome 116 will release the Service Worker static routing API; it enables developers to optimize how Service Workers are loaded. Specifically, it allows developers to configure the routing, and allows them to offload simple things ServiceWorkers do. If the condition matches, the navigation happens without starting ServiceWorkers or executing JavaScript, which allows web pages to avoid performance penalties due to ServiceWorker interceptions.

   

  • Enable access to WebUSB API from extension service workers  back to top

    As early as Chrome 117, we will enable access to WebUSB API from extension service workers as a migration path for Manifest V2 extensions that currently access the API from a background page.

    WebUSB policies can also be applied to extension origins to control this behavior. See DefaultWebUsbGuardSetting, WebUsbAskForUrls, WebUsbBlockedForUrls, and WebUsbAllowDevicesForUrls for more details.

   

  • Simplified sign-in and sync experience  back to top

    Starting in Chrome 117, some users may experience a simplified and consolidated version of sign-in and sync in Chrome. Chrome sync will no longer be shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As before, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be turned off fully (via SyncDisabled) or partially (via SyncTypesListDisabled). Sign-in to Chrome can be required or disabled via BrowserSignin as before.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

    Settings  

   

  • IP Protection Phase 0 for Chrome  back to top

    Beginning in Chrome 118, Chrome may route traffic for some network requests to Google-owned resources through a privacy proxy. This is an early milestone in a larger effort to protect users' identities by masking their IP address from known cross-site trackers. More information (including enterprise policies) will be provided in the near future.

   

  • Web MIDI permission prompt  back to top

    Starting in Chrome 118, the Web MIDI API access will be gated behind a permissions prompt. Currently, the use of SysEx messages with the Web MIDI API requires explicit user permission. With the planned implementation, even access to the Web MIDI API without SysEx support will require user permission. Both permissions will be requested in a bundled permissions prompt.

    Three new policies DefaultMidiSetting, MidiAllowedForUrls and MidiBlockedForUrls will be available to allow administrators to pre-configure user access to the API.

   

  • Network Service on Windows will be sandboxed on Windows  back to top

    As early as Chrome 118, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

  • Removal of the RendererCodeIntegrityEnabled policy  back to top

    As early as Chrome 117, the RendererCodeIntegrityEnabled policy will be removed. We recommend that you verify any potential incompatibilities with third party software by no longer applying the policy in advance of this release. You can report any issues you encounter by submitting a bug here.

   

  • Chrome 117 will no longer support macOS 10.13 and macOS 10.14  back to top

    Chrome 117 will no longer support macOS 10.13 and macOS 10.14, which are already outside of their support window with Apple. Users have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.13 or 10.14, Chrome continues to show an infobar that reminds users that Chrome 117 will no longer support macOS 10.13 and macOS 10.14.

   

  • New Chrome Desktop visual refresh in Chrome 117  back to top

    With Google’s design platform moving to Google Material 3, we have an opportunity to modernize our desktop browser across OS’s, leveraging updated UI elements or styling, enhancing personalization through a new dynamic color system, and improving accessibility. The first wave of UI updates will roll out in Chrome 117.

    Refresh  

    The three dot Chrome menu will also be refreshed, providing a foundation to scale personalization and customization experiences in Chrome by enabling customers proximate access to tools and actions. The menu will be updated in phases starting in Chrome 117.

    Refresh  

   

  • Update to the lock icon  back to top

    We plan to replace the lock icon with a variant of the tune icon, which is commonly used to indicate controls and settings. Replacing the lock icon with a neutral indicator prevents the misunderstanding that the lock icon is associated with the trustworthiness of a page, and emphasizes that security should be the default state in Chrome. Our research has also shown that many users never understood that clicking the lock icon showed important information and controls. We think the new icon helps make permission controls and additional security information more accessible, while avoiding the misunderstandings that plague the lock icon.

    The new icon is scheduled to launch in Chrome 117 as part of a general design refresh for desktop platforms. Chrome will continue to alert users when their connection is not secure. You can see the new tune icon now in Chrome Canary for Desktop if you enable Chrome Refresh 2023 at chrome://flags#chrome-refresh-2023, but keep in mind this flag enables work that is still actively in-progress and under development, and does not represent a final product.

    We will also replace the icon on Android. On iOS, the lock icon is not tappable, so we will be removing the icon.

    You can read more in this blog post.

    PDF sig tools  

   

  • Storage Access API with Prompts  back to top

    The Storage Access API provides a means for authenticated cross-site embeds to check their blocking status and request access to storage if they are blocked. Targeting Chrome 117 for Desktop, we will support the Storage Access API by implementing all the behaviors listed in the specification, i.e. with user prompts, and additionally having its own user-agent-specific behaviors.

   

  • Extensions must be updated to leverage Manifest V3  back to top

    Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 

    As mentioned earlier in our blog post, More details on the transition to Manifest V3, the Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed.

    During the timeline review, existing Manifest V2 extensions can still be updated, and still run in Chrome. However, all new extensions submitted to the Chrome Web Store must implement Manifest V3.

    Starting with Chrome 110, an Enterprise policy ExtensionManifestV2Availability has been available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions until at least January 2024. 

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.

    For more details, refer to the Manifest V2 support timeline.

   

  • Removal ForceMajorVersionToMinorPositionInUserAgent policy  back to top

    Chrome 118 plans to remove the ForceMajorVersionToMinorPositionInUserAgent policy. This policy was introduced in Chrome 99 to control whether the User-Agent string major version would be frozen at 99, in case of User-Agent string parsing bugs when the version changed to 100. Fortunately, we did not need to deploy this feature and only encountered a few minor 3-digit version parsing issues that have all since been fixed. Given that, we intend to remove this policy.

    If you have any feedback about this policy removal, or are aware of intranet breakage that depends on the policy, please comment on this bug. 

   

  • Chrome release schedule changes  back to top

    Chrome 119 and all subsequent releases will be shifted forward by one week. For example, Chrome 119 will have its early stable release on October 25 instead of Nov 1. Beta releases will also be shifted forward by one week starting in Chrome 119.  

   

  • Chrome 119 to phase out support for Web SQL  back to top

    Starting in Chrome 119, to improve user data security, Chrome will remove support for Web SQL. The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. As of today, Chrome is the only major browser with support for Web SQL. The W3C encouraged those needing web databases to adopt Indexed Database or SQLite WASM.
     

    The timeline for the deprecation will be:

    • Chrome 115 - Deprecation message added
    • Chrome 117 - 123 - Deprecation trial
    • Chrome 119 - Ship removal


    More details about the deprecation and removal can be found on the Chromestatus page.

    An enterprise policy WebSQLAccess is available until Chrome 123 to enable Web SQL to be available.

   

  • Migrate away from data URLs in SVG <use> element  back to top

    The SVG spec was recently updated to remove support for data: URLs in SVG <use> element. This improves security of the Web platform as well as compatibility between browsers as Webkit does not support data: URLs in SVG <use> element. We expect to remove support for data: URLs in SVG <use> element in Chrome 119, scheduled to ship in November 2023. You can read more in this blog post. For enterprises that need additional time to migrate, the DataUrlInSvgUseEnabled policy will be available temporarily to re-enable Data URL support for SVG <use> element.

   

  • Chrome profile separation  back to top

    As early as Chrome 119, three new policies will be created to help enterprises configure enterprise profiles: ProfileSeparationSettings, ProfileSeparationDataMigrationSettings, ProfileSeparationSecondaryDomainAllowlist.

   

   

  • Intent to deprecate: Mutation Events  back to top

    Synchronous Mutation Events, including `DOMSubtreeModified`, `DOMNodeInserted`, `DOMNodeRemoved`, `DOMNodeRemovedFromDocument`, `DOMNodeInsertedIntoDocument`, and `DOMCharacterDataModified`, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be removed or migrated to Mutation Observer. Mutation Events will stop functioning in Chrome 127, around July 30, 2024.

   

  • Warnings on insecure downloads  back to top

    Chrome will begin showing warnings on some downloads if those files were downloaded over an insecure connection, that is, not HTTPS. These warnings do not prevent downloading and can be bypassed by the user. Enterprises can test their downloads by enabling warnings via chrome://flags/#insecure-download-warnings. Enterprises can also disable warnings for sites that can not deliver files securely by adding the download site to InsecureContentAllowedForUrls.

↑ back to top  

Upcoming ChromeOS changes

   

  • ChromeOS battery state sounds back to top

    As early as Chrome 117, we will add audible sounds to indicate battery status. Users will be able to turn on and off these sounds and Admins will be able to control them through policies.

    When the device is not plugged in, you will hear warning sounds if:
    • Battery level goes down to 15 minutes of charge time left, and another one when there is 5 minutes left.

    When the device is plugged in, you will hear an information beep when:
    • Battery level - 0-15% (low) 
    • Battery level - 16-79% (med) 
    • Battery level - 80-100% (high)

    In the case where the device is connected to a low power charger, you’ll hear warnings when the battery goes down to 10%, then again at 5%.

↑ back to top  

Chrome 115

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Google Search side panel    
Secure DNS auto-upgrade for some Quad9Secure DNS users    
HTTP requests upgraded to HTTPS    
Support for Encrypted Client Hello (ECH)    
Disable extensions unpublished from Chrome Web Store    
Updates to initial_preferences    
Bookmarks and reading list improvements on iOS    
Update for secure DNS queries on Cox ISP servers    
Reading mode    
Removal of SHA1 in server signatures in TLS    
Policy Sync dependency handling    
Skia renderer for PDF rendering  
One Time Permissions desktop    
Privacy Sandbox Developer enrollment form    
Update on BrowsingDataLifetime policy    
Set Up Chrome module for iOS    
Carousel on the new tab page    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
App Streaming on ChromeOS    
Floating windows on ChromeOS    
Pause cast for cast moderator    
Enhanced signature options for PDF toolkit    
Passpoint: Seamless, secure connection to Wi-Fi networks    
Expand Language Packs to Text-to-Speech    
New keyboard Shortcut app    
Admin console updates Security/ Privacy User productivity/ Apps Management
New Chrome Browser Cloud Management card    
ChromeOS Settings page redesign    
Chrome Setup Guides    
Printing reports now available in Chrome Management Reports API    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
X25519Kyber768 key encapsulation for TLS    
Improving performance: Memory Saver and Energy Saver modes    
Anti-phishing telemetry expansion    
Network Service on Windows will be sandboxed     
Enabling BFCache for pages that set Cache-Control: no-store    
Idle Timeout policies    
Windows 11 changes affecting Chrome in ~September    
Native Client Support updates    
Skip unload events    
Extensions Review panel     
Require X.509 key usage extension for RSA certificates chaining to local roots      
Bounce Tracking mitigations  
Restricting the use of --load-extension    
Service Worker static routing API    
Enable access to WebUSB API from extension service workers    
Simplified sign-in and sync experience    
Web MIDI permission prompt    
Removal of the RendererCodeIntegrityEnabled policy    
Chrome 117 will no longer support macOS 10.13 and macOS 10.14  
New Chrome Desktop refresh and Chrome menu in Chrome 117    
Update for lock icon  
Extensions must be updated to leverage Manifest V3  
Removal ForceMajorVersionToMinorPositionInUserAgent policy    
Chrome 119 to phase out support for Web SQL    
Removal LegacySameSiteCookieBehaviorEnabledForDomainList policy     
Intent to deprecate: Mutation Events    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
ChromeOS battery state sounds    
Removal of permissive Chrome Apps webview behaviors    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Google Search side panel   back to top 

    In Chrome 115, Google introduces the Search side panel, a new contextual side panel experience that allows users to delve into the content of the page they're currently viewing. The new side panel features a search box that allows text-based and visual queries, questions related to the page, and links to more details about the current site. We launch the Search side panel to some users in Chrome 115 and subsequently plan to roll out to all users in Chrome 116. You can control access to the Search side panel using the GoogleSearchSidePanelEnabled policy. 

   

  • Secure DNS auto-upgrade for some Quad9Secure DNS users  back to top
     
    Starting in Chrome 115, for a small subset of Chrome users, secure DNS queries are used instead of insecure DNS queries to perform host name resolution using Quad9 Secure (9.9.9.9) DNS servers. This change affects behavior for a given client under the following conditions only:
    • The client is running on a system that has been configured to use the Quad9 Secure (9.9.9.9) DNS servers.
    • The DnsOverHttpsMode enterprise policy is set to “Automatic” (the default value is “Off”).
    • The ChromeVariations policy is set to enable all variations.
    • The client is randomly selected to be part of the 1% of clients where this behavior is enabled. 

   

  • HTTP requests upgraded to HTTPS   back to top
     

    As early as Chrome 115, some users might see HTTP requests automatically upgraded to HTTPs. Any page that can't load via HTTPS is automatically reverted back to HTTP. For standard server configurations, this shouldn't have any visible effect, but it improves your users' security.

    Some server configurations might cause issues, for example, if different content is served via HTTP and HTTPS. Users can bypass the automatic upgrading by explicitly navigating to an http:// URL in the Omnibox, or by changing the Insecure Content site setting to enabled, accessible via Page Info and chrome://settings/content. You can control this behavior with the HttpsUpgradesEnabled policy, and allowlist specific sites with the HttpAllowlist policy.

    In the long term, you should ensure that your organization's servers support HTTPS and serve the same content on both HTTP and HTTPS. If you don't intend to support HTTPS (for example, on an intranet behind a firewall), servers shouldn't respond to port 443, and firewalls should close the connection rather than leave it hanging. You can test HTTPS upgrading in your environment by enabling chrome://flags#https-upgrades. If you come across any issues, you can report them to us.

    Starting in Chrome 115, Chrome automatically enables HTTPS-First Mode based on the user's browsing history. It automatically enables the HTTPS-First Mode interstitial on sites that regularly load over HTTPS. Sites that regularly use plaintext HTTP are unaffected. In practice, this change protects users from downgrade attacks, but is invisible to users. 

   

 
  • Support for Encrypted Client Hello (ECH)   back to top

    Chrome 115 starts rolling out support for ECH on sites that opt in, as a continuation of our network-related efforts to improve our users’ privacy and safety on the web, for example, Secure DNS. This change was originally planned for Chrome 107, but had to be postponed. 

    If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it. You can enable the new behavior by navigating to chrome://flags and enabling the #encrypted-client-hello flag.

    On Windows and Linux, you also need to enable Secure DNS for the flag to have an effect.

    If you notice any incompatibilities, you can use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH. 

↑ back to top  

   

 
  • Disable extensions unpublished from Chrome Web Store  back to top

    In Chrome 115, we release the Enterprise policy ExtensionUnpublishedAvailability to allow you to disable extensions that have been unpublished from the Chrome Web Store. 

   

  • Updates to initial_preferences   back to top
     

    We’ve removed the following fields from the initial_preferences sample file:

    • Removed from example because they're no longer valid:
      • sync_promo.show_on_first_run_allowed
      • suppress_first_run_bubble
      • suppress_first_run_Default_browser_prompt
    • Removed from example because they can be controlled by a recommended policy:
      • homepage
      • homepage_is_newtabpage
      • show_home_button
      • session
      • bookmark_bar
      • import_* except for import_bookmarks_from_file
      • make_chrome_default_*
    • Removed from example because they're not applicable to enterprise usage, or only applicable for user-level install:
      • ping_delay
      • do_not_launch_chrome
      • do_no_register_for_update_launch 

   

  • Bookmarks and reading list improvements on iOS   back to top

    On Chrome 115 on iOS, some users who sign in to Chrome from bookmark manager or reading list surfaces can now use and save bookmarks and reading list items in their Google Account. Relevant enterprise policies, such as BrowserSignin, SyncDisabled, SyncTypesListDisabled, EditBookmarksEnabled and ManagedBookmarks continue to work as before, to configure whether users can use and save items in their Google Account. 

   

  • Update for secure DNS queries on Cox ISP servers   back to top
     

    For clients running on systems that use the Cox ISP DNS servers, if the DnsOverHttpsMode policy is set to Automatic, Chrome uses secure DNS queries instead of insecure DNS queries, starting in Chrome 115 (and in earlier versions, starting on May 16, 2023, if the ChromeVariations policy is set to enable all variations). 

   

  • Reading mode   back to top

    As more content is read online, Chrome 115 adds a new feature to help improve the online reading experience. Introducing reading mode, a new feature on Chrome browser, which enhances the reading experience on the web for everyone. Reading mode reduces distracting elements through a resizable and customizable reader view in the Chrome browser side panel, enabling readers to focus on the primary content. Users can also customize the font, text size, spacing, theme or background color, and more, making for a more cohesive, intuitive, and comfortable reading experience.

    read mode  

↑ back to top  

   

  • Removal of SHA1 in server signatures in TLS   back to top
     

    Chrome 115 removes support for signature algorithms using SHA-1 for server signatures during the TLS handshake. SHA1, which has known collisions, has been deprecated by the IETF, and should be avoided, where possible.

    This does not affect SHA-1 support in server certificates, which was already removed. SHA-1 in client certificates continues to be supported. Enterprises that rely on SHA1 signature schemes in TLS can use the InsecureHashesInTLSHandshakesEnabled policy to continue to accept SHA1 in server signatures.

     

   

  • Policy Sync dependency handling   back to top

    Currently, we require admins to set SyncDisabled for any data-deletion policy (BrowsingDataLifetime, ClearBrowsingDataOnExitList). In Chrome 115, we automatically disable sync for the respective data types and no longer require admins to additionally set the SyncDisabled policy. We will gradually roll out this feature behind a flag. You can enable this behavior at chrome://flags#data-retention-policies-disable-sync-types-needed

   

  • Skia renderer for PDF rendering   back to top

    Chrome 115 adds a new enterprise policy, PdfUseSkiaRendererEnabled, to override user choice on whether to enable Skia renderer. When Skia renderer is enabled, it switches the PDF render device from AGG (Anti-Grain Geometry) to Skia. Skia renderer provides enhanced technical support and uses different algorithms for drawing graphics. Any resulting visual differences are expected to be very minor. 

   

  • One Time Permissions desktop   back to top

    When users are prompted for a permission they can currently select Allow or Deny, both options are stored permanently. This feature adds an Allow this time option for geolocation, camera and microphone permissions. This fine-tunes the permission granted to a newly introduced session, which we believe more accurately represents a one-time permission session, without affecting any common scenarios. In Chrome 115, we start slowly rolling out this feature to a subset of users. 

   

  • Privacy Sandbox Developer enrollment form   back to top

    To access the Privacy Sandbox relevance and measurement APIs on Chrome and Android, developers need to enroll with the Privacy Sandbox. The developer enrollment process verifies companies before they can use the APIs, as an additional layer of protection for user privacy. As part of this enrollment process, we require developers to agree to restrictions around the usage of these services to prevent re-identification of users across sites. 

   

  • Update on BrowsingDataLifetime policy   back to top

    We have updated the documentation for BrowsingDataLifetime to state that download_history and hosted_app_data are not supported on Android. 

↑ back to top  

   

  • Set Up Chrome module for iOS   back to top

    On iOS, some new users in Chrome 115 see the new Set Up Chrome module. This module provides options, in the center of the new tab page, to allow new users to view and complete items that help them set up and get the most out of Chrome, on their own time. The items listed in the module are optional, and the module displays temporarily for up to a few weeks after installing the app. At this time, this is only available for iOS.

    Set up Chrome  


    Set up Chrome  

   

  • Carousel on the Google New tab page   back to top
     

    A new carousel on the Google New tab page allows users to swipe between certain modules. This is a limited-availability feature for some new users. The carousel can display in two ways: 

    • With the Most Visited Sites and Shortcuts module, or 
    • With the Shortcuts module.


    For example, a user might see Most Visited Sites but can swipe to see Shortcuts.
    New tab carousel  

   

 

   

  • Removed policies in Chrome browser   back to top
     
    Policy Description
    ForceEnablePepperVideoDecoderDevAPI Enable support for the PPB_VideoDecoder(Dev) API.
    PPAPISharedImagesSwapChainAllowed Allow modern buffer allocation for Graphics3D APIs PPAPI plugin.
    UseMojoVideoDecoderForPepperAllowed Allow Pepper to use a new decoder for hardware accelerated video decoding.

ChromeOS updates

   

  • App Streaming on ChromeOS   back to top
     

    As early as ChromeOS 115, App Streaming enhances the Phone Hub experience, by allowing users to see and interact with streamed apps running on their Pixel phone. When a user receives a mirrored conversation notification from their Pixel phone, a simple tap on that notification kicks off an app stream directly to the user's ChromeOS desktop. This is part of a Google-wide ambient computing effort.
      

↑ back to top  

 

   

  • Floating windows on ChromeOS   back to top

    In Chrome 115, a new Window layout menu in ChromeOS helps to accelerate common actions like split-screening two windows. In addition, we're adding a new window state, Float, which allows users to set a window as always-on-top.

    Floating windows  

   

  • Pause cast for cast moderator   back to top

    While using cast moderator, sometimes users need a quick way to pause what they are casting. In ChromeOS 115, with Pause cast, you can now pause what you cast to the shared screen on a still image, while you do something else on your computer. 

    In ChromeOS Quick Settings or from Chrome browser Cast menu, select Pause to display the last casted screen on the cast receiver. While paused, other actions you perform on your computer are NOT cast to the cast receiver. When cast is resumed, your computer starts mirroring to the cast receiver again.

    Pause cast  

   

  • Enhanced signature options for PDF toolkit   back to top

    In ChromeOS 115, the Gallery PDF toolkit makes it easier for users to sign their documents, allowing for the creation of a free-hand signature that is saved in the app for subsequent use. Gallery is the ChromeOS media multi-tool that provides users with fast, consistent, and discoverable ways to view, tweak, and route various media types.

    PDF sig tools  

   

  • Passpoint: Seamless, secure connection to Wi-Fi networks   back to top

    Passpoint streamlines Wi-Fi access and eliminates the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits. Wi-Fi Passpoint is now supported on ChromeOS through supported Android applications. Wi-Fi Passpoint is a set of Wi-Fi mechanisms defined by the Wi-Fi Alliance that facilitate and automate the provisioning and configuration of secure Wi-Fi networks while also minimizing user intervention. Once provisioned, whenever a compatible and secured Wi-Fi network is in range, ChromeOS can automatically connect to it without the need for user interaction.
 
  •  Expand Language Packs to Text-to-Speech
     

    Some Google Text-to-Speech voices that were previously preinstalled are now downloaded over the network when they are needed. This frees up some space on the ChromeOS device.

 
  •  New keyboard Shortcut app
     

    The new Shortcut App offers a new navigation and taxonomy, easier in-app search functionalities and a refreshed shortcut visualization.

↑ back to top  

Admin console updates

   

  • New Chrome Browser Cloud Management card   back to top

    Chrome 115 launches a new Chrome Browser Cloud Management card on the homepage of the Google Admin console. You can now easily access and find popular Chrome browser management tasks, directly on the homepage.

    CBCM card

   

  • Chrome Settings page redesign   back to top

    We’ve heard your feedback, and we’re excited to share that all admins now see a redesigned experience across Users & browsers, Device, and Managed guest session settings pages to make it easier to manage policies. Look out for:

    Settings redesign  
     
    • A more scannable, read-only table to view setting configurations across your organization.
    • Dedicated policy views for admins to focus on individual settings.
    • Updated policy descriptions that pull directly from live Help Center content; no more toggling between windows to learn more about a policy. This includes supported-on information for platform and version for all policies.

   

  • Chrome Setup Guides   back to top
     

    The Chrome Setup Guides section now includes new, interactive content to help with performing common ChromeOS journeys in the Admin console. These new journeys include:

    • Creating test organizational units
    • Adding users for testing
    • Turning on ChromeOS reporting
    • Enrolling a test device
    • Setting device policies
    • Setting user policies
    • Installing apps and extensions
    • Adding a Wi-Fi network


    Chrome setup guides  


    To access the new Chrome Setup Guides:
    • Log in to the Admin console.
    • On the left, select Devices>Chrome>Setup Guides.