您请求访问的页面目前没有您的语言版本。您可以从页面底部选择其他语言,或使用 Google Chrome 的内置翻译功能将网页内容即时翻译成您选择的语言。

Previous release notes

Note: For information about the current Chrome version and targeted releases, see Chrome Enterprise release notes.
 

For administrators who manage Chrome browser or ChromeOS devices for a business or school.

 

 

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

 

Note: For information about the current Chrome version and targeted releases, see Chrome Enterprise release notes.
Open all   |   Close all

Chrome 130

Chrome 130 release summary

 
Chrome browser changes Security/ Privacy User productivity/ Apps Management
Desktop toasts    
Platform picker for screen sharing on macOS     
New Account menu    
PDF Viewer on Android    
Tab freezing on Energy saver    
Compression dictionary transport with Shared Brotli and Shared Zstandard    
Keyboard-focusable scroll containers    
Support non-special scheme URLs    
Chrome on Android now supports third-party autofill and password providers  
<meter> element fallback styles    
New and updated policies in Chrome browser    
Chrome Enterprise Core changes Security/ Privacy User productivity/ Apps Management
Default change for GenAI policies    
Support for user-level settings on Custom configurations     
Audit-only URL navigation rules    
Chrome Security Insights  
Extension risk score Phase 2  
Chrome Enterprise Premium changes Security/ Privacy User productivity/ Apps Management
No updates in Chrome 130.      
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Search and receive answers in your Chrome history with AI    
Ad-hoc code signatures for PWA shims on macOS    
Asynchronous real-time Safe Browsing check    
Remove non-standard GPUAdapter requestAdapterInfo() method    
Deprecate Safe Browsing Extended reporting    
Update Google Play Services to fix issues with on-device passwords    
Entrust certificate distrust    
Simplified sign-in and sync experience  
User Link capturing on PWAs  
Deprecation of CSS Anchor Positioning property inset-area    
X25519Kyber768 key encapsulation for TLS    
Chrome PDF Viewer OCR    
Insecure form warnings on iOS    
Network Service on Windows will be sandboxed    
Read aloud in Reading mode     
Capture all screens    
SafeBrowsing API v4 to v5 migration    
Private network access checks for navigation requests: warning-only mode    
Deprecate mutation events  
UI Automation accessibility framework provider on Windows    
Upcoming Chrome Enterprise Core changes Security/ Privacy User productivity/ Apps Management
GenAI Defaults policy    
Chrome extension telemetry integration with Google SecOps  
New managed profile list and reporting for signed-in users      
Remove enterprise policy used for legacy same site behavior    
Upcoming Chrome Enterprise Premium changes Security/ Privacy User productivity/ Apps Management
Chrome Enterprise Data Controls: Clipboard    
Screenshot protections    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome Enterprise and Education release notes are published in line with the Chrome release schedule, on the Early Stable date for Chrome browser.

Chrome browser changes

   

  • Desktop toasts back to top

    Chrome 130 introduces a new Toast pattern that will allow features to provide visual confirmation of user actions or a quick way to take a follow up action. For example, when adding something to a reading list, a Toast confirms that the item was added and offers a quick link to the reading list side panel. Toasts appear as a small chip that partially overlaps with the web contents and partially with the top toolbar of the browser.

     
    • Chrome 130 on ChromeOS, Linux, macOS, Windows: This will be enabled for an initial set of features in Chrome 130. Subsequent toasts will be rolled out independently by other teams utilizing the pattern.
     

    desktop toasts

     

   

  • Platform picker for screen sharing on macOS back to top

    When screen sharing in Chrome on macOS X Sequoia, users can now select a window or screen to share using the updated platform picker. This new platform picker removes the need for assigning screen recording permission to Chrome and is consistent with screen sharing in other macOS applications.

    The new picker will not be activated before the first update of macOS Sequoia, version 15.1 expected a month after the initial version of 15.0. Before that Chrome users might see a warning dialog that Chrome is not using the new picker API yet.

     

    To test the new screen share picker experience:

    1. Update Chrome to version 129 or later.
    2. On your macOS, open the Terminal.
    3. At the prompt, type: open -b com.google.Chrome --args -enable-features=UseSCContentSharingPicker
    4. To execute the command, on your keyboard, press Enter.
     

    The feature can also be enabled in chrome://flags.

     
    • Chrome 130 on macOS
     

    screen share

     

   

  • New Account menu back to top

    Some users can now access a new Account menu by tapping on their avatar on the New tab page. The new Account menu allows them to sign out, switch accounts easily and resolve errors related to their account in Chrome. Existing policies like BrowserSignin and RestrictAccountsToPatterns can be used to determine which accounts a user can sign in or switch to.

     
    • Chrome 130 on iOS

    new account menu

     

   

  • PDF Viewer on Android back to top

    This feature provides the ability to view PDFs within Chrome browser UI. Prior to this change, users have to complete many steps to view a PDF document. These steps force them out of Chrome to view the PDF document. With this feature, PDFs will render seamlessly in Chrome. Users will still be able to download PDFs and open with other first- or third-party apps of choice. 

     
    • Chrome 130 on Android 

   

  • Tab freezing on Energy saver back to top

    When Energy saver is active, Chrome now freezes a tab that has been hidden and silent for >5 minutes and uses a lot of CPU, unless:

    • the tab provides audio- or video- conferencing functionality (detected via microphone, camera or screen, window, or tab capture, or an RTCPeerConnection with an open RTCDataChannel or a live MediaStreamTrack).
    • the tab controls an external device (detected using Web USB, Web Bluetooth, Web HID or Web Serial).
     

    This will extend battery life and speed up Chrome through reduced CPU usage.

     
    • Chrome 130 on ChromeOS, Linux, macOS, Windows: The feature can be tested in Chrome 130 via the #freezing-on-energy-saver entry in about:flags. Alternatively, it can be tested with the #freezing-on-energy-saver-testing which simulates that Energy saver is active and that all tabs use a lot of CPU (this allows verifying whether a tab is eligible for freezing and would be frozen if it used a lot of CPU). Energy saver availability can be controlled via the BatterySaverModeAvailability policy (this change has no effect when Energy saver is inactive).
    • Chrome 131 on ChromeOS, Linux, macOS, Windows: The feature will start rolling out to 1% of Stable in Chrome 131. It will gradually be ramped up to 100% of Stable. Energy saver availability can be controlled via the BatterySaverModeAvailability policy (this change has no effect when Energy saver is inactive).

   

  • Compression dictionary transport with Shared Brotli and Shared Zstandard back to top

    This feature adds support for using designated previous responses as an external dictionary for content encoding compressing responses with Brotli or Zstandard.

    Enterprises might experience potential compatibility issues with enterprise network infrastructure that intercepts HTTPS traffic and is sensitive to unknown content encodings. The enterprise policy CompressionDictionaryTransportEnabled is available to turn off the compression dictionary transport feature.

     
    • Chrome 130 on Windows, macOS, Linux, Android

   

  • Keyboard-focusable scroll containers back to top

    Chrome 130 improves accessibility by making scroll containers focusable using sequential focus navigation. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more.

    By making scrollers focusable by default, users who can't (or don't want to) use a mouse can now focus clipped content using tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard-focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

    Note: The previous rollout of this feature (started in Chrome 127) was stopped due to web compatibility issues, which should be fixed in the implementation shipping in Chrome 130.

     
    • Chrome 130 on Windows, macOS, Linux, Android

   

  • Support non-special scheme URLs back to top

    Chrome 130 supports non-special scheme URLs, for example, git://example.com/path. Previously, the Chromium URL parser didn't support non-special URLs. The parser parses non-special URLs as if they had an opaque path, which is not aligned with the URL standard. Now, the Chromium URL parser parses non-special URLs correctly, following the URL standard. For more details, see http://bit.ly/url-non-special

     
    • Chrome 130 on Windows, macOS, Linux, Android

   

  • Chrome on Android now supports third-party autofill and password providers back to top

    Until now, third-party autofill and password providers could be used in Chrome on Android via accessibility APIs. In Chrome 130, we're adding direct support for Android Autofill which means these providers now work with Chrome on Android without the need for accessibility APIs. This should improve the performance of Chrome on Android. To take advantage of this, users need to ensure they have their third party provider configured in Android settings. Then, in Chrome they'll need to open Settings > Autofill services and choose Autofill using another service. If users do not change both settings, they will continue to use Google to autofill their passwords, payment and address information.

     
    • Chrome 130 on Android: The new setting will be available from Chrome 130. If users use the new setting it will take immediate effect. If the new setting is not used, users will continue to use either Google and a third party via accessibility (if installed). The support for accessibility APIs will be deprecated in early 2025, at which point the new settings will be honored for all users.

   

  • <meter> element fallback styles back to top

    In Chrome 130, <meter> elements with appearance: none now have a reasonable fallback style that matches Safari and Firefox, instead of just disappearing from the page. Additionally, developers can now custom style the <meter> elements.

    A feature flag MeterAppearanceNoneFallbackStyle is available in chrome://flags until Chrome 133 to control this feature.

     
    • Chrome 130 on Windows, macOS, Linux, Android

   

   

Chrome Enterprise Core changes

    

   

  • Support for user-level settings on Custom configurations back to top

    Custom configurations recently launched in Chrome 127 and this feature allows IT admins to configure Chrome policies that are not yet in the Admin console, using JSON scripts. As early as October 15, Custom configurations will support applying settings at the user-level, in addition to device-level support. In order words, you will be able to enforce policies when users sign in to a managed Google account using Custom configurations.

     
    • As early as October 15 2024, on Android, iOS, Linux, macOS, Windows: Feature rolls out
     

    To get started, you can navigate to Chrome browser > Custom configurations in the Admin console; the Chrome Enterprise Core SKU is required to access this feature.

    custom configurations

   

  • Audit-only URL navigation rules back to top

    This feature lets customers create Chrome URL navigation rules with the Audit action. These rules allow admins to dry-run URL navigation rules before starting to show user warnings. They also allow admins to silently audit users’ navigation to restricted or sensitive URLs.

    URL auditing is part of the existing real-time URL check connector policy, EnterpriseRealTimeUrlCheckMode, which can be turned on by Organizational Unit or by Group.

     
    • Chrome 130 on ChromeOS, Linux, macOS, Windows
     

   

  • Chrome Security Insights back to top

    You can now enable Chrome Security Insights to monitor insider risk and data loss with enhanced monitoring for Chrome activity. This feature is available for the following licenses: 

    • Chrome Enterprise Core
    • Workspace Enterprise Standard
    • Workspace Enterprise Plus. 

    For more information, see Monitoring for insider risk and data loss.

     
    • Chrome 125 on ChromeOS, Linux, macOS, Windows: Feature enabled for Chrome Enterprise Core 
    • Chrome 130 on ChromeOS, Linux, macOS, Windows: Feature enabled for EDU customers (except K-12)
     

   

  • Risk score on the Chrome Apps and extensions usage report back to top

    This feature adds a new column in the Admin console for browser management that displays the risk assessment for installed extensions in the admin's environment. This new addition allows IT admins to quickly identify extensions with a high, medium or low risk score using the sorting and filtering functionality of the report.

     
    • Currently available to Trusted Testers. You can sign up for our Trusted Tester program here.
    • As early as October 15 on Linux, macOS, Windows: Addition of risk assessment to summary view.
     

    risk scores

Chrome Enterprise Premium changes

   
  • In Chrome 130, there are no updates for Chrome Enterprise Premium. back to top

 

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

 

    

  • Search and receive answers in your Chrome history with AI back to top 

    Starting in Chrome 131, users will be able to search their browsing history and receive generated answers based on page contents. Initially, this feature will only be available to users in English in the US. Admins can control this feature by using the HistorySearchSettings policy. You have the following options for your organization:  

    • 0 = Enable the feature for users, and send relevant data to Google to help train or improve AI models. Relevant data may include prompts, inputs, outputs, and source materials, depending on the feature. It may be reviewed by humans for the sole purpose of improving AI models.
    • 1 = Enable the feature for users, but do not send data to Google to train or improve AI models.
    • 2 = Fully disable feature

    For more information, see Search your history in Chrome with AI

    ● Chrome 131 on Linux, Mac, Windows: the feature generates answers to your search queries.

     

    

  • Ad-hoc code signatures for Progressive Web App shims on macOS back to top 

    Code signatures for application shims that are created when installing a Progressive Web App (PWA) on macOS are changing to use ad-hoc code signatures, which are created when the application is installed. The code signature is used by macOS as part of the application's identity. These ad-hoc signatures will result in each PWA shim having a unique identity to macOS; currently every PWA looks like the same application to macOS.

    This will address problems when attempting to include multiple PWAs in the macOS Open at Login preference pane, and will permit future improvements for handling user notifications within PWAs on macOS.

    Administrators should test for compatibility with any endpoint security or binary authorization tools they use (such as Santa). The feature can be enabled for this testing via chrome://flags/#use-adhoc-signing-for-web-app-shims. They can then install a Progressive Web Apps and ensure that it launches as expected.

    If there is an incompatibility between the feature and their current security policies, the enterprise policy, AdHocCodeSigningForPWAsEnabled, can be used to disable the feature while they deploy an updated endpoint security policy. The enterprise policy is intended to be used to disable the feature only until endpoint security policies have been updated, at which point it should be unset.

    • Chrome 129 on macOS: Feature disabled behind a flag (chrome://flags/#use-adhoc-signing-for-web-app-shims) so that enterprises can test for compatibility with their endpoint security tools, such as Santa (https://santa.dev/). If it is not currently compatible they can disable the feature via the enterprise policy while they update their endpoint security configurations. The enterprise policy is intended to be used to disable the feature only until endpoint security policies have been updated.
    • Chrome 131 on macOS: Feature will begin to roll out to Stable, starting at 1% rollout.
     

    

  • Asynchronous real-time Safe Browsing check back to top 

    Today, Safe Browsing checks are on the blocking path of page loads, meaning that the user cannot see the page until the checks are completed. In Chrome 122 and later on Android, ChromeOS, LaCrOS, Linux, macOS, Windows, to improve Chrome's loading speed, real-time Safe Browsing checks no longer block page loads. We have evaluated the risk and put mitigations in place: 

    1. For malware and 0-day attacks, local-blocklist checks will still be conducted in a synchronous manner so that malicious payloads are still blocked by Safe Browsing. 
    2. For phishing attacks, we've looked at data and it is unlikely the user would have interacted with the page (for example, type a password) by the time we show the warning.
     
    • Chrome 122 on Android, ChromeOS, LaCrOS, Linux, macOS, Windows
    • Chrome 131 on iOS
     

    

  • Remove non-standard GPUAdapter requestAdapterInfo() method back to top 

    The WebGPU working group decided it was impractical for requestAdapterInfo() to trigger a permission prompt so they’ve removed that option and replaced it with the GPUAdapter info attribute. This means that web developers can get the same GPUAdapterInfo value synchronously. For more information, see the previous Intent to Ship: WebGPU: GPUAdapter info attribute.

     
    • Chrome 131 on Windows, macOS, Linux, Android
     

    

  • Deprecate Safe Browsing Extended reporting back to top 

    Safe Browsing Extended reporting is a feature that enhances the security of all users by collecting telemetry information from participating users that is used for Google Safe Browsing protections. The data collected includes URLs of visited web pages, limited system information, and some page content. However, this feature is now superseded by Enhanced protection mode. We suggest users switch to Enhanced protection to continue providing security for all users in addition to enabling the strongest security available in Chrome. For more information, see Safe Browsing protection levels

     
    • Chrome 129 on Android, iOS, ChromeOS, Linux, macOS, Windows: Deprecation of Safe Browsing Extended Reporting. Excluding real-time Client Safe Browsing Report Request
    • Chrome 131 on Android, iOS, ChromeOS, Linux, macOS, Windows: Deprecating SafeBrowsingExtendedReportingEnabled for real-time Client Safe Browsing Report Request
     



     

    

  • Update Google Play Services to fix issues with on-device passwords back to top 

    Users with old versions of Google Play Services will experience reduced functionality with their on-device passwords, and Password Manager might soon stop working for them altogether. These users will need to update Google Play Services, or will be guided through other troubleshooting methods depending on their state. This is part of an ongoing migration that only affects Android users of Google Password Manager.

     
    • Chrome 131 on Android
     

    

  • Entrust certificate distrust back to top 

    In response to sustained compliance failures, Chrome 127 changes how publicly-trusted TLS server authentication, that is, websites or certificates issued by Entrust, are trusted by default. This applies to Chrome 127 and later on Windows, macOS, ChromeOS, Android, and Linux; iOS policies do not allow use of the Chrome Root Store in Chrome for iOS.

    Specifically, TLS certificates validating to the Entrust root CA certificates included in the Chrome Root Store and issued:

        - after October 31, 2024, will no longer be trusted by default.

        - on or before October 31, 2024, will be unaffected by this change. 

    If a Chrome user or an enterprise explicitly trusts any of the affected Entrust certificates on a platform and version of Chrome relying on the Chrome Root Store, for example, when explicit trust is conveyed through a Windows Group Policy Object, the Signed Certificate Timestamp (SCT) constraints described above will be overridden and certificates will function as they do today.  

    For additional information and testing resources, see Sustaining Digital Certificate Security - Entrust Certificate Distrust.

    To learn more about the Chrome Root Store, see this FAQ.

    • Chrome 131 on Android, ChromeOS, Linux, macOS, Windows: All versions of Chrome 131 and higher that rely on the Chrome Root Store will honor the blocking action, but the blocking action will only begin for certificates issued after November 11, 2024.
     

    

  • Simplified sign-in and sync experience back to top 

    Starting in Chrome 131, existing users with Chrome sync turned on will experience a simplified and consolidated version of sign-in and sync in Chrome. Chrome sync will no longer be shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As before, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be controlled by SyncTypesListDisabled. Sign-in to Chrome can be disabled via BrowserSignin as before.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

     
    • Chrome 131 on Android 
     

    

  • User Link capturing on PWAs back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

     
    • Chrome 121 on Linux, macOS, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 131 on Linux, macOS, Windows: Launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if the user clicks on chip on address bar).
       

     

    

  • Deprecation of CSS Anchor Positioning property inset-area back to top 

    The CSS working group (CSSWG) resolved to rename the inset-area property to position-area. For more details, see the CSSWG discussion on github. The new property name, position-area, as a synonym for inset-area shipped via this feature update described on Chrome Platform Status, describing the deprecation and removal of the inset-area property.

     
    • Chrome 131 on Windows, macOS, Linux, Android
     

    

  • X25519Kyber768 key encapsulation for TLS back to top 

    Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This protects network traffic from Chrome with servers that also support ML-KEM from decryption by a future quantum computer. This change should be transparent to server operators. This cipher will be used for both TLS 1.3 and QUIC connections.

    However, some TLS middleboxes might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through the end of 2024. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. Post-quantum cryptography is required for CSNA 2.0.

    For more detail, see this Chromium blog post and this Google Security blog post.

     
    • Chrome 124 on Windows, Mac, Linux: new post-quantum secure TLS key encapsulation mechanism X25519Kyber768 is enabled
    • Chrome 131 on Windows, Mac, Linux: Switch to standard version of ML-KEM
    • Chrome 141 on Windows, Mac, Linux: Remove enterprise policy PostQuantumKeyAgreementEnabled
     

    

  • Chrome PDF Viewer OCR back to top 

    Chrome Desktop now makes scanned PDFs more accessible. Using on-device OCR to maintain privacy (no content is sent to Google), Chrome automatically converts scanned PDFs, allowing you to select text, Ctrl+F, copy, and paste. The feature does not bypass secure PDFs. It will only OCR PDFs the user has access to. The solution unlocks PDF accessibility to Chrome users without any extra steps, making PDFs as accessible as the rest of the web.

     
    • Chrome 131 on ChromeOS, Linux, macOS, Windows
     

    

  • Insecure form warnings on iOS back to top 

    Chrome 125 started to block form submissions from secure pages to insecure pages on iOS. When Chrome detects an insecure form submission, it now displays a warning asking the user to confirm the submission. The goal is to prevent leaking of form data over plain text without the user's explicit approval. A policy InsecureFormsWarningsEnabled is available to control this feature, and will be removed in Chrome 131.

       

    

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions. You can use the Chromium bug tracker to report any issues you encounter.

     
    • Chrome 132 on Windows: Network Service sandboxed on Windows
     

    

  • Read aloud in Reading mode  back to top 

    Reading mode is a side-panel feature that provides a simplified view of text-dense web pages. Reading mode will now include a Read aloud feature which allows users to hear the text they are reading spoken out loud. Users can choose different natural voices and speeds, and see visual highlights.

     
    • Chrome 132 on ChromeOS, Linux, macOS, Windows
     

    

  • Capture all screens back to top 

    This feature captures all the screens currently connected to the device using getAllScreensMedia(). Calling getDisplayMedia() multiple times requires multiple user gestures, burdens the user with choosing the next screen each time, and does not guarantee to the app that all the screens were selected. getAllScreensMedia() improves on all of these fronts.

    This feature is only exposed behind the MultiScreenCaptureAllowedForUrls enterprise policy, and users are warned before recording even starts, that recording could start at some point. The API will only work for origins that are specified in the MultiScreenCaptureAllowedForUrls allowlist. Any origin not specified there, will not have access to it.

     
    • Chrome 132 on ChromeOS
     

    

  • SafeBrowsing API v4 to v5 migration back to top 

    Chrome calls into the SafeBrowsing v4 API will be migrated to call into the v5 API instead. The method names are also different between v4 and v5.

    If admins have any v4-specific URL allowlisting to allow network requests to https://safebrowsing.googleapis.com/v4*, these should be modified to allow network requests to the whole domain instead: safebrowsing.googleapis.com. Otherwise, rejected network requests to the v5 API will cause security regressions for users.

     
    • Chrome 133 on Android, iOS, ChromeOS, LaCrOS, Linux, macOS, Windows: This will be a gradual roll-out.
     

    

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website A navigates to another site B in the user's private network, this feature does the following:

    1. Checks whether the request has been initiated from a secure context.

    2. Sends a preflight request, and checks whether B responds with a header that allows private network access.

    There are already features for subresources and workers, but this one is for navigation requests specifically. These checks protect the user's private network.  

    Since this feature is the warning-only mode, we do not fail the requests if any of the checks fail. Instead, a warning will be shown in the DevTools console, to help developers prepare for the coming enforcement.

     
    • Chrome 133 on Windows, macOS, Linux, Android
     

    

  • Deprecate mutation events back to top 

    Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. Starting in Chrome 124, a temporary enterprise policy, MutationEventsEnabled, will be available to re-enable deprecated or removed mutation events. If you encounter any issues, file a bug here.

    Mutation event support will be disabled by default starting in Chrome 127, around July 30, 2024. Code should be migrated before that date to avoid site breakage. If more time is needed, there are a few options:

    • The Mutation Events Deprecation Trial can be used to re-enable the feature for a limited time on a given site. This can be used through Chrome 134, ending March 25, 2025.
    • A MutationEventsEnabled enterprise policy can also be used for the same purpose, also through Chrome 134.

    Please see this blog post for more detail. Report any issues here.

    • Chrome 135 on Android, Linux, macOS, Windows: The MutationEventsEnabled enterprise policy will be deprecated.

     

    

  • UI Automation accessibility framework provider on Windows back to top 

    Starting in Chrome 126, Chrome will start directly supporting accessibility client software that uses Microsoft Windows's UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome by way of a compatibility shim in Microsoft Windows. This change is being made to improve the accessible user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and will improve third-party apps that use Windows's UI Automation accessibility framework. Users of Chrome will find reduced memory usage and processing overhead when used with accessibility tools. It will also ease development of software using assistive technologies.

    Administrators might use the UiAutomationProviderEnabled enterprise policy, available from Chrome 125, to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they may fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider.

    • Chrome 125 on Windows:The UiAutomationProviderEnabled policy is introduced so that administrators can enable Chrome's UI Automation accessibility framework provider and validate that third-party accessibility tools continue to work.
    • Chrome 126 on Windows: The Chrome variations framework will be used to begin enabling Chrome's UI Automation accessibility framework provider for users. It will be progressively enabled to the full stable population, with pauses as needed to address compatibility issues that can be resolved in Chrome. Enterprise administrators may continue to use the UiAutomationProviderEnabled policy to either opt-in early to the new behavior, or to temporarily opt-out through Chrome 136.
    • Chrome 137 on Windows: The UiAutomationProviderEnabled policy will be removed from Chrome. All clients will use the browser's UI Automation accessibility framework provider.

    

Upcoming Chrome Enterprise Core changes

   

    

  • Chrome extension telemetry integration with SecOps back to top 

    We will begin to collect relevant Chronicle extension telemetry data from within Chrome, for managed profiles and devices, and send it to Google SecOps. Google SecOps will analyze the data to provide instant analysis and context on risky activity; this data is further enriched to provide additional context and is searchable for a year.

     
    • Chrome 131 on ChromeOS, LaCrOS, Linux, macOS, Windows
     

    

  • New managed profile list and reporting for signed-in users  back to top 

    Chrome Enterprise Core will introduce a new Managed profile list and reporting in the Admin console. This feature will provide a list of profiles for managed users who sign in to Chrome using a Google Account. IT administrators will need to enable the new Chrome Profile Reporting policy to view more information about a managed profile. The reporting will include details on managed profiles such as the browser versions, policies applied (including conflicts), extensions installed, and more.

     
    • Currently available on Android, Linux, macOS, Windows for the Trusted Tester program. You can sign up for our Trusted Tester program here.
    • As early as Chrome 130 on Android, Linux, macOS, Windows
      managed profiles  

    

 

Upcoming Chrome Enterprise Premium changes

 

   

  • Chrome Enterprise Data Controls: Clipboard back to top

    Admins can set data control rules in the Google Admin console to protect end users from data leakage on Chrome browser. Data Controls are lightweight rules set in the Google Admin console that allow admins to set a Chrome policy to control sensitive user actions such as copying and pasting sensitive data and taking screenshots or screen sharing. 

     

    This feature can be controlled via DataControlsRules policy. This feature is available to test for the members of the Chrome Enterprise Trusted Tester program. You can sign up for our Trusted Tester program here.

     
    • Chrome 128 on ChromeOS, Linux, macOS, Windows: Trusted Tester program
    • Chrome 131 on ChromeOS, Linux, macOS, Windows: Feature rolls out

     

   

  • Screenshot protections back to top

    Admins can prevent users from taking screenshots or screen sharing specific web pages considered to contain sensitive data. Admins create a DLP URL filtering rule to block users taking screenshots or screen sharing specific URLs or categories of URLs. This feature can be controlled via the same EnterpriseRealTimeUrlCheckMode policy that enables all real-time URL lookups.

     

    This feature is available to test for the members of the Chrome Enterprise Trusted Tester program. You can sign up for our Trusted Tester program here.

     
    • Chrome 129 on ChromeOS, Linux, macOS, Windows: Trusted Tester program
    • Chrome 131 on ChromeOS, Linux, macOS, Windows: Feature rolls out.

     

↑ back to top  

Chrome 129

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Tab compare    
Chrome no longer support macOS 10.15  
Ad-hoc code signatures for PWA shims on macOS    
Certificate Manager on Windows and macOS    
Chrome Security Insights  
Deprecate Safe Browsing Extended reporting    
Inactive tabs on Android    
New option in HttpsOnlyMode policy  
Screenshot protections    
Sync tab group    
Google Play Services fixes issues with on-device passwords    
Deprecate the includeShadowRoots argument on DOMParser    
Deprecation of non-standard declarative shadow DOM serialization    
Rename inset-area to position-area    
Clear local device data on sign out on iOS    
Toolbar customization    
Google Password Manager Passkey usage on ChromeOS    
New and updated policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Chrome Enterprise Premium for file transfers on Managed Guest Sessions    
Educators Appreciation wallpaper    
Display brightness controls    
Peripheral Welcome experience    
Managed accounts no longer synced as secondary accounts on Android  
Live Translate    
Keyboard brightness controls    
Keyboard shortcut for Select-to-Speak    
PIN as an authentication factor    
Automatic reload of sign-in screen    
CSE Workspace file types now supported in Google Drive    
Battery Icon updates    
Admin console updates Security/ Privacy User productivity/ Apps Management
Extension Risk Score on the Apps and Extensions Usage report    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Entrust certificate distrust    
Fallback styles for <meter> element    
Compression dictionary transport with Shared Brotli and Shared Zstandard    
Keyboard-focusable scroll containers    
Support non-special scheme URLs    
Simplified sign-in and sync experience    
Chrome extension telemetry integration with SecOps  

User Link capturing on PWAs  
Chrome Third-Party Cookie Deprecation (3PCD)    
Insecure form warnings on iOS    
Remove policy used for legacy same site behavior    
X25519Kyber768 key encapsulation for TLS    
UI Automation accessibility framework provider on Windows    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Generative AI wallpapers and video conference backgrounds    
ChromeOS XDR window events    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Chrome browser managed profile reporting     
Default change for GenAI policies    
GenAI control policy    
Support for user-level settings on the Custom configurations page    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome Enterprise and Education release notes are published in line with the Chrome release schedule, on the Early Stable date for Chrome browser.

Chrome browser updates

   

  • Tab compare back to top

    Starting in Chrome 129 (US-only), we introduce Tab compare, a new feature that presents an AI-generated overview of products from across multiple tabs, all in one place. This feature is controlled through the TabCompareSettings policy. For more details, see our Tab compare article in the Chrome Enterprise and Education help center.

    • Chrome 129 on Linux, macOS, Windows 
    Tab compare  

   

  • Chrome no longer supports macOS 10.15 back to top

    Chrome 129 no longer supports macOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 no longer supports macOS 10.15.

    • Chrome 129 on macOS: Chrome no longer supports macOS 10.15
     

   

  • Ad-hoc code signatures for PWA shims on macOS back to top

    Code signatures for application shims that are created when installing a Progressive Web App (PWA) on macOS are changing to use ad-hoc code signatures, which are created when the application is installed. The code signature is used by macOS as part of the application's identity. These ad-hoc signatures will result in each PWA shim having a unique identity to macOS; currently every PWA looks like the same application to macOS.

    This addresses problems when attempting to include multiple PWAs in the macOS Open at Login preference pane, and permits future improvements for handling user notifications within PWAs on macOS. 

    • Chrome 129 on macOS
     

   

  • Certificate Manager on Windows and macOS back to top

    As early as Chrome 129, there is a new certificate management settings screen accessible from security settings on Windows and macOS. This replaces the link to Windows cert manager and macOS keychain, respectively, although these operating system surfaces are still accessible from the certificate management settings page.

    The certificate manager displays certificates that are trusted or distrusted by Chrome, including the contents of the Chrome Root Store, and any certificates that have been imported from the underlying operating system. Users can access the page directly by navigating to chrome://certificate-manager.

    A future release will introduce user and enterprise management of certificates added directly to Chrome.

    • Chrome 129 on macOS, Windows
     

   

  • Chrome Security Insights back to top

    You can now enable Chrome Security Insights, which allows you to monitor insider risk and data loss enhanced monitoring for Chrome activity if you have Chrome Enterprise Core and Workspace Enterprise Standard or Workspace Enterprise Plus with assigned licenses. For more information, see Monitoring for insider risk and data loss.

    • Chrome 125 on ChromeOS, Linux, macOS, Windows: Feature enabled for Chrome Enterprise Core 
    • Chrome 129 on ChromeOS, Linux, macOS, Windows: Feature enabled for EDU customers (except K-12)
     

   

  • Deprecate Safe Browsing Extended reporting back to top

    Safe Browsing Extended reporting is a feature that enhances the security of all users by collecting telemetry information from participating users that is used for Google Safe Browsing protections. The data collected includes URLs of visited web pages, limited system information, and some page content. However, this feature is now superseded by Enhanced protection mode. We suggest users switch to Enhanced protection to continue providing security for all users in addition to enabling the strongest security available in Chrome. For more information, see Safe Browsing protection levels

      Safe browsing  
    • Chrome 129 on Android, iOS, ChromeOS, Linux, macOS, Windows: Deprecation of Safe Browsing Extended Reporting — Excluding real-time Client Safe Browsing Report Request
    • Chrome 131 on Android, iOS, ChromeOS, Linux, macOS, Windows: Deprecating SafeBrowsingExtendedReportingEnabled for real-time Client Safe Browsing Report Request

   

  • Inactive tabs on Android back to top

    In Chrome 129, old tabs will be hidden under a new Inactive Tabs section in the tab switcher on Chrome on Android. Chrome users can access the inactive tabs section to view all old tabs or close them using the new bulk tab functionality. These tabs will be deleted after being in this section for over 60 days. 

    • Chrome 129 on Android: Feature rolls out to 1%
     

   

  • New option in HttpsOnlyMode policy back to top

    Ask Before HTTP (ABH), formerly named HTTPS Only/First Modes, is a setting that tells Chrome to ask for user consent before sending insecure HTTP content over the wire. The HttpsOnlyMode policy allows force-enabling, or force-disabling, ABH.

    In Chrome 129, we are adding a new middle-ground variant of ABH called balanced mode. This variant aims to reduce user inconvenience by working like (strict) ABH most of the time, but not asking when Chrome knows that an HTTPS connection isn't possible, such as when connecting to a single-label hostname like internal/.

    We are adding a force_balanced_enabled policy option to allow force-enabling this new variant. Setting force_balanced_enabled on browsers before Chrome 129 will result in the default behavior, which places no enterprise restrictions on the ABH setting.

    To avoid unexpected impact, if you have previously set force_enabled, we recommend not setting force_balanced_enabled until your entire fleet has upgraded to Chrome 129 or higher. If you are not migrating from force_enabled to force_balanced_enabled, you will be unaffected by this change.

    • Chrome 129 on Android, ChromeOS, LaCrOS, Linux, macOS, Windows, Fuchsia
     

   

  • Screenshot protections back to top

    Screenshot protections allow Admins to prevent users from taking screenshots or screen sharing specific web pages considered to contain sensitive data. This feature is available to Chrome Enterprise Premium users only. This feature can be controlled via the same EnterpriseRealTimeUrlCheckMode Chrome Enterprise policy that enables all real-time URL lookups.

    • Chrome 129 on ChromeOS, Linux, macOS, Windows
     

   

  • Sync tab group back to top

    The tab groups on iOS are now saved. Closing a tab group no longer deletes it. For users syncing their tabs across devices, the groups also sync.

     
    • Chrome 129 on iOS
    Tab group  

   

  • Google Play Services fixes issues with on-device passwords back to top 

    Users with old versions of Google Play Services (<24w02) experience reduced functionality with their on-device passwords, and Password Manager might soon stop working for them altogether. These users need to update Play Services, otherwise they will be guided through other troubleshooting methods depending on their state. This is part of an ongoing migration that only affects Android users of Password Manager.

    • Chrome 129 on Android
     

   

  • Deprecate the includeShadowRoots argument on DOMParser back to top

    The includeShadowRoots argument was a never-standardized argument to the DOMParser.parseFromString() function, which was there to allow imperative parsing of HTML content that contains declarative shadow DOM. This was shipped in Chrome 90 as part of the initial shipment of declarative shadow DOM. Since the standards discussion rematerialized in 2023, the shape of DSD APIs changed, including this feature for imperative parsing. To read more, see details of the context on the related standards, and information is also available on the related deprecations of shadow DOM serialization and shadow root attribute.
    Now that a standardized version of this API, in the form of setHTMLUnsafe() and parseHTMLUnsafe() shipped in Chrome 124, the non-standard includeShadowRoots argument needs to be deprecated and removed. All usage should shift accordingly:
    Instead of:
      (new DOMParser()).parseFromString(html,'text/html',{includeShadowRoots: true});
    This can be used instead:
      document.parseHTMLUnsafe(html);

    • Chrome 129 on Linux, macOS, Windows, Android
     

   

  • Deprecation of non-standard declarative shadow DOM serialization back to top

    The prototype implementation, which was shipped in 2020 and then updated in 2023, contained a method called `getInnerHTML()` that could be used to serialize DOM trees containing shadow roots. That part of the prototype was not standardized with the rest of the declarative shadow DOM, and has only recently reached spec consensus (for details, see Github). As part of that consensus, the shape of the getInnerHTML API changed.

    This feature represents the deprecation of the previously shipped `getInnerHTML()` method. The replacement is called `getHTML()`, which shipped in Chrome 125. For details, see this ChromeStatus feature description.

     
    • Chrome 129 on Windows, macOS, Linux, Android
     

   

  • Rename inset-area to position-area back to top

    The CSS working group (CSSWG) resolved to rename this property from `inset-area` to `position-area`. For more details, see the CSSWG discussion in Github. Chrome will support both the old and new property names for a few milestones, to help developers migrate to the new position-area name. We are shipping the new property name, `position-area`, as a synonym for `inset-area` in Chrome 129 along with the deprecation DevTrial for `inset-area`.

    The `inset-area` property is currently planned for removal in Chrome 131.

    • Chrome 129 on Windows, macOS, Linux, Android
     

   

  • Clear local device data on sign out on iOS back to top

    Starting in Chrome 129, signing out from a managed account in an unmanaged browser deletes local browsing data that is saved on the device. Managed users are presented a confirmation dialog on sign-out explaining that unsaved data will be cleared. Data will be cleared only from the time of sign-in, otherwise all data will be cleared; time of sign-in is only known if the user signed in on Chrome 122 or later. 

    The data that is deleted includes: 

    • browsing history
    • cookies and site data
    • passwords
    • site settings
    • autofill
    • cached images and files
     
    • Chrome 129 on iOS
    Clear devices data  

   

  • Toolbar customization back to top

    We are introducing a toolbar customization feature in Chrome 129, which allows desktop browser users to pin and unpin icons to their toolbar via a new side panel. 

     
    • Chrome 129 on ChromeOS, Linux, macOS, Windows: Rolls out gradually
      Toolbar customization  

   

  • Google Password Manager Passkey usage on ChromeOS back to top

    Passkeys improve user security but until today have been slightly more difficult to use across devices. Now, users can save passkeys to Google Password Manager and use them across devices and platforms. This feature is already available on Windows, macOS, Linux and Android. It is now available on ChromeOS.

     
    • Chrome 127 on Windows, Android and macOS
    • Chrome 129 on Windows, Android, macOS and ChromeOS 

   

 

ChromeOS updates

   

  • Chrome Enterprise Premium for file transfers on Managed Guest Sessions back to top

    In ChromeOS 129, organizations can extend Chrome Enterprise Premium’s powerful scanning and content and context-based protection to local files on ChromeOS on Managed Guest Sessions. 

    For example, a misplaced file containing Social Security numbers is instantly blocked when a user attempts to copy it to an external drive, safeguarding this confidential information.

   

  • Educators Appreciation wallpaper back to top

    In ChromeOS 129, we have added a new wallpaper collection to celebrate and share our gratitude and support to educators around the world.

   

  • Display brightness controls back to top

    Chromebook users can now easily adjust display brightness and control the ambient light sensor directly from the Settings app. This new feature lets you set your screen brightness to the perfect level and turn the ambient light sensor on or off as needed in the Settings app. These updates make it simpler to use your device and help manage battery life.

   

  • Peripheral Welcome experience back to top

    Knowing that a peripheral has been successfully connected, configuring it, and finding its companion app are critical steps in the peripheral user journey. This release aims to deliver a high-quality Welcome Experience by letting users know their peripheral is successfully connected and inviting them to configure it and make the most of it.

   

  • Managed accounts no longer synced as secondary accounts on Android back to top

    Starting from ChromeOS version 129, we enhance the data security for Android on ChromeOS. Enterprise accounts that are added as secondary accounts in-session will no longer automatically be added to the Android on ChromeOS environment. This change does not affect consumer accounts, education accounts, or accounts that were previously added.

   

  • Live Translate back to top

    Chromebook Plus devices are getting Live Translate which will allow a user to translate captionable content from Live Captions into a language of their choice. If an English speaking user is having a conversation with a person with whom they don't share the same language, so long as Live Captions is supported for the language of the person they're speaking with, it can be translated into English. This also works for videos as well and can be used on YouTube to Live Translate a video to English.

      Live translate  

   

  • Keyboard brightness controls back to top

    Chromebook users can now easily adjust keyboard brightness and control the ambient light sensor directly from the Settings app. This new feature lets you set your keyboard brightness to the perfect level and turn the ambient light sensor on or off as needed. These updates make it simpler to use your device and help manage battery life. Meanwhile, if the Chromebook supports RGB, the Keyboard Settings page will have a direct link to the Personalization Hub's RGB color selection options.

   

  • Keyboard shortcut for Select-to-Speak back to top

    The Select-to-Speak keyboard shortcut (Search + s) now works when it is first pressed. You no longer need to enable it in Settings first. A dialog displays confirming that you want to turn on select to speak the first time you press the keyboard shortcut.

      Select to speak  

   

  • PIN as an authentication factor back to top

    This launch enables PIN as an authentication factor in all authentication surfaces across ChromeOS.

   

  • Automatic reload of sign-in screen back to top

    Starting from version 129, ChromeOS optimizes the support of 3P identity provider based logins. In the most common scenario, administrators show a permanent 3P identity provider login on the sign in screen. Many identity providers time out after a specific cadence, for example, 15 mins, leading to errors for the user. The new DeviceAuthenticationFlowAutoReloadInterval policy allows for a repeated refresh of 3P identity providers on the login screen, avoids timeouts, and therefore significantly increases the reliability of 3P identity provider logins.

   

  • CSE Workspace file types now supported in Google Drive back to top

    Client side encryption (CSE) is a Google Workspace and Drive feature that allows customers and users to encrypt files with customer provided keys so that data is encrypted and never stored on our servers in the clear. This launch provides basic CSE support in the Files app on ChromeOS. This includes making CSE files visible, opening CSE files in the browser and flagging non Google Workspace CSE files as unsupported.

   

  • Battery Icon updates back to top

    We are launching an update to the battery icon to ensure that the battery state no longer covers the battery level. Now you can easily see how much battery you have left.

 

Upcoming Admin console changes

   

  • Chrome browser managed profile reporting back to top

    Chrome Enterprise Core will introduce new Chrome browser managed profile reporting in the Admin console. This feature will provide a new Managed profile listing and detail pages. On these pages, IT administrators will be able to find reporting information on managed profiles such as profile details, browser versions, policies applied, and more.

    • As early as Chrome 130 on Android, Linux, macOS, Windows
     

   

   

   

  • Support for user-level settings on the Custom Configurations page back to top

    The Custom configurations page was recently launched in Chrome 127 and it allows IT admins to configure Chrome policies that are not yet in the Admin console, using JSON scripts. As early as October 1st, Custom configurations will support applying settings at the user-level, in addition to machine-level support. In other words, you will be able to enforce policies when users sign in to a managed Google account using the Custom configurations page.

     
    • As early as October 1st on Android, iOS, Linux, macOS, Windows: Feature rolls out for user policies
     

    To get started, you can find the Custom configurations in the Admin console, under Chrome browser > Reports — you will need the Chrome Enterprise Core SKU:

    custom configuration

 

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser updates

    

  • Entrust certificate distrust back to top 

    In response to sustained compliance failures, Chrome 127 changes how publicly-trusted TLS server authentication, that is, website or certificates issued by Entrust, are trusted by default. This applies to Chrome 127 and later on Windows, macOS, ChromeOS, Android, and Linux; iOS policies do not allow use of the Chrome Root Store in Chrome for iOS.

    Specifically, TLS certificates validating to the Entrust root CA certificates included in the Chrome Root Store and issued:

        - after October 31, 2024, will no longer be trusted by default.

        - on or before October 31, 2024, will be unaffected by this change. 

    If a Chrome user or an enterprise explicitly trusts any of the affected Entrust certificates on a platform and version of Chrome relying on the Chrome Root Store, for example, when explicit trust is conveyed through a Windows Group Policy Object, the Signed Certificate Timestamp (SCT) constraints described above will be overridden and certificates will function as they do today.  

    For additional information and testing resources, see Sustaining Digital Certificate Security - Entrust Certificate Distrust.

    To learn more about the Chrome Root Store, see this FAQ.

    • Chrome 127 on Android, ChromeOS, Linux, macOS, Windows: All versions of Chrome 127 and higher that rely on the Chrome Root Store will honor the blocking action, but the blocking action will only begin for certificates issued after October 31, 2024.
    • Chrome 130 on ChromeOS, Linux, macOS, Windows: The blocking action will begin for certificates issued after October 31, 2024. This will also affect Chrome 127, 128 and 129.

    

  • Fallback styles for <meter> elements back to top 

    As early as Chrome 130, HTML5 <meter> elements with `appearance: none` will have a reasonable fallback style that matches Safari and Firefox instead of just disappearing from the page. In addition, developers will be able to custom style the <meter> elements.

    A temporary policy MeterAppearanceNoneFallbackStyle will be available until Chrome 133 to control this feature.

    • Chrome 130 on Windows, macOS, Linux, Android

    

  • Compression dictionary transport with Shared Brotli and Shared Zstandard back to top 

    This feature adds support for using designated previous responses, as an external dictionary for Brotli- or Zstandard-compressing HTTP responses.

    Enterprises might experience potential compatibility issues with enterprise network infrastructure. The CompressionDictionaryTransportEnabled policy is available to turn off the compression dictionary transport feature.

    • Chrome 130 on Windows, macOS, Linux, Android

    

  • Keyboard-focusable scroll containers back to top 

    Improves accessibility by making scroll containers focusable using sequential focus navigation. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more.

    By making scrollers focusable by default, users who can't (or don't want to) use a mouse will be able to focus clipped content using a keyboard's tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

    • Chrome 130 on Windows, macOS, Linux, Android

    

  • Support non-special scheme URLs back to top 

    Chrome 130 will support non-special scheme URLs, for example, git://example.com/path, correctly. Previously, Chromium's URL parser didn't support non-special URLs. The parser parses non-special URLs as if they had an opaque path, which is not aligned with the URL Standard. Now, Chromium's URL parser parses non-special URLs correctly, following the URL Standard. For more details, see http://bit.ly/url-non-special

    • Chrome 130 on Windows, macOS, Linux, Android

    

  • Simplified sign-in and sync experience back to top 

    Starting in Chrome 131, existing users with Chrome sync turned on will experience a simplified and consolidated version of sign-in and sync in Chrome. Chrome sync will no longer be shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As before, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be controlled by SyncTypesListDisabled. Sign-in to Chrome can be disabled via BrowserSignin as before.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

    • Chrome 131 on Android

    

  • Chrome extension telemetry integration with Google SecOps back to top 

    We will begin to collect relevant Chronicle extension telemetry data from within Chrome, for managed profiles and devices, and send it to Google SecOps. Google SecOps will analyze the data to provide instant analysis and context on risky activity; this data is further enriched to provide additional context and is searchable for a year.

    • Chrome 131 on ChromeOS, LaCrOS, Linux, macOS, Windows

    

  • User Link capturing on PWAs back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. Clicking a link always automatically opens the app.

    • Chrome 121 on Linux, macOS, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 131 on Linux, macOS, Windows: Launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if the user clicks on chip on address bar).
    User Link on PWA

    

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    On July 22nd, we announced a new path forward for Privacy Sandbox on the web. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time. We're discussing this new path with regulators, and will engage with the industry as we roll this out. 

    For more details, see this Privacy Sandbox update

    

  • Insecure form warnings on iOS back to top 

    Chrome 125 started to block form submissions from secure pages to insecure pages on iOS. When Chrome detects an insecure form submission, it now displays a warning asking the user to confirm the submission. The goal is to prevent leaking of form data over plain text without user's explicit approval. A policy InsecureFormsWarningsEnabled is available to control this feature, and will be removed in Chrome 130.

    

    

  • X25519Kyber768 key encapsulation for TLS back to top 

    Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This protects network traffic from Chrome with servers that also support ML-KEM from decryption by a future quantum computer. This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. This cipher will be used for both TLS 1.3 and QUIC connections.

    However, some enterprise network devices such as firewalls and proxies (TLS middleboxes) might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through at least Chrome 141 in 2025. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. Post-quantum cryptography is required for CSNA 2.0.

    Starting in Chrome 131, Chrome will switch the key encapsulation mechanism from the draft version of Kyber, to the final standard version of ML-KEM. Using any form of post-quantum key exchange (Kyber or ML-KEM) will continue to be controlled by the PostQuantumKeyAgreementEnabled policy.

    For more detail, see this Chromium blog post and this Google Security blog post.

    • Chrome 124 on Windows, macOS, Linux
    • Chrome 131

    

  • UI Automation accessibility framework provider on Windows back to top 

    Starting in Chrome 126, Chrome will start directly supporting accessibility client software that uses Microsoft Windows's UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome by way of a compatibility shim in Microsoft Windows. This change is being made to improve the accessible user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and will improve third-party apps that use Windows's UI Automation accessibility framework. Users of Chrome will find reduced memory usage and processing overhead when used with accessibility tools. It will also ease development of software using assistive technologies.

    Administrators can use the UiAutomationProviderEnabled enterprise policy, available from Chrome 125, to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they may fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider.

    • Chrome 125 on Windows:The UiAutomationProviderEnabled policy is introduced so that administrators can enable Chrome's UI Automation accessibility framework provider and validate that third-party accessibility tools continue to work.
    • Chrome 126 on Windows: The Chrome variations framework will be used to begin enabling Chrome's UI Automation accessibility framework provider for users. It will be progressively enabled to the full stable population, with pauses as needed to address compatibility issues that can be resolved in Chrome. Enterprise administrators may continue to use the UiAutomationProviderEnabled policy to either opt-in early to the new behavior, or to temporarily opt-out through Chrome 136.
    • Chrome 137 on Windows: The UiAutomationProviderEnabled policy will be removed from Chrome. All clients will use the browser's UI Automation accessibility framework provider.

↑ back to top  

Upcoming ChromeOS changes

   

  • ChromeOS XDR Window Events back to top 

    In ChromeOS 130, window focus events will be available as part of Extended Threat Detection and Response (XDR) on ChromeOS. You will be able to bring windows into focus activities of devices in your managed fleet by simply updating XDR events in the Admin console!

   

  • Generative AI wallpapers and video conference backgrounds back to top 

    As early as ChromeOS 130, we plan to introduce high-resolution, generative AI wallpapers and video-conference meeting backgrounds on ChromeOS. With this feature, you can unleash your creativity and turn your Chromebook into a canvas of personal expression. Choose from a diverse collection of templates and, in just a few clicks, infuse your Chromebook with your unique personality, mood, or interest. 

    Two new policies will be available to control these features; GenAIVcBackgroundSettings and GenAIWallpaperSettings.

 

Upcoming Admin console changes

   

  • Chrome browser managed profile reporting back to top

    Chrome Enterprise Core will introduce new Chrome browser managed profile reporting in the Admin console. This feature will provide a new Managed profile listing and detail pages. On these pages, IT administrators will be able to find reporting information on managed profiles such as profile details, browser versions, policies applied, and more.

    • As early as Chrome 130 on Android, Linux, macOS, Windows
     

   

   

   

  • Support for user-level settings on the Custom Configurations page back to top

    The Custom configurations page was recently launched in Chrome 127 and it allows IT admins to configure Chrome policies that are not yet in the Admin console, using JSON scripts. As early as October 1st, Custom configurations will support applying settings at the user-level, in addition to machine-level support. In other words, you will be able to enforce policies when users sign in to a managed Google account using the Custom configurations page.

     
    • As early as October 1st on Android, iOS, Linux, macOS, Windows: Feature rolls out for user policies
     

    To get started, you can find the Custom configurations in the Admin console, under Chrome browser > Reports — you will need the Chrome Enterprise Core SKU:

    custom configuration

 

↑ back to top  

Chrome 128

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Search your history in Chrome with AI    
Admin-configurable site search  
Handling undecryptable passwords in Password Manager    
Inactive Tabs    
New PromotionsEnabled policy replaces PromotionalTabsEnabled    
Revamped Chrome Safety Check on Android    
Rust JSON Parser    
Tab Groups on iPad    
Updates for CookiePartitionKey of partitioned cookies    
Deprecate CHIPS and Relaunch in WebView    
Isolated Web Apps    
Rename position-try-options to position-try-fallbacks    
Google Calendar Card on the New tab page    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Snap groups on ChromeOS    
Data processor mode: EU-wide rollout     
Privacy Controls: Geolocation    
ChromeOS privacy control reminders on app settings page  
Store aggregated vitals data with one-year retention    
OCR in ChromeOS Camera App    
Magnifier follows Chromevox    
Auto Gain Control enabled by default    
APN management    
Pinned notifications on ChromeOS    
Admin console updates Security/ Privacy User productivity/ Apps Management
Chrome profile separation - new deployment guide     
Chrome Enterprise Data Controls: Clipboard    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Tab compare    
Ad-hoc code signatures for PWA shims on macOS    
Clear device data on sign out on iOS    
Fallback styles for HTML5 <meter> element    
Chrome will no longer support macOS 10.15  
Deprecate Safe Browsing Extended reporting    
Certificate Manager on Windows and MacOS    
New option in HttpsOnlyMode policy  
Sync Tab Group    
Update Google Play Services to fix issues with on-device passwords    
Deprecate non-standard declarative shadow DOM serialization    
Deprecate the includeShadowRoots argument on DOMParser    
Rename inset-area to position-area    
Entrust certificate distrust    
Support non-special scheme URLs    
Network Service on Windows will be sandboxed    
Chrome Third-Party Cookie Deprecation (3PCD)    
User Link capturing on PWAs  
Private network access checks for navigation requests: warning-only mode    
Insecure form warnings on iOS    
Chrome extension telemetry integration with Chronicle  
Remove policy used for legacy same site behavior    
X25519Kyber768 key encapsulation for TLS    
UI Automation accessibility framework provider on Windows    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Update to keyboard shortcut for Select-to-speak    
Chrome Enterprise Premium for file transfers on Managed Guest Sessions    
ChromeOS XDR window events    
Generative AI wallpapers and video conference backgrounds    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Chrome browser managed profile reporting     
Admin console widget for data controls    
Default change for GenAI policies    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome Enterprise and Education release notes are published in line with the Chrome release schedule, on the Early Stable date for Chrome browser.

Chrome browser updates

   

  • Search your history in Chrome with AI back to top 

    Starting in Chrome 128, users can search their browsing history based on page contents and not just the page title and URL. Initially, this feature is only available to users in English in the US. Admins can control this feature by using the HistorySearchSettings policy. You have the following options for your organization:  

    •   0 = Enable the feature for users, and send relevant data to Google to help train or improve AI models. Relevant data may include prompts, inputs, outputs, and source materials, depending on the feature. It may be reviewed by humans for the sole purpose of improving AI models.
    •   1 = Enable the feature for users, but do not send data to Google to train or improve AI models.
    •   2 = Fully disable feature

    For more information, see Search your history in Chrome with AI.

    • Chrome 128 on Linux, Mac, Windows 
     

   

  • Admin-configurable site search back to top 

    Site search shortcuts are a way to use the address bar (Omnibox) as a search box for a specific site without navigating directly to the site’s URL, similar to how you can use the Omnibox to perform a broad Google search of the web. You can now create site shortcuts on behalf of your managed users, to shortcut to the most critical enterprise sites. You can control this feature using the SiteSearchSettings policy.

     
    • Chrome 128 on ChromeOS, Linux, Mac, Windows: Available for Chrome Browser Core customers signed up for Trusted Tester starting Chrome 128, followed by gradual rollout for all Chrome Browser Enterprise customers a few weeks later
     

    Admin searchAdmin search

   

  • Handling undecryptable passwords in Password Manager back to top 

    Users sometimes end up with undecryptable passwords on their device, for example, if they've used third party software to move to a new device. We are launching a new policy called DeletingUndecryptablePasswordsEnabled that helps handle such passwords. When enabled, this policy deletes undecryptable passwords from the user's device, unless the UserDataDir policy is specified. When DeletingUndecryptablePasswordsEnabled is off, undecryptable passwords are untouched, but this will result in broken Password Manager functionality.

     
    • Chrome 128 on iOS, Linux, Mac, Windows

   

  • Inactive tabs back to top 

    In Chrome 128, we now hide old tabs under a new Inactive Tabs section in the tab switcher on Chrome on Android. Chrome users can access the Inactive Tabs section to view all old tabs or close them using the new bulk tab functionality. These tabs will be deleted if inactive for over 60 days. 

     

    inactive tabs

     
    • Chrome 128 on Android: Rolls out to 1% 

   

  • New PromotionsEnabled policy replaces PromotionalTabsEnabled back to top 

    In Chrome 128, new promotional OS-level notifications are shown to users. To include a larger number of promotional features under one policy, a new policy PromotionsEnabled has been created to replace PromotionalTabsEnabled, which will be deprecated in the future. 

     
    • Chrome 128 on ChromeOS, Linux, Mac, Windows: PromotionsEnabled will begin to roll out with Chrome 128. There is no flag.

   

  • Revamped Chrome Safety Check on Android back to top 

    Chrome 128 introduces  a new proactive Safety Check that regularly checks the browser for safety-related issues and informs users when there's anything that needs their attention. This launch also introduces a re-designed Safety Check page, chrome://settings/safetyCheck, with Chrome’s proactive safety-related actions and information tailored to each user, designed to make it easier for users to stay safe online. For more information, see Manage Chrome safety and security.

     
    • Chrome 128 on Android

    inactive tabs

   

  • Rust JSON Parser back to top 

    As early as Chrome 128, Chrome will parse JSON using Rust, rather than C++. This will remove the risk of memory safety vulnerabilities in the JSON parser, improving security. This change should be transparent to users. There is a small risk of certain invalid JSON, which Chrome currently accepts, no longer being accepted, although the Rust parser remains extremely lenient.

    In the event that Chrome doesn't accept the invalid JSON, this will lead to 500s or other application-level errors, not crashes. If Chrome no longer accepts some invalid JSON, the JSON should be aimed to be fixed.

     
    • Chrome 128

   

  • Tab Groups on iPad back to top 

    Chrome for iPad users can create and manage tab groups. This helps users stay organized, reduce clutter and manage their tasks more efficiently.

     
    • Chrome 128 on iOS

   

  • Updates for CookiePartitionKey of partitioned cookies back to top 

    Chrome 128 adds a cross-site ancestor bit to the keying of the partitioned cookie's CookiePartitionKey. This change unifies the partition key with the partition key values used in storage partitioning and adds protection against clickjacking attacks by preventing cross-site embedded frames from having access to the top-level-site's partitioned cookies.

    If an enterprise experiences any breakage with embedded iframes, they can use the CookiesAllowedForUrls policy or use SameSite=None cookies without the Partitioned attribute and then invoke the Storage Access API (SAA) to ensure that embedded iframes have access to the same cookies as the top level domain. 

     
    • Chrome 128 on Windows, Mac, Linux

   

  • Deprecate CHIPS and relaunch in WebView back to top 

    The WebViewClient supports a method, shouldInterceptRequest, which allows developers to intercept network activity and modify HTTP headers, etc. This API does not have access to the Cookie header and relies on the Android CookieManager API in order to query what cookies are available for a particular request URL. However, partitioned cookies are double-keyed on the top-level site and the site of the URL using the cookies.

    Currently, the CookieManager API provides no way for developers to query partitioned cookies correctly, and this will cause a mismatch between what the Java API returns and what frames in WebView will actually be in their Cookie header. After discussing this with the WebView team, we believe that the option that will minimize potential app breakage is to disable Cookies Having Independent Partitioned State (CHIPS) on WebView until we are able to ship support for the Cookie header to shouldInterceptRequest. We will release the changes to shouldInterceptRequest in the next target SDK version (API level 36).

    Enterprise workflows that use WebView to load web content that relies on partitioned cookies will have their state cleared. WebView apps still have access to unpartitioned 3P cookies and cookies set with Partitioned after the change will revert to their legacy pre-CHIPS behavior until we relaunch the feature.

     
    • Chrome 128 on Android

   

  • Isolated Web Apps back to top 

    Isolated Web Apps (IWAs) are an extension of existing work on PWA installation and Web Packaging that provides stronger protections against server compromise and other tampering, which is necessary for developers of security-sensitive applications.

    Rather than being hosted on live web servers and fetched over HTTPS, these IWAs are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the Chromium project explainer.

    In this initial release, IWAs are only installable using a new policy, IsolatedWebAppInstallForceList, on enterprise-managed ChromeOS devices.

     
    • Chrome 128 on ChromeOS

   

  • Rename position-try-options to position-try-fallbacks back to top 

    The CSS working group (CSSWG) resolved to rename this property, because fallbacks more accurately describe what this property controls. The word options is a bit unclear, since the styles outside of `position-try` blocks will be tested first, and if they result in a layout that fits within the containing block, none of the options will get used. So fallbacks is a better word to describe this behavior. For more details, see Github.

    • Chrome 128 on Windows, Mac, Linux, Android

   

  • Google Calendar Card on the New tab page back to top 

    Enterprise users can now access their upcoming meetings directly from the New tab page with the new calendar card. This streamlined experience eliminates the need to switch tabs or waste time searching for your next meeting, allowing you to focus on what matters most. You can control cards on the New tab page with the NTPCardsVisible policy. 

     
    • Chrome 128 on Linux, Mac, Windows

    calendar new tab

   

   

  • Removed policies in Chrome browser back to top 
    Policy Description
    RemoteAccessHostTokenUrl URL where remote access clients should obtain their authentication token
    RemoteAccessHostTokenValidationUrl URL for validating remote access client authentication token
    EnterpriseBadgingTemporarySetting Control the visibility of enterprise badging
    RemoteAccessHostTokenValidationCertificateIssuer Client certificate for connecting to RemoteAccessHostTokenValidationUrl
    EnforceLocalAnchorConstraintsEnabled Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store.
    CertificateTransparencyEnforcementDisabledForLegacyCas Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities

ChromeOS updates

   

  • Snap groups on ChromeOS back to top

    In ChromeOS 128, Snap groups allow you to group windows on ChromeOS. A snap group is formed when you pair two windows for a split-screen. You can bring the windows back together, resize them simultaneously, or move them both as a group.

     

    snap groups

     

   

  • Data processor mode: EU-wide rollout back to top

    New data processor mode features and ChromeOS terms are available to the entire EU through the Google Admin console. For more details, see Overview of ChromeOS data processor mode

    As a ChromeOS administrator, you can now activate Data processor mode, which covers  a set of ChromeOS features and services referred to as Essential Services

   

  • Privacy controls: Geolocation back to top

    Privacy on ChromeOS devices is now easier to manage by adding the ability to control geolocation access to the Settings > Privacy and security > Privacy controls page. Users can now set geolocation access to Allowed, Only allowed for system services, or Off, depending on their preference. 

    We allow users to block all apps or websites, or entire systems access to geolocation regardless of previously granted permissions, and provide users easy to use controls to re-enable them whenever it would be helpful.

    geolocation

     

    We’ve added a new policy,  GoogleLocationServicesEnabled. This controls the availability of geolocation on the device inside of user sessions. Unlike the now deprecated policy below, it affects the entire system, not just the Android VM (Arc).

    Deprecation notice (6 months): ArcGoogleLocationServicesEnabled 

    This is being deprecated in favor of the added GoogleLocationServicesEnabled policy, as it covers the entire system and not just Android VM (Arc). Additionally, we are modifying the effect of the DefaultGeolocationSetting to no longer affect the system geolocation setting.

   

  • ChromeOS privacy control reminders on Apps settings page back to top

    To use the cameras and microphones on ChromeOS, you need to turn on both privacy controls and app permissions in two separate places. 

    We are making it easier for users to be aware of the states of the privacy controls and provide actionable reminders on the ChromeOS Apps settings page so that users have a smoother experience. To view the ChromeOS Apps settings page, click Settings >Apps > Manage your Apps, and select the desired app.

     

    App settings

     

   

  • Store aggregated vitals data with one-year retention back to top

    From ChromeOS 128 onwards, we store aggregated vitals data for one-year retention to better track the progress over time. Vitals data includes Android app performance metrics, such as crash rate, and these metrics will help us improve Android app performance on ChromeOS devices.

   

  • OCR in ChromeOS Camera App back to top

    Optical Character Recognition (OCR) enables text extraction from images captured in the ChromeOS Camera App by integrating an ML-powered text extraction service. ChromeOS 128 supports 77 languages; it also supports both horizontal and vertical detection. This allows copying and searching text from images, speaking text from images by screen reader, and creating searchable PDFs from images. By default, text detection in Photo mode is disabled and can be enabled from Settings > Text detection in preview.

     

    OCR camera app

     

   

  • Magnifier follows ChromeVox back to top

    Magnifier following ChromeVox is designed for people who are blind or have low vision. When you read text aloud using ChromeVox, the screen magnifier now automatically follows the words, so you never lose your place. To try this out, you can enable both Magnifier and ChromeVox in your settings. Zoom in to your preferred zoom level using Ctrl + Alt + Brightness up and Ctrl + Alt + Brightness down. A setting is available under the Magnifier settings to adjust this behavior.

   

  • Auto Gain Control enabled by default back to top

    Auto Gain Control (AGC) allows apps, such as video calling apps, to automatically optimize microphone volume for best audio quality. When auto gain control is enabled and in-use, a message appears in the quick settings panel to inform the user that the microphone gain slider is being overridden. AGC is enabled by default in ChromeOS 128. If you want to manually control the microphone volume even for apps that support AGC, you can go to Settings > Device > Audio and deselect Allow apps to automatically adjust mic volume

     

    AGC audio

     

   

  • APN management back to top

    For ChromeOS cellular-enabled devices, we have made it easier to view, manage, and add Access Point Names (APNs). We’ve also improved registration failure handling and messaging.

   

  • Pinned notifications on ChromeOS back to top

    ChromeOS notifications help to visually separate pinned notifications from other notifications. ChromeOS 128 significantly differentiates the visual look of pinned notifications from typical notifications to reflect their significant difference - we notify the user of an ongoing process rather than an instantaneous event.

↑ back to top  

Admin console updates

       
  • Chrome Enterprise Data Controls: Clipboard   back to top

    Data Controls are lightweight rules in the Admin console that set a Chrome policy to control security-sensitive user actions like file attachments, downloads, copy and paste actions, and printing. Chrome blocks or warns the user when these actions happen by applying those rules locally.

    Chrome 128 releases the clipboard protection parts of Data Controls, that is, copy and paste actions. Other protections are planned in future releases.

    You can control this feature with the DataControlsRules policy.

     
    • Chrome 128 on ChromeOS, Linux, Mac, Windows

     

    DC clipboard

     

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser updates

    

  • Tab compare back to top 

    Starting in Chrome 129 (US-only), we will introduce Tab compare, a new feature that presents an AI-generated overview of products from across multiple tabs, all in one place. This feature will be controlled through the TabCompareSettings policy.

    • Chrome 129 on Linux, Mac, Windows 

    tab compare

     

    

  • Ad-hoc code signatures for PWA shims on macOS back to top 

    Code signatures for application shims that are created when installing a Progressive Web App (PWA) on macOS are changing to use ad-hoc code signatures, which are created when the application is installed. The code signature is used by macOS as part of the application's identity. These ad-hoc signatures will result in each PWA shim having a unique identity to macOS; currently every PWA looks like the same application to macOS.

    This will address problems when attempting to include multiple PWAs in the macOS Open at Login preference pane, and will permit future improvements for handling user notifications within PWAs on macOS.

    • Chrome 129 on Mac
     

    

  • Clear device data on sign out on iOS back to top 

    Starting in Chrome 129, signing out from a managed account in an unmanaged browser will delete browsing data that is saved on the device. Managed users will be presented a confirmation dialog on sign-out explaining that the data will be cleared. Data will be cleared only from the time of sign-in, otherwise all data will be cleared; time of sign-in is only known if the user signed in on Chrome 122 or later. 

    The data that will be deleted includes: 

    • browsing history
    • cookies and site data
    • passwords
    • site settings
    • autofill
    • cached images and files
     
    • Chrome 129 on iOS

    delete user data

     

    

  • Fallback styles for HTML5 <meter> elements back to top 

    As early as Chrome 129, HTML5 <meter> elements with `appearance: none` will have a reasonable fallback style that matches Safari and Firefox instead of just disappearing from the page. In addition,  developers will be able to custom style the <meter> elements.

    A temporary policy MeterAppearanceNoneFallbackStyle will be available until Chrome 133 to control this feature.

    • Chrome 129 on Windows, Mac, Linux, Android
     

    

  • Chrome will no longer support macOS 10.15 back to top 

    Chrome will no longer support macOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 will no longer support macOS 10.15.

    • Chrome 129 on Mac: Chrome no longer supports macOS 10.15
     

    

  • Deprecate Safe Browsing Extended reporting back to top 

    Safe Browsing Extended reporting is a feature that enhances the security of all users by collecting telemetry information from participating users that is used for Google Safe Browsing protections. The data collected includes URLs of visited web pages, limited system information, and some page content. However, this feature is now superseded by Enhanced protection mode. We suggest users switch to Enhanced protection to continue providing security for all users in addition to enabling the strongest security available in Chrome. For more information, see Safe Browsing protection levels

     

    safe browsing

     
    • Chrome 129 on Android, iOS, ChromeOS, Linux, Mac, Windows: Deprecation of Safe Browsing Extended Reporting
     

    

  • Certificate Manager on Windows and MacOS back to top 

    As early as Chrome 129, there is a new certificate management settings screen accessible from security settings on Windows and MacOS. This replaces the link to Windows cert manager and MacOS keychain, respectively, although these operating system surfaces are still accessible from the certificate management settings page.

    The certificate manager displays certificates that are trusted or distrusted by Chrome, including the contents of the Chrome Root Store, and any certificates that have been imported from the underlying operating system. Users can access the page directly by navigating to chrome://certificate-manager.

    A future release will introduce user and enterprise management of certificates added directly to Chrome.

    • Chrome 129 on Mac, Windows

    

  • New option in HttpsOnlyMode policy back to top 

    Ask Before HTTP (ABH) , formerly named HTTPS Only/First Modes, is a setting that tells Chrome to ask for user consent before sending insecure HTTP content over the wire. The HttpsOnlyMode policy allows force-enabling, or force-disabling, ABH.

    In Chrome 129, we are adding a new middle-ground variant of ABH called balanced mode. This variant aims to reduce user inconvenience by working like (strict) ABH most of the time, but not asking when Chrome knows that an HTTPS connection isn't possible, such as when connecting to a single-label hostname like internal/.

    We are adding a force_balanced_enabled policy option to allow force-enabling this new variant. Setting force_balanced_enabled on browsers before Chrome 129 will result in the default behavior, which places no enterprise restrictions on the ABH setting.

    To avoid unexpected impact, if you have previously set force_enabled, we recommend not setting force_balanced_enabled until your entire fleet has upgraded to Chrome 129 or higher. If you are not migrating from force_enabled to force_balanced_enabled, you will be unaffected by this change.

    • Chrome 129 on Android, ChromeOS, Linux, Mac, Windows, Fuchsia
     

    

  • Sync Tab Group back to top 

    The tab groups on iOS will now be saved. Closing a tab group will no longer delete it. For users syncing their tabs across devices, the groups will also sync.

     
    • Chrome 129 on iOS

    sync tab groups

     

    

  • Update Google Play Services to fix issues with on-device passwords back to top 

    Users with old versions of Google Play Services will experience reduced functionality with their on-device passwords, and Password Manager might soon stop working for them altogether. These users will need to update Play Services, or will be guided through other troubleshooting methods depending on their state. This is part of an ongoing migration that only affects Android users of Password Manager.

    • Chrome 129 on Android
     

    

  • Deprecate of non-standard declarative shadow DOM serialization back to top 

    The prototype implementation, which was shipped in 2020 and then updated in 2023, contained a method called `getInnerHTML()` that could be used to serialize DOM trees containing shadow roots. That part of the prototype was not standardized with the rest of the declarative shadow DOM, and has only recently reached spec consensus (for details, see Github). As part of that consensus, the shape of the getInnerHTML API changed.

    This feature represents the deprecation of the previously shipped `getInnerHTML()` method. The replacement is called `getHTML()`, which shipped in Chrome 125. For details, see this ChromeStatus feature description.

    • Chrome 129 on Windows, Mac, Linux, Android
     

    

  • Deprecate the includeShadowRoots argument on DOMParser back to top 

    The includeShadowRoots argument was a never-standardized argument to the DOMParser.parseFromString() function, which was there to allow imperative parsing of HTML content that contains declarative shadow DOM. This was shipped in Chrome 90 as part of the initial shipment of declarative shadow DOM. Since the standards discussion rematerialized in 2023, the shape of DSD APIs changed, including this feature for imperative parsing. To read more, see details of the context on the related standards, and information is also available on the related deprecations of shadow DOM serialization and shadow root attribute.
    Now that a standardized version of this API, in the form of setHTMLUnsafe() and parseHTMLUnsafe() shipped in Chrome 124, the non-standard includeShadowRoots argument needs to be deprecated and removed. All usage should shift accordingly:
    Instead of:
      (new DOMParser()).parseFromString(html,'text/html',{includeShadowRoots: true});
    This can be used instead:
      document.parseHTMLUnsafe(html);

    • Chrome 129 on Linux, Mac, Windows, Android
     

    

  • Rename inset-area to position-area back to top 

    The CSS working group (CSSWG) resolved to rename this property from `inset-area` to `position-area`. See the CSSWG discussion in Github

    Chrome has decided to release an interoperable solution, by supporting both property names. We will ship the new property name, `position-area`, as a synonym for `inset-area` first. Then after a suitable amount of time, we will remove `inset-area`. The latter removal will be done under a separate Intent.

    • Chrome 129 on Windows, Mac, Linux, Android
     

    

  • Entrust certificate distrust back to top 

    In response to sustained compliance failures, Chrome 127 changes how publicly-trusted TLS server authentication, that is, websites or certificates issued by Entrust, are trusted by default. This applies to Chrome 127 and later on Windows, macOS, ChromeOS, Android, and Linux; iOS policies do not allow use of the Chrome Root Store in Chrome for iOS.

    Specifically, TLS certificates validating to the Entrust root CA certificates included in the Chrome Root Store and issued:

        - after October 31, 2024, will no longer be trusted by default.

        - on or before October 31, 2024, will be unaffected by this change. 

    If a Chrome user or an enterprise explicitly trusts any of the affected Entrust certificates on a platform and version of Chrome relying on the Chrome Root Store, for example, when explicit trust is conveyed through a Windows Group Policy Object, the Signed Certificate Timestamp (SCT) constraints described above will be overridden and certificates will function as they do today.  

    For additional information and testing resources, see Sustaining Digital Certificate Security - Entrust Certificate Distrust.

    To learn more about the Chrome Root Store, see this FAQ.

    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: All versions of Chrome 127 and higher that rely on the Chrome Root Store will honor the blocking action, but the blocking action will only begin for certificates issued after October 31, 2024.
    • Chrome 130 on ChromeOS, Linux, Mac, Windows: The blocking action will begin for certificates issued after October 31, 2024. This will also affect Chrome 127, 128 and 129.
     

    

  • Support non-special scheme URLs back to top 

    Chrome 130 will support non-special scheme URLs correctly. Previously, Chromium's URL parser doesn't support non-special URLs. The parser parses non-special URLs as if they had an “opaque path”, which is not aligned with the URL Standard. Now, Chromium's URL parser parses non-special URLs correctly, following the URL Standard. For more details, see Support Non-Special Scheme URLs .

    • Chrome 130 on Windows, Mac, Linux, Android
     

    

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions. You can use the Chromium bug tracker to report any issues you encounter.

    • Chrome 130 on Windows: Network Service sandboxed on Windows
     

    

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    On July 22nd, we announced a new path forward for Privacy Sandbox on the web. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time. We're discussing this new path with regulators, and will engage with the industry as we roll this out. 

    For more details, see this Privacy Sandbox update

     

    

  • User Link capturing on PWAs back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

    • Chrome 121 on Linux, Mac, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 130 on Linux, Mac, Windows: Launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if the user clicks on chip on address bar).

     PWA links

     

    

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website A navigates to another site B in the user's private network, this feature does the following:

    1. Checks whether the request has been initiated from a secure context.

    2. Sends a preflight request, and checks whether B responds with a header that allows private network access.

    There are already features for subresources and workers, but this one is for navigation requests specifically. These checks protect the user's private network.  

    Since this feature is the warning-only mode, we do not fail the requests if any of the checks fail. Instead, a warning will be shown in the DevTools console, to help developers prepare for the coming enforcement.

    • Chrome 130 on Windows, Mac, Linux, Android
     

    

  • Insecure form warnings on iOS back to top 

    Chrome 125 started to block form submissions from secure pages to insecure pages on iOS. When Chrome detects an insecure form submission, it now displays a warning asking the user to confirm the submission. The goal is to prevent leaking of form data over plain text without user's explicit approval. A policy InsecureFormsWarningsEnabled is available to control this feature, and will be removed in Chrome 130.

    • Chrome 125 on iOS: Feature rolls out
    • Chrome 130 on iOS: InsecureFormsWarningsEnabled policy will be removed
     

    

  • Chrome extension telemetry integration with Chronicle back to top 

    As early as Chrome 131, we will begin to collect relevant extension telemetry data from within Chrome, for managed profiles and devices, and send it to Chronicle. Chronicle will analyze the data to provide instant analysis and context on risky activity.

    • Chrome 131 on ChromeOS, Linux, Mac, Windows
     

    

    

  • X25519Kyber768 key encapsulation for TLS back to top 

    Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This protects network traffic from Chrome with servers that also support ML-KEM from decryption by a future quantum computer. This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. This cipher will be used for both TLS 1.3 and QUIC connections.

    However, some TLS middleboxes might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through the end of 2024. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. Post-quantum cryptography is required for CSNA 2.0.

    For more detail, see this Chromium blog post.

    • Chrome 124 on Windows, Mac, Linux
    • Chrome 135 on Android
     

    

  • UI Automation accessibility framework provider on Windows back to top 

    Starting in Chrome 126, Chrome will start directly supporting accessibility client software that uses Microsoft Windows's UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome by way of a compatibility shim in Microsoft Windows. This change is being made to improve the accessible user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and will improve third-party apps that use Windows's UI Automation accessibility framework. Users of Chrome will find reduced memory usage and processing overhead when used with accessibility tools. It will also ease development of software using assistive technologies.

    Administrators might use the UiAutomationProviderEnabled enterprise policy, available from Chrome 125, to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they may fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider.

     
    • Chrome 125 on Windows:The UiAutomationProviderEnabled policy is introduced so that administrators can enable Chrome's UI Automation accessibility framework provider and validate that third-party accessibility tools continue to work.
    • Chrome 126 on Windows: The Chrome variations framework will be used to begin enabling Chrome's UI Automation accessibility framework provider for users. It will be progressively enabled to the full stable population, with pauses as needed to address compatibility issues that can be resolved in Chrome. Enterprise administrators may continue to use the UiAutomationProviderEnabled policy to either opt-in early to the new behavior, or to temporarily opt-out through Chrome 136.
    • Chrome 137 on Windows: The UiAutomationProviderEnabled policy will be removed from Chrome. All clients will use the browser's UI Automation accessibility framework provider.

 

Upcoming ChromeOS changes

   

  • Update to keyboard shortcut for Select-to-speak back to top 

    On Chromebooks, the Select-to-speak keyboard shortcut (Search + s) now works when it is first pressed. As early as ChromeOS 129, you will no longer need to enable it first in Settings > Accessibility > Text-to-Speech > Select-to-speak. A dialog appears confirming that you want to turn on Select-to-speak the first time you press the keyboard shortcut. 

     

    text to speak

     

   

  • Chrome Enterprise Premium for file transfers on Managed Guest Sessions back to top 

    As early as ChromeOS 129, organizations will be able to extend Chrome Enterprise Premium’s powerful scanning and content and context-based protection to local files on ChromeOS on Managed Guest Sessions. 

    For example, a misplaced file containing Social Security numbers is instantly blocked when a user attempts to copy it to an external drive, safeguarding this confidential information.

   

  • ChromeOS XDR Window Events back to top 

    In ChromeOS 130, window focus events will be available as part of Extended Threat Detection and Response (XDR) on ChromeOS. You will be able to bring windows into focus activities of devices in your managed fleet by simply updating XDR events in the Admin console!

   

  • Generative AI wallpapers and video conference backgrounds back to top 

    As early as ChromeOS 130, we plan to introduce high-resolution, generative AI wallpapers and video-conference meeting backgrounds on ChromeOS. With this feature, you can unleash your creativity and turn your Chromebook into a canvas of personal expression. Choose from a diverse collection of templates and, in just a few clicks, infuse your Chromebook with your unique personality, mood, or interest. 

    Two new policies will be available to control these features; GenAIVcBackgroundSettings and GenAIWallpaperSettings.

 

Upcoming Admin console changes

   

  • Chrome browser managed profile reporting back to top

    Chrome Enterprise Core will introduce new Chrome browser managed profile reporting in the Admin console. This feature will provide a new Managed profile listing and detail pages. On these pages, IT administrators will be able to find reporting information on managed profiles such as profile details, browser versions, policies applied, and more.

    • Chrome 130 on Android, Linux, Mac, Windows
     

   

  • Admin console widget for data controls back to top

    A new settings widget in the Admin console allows users to configure data controls policies for specific URLs. 

    • Chrome 128 on ChromeOS, Linux, Mac, Windows
     

   

↑ back to top  

Chrome 127

Chrome browser updates Security/ Privacy User productivity/ Apps Management
App-bound encryption for cookies    
Chrome Profile Separation - policy improvements    
Enhanced Safe Browsing promos on iOS    
Entrust certificate distrust    
Generating insights for DevTools console warnings and errors    
HTTPS-First Mode in Incognito    
Migrate extensions to Manifest V3 before June 2025
Policy to configure ACG for browser process    
Simplified sign-in and sync experience on Android    
Additional Safe Browsing telemetry about pages     
Updated password management experience on Android  
Watermarking    
Automatic fullscreen content setting    
Deprecate mutation events    
Keyboard-focusable scroll containers    
Support for not condition in ServiceWorker static routing API     
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Chrome Enterprise Premium for file transfers on ChromeOS    
ChromeOS video conferencing: DLC states for features    
Audio Bluetooth telephony    
OCR on Backlight    
Firmware update instructions    
Read Aloud in Reading Mode    
Classroom Glanceables    
PDF page deletion and reordering    
Admin console updates Security/ Privacy User productivity/ Apps Management
Configure ChromeOS User & browser settings with Google groups    
Add managed browsers to groups for group-based policy management    
Filter for popular and recently added settings with policy tags    
Revamped ChromeOS device list and details    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Isolated Web Apps    
Rust JSON parser    
Clear device data on sign out on iOS    
Attribution tags for search engine     
Tab Groups on iPad    
Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies    
Rename position-try-options to position-try-fallbacks    
Ad-hoc code signatures for PWA shims on macOS    
Chrome will no longer support macOS 10.15  
Deprecate Safe Browsing Extended reporting    
Deprecation of non-standard declarative shadow DOM serialization    
Deprecate the includeShadowRoots argument on DOMParser    
Network Service on Windows will be sandboxed    
Third-party cookie access in Chrome    
User Link capturing on PWAs  
Private network access checks for navigation requests: warning-only mode    
Insecure form warnings on iOS    
Remove policy used for legacy same site behavior    
X25519Kyber768 key encapsulation for TLS    
UI Automation accessibility framework provider on Windows    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Snap Groups    
Data processor mode: EU-wide rollout    
Privacy Hub: Geolocation    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Chrome browser managed profile reporting     
Admin console widget for data controls    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome Enterprise and Education release notes are published in line with the Chrome release schedule, on the Early Stable date for Chrome browser.

Chrome browser updates

   

  • App-bound encryption for cookies back to top 

    To improve the security of cookies on Windows, the encryption key used for cookie encryption will be further secured by binding it to Chrome's application identity. This can help protect against malware running at the same privilege as Chrome that might attempt to steal cookies from the system. This does not protect against an attacker who is able to elevate privilege or inject into Chrome's processes.

    App-bound Encryption strongly binds encryption keys to the local machine so customers who are using Chrome with roaming profiles may want to consider disabling this security feature otherwise cookies will not be portable between workstations.

    An enterprise policy, ApplicationBoundEncryptionEnabled, is available to disable application-bound encryption.

    • Chrome 127 on Windows
     

   

   

  • Enhanced Safe Browsing promos on iOS back to top 

    In Chrome 127, users who do not already have Enhanced Safe Browsing enabled see an infobar promoting Enhanced Safe Browsing on the Safe Browsing warning page. We also show a promotion for Enhanced Safe Browsing on the Chrome settings page, for users who do not already have Enhanced Safe Browsing enabled. These promos are not shown to users when the SafeBrowsingProtectionLevel enterprise policy is set to any value.

    • Chrome 127 on iOS
     

   

  • Entrust certificate distrust back to top 

    In response to sustained compliance failures, Chrome 127 changes how publicly-trusted TLS server authentication, that is, website or certificates issued by Entrust, are trusted by default. This applies to Chrome 127 and later on Windows, macOS, ChromeOS, Android, and Linux; iOS policies do not allow use of the Chrome Root Store in Chrome for iOS.

    Specifically, TLS certificates validating to the Entrust root CA certificates included in the Chrome Root Store and issued:

        - after October 31, 2024, will no longer be trusted by default.

        - on or before October 31, 2024, will be unaffected by this change. 

    If a Chrome user or an enterprise explicitly trusts any of the affected Entrust certificates on a platform and version of Chrome relying on the Chrome Root Store, for example, when explicit trust is conveyed through a Windows Group Policy Object, the Signed Certificate Timestamp (SCT) constraints described above will be overridden and certificates will function as they do today.  

    For additional information and testing resources, see Sustaining Digital Certificate Security - Entrust Certificate Distrust.

    To learn more about the Chrome Root Store, see this FAQ.

    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: All versions of Chrome 127 and higher that rely on the Chrome Root Store will honor the blocking action, but the blocking action will only begin for certificates issued after October 31, 2024.
    • Chrome 130 on ChromeOS, Linux, Mac, Windows: The blocking action will begin for certificates issued after October 31, 2024. This will also affect Chrome 127, 128 and 129.
     

   

  • Generating insights for DevTools Console warnings and errors back to top 

    In Chrome 127, this Generative AI (GenAI) feature becomes available for managed Chrome Enterprise and Education users in supported regions:  Generating insights for Chrome DevTools Console warnings and errors. These insights provide a personalized description and suggested fixes for the selected errors and warnings. Admins can control this feature by using the DevToolsGenAiSettings policy.

    • Chrome 125 on ChromeOS, Linux, Mac, Windows: Feature becomes available to unmanaged users globally, except Europe, Russia, and China. 
    • Chrome 127 on ChromeOS, Linux, Mac, Windows: Feature becomes available to managed Chrome Enterprise and Education users in supported regions.
     

   

  • HTTPS-First Mode in Incognito back to top 

    Starting in Chrome 127, as part of Chrome's move towards HTTPS by default, HTTPS-First Mode is enabled by default in Incognito mode. Users will see a warning before they navigate to sites over insecure HTTP. This can be controlled using the existing enterprise policies HttpsOnlyMode and HttpAllowlist

    • Chrome 127 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows
     

   

  • Migrate extensions to Manifest V3 before June 2025 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. Beginning June 2024, starting with Chrome 127 pre-stable versions, Chrome begins to gradually disable Manifest V2 extensions running in the browser. 

    You can use the ExtensionManifestV2Availability policy to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Enterprise Core. Read more on the Manifest timeline, including: 

     
    • Chrome 127 on ChromeOS, Windows, Mac, Linux: Chrome will gradually disable Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.
     

   

  • Policy to configure ACG for browser process back to top 

    A new policy called DynamicCodeSettings is available in Chrome 127. Setting this policy to '1' switches on Arbitrary Code Guard (ACG) for the browser process. ACG prevents dynamic code being generated from within the browser process, which can help prevent potentially hostile code making unauthorized changes to the behavior of the browser process.

    Switching on ACG might cause compatibility issues with third-party software that must run inside the browser process.

    • Chrome 127 on Windows
     

   

  • Simplified sign-in and sync experience on Android back to top 

    Chrome 127 launches a simplified and consolidated version of sign-in and sync in Chrome on Android. Chrome sync is no longer shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As in earlier releases, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be turned off via SyncTypesListDisabled. Sign-in to Chrome can still be disabled via BrowserSignin.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

    The changes are virtually identical to the simplified sign-in and sync experience launched on iOS in 117.

    • Chrome 127 on Android
     

   

  • Additional Safe Browsing telemetry about pages back to top 

    When an Enhanced Safe Browsing user visits a page that triggers vibration, keyboard or pointer lock API, attributes of that page are now sent to Safe Browsing. If the telemetry is sent and the page seems to be malicious, users see a Safe Browsing warning and their keyboard or pointer is unlocked, if they were locked. If you'd like your users to avail of this feature, set MetricsReportingEnabled to true and set the SafeBrowsingProtectionLevel policy to 2.

    • Chrome 127 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia 
     

   

  • Updated password management experience on Android back to top 

    On Chrome on Android, some users who are signed-in to Chrome but don't have Chrome sync enabled can now use and save passwords in their Google Account. Relevant policies such as BrowserSignin, SyncTypesListDisabled and PasswordManagerEnabled continue to work as before and can be used to configure whether users can use and save passwords in their Google Account.

    • Chrome 127 on Android
     

   

  • Watermarking back to top 

    This feature allows admins to overlay a watermark on top of a webpage if navigating to it triggers a specific Data loss Prevention (DLP) rule. It will contain a static string displayed as the watermark. Watermarking is available to Chrome Enterprise Premium customers only. 

    • Chrome 124 on Linux, Mac, Windows: Trusted Tester access
    • Chrome 127 on Linux, Mac, Windows: Feature rolls out
     

   

  • Automatic Fullscreen content setting back to top 

    A new Automatic Fullscreen content setting permits Element.requestFullscreen() without a user gesture, and permits browser dialogs to appear without exiting fullscreen.

    The setting is blocked by default and sites cannot prompt for permission. New UI controls are limited to Chrome's settings pages (chrome://settings/content/automaticFullScreen) and the site info bubble. Users can allow Isolated Web Apps, and admins can allow additional origins with the AutomaticFullscreenAllowedForUrls policy. 

    Combined with Window Management permission and unblocked popups (chrome://settings/content/popups), this unlocks valuable fullscreen capabilities:

    - Open a fullscreen popup on another display, from one gesture

    - Show fullscreen content on multiple displays from one gesture

    - Show fullscreen content on a new display, when it's connected

    - Swap fullscreen windows between displays with one gesture

    - Show fullscreen content after user gesture expiry or consumption

    • Chrome 127 on Windows, Mac, Linux
     

   

  • Deprecate mutation events back to top 

    Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. In Chrome 124, a temporary enterprise policy, MutationEventsEnabled, was introduced to re-enable deprecated or removed mutation events. 

    Starting in Chrome 127, mutation event support is disabled by default , from around July 30, 2024. Code should be migrated before that date to avoid site breakage. If more time is needed, there are a few options:

    • The Mutation Events Deprecation Trial can be used to re-enable the feature for a limited time on a given site. This can be used through Chrome 134, ending March 25, 2025.
    • A MutationEventsEnabled enterprise policy can also be used for the same purpose, also through Chrome 134.

    For more details,  see this post on the Chrome developer blog. You can report any issues on the Chromium issue tracker.

    • Chrome 127 on Windows, Mac, Linux, Android
     

   

  • Keyboard-focusable scroll containers back to top 

    Chrome 127 improves accessibility by making scroll containers focusable using sequential focus navigation. 

    In previous releases, the tab key did not focus scrollers unless tabIndex was explicitly set to 0 or more.

    By making scrollers focusable by default, users who can't (or don't want to) use a mouse can now focus clipped content using keyboard tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

    • Chrome 127 on Windows, Mac, Linux, Android
     

   

  • Support for not condition in ServiceWorker static routing API back to top 

    The ServiceWorker static routing API is an API used for routing the request to the network, the ServiceWorker fetch handler, or directly looking up from cache, and so on. Each route consists of a condition and a source, and the condition is used for matching the request.

    For Chromium implementations, the or condition is only the supported condition. However, to write the condition more flexibly, supporting the not condition is expected, which matches the inverted condition inside.

    • Chrome 127 on Windows, Mac, Linux, Android

   

   

ChromeOS updates

   

  • Chrome Enterprise Premium for file transfers on ChromeOS back to top

    Chrome Enterprise Premium is a zero trust solution that enables secure access to applications and resources, and offers integrated threat and data protection.

    We are now allowing organizations to extend Chrome Enterprise Premium’s powerful scanning and content and context-based protection to local files on ChromeOS. 

    For example, a misplaced file containing Social Security numbers is instantly blocked when a user attempts to copy it to an external drive, safeguarding this confidential information.

    For more details, see Protect Chrome users with Chrome Enterprise Premium; this article contains detailed guidance for both IT administrators and users.

   

  • ChromeOS Video Conferencing: DLC States for features back to top

    ChromeOS 127 introduces a visual enhancement for Downloadable Content (DLC) in the video control panel. This release now adds status indicators for Noise Cancellation, Live Captions, Relighting, and Blur. 

   

  • Audio Bluetooth Telephony back to top

    ChromeOS now supports call control buttons on compatible Bluetooth headsets, including answering, rejecting or terminating a call, and muting the microphone.

   

  • OCR on Backlight back to top

    ChromeOS is launching a PDF OCR AI reader on Gallery, enabling reading for inaccessible documents, further filling the gap in accessibility for low vision and blind users that use a screen reader. ChromeOS leverages its machine learning models to extract, compartmentalize, and section PDF documents to make them more accessible on the Gallery app for ChromeVox users.

   

  • Firmware update app: Update Instructions for peripheral devices back to top

    The Firmware Updates app on ChromeOS now supports updating peripherals that require user action during the update, for example, unplugging and re-plugging the peripheral. When an update is available for one of these devices, the user will be guided with clear, step-by-step instructions. For most existing peripherals, the update experience remains unchanged. 

 

   

  • Read aloud in Reading Mode back to top

    As early as ChromeOS 127, Read Aloud will bring Google's high quality voices to Chrome Reading Mode for users to leverage Text to Speech to read content on the web. The goal of Read Aloud is to help people who have difficulty reading to understand long-form text. The new Read Aloud feature in Reading Mode on Chrome desktop allows users to hear the text they are reading, which improves focus and comprehension.

   

  • Classroom Glanceables back to top

    Students can now quickly view and access their upcoming Classroom assignments one click away on their Chromebook home screen. Users can see this new feature if they are logged into a Chromebook with an account where they are enrolled in active courses in Google Classroom. Users can find this feature by clicking on the date chip on the shelf of their Chromebook if they are logged into an account, where they will see the new panel which can view lists of their upcoming, due, missing and completed assignments.

   

  • PDF Page deletion and reordering back to top

    The Gallery app in ChromeOS now supports more options for editing PDF pages. You can now delete or reorder pages within a PDF via mouse or by using keyboard shortcuts. 

    PDF page deletion:

     

    PDF page reorder: 

↑ back to top  

Admin console updates

   
  • Configure ChromeOS User & browser settings with Google groups   back to top

    Admins can now use Google groups to manage ChromeOS User & browser settings in the Admin console and API. Admins can use new or existing Google Groups to configure User & browser settings in their organizations. When admins need to configure a policy for a specific set of users–who might belong to different organizational units (OUs)–they can use the flexibility of groups without needing to reconfigure their OUs.  To learn more, see Managing group-based policies.

    Today, the majority of user settings are configurable by Groups, with most of the remaining settings available in the coming months. Available settings are automatically filtered and displayed when admins select a particular group.  

 

   
  • Add managed browsers to groups for group-based policy management   back to top

    Admins can now add managed Chrome browsers to Google groups, thereby allowing them to specify User & browser policies and extension settings for a group of browsers. Managed browsers can be assigned to multiple groups, which allows IT administrators to have more flexibility to manage Chrome browsers using cloud management.

    Admin console groups  
   
  • Filter for popular and recently added settings with policy tags   back to top

    The Admin console now provides options to filter settings by recently added and popular. With these new filters, you’ll be able to see our newest settings as well as see some of our most popular and relevant Chrome settings. 

     

     
   
  • Revamped ChromeOS device list and details   back to top

    The Admin console devices page redesigned with a proactive and actionable notification for your fleet of devices. 

    Notifications module: Easily identify and address device issues with the new Notifications module, providing an overview of ongoing problems in your fleet.

    Centralized dashboards:  Quickly access all the information and reports you need about your fleet, all in one convenient location – the Dashboards tab.

    Revamped device list page: Find more detailed information about your devices with new tabs (General, OS, Hardware, Network, and Policy), device-specific notifications, and a new card design for improved readability.

     

     

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

    

  • Isolated Web Apps back to top 

    Isolated Web Apps (IWAs) are an extension of existing work on PWA installation and Web Packaging that provide stronger protections against server compromise and other tampering that is necessary for developers of security-sensitive applications.

    Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more of the potential methods described in the explainer.

    In this initial release IWAs will only be installable through an admin policy on enterprise-managed ChromeOS devices.

    • Chrome 128 on ChromeOS
 

    

  • Rust JSON parser back to top 

    As early as Chrome 128, Chrome will parse JSON using Rust, rather than C++. This will remove the risk of memory safety vulnerabilities in the JSON parser, improving security. This change should be transparent to users. There is a small risk that some invalid JSON (which Chrome currently accepts) no longer being accepted, although the Rust parser remains extremely lenient.

    • Earliest Chrome 128: Chrome will parse JSON using Rust
 

    

  • Clear device data on sign out on iOS back to top 

    Starting in Chrome 128, signing out from a managed account in an unmanaged browser will delete browsing data that is saved on the device. Managed users will be presented a confirmation dialog on sign-out explaining that the data will be cleared. Data will be cleared only from the time of sign-in, otherwise all data will be cleared; time of sign-in is only known if the user signed in on Chrome 122 or later.

    The data that will be deleted includes: 

    • browsing history
    • cookies and site data
    • passwords
    • site settings
    • autofill
    • cached images and files
     
    • Chrome 128 on iOS

     

    

  • Attribution tags for Search Engine back to top 

    As part of our Digital Markets Act (DMA) compliance, Google is introducing choice screens for users to choose their default search engine within Chrome. The choice from the prompt controls the default search engine setting, currently available at chrome://settings/search.

    Selections from this screen will have their search URL appended with an attribution tag for use by third party search engines to attribute traffic from selections originating from the search engine choice screen. This change will not be applied for Education-configured organizations or Enterprises with metrics or usage statistics turned off.

    For enterprises that have chosen to have their administrator set their enterprise users’ search settings using the enterprise policies DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, those policies continue to control their enterprise search settings. Where the administrator has not set their enterprise users’ search settings by policy, enterprise users might see a prompt to choose their default search engine within Chrome.

    Read more about these policies and the related atomic group.

    • Chrome 128 on Android, iOS, ChromeOS, LaCrOS, Linux, Mac, Windows
 

    

  • Tab Groups on iPad back to top 

    Chrome for iPad users can create and manage tab groups. This helps users stay organized, reduce clutter and manage their tasks more efficiently.

    • Chrome 128 on iOS
 

    

  • Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies back to top 

    Chrome 128 adds a cross-site ancestor bit to the keying of the partitioned cookie's CookiePartitionKey. This change unifies the partition key with the partition key values used in storage partitioning and adds protection against clickjacking attacks by preventing cross-site embedded frames from having access to the top-level-site's partitioned cookies.

    If an enterprise experiences any breakage with embedded iframes, they can use the CookiesAllowedForUrls policy or use SameSite=None cookies without the Partitioned attribute and then invoke the Storage Access API (SAA) to ensure that embedded iframes have access to the same cookies as the top level domain. 

    • Chrome 128 on Windows, Mac, Linux
 

    

  • Rename position-try-options to position-try-fallbacks back to top 

    The CSS working group (CSSWG) resolved to rename this property, because fallbacks more accurately describe what this property controls. The word options is a bit unclear, since the styles outside of `position-try` blocks will be tested first, and if they result in a layout that fits within the containing block, none of the options will get used. So fallbacks is a better word to describe this behavior. For more details, see Github.

    • Chrome 128 on Windows, Mac, Linux, Android
 

    

  • Ad-hoc code signatures for PWA shims on macOS back to top 

    Code signatures for the application shims that are created when installing a Progressive Web App (PWA) on macOS are changing to use ad-hoc code signatures that are created when the application is installed. The code signature is used by macOS as part of the application's identity. These ad-hoc signatures will result in each PWA shim having a unique identity to macOS; currently every PWA looks like the same application to macOS.

    This will address problems when attempting to include multiple PWAs in the macOS Open at Login preference pane, and will permit future improvements for handling user notifications within PWAs on macOS.

    • Chrome 129 on Mac
 

    

  • Chrome will no longer support macOS 10.15 back to top 

    Chrome will no longer support macOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 will no longer support macOS 10.15.

    • Chrome 129 on Mac: Chrome no longer supports macOS 10.15
 

    

  • Deprecate Safe Browsing Extended reporting back to top 

    Safe Browsing Extended reporting is a feature that enhances the security of all users by collecting telemetry information from participating users that is used for Google Safe Browsing protections. The data collected includes URLs of visited web pages, limited system information, and some page content. However, this feature is now superseded by Enhanced protection mode. We suggest users switch to Enhanced protection to continue providing security for all users in addition to enabling the strongest security available in Chrome. For more information, see Safe Browsing protection levels

     

     
    • Chrome 129 on Android, iOS, ChromeOS, Linux, Mac, Windows: Deprecation of Safe Browsing Extended Reporting
 

    

  • Deprecation of non-standard declarative shadow DOM serialization back to top 

    The prototype implementation, which was shipped in 2020 and then updated in 2023, contained a method called `getInnerHTML()` that could be used to serialize DOM trees containing shadow roots. That part of the prototype was not standardized with the rest of declarative shadow DOM, and has only recently reached spec consensus (for details, see Github). As part of that consensus, the shape of the getInnerHTML API changed.

    This feature represents the deprecation of the previously shipped `getInnerHTML()` method. The replacement is called `getHTML()`, which shipped in Chrome 125. For details, see this ChromeStatus feature description.

    • Chrome 129 on Windows, Mac, Linux, Android
 

    

  • Deprecate the includeShadowRoots argument on DOMParser back to top 

    The includeShadowRoots argument was a never-standardized argument to the DOMParser.parseFromString() function, which was there to allow imperative parsing of HTML content that contains declarative shadow DOM. This was shipped in Chrome 90 as part of the initial shipment of declarative shadow DOM. Since the standards discussion rematerialized in 2023, the shape of DSD APIs changed, including this feature for imperative parsing. To read more, see details of the context on the related standards, and information is also available on the related deprecations of shadow DOM serialization and shadow root attribute.
    Now that a standardized version of this API, in the form of setHTMLUnsafe() and parseHTMLUnsafe() shipped in Chrome 124, the non-standard includeShadowRoots argument needs to be deprecated and removed. All usage should shift accordingly:
    Instead of:
      (new DOMParser()).parseFromString(html,'text/html',{includeShadowRoots: true});
    This can be used instead:
      document.parseHTMLUnsafe(html);

    • Chrome 129 on Linux, Mac, Windows, Android
 

    

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions. You can use the Chromium bug tracker to report any issues you encounter.

    • Chrome 130 on Windows: Network Service sandboxed on Windows
 

    

  • Third-party cookie access in Chrome back to top

    On 22 July 2024, we announced a new path forward for the Privacy Sandbox on the web. Instead of deprecating third-party cookies, we plan to introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing. They would be able to adjust that choice at any time. We're discussing this new path with regulators, and will engage with the industry as we roll this out. 


    For more details, see this Privacy Sandbox update.
 

    

  • User Link capturing on PWAs back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

    • Chrome 121 on Linux, Mac, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 130 on Linux, Mac, Windows: Launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if the user clicks on chip on address bar).

     

    

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website A navigates to another site B in the user's private network, this feature does the following:

    1. Checks whether the request has been initiated from a secure context.

    2. Sends a preflight request, and checks whether B responds with a header that allows private network access.

    There are already features for subresources and workers, but this one is for navigation requests specifically. These checks protect the user's private network.  

    Since this feature is the warning-only mode, we do not fail the requests if any of the checks fail. Instead, a warning will be shown in the DevTools console, to help developers prepare for the coming enforcement.

    • Chrome 130 on Windows, Mac, Linux, Android
 

    

  • Insecure form warnings on iOS back to top 

    Chrome 125 started to block form submissions from secure pages to insecure pages on iOS. When Chrome detects an insecure form submission, it now displays a warning asking the user to confirm the submission. The goal is to prevent leaking of form data over plain text without user's explicit approval. A policy InsecureFormsWarningsEnabled is available to control this feature, and will be removed in Chrome 130.

 

    

 

    

  • X25519Kyber768 key encapsulation for TLS back to top 

    Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This protects network traffic from Chrome with servers that also support ML-KEM from decryption by a future quantum computer. This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. This cipher will be used for both TLS 1.3 and QUIC connections.

    However, some TLS middleboxes might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through the end of 2024. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. Post-quantum cryptography is required for CSNA 2.0.

    For more detail, see this Chromium blog post.

    • Chrome 124 on Windows, Mac, Linux
    • Chrome 135 on Android
 

    

  • UI Automation accessibility framework provider on Windows back to top 

    Starting in Chrome 126, Chrome will start directly supporting accessibility client software that uses Microsoft Windows's UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome by way of a compatibility shim in Microsoft Windows. This change is being made to improve the accessible user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and will improve third-party apps that use Windows's UI Automation accessibility framework. Users of Chrome will find reduced memory usage and processing overhead when used with accessibility tools. It will also ease development of software using assistive technologies.

    Administrators might use the UiAutomationProviderEnabled enterprise policy, available from Chrome 125, to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they may fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider.

    • Chrome 125 on Windows:The UiAutomationProviderEnabled policy is introduced so that administrators can enable Chrome's UI Automation accessibility framework provider and validate that third-party accessibility tools continue to work.
    • Chrome 126 on Windows: The Chrome variations framework will be used to begin enabling Chrome's UI Automation accessibility framework provider for users. It will be progressively enabled to the full stable population, with pauses as needed to address compatibility issues that can be resolved in Chrome. Enterprise administrators may continue to use the UiAutomationProviderEnabled policy to either opt-in early to the new behavior, or to temporarily opt-out through Chrome 136.
    • Chrome 137 on Windows: The UiAutomationProviderEnabled policy will be removed from Chrome. All clients will use the browser's UI Automation accessibility framework provider.

 

Upcoming ChromeOS changes

   

  • Snap groups on ChromeOS back to top 

    As early as ChromeOS 127, Snap groups will allow you to group windows on ChromeOS. A snap group is formed when a user pairs two windows for a split-screen. The windows can then be brought back together, resized simultaneously, or moved as a group.

   

  • Data processor mode: EU-wide rollout back to top 

    In ChromeOS 128, new data processor mode features and ChromeOS terms will be made available to the entire EU through the Google Admin console. For more details, see Overview of ChromeOS data processor mode

    As a ChromeOS administrator, you’ll have the option to activate Data processor mode, which covers  a set of ChromeOS features and services referred to as Essential Services.

   

  • Privacy Hub: Geolocation back to top 

    As early as ChromeOS 128, we will make privacy on Chromebooks easier to manage by adding the ability to control geolocation access to the privacy controls page. Users will be able to set geolocation access to Allowed, System Only, or Blocked depending on their preference. 

    We will allow users to block all apps or websites, or entire systems access to geolocation regardless of previously granted permissions, and provide users easy to use controls to re-enable them whenever it would be helpful.

Upcoming Admin console changes

   

  • Chrome browser managed profile reporting back to top

    Chrome Enterprise Core will introduce new Chrome browser managed profile reporting in the Admin console. This feature will provide a new Managed profile listing and detail pages. On these pages, IT administrators will be able to find reporting information on managed profiles such as profile details, browser versions, policies applied, and more.

    • Chrome 130 on Android, Linux, Mac, Windows

   

  • Admin console widget for data controls back to top

    A new settings widget in the Admin console allows users to configure data controls policies for specific URLs. 

    • Chrome 128 on ChromeOS, Linux, Mac, Windows

↑ back to top  

Chrome 126

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Third-Party Cookie Deprecation (3PCD)     
Extract text from PDFs for screen reader users     
Memory Saver aggressiveness     
Out of process iframe PDF viewer    
Reactive prefetch on Desktop    
Tab Groups on iPad    
UI Automation accessibility framework provider on Windows    
Removing support for UserAgentClientHintsGREASEUpdateEnabled  
Align navigator.cookieEnabled with spec    
Search with Google Lens     
New and updated policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Extended auto-update opt-in    
Digital zoom with super resolution    
Set up new Chromebook with Android phone    
Instant Hotspot    
Enhanced firmware updates  
Web apps to capture multiple surfaces    
Captive portal for managed networks  
Turn off overscroll behavior    
Turn off cursor blink rate    
Magnifier can follow Select to Speak focus    
Supervised user extensions installation flow    
Multi-calendar support    
New policy to control Kiosk wake and sleep times    
Locale expansion for Live Captions and Dictation    
Show wildcard URLs in Data Controls reporting    
Admin console updates Security/ Privacy User productivity/ Apps Management
Custom configurations for IT admins    
Interactive setup guides for Chrome Enterprise Core    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Entrust certificate distrust    
App-bound encryption for cookies    
Chrome extension telemetry integration with Chronicle    
Generating insights for DevTools console warnings and errors    
Migrate extensions to Manifest V3 before June 2025
Network Service on Windows will be sandboxed    
Simplified sign-in and sync experience on Android    
Telemetry about pages that trigger keyboard and pointer Lock APIs    
Updated password management experience on Android  
Watermarking    
Automatic fullscreen content setting    
Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies    
Deprecate mutation events    
Keyboard-focusable scroll containers    
Support for not condition in Service Worker static routing API    
Ad-hoc code signatures for PWA shims on macOS    
Deprecate Safe Browsing Extended reporting    
Chrome will no longer support macOS 10.15  
User link capturing on PWAs  
Deprecate the includeShadowRoots argument on DOMParser    
Insecure form warnings on iOS    
Private network access checks for navigation requests: warning-only mode    
Remove enterprise policy used for legacy same site behavior    
X25519Kyber768 key encapsulation for TLS    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Snap Groups    
Read Aloud in Reading Mode    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Filter for popular and recently added settings with policy tags    
Chrome browser managed profile reporting    
Group based policy for Chrome browser    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome Enterprise and Education release notes are published in line with the Chrome release schedule, on the Early Stable date for Chrome browser.

Chrome browser updates

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    Third party cookies will be restricted in a future release of Chrome. Currently, they are restricted by default for 1% of Chrome users to allow sites to preview the user experience without third-party cookies. Most enterprises are excluded from this group automatically and admins can use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies if needed.

    End users can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site when necessary. See this help article for more details on how to toggle these settings for the desired configuration. Bounce tracking protections are enforced when the bouncing site is not permitted to use 3P cookies, and are controllable with the same policies. Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, macOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • Extract text from PDFs for screen reader users back to top 

    Chrome browser now launches an optical character recognition (OCR) AI reader for PDFs, creating a built-in PDF screen reader for inaccessible documents, further filling the gap in accessibility for low vision and blind users across the web.

    This feature leverages Google's OCR models to extract, compartmentalize, and section PDF documents to make them more accessible. A local machine intelligence library will be added that uses Screen AI technology to analyze screenshots or the accessibility tree, and extract more information to help assistive technology, such as texts (OCR) and main content of the page.

    Extract text from PDF

    • Chrome 126 on ChromeOS, Linux, Mac, Windows: Already fully launched on ChromeOS. Ramping up from 50% Canary/Dev/Beta to Stable on Linux, Mac, and Windows.

   

  • Memory Saver aggressiveness back to top 

    Memory Saver is a feature that deactivates unused tabs to free up memory on a user's device. There is an existing policy, HighEfficiencyModeEnabled, which allows administrators to control the Memory Saver feature. A new policy called MemorySaverModeSavings allows you to configure how aggressive the Memory Saver is when deciding to deactivate tabs. Choose the conservative option to deactivate fewer tabs or the aggressive one to get the most memory savings.

    • Chrome 126 on ChromeOS, LaCrOS, Linux, Mac, Windows: The feature will roll out gradually to all platforms.

   

  • Out of process iframe PDF viewer back to top 

    In Chrome 126, some users use an out-of-process iframe (OOPIF) architecture for the PDF viewer. This is the new PDF viewer architecture, as it is simpler and makes adding new features easier. An enterprise policy, PdfViewerOutOfProcessIframeEnabled, is available to revert to using the original PDF viewer architecture.

    • Chrome 126 on Linux, Mac, Windows

   

  • Reactive prefetch on Desktop back to top 

    This feature enables prefetching of subresources during a navigation, to speed up navigations and load new pages faster. The subresources prefetched are predicted by a Google-owned service, and the browser shares the URL of pages being navigated to with this service, to retrieve predictions. You can control this feature using the UrlKeyedAnonymizedDataCollectionEnabled policy.

    • Chrome 126 on ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • Tab Groups on iPad back to top 

    Chrome for iPad users can create and manage tab groups. This helps users stay organized, reduce clutter and manage their tasks more efficiently.

    • Chrome 126 on iOS

   

  • UI Automation accessibility framework provider on Windows back to top 

    Starting in Chrome 126, Chrome starts to directly support accessibility client software that uses Microsoft Windows's UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome using a compatibility shim in Microsoft Windows. This change improves the user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and it improves third-party apps that use Windows's UI Automation accessibility framework. Chrome users now find reduced memory usage and processing overhead when using accessibility tools. It also eases development of software using assistive technologies.
    Administrators can use the UiAutomationProviderEnabled enterprise policy, introduced in Chrome 125, to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they can fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider.

    • Chrome 125 on Windows: The UiAutomationProviderEnabled policy is introduced so that administrators can enable Chrome's UI Automation accessibility framework provider and validate that third-party accessibility tools continue to work.
    • Chrome 126 on Windows: The Chrome variations framework will be used to begin enabling Chrome's UI Automation accessibility framework provider for users. It will be progressively enabled to the full stable population, with pauses as needed to address compatibility issues that can be resolved in Chrome. Enterprise administrators may continue to use the UiAutomationProviderEnabled policy to either opt-in early to the new behavior, or to temporarily opt-out through Chrome 136.
    • Chrome 137 on Windows: The UiAutomationProviderEnabled policy will be removed from Chrome. All clients will use the browser's UI Automation accessibility framework provider.

   

  • Removing support for UserAgentClientHintsGREASEUpdateEnabled back to top 

    Chrome 126 removes the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year.

    • Chrome 124 on Android, ChromeOS, Linux, Mac, Windows: Policy is deprecated
    • Chrome 126 on Android, ChromeOS, Linux, Mac, Windows: Policy is removed

   

  • Align navigator.cookieEnabled with spec back to top 

    navigator.cookieEnabled currently indicates if the user agent attempts to handle cookies in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled or disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible.

    • Chrome 126 on Windows, Mac, Linux, Android

   

  • Search with Google Lens back to top 

    As early as Chrome 126, users will be able to search any images or text they see on their screen with Google Lens. To use this feature, go to a website and click Search with Google Lens on the on-focus omnibox chip, on the right-click menus, or on the 3-dot menu. Users can click, highlight, or drag anywhere on the screen to search its contents, and refine their search by adding keywords or questions to the searchbox. Admins can control the feature through a policy called LensOverlaySettings. To perform the search, a screenshot of the screen is sent to Google servers but it is not linked to any IDs or accounts, it is not viewed by any human, and data about its contents is not logged. 

    We are rolling out this feature gradually in Chrome 126 and we plan to launch fully in Chrome 127.

    • Chrome 126 on ChromeOS, Linux, Mac, Windows: Rollout of the feature at 1% Stable and LensOverlaySettings becomes available
    • Chrome 127: Rollout to 100% stable

   

ChromeOS updates

   

  • Extended auto-update opt-in and policy back to top

    ChromeOS provides 10 years of OS updates for security, stability, and performance improvements. Most devices will receive these updates automatically. For a subset of older devices, users and administrators can now opt in to extended updates to get a full 10 years of support. 

    For details, see our Help Center article.

   

  • Digital zoom with super resolution back to top

    The built-in Camera app now supports zooming on cameras that do not have optical zoom motors, including the built-in camera. On selected high-performance Chromebooks, AI-based super resolution may be applied to further enhance the images.

   

  • Set up new Chromebook with Android phone back to top

    You can now set up a new Chromebook using your Android phone. By establishing a secure connection between your phone and the Chromebook, you can automatically transfer your Wi-Fi and Google Account login information without needing to manually enter your passwords. This is available for unmanaged users only.

    Set up Chromebook

   

  • Instant Hotspot back to top

    ChromeOS 126 renames the Instant Tethering feature to Instant Hotspot.

   

  • Enhanced firmware updates back to top

    ChromeOS 126 supports firmware updates on a wide variety of additional peripherals. This significantly reduces the overhead and time needed to make new firmware updates available.

   

  • Web apps to capture multiple surfaces back to top

    Web apps can now capture multiple surfaces at once. This feature introduces a new API getAllScreensMedia() that allows developers to request several surfaces at once (instead of only one with getDisplayMedia()). This API auto-accepts capture requests, for managed sessions only, guarded by policies that have to be explicitly set by the device owners and with clear usage indicators so that users are aware of capturing at all times. For details, see our Help Center article.

   

  • Captive portal for managed networks back to top

    Given that captive portal detection is always disabled for managed networks, administrators are unable to configure the ChromeOS device to auto connect to captive portal networks or to detect that the captive portal exists. If they do make the captive portal network managed, users have to manually open a browser and connect to an HTTP site that can then be redirected to a portal sign in page. We’ve added a new policy, CaptivePortalAuthenticationIgnoresProxy, which allows admins to force portal detection.

    Captive portal

   

  • Turn off overscroll behavior  back to top

    A new setting is available to turn on and off the swipe gesture to navigate between pages. This feature is also known as overscroll or overscrolling pages. This setting is found under Settings > Accessibility > Cursor and touchpad > Use a swipe gesture to navigate between pages.

   

  • Turn off cursor blink rate back to top

    A new setting is available to turn off the blinking text cursor under Settings > Accessibility > Keyboard and text input > Text cursor blink rate. Customers with photosensitive seizure triggers and cognitive differences may want to turn off the blinking text cursor.

   

  • Magnifier to follow Select to Speak back to top

    Magnifier following Select to Speak is a feature designed for people who have low vision, but may be beneficial for anyone who enjoys reading text at larger sizes. When you read text aloud using Select to Speak, the screen magnifier will automatically follow the words, so you never lose your place. To try this out you can enable both Magnifier and Select to Speak in your settings. Zoom in to your preferred zoom level using Ctrl + Alt + Brightness up and Ctrl + Alt + Brightness down. Select the text you want to read out and press the Select to Speak play button, or Search + S. A setting is available under the Magnifier settings to adjust this behavior.

   

  • Supervised user extensions installation back to top

    For supervised accounts managed via Family Link, we are separating the parental control for Permissions for sites, extensions, and apps to give parents more granular control. Parents now have two options to choose from: Permissions for apps and Extensions. The impact on supervised accounts is that a parent can now allow extensions installations with or without approval. Previously, parents could block extensions but had no way to allow them without approval.

   

  • Multi-calendar support back to top

    We are launching multi-calendar support to allow users view all events from multiple calendars that they have selected within their Google Calendar.

    multi calendar

   

  • New policy to control Kiosk wake and sleep times back to top

    ChromeOS 126 introduces a new kiosk device policy that allows Admins to schedule when a device will wake and sleep. For more details, see Kiosk settings.

   

  • Locale expansion for Live Captions and Dictation back to top

    ChromeOS 126 expands support for  live captions from 1 to 6 languages and dictation from 1 to 18 locales. We now use a new voice recognition model that provides additional battery savings.

    Live captions on ChromeOS can be used on videos played with the Gallery player app, in YouTube, in Google Meet, in Zoom, or social media sites. To see or change your current live captions language, select Settings > Audio and captions > Live Caption > Manage languages.  For more information on live captions, see this Help Center article.

    Dictation is available on Google Docs, or in any other text input by enabling dictation in the taskbar, clicking the Mic button, and speaking. To see or change your dictation language, select Settings > Accessibility > Keyboard and text input > Dictation > Language.  For more information on dictation, see this Help Center article.

   

  • Show wildcard URLs in Data Controls reporting back to top

    ChromeOS Data Control rules allow admins to define source and destination URLs as a wildcard (*) value. ChromeOS data control events are reported under the Chrome audit report and can be viewed in the Admin console or other platforms through the Chrome Reporting Connector. When examining log events, the URL that triggered the rule is now reported, instead of the wildcard.

Admin console updates

   
  • Custom configurations for IT admins   back to top

    The Custom Configurations page allows IT admins to configure Chrome policies that are not yet in the Admin console, using JSON scripts. As a result, all Chrome policies are now configurable in Chrome Enterprise Core, either using the Settings page or the Custom Configurations page. You can also use the page to configure extension installation mode not supported in the Admin console, such as normal_installed. This feature is available for browsers enrolled at the machine-level. 

    • As early as Chrome 126 on Android, iOS, Linux, MacOS, Windows: Trusted Tester access
    • As early as Chrome 127 on Android, iOS, Linux, MacOS, Windows: Feature rolls out
   
  • Interactive setup guides for Chrome Enterprise Core   back to top

    The Chrome Enterprise team introduces new interactive setup guides for browser management in the Admin console, where administrators can choose a journey they’re interested in and get hands-on training in related Chrome setup guides. For example, the guides can be used to learn how to:

    • Create test organizational units
    • Turn on reporting
    • Enroll browsers
    • Apply browser policies
    • Configure extension settings
    • Create an admin user

    These guides are ideal for new administrators or for administrators who wish to learn new journeys.

    setup guides
    • As early as Chrome 126: Feature rolls out

 

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

    

  • Entrust certificate distrust back to top 

    In response to sustained compliance failures, Chrome is changing how publicly-trusted TLS server authentication, that is, website, certificates issued by Entrust will be trusted by default in Chrome 127 and greater on Windows, macOS, ChromeOS, Android, and Linux.  iOS policies do not allow use of the Chrome Root Store in Chrome for iOS.

    Specifically: 

    - TLS certificates validating to the Entrust root CA certificates included in the Chrome Root Store and issued:

        - after October 31, 2024, will no longer be trusted by default.

        - on or before October 31, 2024, will be unaffected by this change. 

    Should a Chrome user or enterprise explicitly trust any of the affected Entrust certificates on a platform and version of Chrome relying on the Chrome Root Store, for example, explicit trust is conveyed through a Windows Group Policy Object, the SCT-based constraints described above will be overridden and certificates will function as they do today.  

    For additional information and testing resources, see Sustaining Digital Certificate Security - Entrust Certificate Distrust.

    To learn more about the Chrome Root Store, see this FAQ.

    • Chrome 127 on Android, ChromeOS, Linux, Mac, Windows: All versions of Chrome 127 and higher that rely on the Chrome Root Store will honor the blocking action, but the blocking action will only begin for certificates issued after October 31, 2024.
    • Chrome 130 on ChromeOS, Linux, Mac, Windows: The blocking action will begin for certificates issued after October 31, 2024. This will also affect Chrome 127, 128 and 129.

    

  • App-bound encryption for cookies back to top 

    To improve the security of cookies on Windows, the encryption key used for cookie encryption will be further secured by binding it to Chrome's application identity. This can help protect against malware that might attempt to steal cookies from the system. This does not protect against an attacker who is able to elevate privilege or inject into Chrome's processes.

    An enterprise policy, ApplicationBoundEncryptionEnabled, is available to disable application-bound encryption.

    • Chrome 127 on Windows 

    

  • Chrome extension telemetry integration with Chronicle back to top 

    We plan to collect relevant extension telemetry data from within Chrome, for managed profiles and devices, and send it to Chronicle. Chronicle will analyze the data to provide insight and context on risky activity.

    • Chrome 127 on ChromeOS, LaCrOS, Linux, Mac, Windows

    

  • Generating insights for DevTools console warnings and errors back to top 
    In Chrome 125, a new Generative AI (GenAI) feature became available for unmanaged users:  Generating insights for Chrome DevTools Console warnings and errors. These insights provide a personalized description and suggested fixes for the selected errors and warnings. Initially, this feature is only available to users (18+) in English. Admins can control this feature by using the DevToolsGenAiSettings policy.
    • Chrome 125 on ChromeOS, Linux, Mac, Windows: Feature becomes available to unmanaged users globally, except Europe, Russia, and China.
    • Chrome 127 on ChromeOS, Linux, Mac, Windows: Feature becomes available to managed Chrome Enterprise and Education users in supported regions.

    

  • Migrate extensions to Manifest V3 before June 2025 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. Beginning June 2024, starting with Chrome 127 pre-stable versions, Chrome will gradually disable Manifest V2 extensions running in the browser. An enterprise policy, ExtensionManifestV2Availability , can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year, June 2025, at which point the policy will be removed.

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Enterprise Core. Read more on the Manifest timeline, including:

    • Chrome 127 on ChromeOS, LaCrOS, Linux, Mac, Windows: Chrome will gradually disable Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.

    

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions. You can report any issues you encounter.

    • Chrome 127 on Windows: Network Service sandboxed on Windows

    

  • Simplified sign-in and sync experience on Android back to top 

    Chrome will launch a simplified and consolidated version of sign-in and sync in Chrome on Android. Chrome sync will no longer be shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As before, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be turned off via SyncTypesListDisabled. Sign-in to Chrome can be disabled via BrowserSignin as before.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

    The changes are virtually identical to the simplified sign-in and sync experience launched on iOS in 117.

    • Chrome 127 on Android

   

  • Telemetry about pages that trigger keyboard and pointer Lock APIs back to top 

    When an Enhanced Safe Browsing user visits a page that triggers keyboard or pointer lock API, attributes of that page will be sent to Safe Browsing.

    If the telemetry is sent and the page seems to be malicious, users will see a Safe Browsing warning and their keyboard or pointer will be unlocked if they were locked.

    • Chrome 127 on Android, ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia

    

  • Updated password management experience on Android back to top 
    On Chrome on Android, some users who are signed-in to Chrome but don't have Chrome sync enabled will be able to use and save passwords in their Google Account. Relevant enterprise policies such as BrowserSignin, SyncTypesListDisabled and PasswordManagerEnabled will continue to work as before and can be used to configure whether users can use and save passwords in their Google Account.
    • Chrome 127 on Android

    

  • Watermarking back to top 

    This feature will allow admins to overlay a watermark on top of a web page if navigating to it triggers a specific DLP rule. It will contain a static string displayed as the watermark. Watermarking will be available to Chrome Enterprise Premium customers. 

    • Chrome 124 on Linux, Mac, Windows: Trusted Tester access
    • Chrome 127 on Linux, Mac, Windows: Feature rolls out

     

  • Automatic Fullscreen content setting back to top 

    A new Automatic Fullscreen content setting permits Element.requestFullscreen() without a user gesture, and permits browser dialogs to appear without exiting fullscreen.

    The setting is blocked by default and sites cannot prompt for permission. New UI controls are limited to Chrome's settings pages (chrome://settings/content/automaticFullScreen) and the site info bubble. Users can allow Isolated Web Apps, and enterprise admins can allow additional origins with the AutomaticFullscreenAllowedForUrls policy. 

    Combined with Window Management permission and unblocked popups (chrome://settings/content/popups), this unlocks valuable fullscreen capabilities:

    - Open a fullscreen popup on another display, from one gesture

    - Show fullscreen content on multiple displays from one gesture

    - Show fullscreen content on a new display, when it's connected

    - Swap fullscreen windows between displays with one gesture

    - Show fullscreen content after user gesture expiry or consumption

    • Chrome 127 on Windows, Mac, Linux

    

  • Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies back to top 

    Chrome 127 will add a cross-site ancestor bit to the keying of the partitioned cookie's CookiePartitionKey. This change unifies the partition key with the partition key values used in storage partitioning and adds protection against clickjacking attacks by preventing cross-site embedded frames from having access to the top-level-site's partitioned cookies.

    If an enterprise experiences any breakage with embedded iframes, they can use the CookiesAllowedForUrls policy or use SameSite=None cookies without the Partitioned attribute and then invoke the Storage Access API (SAA) to ensure that embedded iframes have access to the same cookies as the top level domain.

    • Chrome 127 on Windows, Mac, Linux

    

  • Deprecate mutation events back to top 

    Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. Starting in Chrome 124, a temporary enterprise policy, MutationEventsEnabled, will be available to re-enable deprecated or removed mutation events. If you encounter any issues, file a bug here.

    Mutation event support will be disabled by default starting in Chrome 127, around July 30, 2024. Code should be migrated before that date to avoid site breakage. If more time is needed, there are a few options:

    • The Mutation Events Deprecation Trial can be used to re-enable the feature for a limited time on a given site. This can be used through Chrome 134, ending March 25, 2025.
    • A MutationEventsEnabled enterprise policy can also be used for the same purpose, also through Chrome 134.

    Please see this blog post for more detail. Report any issues here.

    • Chrome 127 on Windows, Mac, Linux, Android

   

  • Keyboard-focusable scroll containers back to top 

    Making scroll containers focusable using sequential focus navigation greatly improves accessibility. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more.

    By making scrollers focusable by default, users who can't (or don't want to) use a mouse will be able to focus clipped content using a keyboard's tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

    • Chrome 127 on Windows, MacOS, Linux, Android

    

  • Support for not condition in Service Worker static routing API back to top 

    The Service Worker static routing API is an API used for routing the request to the network, the Service Worker fetch handler, or directly looking up from cache, and so on.  Each route consists of a condition and a source, and the condition is used for matching the request.

    For Chromium implementations, the or condition is the only supported condition.  However, to write the condition more flexibly, supporting the not condition is expected, which matches the inverted condition inside.

    • Chrome 127 on Windows, Mac, Linux, Android

    

  • Ad-hoc code signatures for PWA shims on macOS back to top 

    Code signatures for the application shims that are created when installing a Progressive Web App (PWA) on macOS are changing to use ad-hoc code signatures that are created when the application is installed. The code signature is used by macOS as part of the application's identity. These ad-hoc signatures will result in each PWA shim having a unique identity to macOS; currently every PWA looks like the same application to macOS.

    This will address problems when attempting to include multiple PWAs in the macOS Open at Login preference pane, and will permit future improvements for handling user notifications within PWAs on macOS.

    • Chrome 128 on Mac

    

  • Deprecate Safe Browsing Extended reporting back to top 

    Safe Browsing Extended reporting is a feature that enhances the security of all users by collecting telemetry information from participating users that is used for Google Safe Browsing protections. The data collected includes URLs of visited web pages, limited system information, and some page content. However, this feature is now superseded by Enhanced protection mode. We suggest users switch to Enhanced protection to continue providing security for all users in addition to enabling the strongest security available in Chrome. For more information, see Safe Browsing protection levels.

    safe browsing
    • Chrome 128 on Android, iOS, ChromeOS, Linux, Mac, Windows: Deprecation of Safe Browsing Extended reporting

    

  • Chrome will no longer support macOS 10.15 back to top 

    Chrome will no longer support macOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 will no longer support macOS 10.15.

    • Chrome 129 on Mac: Chrome no longer supports macOS 10.15

    

  • User link capturing on PWAs back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

    • Chrome 121 on Linux, MacOS, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 129 on Linux, Mac, Windows: Launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if the user clicks on chip on address bar).
    Link PWAs

    

  • Deprecate the includeShadowRoots argument on DOMParser back to top 

    The includeShadowRoots argument was a never-standardized argument to the DOMParser.parseFromString() function, which was there to allow imperative parsing of HTML content that contains declarative shadow DOM. This was shipped in Chrome 90 as part of the initial shipment of declarative shadow DOM. Since the standards discussion rematerialized in 2023, the shape of DSD APIs changed, including this feature for imperative parsing. To read more, see details of the context on the related standards, and information is also available on the related deprecations of shadow DOM serialization and shadow root attribute.
    Now that a standardized version of this API, in the form of setHTMLUnsafe() and parseHTMLUnsafe() will ship in Chrome 129, the non-standard includeShadowRoots argument needs to be deprecated and removed. All usage should shift accordingly:
    Instead of:
      (new DOMParser()).parseFromString(html,'text/html',{includeShadowRoots: true});
    This can be used instead:
      document.parseHTMLUnsafe(html);

    • Chrome 129 on Linux, Mac, Windows, Android

    

  • Insecure form warnings on iOS back to top 

    Chrome 125 blocks form submissions from secure pages to insecure pages on iOS. When Chrome detects an insecure form submission, it will display a warning asking the user to confirm the submission. The goal is to prevent leaking form data over plain text without user's explicit approval. A policy called InsecureFormsWarningsEnabled is available to control this feature.

    

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website A navigates to another site B in the user's private network, this feature does the following:

    1. Checks whether the request has been initiated from a secure context

    2. Sends a preflight request, and checks whether B responds with a header that allows private network access.

    There are already features for subresources and workers, but this one is for navigation requests specifically.

    These checks protect the user's private network. Since this feature is the warning-only mode, we do not fail the requests if any of the checks fail. Instead, a warning will be shown in the DevTools, to help developers prepare for the coming enforcement.

    • Chrome 130 on Windows, Mac, Linux, Android

    

  • Remove enterprise policy used for legacy same site behavior back to top 

    In Chrome 79, we introduced the InsecureFormsWarningsEnabled policy to revert the SameSite behavior of cookies to legacy behavior on the specified domains. The LegacySameSiteCookieBehaviorEnabledForDomainList policy’s lifetime has been extended and will be removed on the milestone listed below.

    

  • X25519Kyber768 key encapsulation for TLS back to top 

    Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This protects network traffic from Chrome with servers that also support ML-KEM from decryption by a future quantum computer. This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. This cipher will be used for both TLS 1.3 and QUIC connections.

    However, some TLS middleboxes might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through the end of 2024. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. Post-quantum cryptography is required for CSNA 2.0.

    Please see this blog post for more detail.

    • Chrome 124 on Windows, Mac, Linux
    • Chrome 135 on Android

↑ back to top  

Upcoming ChromeOS changes

   

  • Snap groups on ChromeOS back to top 

    As early as ChromeOS 127, Snap groups will allow you to group windows on ChromeOS. A snap group is formed when a user pairs two windows for a split-screen. The windows can then be brought back together, resized simultaneously, or moved as a group.

   

  • Read aloud in Reading Mode back to top 

    As early as ChromeOS 127, Read Aloud will bring Google's high quality voices to Chrome Reading Mode for users to leverage Text to Speech to read content on the web. The goal of Read Aloud is to help people who have difficulty reading to understand long-form text. The new Read Aloud feature in Reading Mode on Chrome desktop allows users to hear the text they are reading, which improves focus and comprehension.

 

Upcoming Admin console changes

   

  • Filter for popular and recently added settings with policy tags back to top

    The Admin console will soon provide options to filter settings by recently added and popular. With these new filters, you’ll be able to see our newest settings as well as see some of our most popular and relevant Chrome settings.

    filter admin console
    • As early as Chrome 126 on Android, iOS, Linux, Mac, Windows: Trusted Tester access
    • As early as Chrome 127 on Android, iOS, Linux, Mac, Windows: Feature rolls out

   

  • Chrome browser managed profile reporting back to top
    Chrome Enterprise Core will introduce new Chrome browser managed profile reporting in the Admin console. This feature will provide a new Managed profile listing and detail pages. On these pages, IT administrators will be able to find reporting information on managed profiles such as profile details, browser versions, policies applied, and more.
    • As early as Chrome 127 on Android, Linux, MacOS, Windows: Early Trusted Tester access
    • As early as Chrome 130 on Android, iOS, Linux, MacOS, Windows: Feature rolls out

   

  • Group based policy for Chrome browser back to top

    As an administrator, you will be able to use Google groups to add managed Chrome browsers to groups and set User & browser policies and Extension settings to a group of browsers. Managed browsers can be assigned to multiple groups, which allows IT administrators to have more flexibility to manage Chrome browsers using cloud management.

    • As early as Chrome 126 on Android, Linux, MacOS, Windows: Trusted Tester access
    • As early as Chrome 127 on Android, iOS, Linux, MacOS, Windows: Feature rolls ou

Chrome 125

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Third-Party Cookie Deprecation (3PCD)     
Automatic deep file scanning for Enhanced Safe Browsing users    
Chrome Desktop support for Windows ARM64    
Chrome updater changes    
Chrome Security Insights
Chrome bandwidth updates    
Extensions Safety Check    
Insecure form warnings on iOS    
Legacy Browser Support for Edge upgraded to Manifest V3    
Remove enterprise policy used for Base URL inheritance    
Send download reports without explicit user decision  
Tab Groups on Tab Grid    
UI Automation accessibility framework provider on Windows    
Update Google Play Services to fix issues with account passwords    
Extending Storage Access API (SAA) to non-cookie storage    
Interoperable mousemove default action    
Remove window-placement alias for permission and permission policy descriptors    
Default Search Engine choice screen  
Generating insights for Chrome DevTools Console warnings and errors    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
SAML always-on VPN fix    
ChromeOS Passpoint settings    
ChromeOS Audio Bluetooth telephony    
Add PrivateIP to DoH with identifiers    
Gallery video playback speed control UI    
Reduce Animations toggle for ChromeOS    
Captive Portal sign-in window    
Install dialog for PWAs    
Warn users before disconnecting Bluetooth HID  
Admin console updates Security/ Privacy User productivity/ Apps Management
Inactive browser deletion in Chrome Enterprise Core  
ChromeOS device enrollment and token generation redesign    
New ZTE pre-provisioning token features    
Expanded token management features  
URL-keyed anonymized data collection in Managed Guest Session    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Deprecate Safe Browsing Extended reporting    
Extract text from PDFs for screen reader users    
Network Service on Windows will be sandboxed    
Removing support for UserAgentClientHintsGREASEUpdateEnabled    
Tab Groups on iPad    
Telemetry about pages that trigger keyboard and pointer Lock APIs    
Updated password management experience on Android  
Watermarking    
Align navigator.cookieEnabled with spec    
Automatic fullscreen content setting    
Keyboard-focusable scroll containers    
Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies    
App-bound encryption for cookies    
Chrome extension telemetry integration with Chronicle    
Migrate extensions to Manifest V3 before June 2025
Simplified sign-in and sync experience on Android    
Deprecate mutation events    
Remove enterprise policy used for legacy same site behavior    
User link capturing on PWAs  
X25519Kyber768 key encapsulation for TLS    
Chrome will no longer support macOS 10.15  
Deprecate the includeShadowRoots argument on DOMParser    
Private network access checks for navigation requests: warning-only mode    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
New policy to control Kiosk wake and sleep times    
Show wildcard URLs in Data Controls Reporting    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Policy parity: Custom Configurations for IT admins    
Interactive setup guides for Chrome Enterprise Core    
Legacy Technology report    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    Third party cookies will be restricted in a future release of Chrome. Currently, they are restricted by default for 1% of Chrome users to allow sites to preview the user experience without third-party cookies. Most enterprises are excluded from this group automatically and admins can use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies if needed.

    End users can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site when necessary. See this help article for more details on how to toggle these settings for the desired configuration. Bounce tracking protections are enforced when the bouncing site is not permitted to use 3P cookies, and are controllable with the same policies. Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, macOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • Automatic deep file scanning for Enhanced Safe Browsing users back to top 

    Deep scanning of downloads for Enhanced Safe Browsing users has been launched since Chrome 91. At that time, users had to consent to each file they wanted deep-scanned automatically. Starting in Chrome 125, users no longer have to do that. Deep scanning is performed automatically as part of the improved protections offered by Enhanced Safe Browsing. Admins wishing to disable this feature can ensure their users are not in Enhanced Safe Browsing mode at all with the SafeBrowsingProtectionLevel policy, or disable deep scans with SafeBrowsingDeepScanningEnabled

    • Chrome 125 on LaCrOS, Linux, Mac, Windows: Feature rolls out

   

  • Chrome Desktop support for Windows ARM64 back to top 

    Chrome rolled out support for Windows ARM64. Enterprise installers are coming soon, and the ARM64 version can be downloaded at google.com/chrome. If you encounter any issues, file a bug here. At this time, other versions of Chrome running on ARM64 devices will not be automatically upgraded. Please re-install Chrome if you're running on an ARM64 device.

    • Chrome 125 on Windows: New Enterprise installers will be available towards mid-May

   

  • Chrome updater changes back to top 

    We are in the process of rolling out a new version of Google Update. As part of this change, the location for GoogleUpdate.exe on Windows changes and it is renamed updater.exe. Note that the previous path continues to persist until the transition is fully completed. GoogleUpdate.exe is also modified to point to updater.exe.

    * Previous: %PROGRAMFILES(X86)%\Google\Update\GoogleUpdate.exe
    * Current: %PROGRAMFILES(X86)%\Google\GoogleUpdater\<VERSION>\updater.exe

    • Chrome 125 on Windows: These changes appear on Windows

   

  • Chrome Security Insights back to top 

    If you have Chrome Enterprise Core (Chrome Browser Cloud Management) and Workspace Enterprise Standard or Workspace Enterprise Plus with assigned licenses, you can now enable Chrome Security Insights. This tool allows you to monitor insider risk and data loss for Chrome activity. For more information, see Monitoring for insider risk and data loss.

    • Chrome 125 on ChromeOS, Linux, Mac, Windows

   

  • Chrome bandwidth updates back to top 

    Chrome introduces a new mechanism for updating certain Chrome components, which might result in extra bandwidth used within your fleet. You can control this with the GenAILocalFoundationalModelSettings policy.

    • Chrome 125 on Linux, Mac, Windows

   

  • Extensions Safety Check back to top 

    The Extensions Safety Check notifies users about extensions that might contain malware, policy violations, and extensions that have been unpublished long ago. It provides an interface for users to review these extensions and decide to keep or remove each flagged extension. 

    To expand the usefulness and the scope of this feature, Chrome 125 adds new triggers so that other potentially risky extensions can also be reviewed by users. There are two new extension types that we now flag for the user to review. 

    -  Extensions that are not installed from the Chrome Web Store 

    -  Extensions that violate store policy by using deceptive installation tactics and are considered unwanted software

    Any extensions that are force-installed, installed by policy, version-pinned or blocked by policy are ignored and not flagged by these trigger criteria.

    • Chrome 125 on ChromeOS, Linux, Mac, Windows: During rollout, the two new triggers will be added to the extension safety check found on the chrome://extensions/ page

   

  • Insecure form warnings on iOS back to top 

    Chrome 125 blocks form submissions from secure pages to insecure pages on iOS. When Chrome detects an insecure form submission, it displays a warning asking the user to confirm the submission. The goal is to prevent leaking form data over plain text without user's explicit approval. A policy InsecureFormsWarningsEnabled is available to control this feature.

   

  • Legacy Browser Support for Edge upgraded to Manifest V3 back to top 

    Legacy Browser Support for Edge is upgraded to Manifest V3. This is a major update with a possibility for bugs, so you can try the Beta version of this extension today. We encourage you to test it in your environment. If you encounter any issues, file a bug here.

    • Chrome 125 on Linux, Mac, Windows: Microsoft Edge Add-ons Store doesn't support gradual rollouts, so this will roll out 0%=>100% in one step. Target release date is May 30th, so ~2 weeks into Chrome 125's lifecycle.

   

  • Remove enterprise policy used for Base URL inheritance back to top 

    In Chrome 114, we introduced NewBaseUrlInheritanceBehaviorAllowed to prevent users or Google Chrome variations from enabling NewBaseUrlInheritanceBehavior, in case compatibility issues were discovered. Chrome 125 removes the temporary NewBaseUrlInheritanceBehaviorAllowed policy.

    • Chrome 125 on Android, ChromeOS, Linux, Mac, Windows: NewBaseUrlInheritanceBehaviorAllowed policy will be removed.

   

  • Send download reports without explicit user decision back to top 

    The Client Safe Browsing Report is a telemetry report sent to Safe Browsing when a warning is shown in Chrome. Today, download reports are sent when users discard or bypass a download warning. Based on the learnings from the initial tailored warning experiment, many download warnings are not explicitly discarded or bypassed. Reports are not sent for these warnings, so Safe Browsing doesn't have visibility on the effectiveness of these warnings. This feature aims to close this telemetry gap by sending reports when the download is auto-discarded or the browser is closed. 

    • Chrome 125 on ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • Tab Groups on Tab Grid back to top 

    Chrome for iPhone users can create and manage tab groups on their tab grids. This helps users stay organized, reduce clutter and manage their tasks more efficiently. 

    • Chrome 125 on iOS

   

  • UI Automation accessibility framework provider on Windows back to top 

    Starting in Chrome 126, Chrome will start directly supporting accessibility client software that uses Microsoft Windows's UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome by way of a compatibility shim in Microsoft Windows. This change is being made to improve the accessible user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and will improve third-party apps that use Windows's UI Automation accessibility framework. Users of Chrome will find reduced memory usage and processing overhead when used with accessibility tools. It will also ease development of software using assistive technologies.
    Starting in Chrome 125, administrators can use the UiAutomationProviderEnabled enterprise policy to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they may fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider. 

    • Chrome 125 on Windows: The UiAutomationProviderEnabled policy is introduced so that administrators can enable Chrome's UI Automation accessibility framework provider and validate that third-party accessibility tools continue to work.
    • Chrome 126 on Windows: The Chrome variations framework will be used to begin enabling Chrome's UI Automation accessibility framework provider for users. It will be progressively enabled to the full stable population, with pauses as needed to address compatibility issues that can be resolved in Chrome. Enterprise administrators may continue to use the UiAutomationProviderEnabled policy to either opt-in early to the new behavior, or to temporarily opt-out through Chrome 136.
    • Chrome 137 on Windows: The UiAutomationProviderEnabled policy will be removed from Chrome. All clients will use the browser's UI Automation accessibility framework provider.

   

  • Update Google Play Services to fix issues with account passwords back to top 

    Users with old versions of Google Play Services might be unable to access the passwords saved to their Google accounts. These users now see warnings to update Google Play Services in the password management surface to access their account passwords again. This is part of an ongoing migration that only affects Android users of Google Password Manager.

    • Chrome 125 on Android

   

  • Extending Storage Access API (SAA) to non-cookie storage back to top 

    Chrome extends the Storage Access API to allow access to unpartitioned cookie and non-cookie storage in a third-party context. The current API only provides access to cookies, which have different use-cases than non-cookie storage. The API can be used as follows (JS running in an embedded iframe):

    // Request a new storage handle via rSA (this should prompt the user)
    let handle = await document.requestStorageAccess({all: true});

    // Write some cross-site localstorage
    handle.localStorage.setItem("userid", "1234");

    // Open or create an indexedDB that is shared with the 1P context
    let messageDB = handle.defaultBucket.indexedDB.open("messages");

    The same flow would be used by iframes to get a storage handle when their top-level ancestor successfully called rSAFor, just that in this case the storage-access permission was already granted and thus the rSA call would not require a user gesture or show a prompt, allowing for hidden iframes accessing storage. 

    • Chrome 125 on Windows, Mac, Linux, Android

   

  • Interoperable mousemove default action back to top 

    Canceling mousemove does not prevent text selection or drag-and-drop. Chrome allowed canceling mousemove events to prevent other APIs like text selection (and even drag-and-drop in the past). This does not match other major browsers; nor does it conform to the W3 UI Events specification.

    With this feature, text selection is no longer the default action of mousemove. Text selection and drag-and-drop can still be prevented through canceling selectstart and dragstart events respectively, which are spec-compliant and fully interoperable.

    • Chrome 125 on Windows, Mac, Linux, Android

   

  • Remove window-placement alias for permission and permission policy descriptors back to top 

    Chrome 125 removes the window-placement alias for permission and permission policy descriptors. All instances of window-placement are replaced with window-management, which better describes the related API functionality. This is a follow-up to Window Management API feature enhancements and renaming from Multi-Screen Window Placement API; for more details, see Chrome Platform Status.

    • Chrome 125 on Windows, Mac, Linux

   

  • Default Search Engine choice screen back to top 

    As part of our Digital Markets Act (DMA) compliance, Google is introducing choice screens for users to choose their default search engine within Chrome. The choice from the prompt controls the default search engine setting, currently available at chrome://settings/search.

    For enterprises that have chosen to have their administrator set their enterprise users’ search settings using the enterprise policies DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, those policies continue to control their enterprise’s search settings. Where the administrator has not set their enterprise users’ search settings by policy, enterprise users might see a prompt to choose their default search engine within Chrome.

    Read more about these policies and the related atomic group.

    • Chrome 120 on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: 1% users might start getting the choice screen with Chrome 120. 
    • Chrome 125 on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: full roll-out for applicable users.

   

  • Generating insights for Chrome DevTools Console warnings and errors back to top 

    In Chrome 125, a new Generative AI (GenAI) feature becomes available for unmanaged users:  Generating insights for Chrome DevTools Console warnings and errors. These insights provide a personalized description and suggested fixes for the selected errors and warnings. Initially, this feature is only available to users (18+) in English. Admins can control this feature by using the DevToolsGenAiSettings policy. 

    • Chrome 125 on ChromeOS, Linux, Mac, Windows: Feature becomes available to unmanaged users globally, except Europe, Russia, and China. 
    • Chrome 127 on ChromeOS, Linux, Mac, Windows: Feature becomes available to managed Chrome Enterprise & Education users in supported regions.

   

   

  • Removed policies in Chrome browser back to top 
    Policy Description
    NewBaseUrlInheritanceBehaviorAllowed Allows enabling the feature NewBaseUrlInheritanceBehavior

ChromeOS updates

   

  • Always-on VPN SAML fix back to top

    To better support Enterprise customers who use VPN in always-on strict  mode, where no user traffic can get to the internet except via the VPN, and SAML authentication, we've added a new policy AlwaysOnVpnPreConnectUrlAllowlist. This policy allows you to specify URLs users are allowed to go to before the VPN has connected, so that your SAML services are reachable to authenticate the user to the VPN via the system browser.

   

  • ChromeOS Passpoint settings back to top

    You can now view and manage Wi-Fi Passpoint in ChromeOS Settings. You can view and remove your installed passpoint subscription under the passpoint detailed page.

   

  • ChromeOS Audio Bluetooth telephony back to top

    ChromeOS now supports call control buttons on compatible Bluetooth headsets, including answering, rejecting or terminating a call, and muting the microphone.

   

  • Add PrivateIP to DoH with identifiers back to top

    A network identifier was added to the secure DNS URI templates with identifiers policy. Admins can now configure a new placeholder in the DNS URI templates, which is replaced with the device local IP addresses when the users are connected to managed networks.

   

  • Gallery video playback speed control UI back to top

    ChromeOS Gallery video player now has a playback speed menu to control the playback rate.

   

  • Reduce Animations toggle for ChromeOS back to top

    A reduced animations setting is now available on ChromeOS. This setting is available under Accessibility > Display and Magnification > Reduced Animations. Customers who experience motion sickness, distractions or other types of discomfort when seeing animations can benefit from changing this setting.

   

  • Captive portal sign-in window back to top

    ChromeOS 125 allows easier captive portal sign-in with a dedicated window. The window opens as a tabless popup window; the URL is shown but it is not editable.

    Captive portal

   

  • Install dialog for PWAs back to top

    ChromeOS 125 enables an installation dialog for web apps. This feature unblocks web app installation scenarios and is part of the work to create a more predictable, accessible, and trustworthy install surface for web apps.

   

  • Warn users before disconnecting Bluetooth HID back to top

    In ChromeOS 125 and later, Chromeboxes and Chromebases display a notification to prevent unintended Bluetooth device disconnections. This notification appears when you attempt to disable Bluetooth while only Human Interface Devices (HIDs) like keyboards or mice connected via Bluetooth are active.

Admin console updates

   
  • Inactive browser deletion in Chrome Enterprise Core   back to top

    Starting in April 2024 until June 2024, the Inactive period for browser deletion policy has started to roll out and automatically delete enrolled browsers in the Admin console that have been inactive for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time has a default value of 540 days. Meaning that by default, all enrolled browsers that have been inactive for more than 540 days are deleted from your account. Administrators can change the inactive period value using this policy. The maximum value to determine the browser inactivity period is 730 days and the minimum value is 28 days (learn more). 


    If you lower the set policy value, it might have a global impact on any currently enrolled browsers. All impacted browsers will be considered inactive and, therefore, be irreversibly deleted. To ensure the deleted browsers re-enroll automatically next time they restart, set the Device Token Management policy value to Delete token before lowering the value of this policy. The enrollment tokens on these browsers need to still be valid at the time of the restart.

   
  • ChromeOS device enrollment and token generation redesign   back to top

    Beginning in April 2024, the zero-touch enrollment experience has been enhanced with a new enrollment entry point, token creation guide, the ability to specify SKU and partner permissions and improved token management

   
  • New ZTE pre-provisioning token features   back to top

    Pre-provisioning tokens have gained the following features:
    • Support for Kiosk & Signage Upgrade by allowing zero-touch enrollment pre-provisioning tokens to be created using either Chrome Enterprise Upgrade or Kiosk & Signage Upgrade
    • Ability for pre-provisioning partners to specify custom fields (asset ID, location, and user)
    • Multiple tokens per organizational unit
   
  • Expanded token management features   back to top

    The Enrollment Tokens page has been updated with the following features:
    • The page has been added to the left navigation panel for easier access
    • Tokens are now filterable based on status, creation user, annotation and upgrade type
    • A new button allows admins to copy the token and Customer ID with one click
    • Additional columns provide more information about the token
    • Token Management
   
  • URL-keyed anonymized data collection in Managed Guest Session   back to top

    The policy for URL-keyed anonymized data collection, UrlKeyedAnonymizedDataCollectionEnabled, is available in the Admin console. This policy will be enforced starting June 1st and will remain disabled until then.

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

    

  • Deprecate Safe Browsing Extended reporting back to top 

    Safe Browsing Extended reporting is a feature that enhances the security of all users by collecting telemetry information from participating users that is used for Google Safe Browsing protections. The data collected includes URLs of visited web pages, limited system information, and some page content. However, this feature is now superseded by Enhanced protection mode. We suggest users switch to Enhanced protection to continue providing security for all users in addition to enabling the strongest security available in Chrome. For more information, see Safe Browsing protection levels

    • Chrome 126 on iOS, ChromeOS, Linux, MacOS, Windows: Deprecation of Safe Browsing Extended Reporting
      Safe browsing

    

  • Extract text from PDFs for screen reader users back to top 

    Chrome browser is launching an Optical character recognition (OCR) AI reader for PDFs, creating the first browser built-in PDF screen reader for inaccessible documents, further filling the gap in accessibility for low vision and blind users across the web.

    This feature leverages Google's OCR models to extract, compartmentalize, and section PDF documents to make them more accessible. A local machine intelligence library will be added that uses Screen AI technology to analyze screenshots or the accessibility tree, and extract more information to help assistive technology, such as texts (OCR) and main content of the page.

    • Chrome 126 on ChromeOS, Linux, MacOS, Windows
    PDF reader

    

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

    • Chrome 125 on Windows: Network Service sandboxed on Windows.

    

  • Removing support for UserAgentClientHintsGREASEUpdateEnabled back to top 

    Deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year and then eventually remove it.

    • Chrome 124 on Android, ChromeOS, Linux, Mac, Windows: Policy is deprecated
    • Chrome 126 on Android, ChromeOS, Linux, Mac, Windows: Policy is removed

    

  • Tab Groups on iPad back to top 

    Chrome for iPad users can create and manage tab groups. This helps users stay organized, reduce clutter and manage their tasks more efficiently.

    • Chrome 126 on Android

   

  • Telemetry about pages that trigger keyboard and pointer Lock APIs back to top 

    When an Enhances Safe Browsing user visits a page that triggers keyboard or pointer lock API, attributes of that page will be sent to Safe Browsing. If the telemetry is sent and the page seems to be malicious, users will see a Safe Browsing warning and their keyboard or pointer will be unlocked if they were locked.

    • Chrome 126 on Android, ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia

    

  • Updated password management experience on Android back to top 
    On Chrome on Android, some users who are signed-in to Chrome but don't have Chrome sync enabled will be able to use and save passwords in their Google Account. Relevant enterprise policies such as BrowserSignin, SyncTypesListDisabled and PasswordManagerEnabled will continue to work as before and can be used to configure whether users can use and save passwords in their Google Account.
    • Chrome 126 on Android

    

  • Watermarking back to top 

    This feature will allow admins to overlay a watermark on top of a webpage if navigating to it triggers a specific DLP rule. It will contain a static string displayed as the watermark. Watermarking will be available to Chrome Enterprise Premium customers. 

    • Chrome 124 on Linux, Mac, Windows: Trusted Tester access
    • Chrome 126 on Linux, Mac, Windows: Feature rolls out

     

  • Align navigator.cookieEnabled with spec back to top 

    navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled or disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible.

    • Chrome 126 on Windows, Mac, Linux, Android

    

  • Automatic fullscreen content setting back to top 

    A new Automatic Fullscreen content setting permits Element.requestFullscreen() without a user gesture, and permits browser dialogs to appear without exiting fullscreen.

    The setting is blocked by default and sites cannot prompt for permission. New UI controls are limited to Chrome's settings pages (chrome://settings/content/automaticFullScreen) and the site info bubble. Users can allow Isolated Web Apps, and enterprise admins can allow additional origins with the AutomaticFullscreenAllowedForUrls policy.

     

    Combined with Window Management permission and unblocked popups (chrome://settings/content/popups), this unlocks valuable fullscreen capabilities:

    - Open a fullscreen popup on another display, from one gesture

    - Show fullscreen content on multiple displays from one gesture

    - Show fullscreen content on a new display, when it's connected

    - Swap fullscreen windows between displays with one gesture

    - Show fullscreen content after user gesture expiry or consumption

     

    

  • Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies back to top 

    Chrome 125 adds a cross-site ancestor bit to the keying of the partitioned cookie's CookiePartitionKey. This change unifies the partition key with the partition key values used in storage partitioning and adds protection against clickjacking attacks by preventing cross-site embedded frames from having access to the top-level-site's partitioned cookies.
    If an enterprise experiences any breakage with embedded iframes, they can use the CookiesAllowedForUrls policy or use SameSite=None cookies without the Partitioned attribute and then invoke the Storage Access API (SAA) or use the Cross-Origin Resource Sharing (CORS) to ensure that embedded iframes have access to the same cookies as the top level domain.

    • Chrome 126 on Windows, Mac, Linux

   

  • Keyboard-focusable scroll containers back to top 

    Making scroll containers focusable using sequential focus navigation greatly improves accessibility. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more.

    By making scrollers focusable by default, users who can't (or don't want to) use a mouse will be able to focus clipped content using a keyboard's tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

    • Chrome 127 on Windows, MacOS, Linux, Android

    

  • App-Bound encryption for cookies back to top 

    To improve the security of cookies on Windows, the encryption key used for cookie encryption will be further secured by binding it to Chrome's application identity. This can help protect against malware that might attempt to steal cookies from the system. This does not protect against an attacker who is able to elevate privilege or inject into Chrome's processes.
    An enterprise policy ApplicationBoundEncryptionEnabled is available to disable Application Bound Encryption.

    • Chrome 127 on Windows

    

  • Chrome extension telemetry integration with Chronicle back to top 

    Collect relevant extension telemetry data from within Chrome (managed profiles + devices) and send it to Chronicle. Chronicle will analyze the data to provide instant analysis and context on risky activity.

    • Chrome 127 on ChromeOS, LaCrOS, Linux, Mac, Windows

   

  • All extensions must be updated to leverage Manifest V3 by June 2025 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 

    Beginning June 2024, Chrome will gradually disable Manifest V2 extensions running in the browser. An Enterprise policy - ExtensionManifestV2Availability - is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Enterprise Core. Read more on the Manifest timeline, including: 

    • Chrome 110 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Chrome 127 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Chrome will gradually disable Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.

    

  • Simplified sign-in and sync experience on Android back to top 

    Chrome will launch a simplified and consolidated version of sign-in and sync in Chrome on Android. Chrome sync will no longer be shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As before, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be turned off via SyncTypesListDisabled. Sign-in to Chrome can be disabled via BrowserSignin as before.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

    The changes are virtually identical to the simplified sign-in and sync experience launched on iOS in 117.

    • Chrome 127 on Android

    

  • Intent to deprecate: mutation events back to top 

    Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. Starting in Chrome 124, a temporary enterprise policy, MutationEventsEnabled, will be available to re-enable deprecated or removed mutation events. If you encounter any issues, file a bug here.

    Mutation event support will be disabled by default starting in Chrome 127, around July 30, 2024. Code should be migrated before that date to avoid site breakage. If more time is needed, there are a few options:

    - The Mutation Events Deprecation Trial can be used to re-enable the feature for a limited time on a given site. This can be used through Chrome 134, ending March 25, 2025.

    - A MutationEventsEnabled enterprise policy can also be used for the same purpose, also through Chrome 134.

    Please see this blog post for more detail.

    • Chrome 127 on Windows, Mac, Linux, Android

    

    

  • User link capturing on PWAs back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

    • Chrome 121 on Linux, MacOS, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Earliest in Chrome 127 on Linux, MacOS, Windows: We will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).
    Link PWAs

    

  • X25519Kyber768 key encapsulation for TLS back to top 

    Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This protects network traffic from Chrome with servers that also support ML-KEM from decryption by a future quantum computer. This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. This cipher will be used for both TLS 1.3 and QUIC connections.

    However, some TLS middleboxes might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through the end of 2024. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. Post-quantum cryptography is required for CSNA 2.0.

    Please see this blog post for more detail.

    • Chrome 124 on Windows, Mac, Linux
    • Chrome 128 on Android

    

  • Chrome will no longer support macOS 10.15 back to top 

    Chrome will no longer support macOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems to continue to use Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 will no longer support macOS 10.15.

    • Chrome 129 on macOS: Chrome no longer supports macOS 10.15

    

  • Deprecate the includeShadowRoots argument on DOMParser back to top 

    The includeShadowRoots argument was a never-standardized argument to the DOMParser.parseFromString() function, which was there to allow imperative parsing of HTML content that contains declarative shadow DOM. This was shipped in Chrome 90 as part of the initial shipment of declarative shadow DOM. Since the standards discussion rematerialized in 2023, the shape of DSD APIs changed, including this feature for imperative parsing. To read more, see details of the context on the related standards, and information is also available on the related deprecations of shadow DOM serialization and shadow root attribute

    Now that a standardized version of this API, in the form of setHTMLUnsafe() and parseHTMLUnsafe() will ship in Chrome 124, the non-standard includeShadowRoots argument needs to be deprecated and removed. All usage should shift accordingly:

    Instead of:

      (new DOMParser()).parseFromString(html,'text/html',{includeShadowRoots: true});

    This can be used instead:

      document.parseHTMLUnsafe(html);

    • Chrome 129 on Windows, Mac, Linux, Android

    

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website A navigates to another site B in the user's private network, this feature does the following:

    1. Checks whether the request has been initiated from a secure context

    2. Sends a preflight request, and checks whether B responds with a header that allows private network access.


    There are already features for subresources and workers, but this one is for navigation requests specifically. The above checks are made to protect the user's private network. Since this feature is the warning-only mode, we do not fail the requests if any of the checks fails. Instead, a warning will be shown in the DevTools, to help developers prepare for the coming enforcement.

    • Chrome 130 on Windows, Mac, Linux, Android

↑ back to top  

Upcoming ChromeOS changes

 

   

  • New policy to control Kiosk wake and sleep times back to top 

    As early as ChromeOS 126, we will introduce a new kiosk device policy that will allow Admins to schedule when a device will wake and sleep. For more details, see Kiosk settings.

   

  • Show wildcard URLs in Data Controls reporting back to top 

    ChromeOS Data Control rules allow admins to define source and destination URLs as a wildcard ( * ) value. ChromeOS data control events are reported under the Chrome audit report and can be viewed in the Google Admin console or other platforms through the Chrome Reporting Connector. When examining log events, the URL that triggered the rule is now reported, instead of the wildcard.

 

Upcoming Admin console changes

   

  • Policy parity: Custom Configurations for IT admins back to top

    The Custom Configurations page allows IT admins to configure Chrome policies that are not yet in the Admin console, using JSON scripts. As a result, all Chrome policies are now configurable in Chrome Enterprise Core in the Admin console, either using the Settings page or the Custom Configurations page. You can also use the page to configure extension installation mode not supported in the Admin console, such as “normal_installed”.

    • As early as Chrome 126 on Android, iOS, Linux, Mac, Windows: Trusted Tester access
    • As early as Chrome 127 on Android, iOS, Linux, Mac, Windows: Feature rolls out

   

  • Interactive setup guides for Chrome Enterprise Core back to top
    The Chrome Enterprise team is introducing new interactive setup guides for browser management in the Admin console, where administrators can choose a journey they’re interested in exploring and get hands-on training directly in Chrome Setup Guides. For example, the guides can be used to learn how to:
    • Creating test organizational units
    • Turn on reporting
    These guides are ideal for new administrators or for administrators who wish to learn new journeys.
    • Enroll browsers
    • Apply browser policies
    • Configure extension settings
    • Create an admin user

    Setup guides
    • As early as Chrome 125: Trusted Tester access
    • As early as Chrome 126: Feature rolls out

       

  • Legacy Technology report back to top

    As early as Chrome 127, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, third-party cookies, SameSite cookie changes, and older security protocols like TLS 1.0/1.1 and third-party cookies. This information will enable IT administrators to work with developers to plan required tech migrations before the deprecation feature removals goes into effect.

    This feature is currently released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
    • As early as Chrome 127 on Linux, MacOS, Windows: Legacy Technology report will be available in the Admin console.
    Legacy tech report

Chrome 124

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Enterprise Premium product launch   
Chrome Browser Cloud Management is now Chrome Enterprise Core  
Watermarking (trusted tester)    
Chrome Third-Party Cookie Deprecation (3PCD)    
Permissions prompt for Web MIDI API    
Two Chrome extensions will be upgraded to Manifest V3  
Chrome Installer/Updater changes    
Bookmarks and reading list improvements on Android    
Default Search Engine choice screen  
Deprecate enterprise policy used for throttling    
Chrome Desktop support for Windows ARM64    
Remove enterprise policy used for GREASE    
Deprecate and remove Web SQL    
Chrome bandwidth updates    
Form controls support direction value in vertical writing mode    
Remove enterprise policies used for TLS handshake and RSA key usage    
Shadow root cloneable attribute    
Local passwords stored in Play services on Android    
X25519Kyber768 key encapsulation for TLS    
Save to Drive and to Photos    
Device bound session credentials google.com prototype    
Windows ClearType Text Tuner integration    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
WebHID permission delegation    
WiFi QoS on ChromeOS    
Scanning DLC    
Increase the max size for the mouse pointer slider    
Fast Pair for HID    
Extension Cache Invalidation for managed guest login screen    
Instant reboot in Managed Guest Session    
ChromeOS carrier lock    
Admin console updates Security/ Privacy User productivity/ Apps Management
Inactive browser deletion in Chrome Enterprise Core    
New filter on the App details page    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
UI Automation accessibility framework provider on Windows    
Keyboard-focusable scroll containers    
Interoperable mousemove default action    
Network Service on Windows will be sandboxed    
Telemetry about pages that trigger keyboard and pointer lock APIs    
Extending Storage Access API (SAA) to non-cookie storage    
Remove window-placement alias for permission and permission policy descriptors    
Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies    
Extract text from PDFs for screen reader users    
Deprecate Safe Browsing Extended reporting    
Remove enterprise policy used for Base URL inheritance    
App-Bound encryption for cookies    
Intent to deprecate: Mutation Events    
User link capturing on PWAs    
All extensions must be updated to leverage Manifest V3 by June 2025
Remove enterprise policy used for legacy same site behavior    
Chrome will no longer support MacOS 10.15    
Deprecate the includeShadowRoots argument on DOMParser    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
ChromeOS Passpoint settings    
New policy to control Kiosk wake and sleep times    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Policy parity: Custom Configurations for IT admins    
Legacy Technology report    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome Enterprise Premium product launch back to top 

    Chrome Enterprise Premium is now available, providing a centralized solution for robust endpoint security, privacy, and control (setup guide). IT and security teams gain extensive network visibility and can easily deploy advanced protection features. Learn more. 

   

  • Chrome Browser Cloud Management is now Chrome Enterprise Core back to top 

    Chrome Enterprise’s cloud management offers a centralized tool for configuring and managing browser policies, settings, apps, and extensions across Chrome – no matter the operating system, device, or location. Learn more

    • Chrome 124 on Linux, MacOS, Windows: Trusted Tester access
    • Chrome 126 on Linux, MacOS, Windows: feature rolls out

   

  • Watermarking (trusted tester) back to top 

    This Chrome Enterprise Premium feature allows admins to overlay a watermark on top of a web page if navigating to it triggers a specific Data Loss Prevention (DLP) rule. You can specify a static string to be displayed as the watermark

    This feature is currently released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here

    • Chrome 124 on Linux, MacOS, Windows: Trusted Tester access
    • Chrome 126 on Linux, MacOS, Windows: Feature rolls out

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    As previously announced, Chrome 120 started to restrict third-party cookies by default for 1% of Chrome users to facilitate testing, and subsequent releases will ramp up to 100% of users as early as Q3 2024. The ramp up to 100% of users is subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA). Browsers that are part of the 1% experiment group also see new Tracking Protection user controls. You can try out these changes in Chrome 120 or higher by enabling chrome://flags/#test-third-party-cookie-phaseout

    This testing period allows sites to meaningfully preview what it's like to operate in a world without third-party cookies. As bounce-tracking protections are also a part of 3PCD, the users in this group with third-party cookies blocked have bounce tracking mitigations taking effect, so that their state is cleared for sites that get classified as bounce trackers. Most enterprise users are excluded from this 1% experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out managed browsers ahead of the experiment. This gives enterprises time to make the changes required to avoid relying on this policy or on third-party cookies.

    We are launching the Legacy Technology Report to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to False to re-enable third-party cookies for all sites but this prevents users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue to receive third-party cookies.

    For enterprise end users that are pulled into this experiment group and that are not covered by either enterprise admin policy, they can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site, when necessary. See this help article for more details on how to toggle these settings for the desired configuration.

    Bounce tracking protections are also covered by the same policies as cookies and these protections are enforced when the bouncing site is not permitted to use 3P cookies. So setting the BlockThirdPartyCookies policy to false, or setting the CookiesAllowedForUrls policy for a site, prevents bounce tracking mitigations from deleting state for sites.

    Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.

    The heuristics feature grants temporary third-party cookie access in limited scenarios based on user behavior. This mitigates site breakage caused by third-party cookie deprecation in established patterns, such as identity provider pop ups and redirects.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, MacOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • Permissions prompt for Web MIDI API back to top 

    The Web MIDI API connects to and interacts with Musical Instrument Digital Interface (MIDI) Devices. There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (see related Chromium bug). To address this problem, the W3C Audio Working Group decided to place an explicit permission on general Web MIDI API access. Originally, the explicit permission was only required for advanced Web MIDI usage in Chrome, including the ability to send and receive system exclusive (SysEx) messages, with gated access behind a permissions prompt. We now intend to expand the scope of the permission to regular Web MIDI API usage. 

    In Chrome 124, all access to the Web MIDI API requires a user permission. No policies are available to control these changes. If you encounter any issues, file a bug here.

    • Chrome 124 on Windows, MacOS, Linux, Android

   

  • Two Chrome extensions to be upgraded to Manifest V3 back to top 

    Two extensions will soon be updated to use Manifest V3: User-Agent Switcher, and Chrome Reporting

    This is a major update with a possibility for bugs, so you can try the Beta version of these extensions today. We encourage you to test them in your environment. If you encounter any issues, file a bug here.

      - User-Agent Switcher for Chrome - Beta

      - Chrome Reporting Extension - Beta

    The User-Agent Switcher URL parser changed, so make sure your existing user agent substitutions work with the new version.

    • Chrome 124: Both extensions receive an update, on their Stable version around April 30, 2024.

   

  • Chrome Installer/Updater changes back to top 

    We are in the process of rolling out a new version of Google Update. As part of this change, the location for GoogleUpdate.exe on Windows changes and it is renamed updater.exe. Note that the previous path continues to persist until the transition is fully completed.  GoogleUpdate.exe is also modified to point to updater.exe.

     * Previous: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     * Current: C:\Program Files (x86)\Google\GoogleUpdater\<VERSION>\updater.exe

    • Chrome 124 on Windows: These changes appear on Windows.

   

  • Bookmarks and reading list improvements on Android back to top 

    On Chrome 124 on Android, some users who sign in to Chrome from the Bookmark Manager can use and save bookmarks and reading list items in their Google Account. Relevant enterprise policies, such as BrowserSignin, SyncTypesListDisabled, EditBookmarksEnabled, ManagedBookmarks and ShoppingListEnabled continue to work as before, to configure whether users can use and save items in their Google Account. 

    • Chrome 124 on Android: Feature rolls out.

   

  • Default Search Engine choice screen back to top 

    As part of our Digital Markets Act (DMA) compliance, Google is introducing choice screens for users to choose their default search engine within Chrome. The choice from the prompt controls the default search engine setting, currently available at chrome://settings/search.

    For enterprises that have chosen to have their administrator set their enterprise users’ search settings using the enterprise policies DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, those policies continue to control their enterprise’s search settings. Where the administrator has not set their enterprise users’ search settings by policy, enterprise users might see a prompt to choose their default search engine within Chrome.

    Read more about these policies and the related atomic group

    • Chrome 120 on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: 1% users might start getting the choice screen with Chrome 120.
    • Starting Chrome 124 on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: full roll-out for applicable users.

   

  • Deprecate enterprise policy used for throttling back to top 

    The underlying code change (throttling same-process, cross-origin display:none iframes) that the ThrottleNonVisibleCrossOriginIframesAllowed enterprise policy overrides has been enabled in stable releases since early 2023. Since known issues have been dealt with, we intend to remove the ThrottleNonVisibleCrossOriginIframesAllowed enterprise policy in Chrome 124. To read the discussions around the throttling issue (and its resolution), see this Chromium issue report. 

    • Chrome 124: Policy is removed.

   

  • Chrome Desktop support for Windows ARM64 back to top 

    Chrome is rolling out support for Windows ARM64. We are working on publishing the Enterprise installers. You can continue to test the Canary channel and Beta channel and report bugs there. Note that this is subject to change based on overall stability, as well as feedback from customers. If you encounter any issues, file a bug here

    • Chrome 124 on Windows (ARM): New Enterprise installers will be available towards the end of April or early May.

   

  • Remove enterprise policy used for GREASE back to top 

    We plan to deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year. The policy will be removed in Chrome 126. 

    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows: Policy is deprecated.
    • Chrome 126 on Android, ChromeOS, Linux, MacOS, Windows: Policy is removed.

   

  • Deprecate and remove Web SQL back to top 

    With SQLite over WASM as its official replacement, we plan to remove Web SQL entirely. This will help keep our users secure.

    The Web SQL database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. 

    • Chrome 101: In Chrome 101 the WebSQLAccess policy is added. WebSQL will be available when this policy is enabled, while the policy is available until Chrome 123.
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a deprecation trial token is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy, or a deprecation trial token.
    • Chrome 124: on ChromeOS, LaCrOS, Linux, MacOS, Windows, Android: Starting in Chrome 124, the policy WebSQLAccess and the deprecation trial, which allows for WebSQL to be available, will no longer be available.

   

  • Chrome bandwidth updates back to top 

    Chrome rolls out a new mechanism for updating certain Chrome components that might result in extra bandwidth used within your fleet. You can control this with the GenAILocalFoundationalModelSettings policy. 

    • Chrome 124 on Windows, MacOS, Linux

   

  • Form controls support direction value in vertical writing mode back to top 

    The CSS property writing-mode allows elements to go vertical, but users cannot set the direction in which the value changes. With this feature, we are allowing the form control elements (meter, progress and range input type) to have vertical writing mode and choose the form control's value direction. If direction is rtl, the value is rendered from bottom to top. If direction is ltr, the value is rendered from top to bottom. For more information, see this Chrome for Developers blog post.

    • Chrome 124 on Windows, MacOS, Linux, Android

   

  • Remove enterprise policies used for TLS handshake and RSA key usage back to top 

    In Chrome 114, we introduced InsecureHashesInTLSHandshakesEnabled to control the use of legacy insecure hashes during the TLS handshake process. In Chrome 116, we introduced RSAKeyUsageForLocalAnchorsEnabled to control some server certificate checks. In Chrome 124, both InsecureHashesInTLSHandshakesEnabled and RSAKeyUsageForLocalAnchorsEnabled policies are removed. 

    Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows: InsecureHashesInTLSHandshakesEnabled and RSAKeyUsageForLocalAnchorsEnabled policies will be removed. 

   

  • Shadow root cloneable attribute back to top 

    The shadow root clonable attribute enables individual control over whether a shadow root is cloneable (via standard platform cloning commands such as cloneNode()). Imperative shadow roots can now be controlled via a parameter to attachShadow({clonable:true}). Declarative shadow roots can be controlled via a new attribute, <template shadowrootmode=open shadowrootclonable>

    Breakage can occur if you are:
    a) using declarative shadow DOM 
    b) cloning templates that contain DSD and 
    c) expecting those clones to contain cloned shadow roots

    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows

   

  • Local passwords stored in Play services on Android back to top 

    Chrome changes the way local (not syncable) passwords are stored. Previously, they were stored in the Chrome profile. Now they are migrated to the local password storage of the Google Play services similarly to how the Google account passwords are already stored. It also changes the management UI for them to be provided by Google Play services. The Chrome policy PasswordManagerEnabled is still valid but it doesn't control the behavior outside the Chrome binary. Thus, the new password management UI allows users to import or add passwords there manually.

    • Chrome 123 on Android: The feature kicks-in for users without local passwords 
    • Chrome 124 on Android: All local passwords are migrated to the Google Play services.

   

  • X25519Kyber768 key encapsulation for TLS back to top 

    Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. However, some TLS middleboxes might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through the end of 2024. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. This cipher will be used for both TLS 1.3 and QUIC connections. 

    • Chrome 124 on Windows, MacOS, Linux

   

  • Save to Drive and to Photos back to top 

    You can directly save a file or document image from the web to your Drive, as well as an image to your Google Photos. You can now change the account to which the file is going to be saved. The relevant policies to control these features are ContextMenuPhotoSharingSettings and DownloadManagerSaveToDriveSettings.

    • Chrome 124 on iOS
    IoS save photos

   

  • Device Bound Session Credentials google.com prototype back to top 

    The Device Bound Session Credentials project is intended to move the web away from long-lived bearer credentials like cookies, which can be stolen and reused, to credentials that are either short-lived or cryptographically bound to a device. The feature aims at protecting users against credential theft which is typically performed by malware running on the user's device. 

    The current launch is a proof-of-concept targeting google.com website. In the future, we plan to standardize this approach for other websites and web browsers (Github).

    Enterprise admins can control the feature state by using the BoundSessionCredentialsEnabled boolean policy.

    • Chrome 124 on Windows: Planned 1% rollout on Chrome stable for google.com cookie binding for the general population. A temporary BoundSessionCredentialsEnabled policy is introduced in this milestone. 

   

  • Windows ClearType Text Tuner integration back to top 

    This feature tracks the work to support picking the contrast and gamma values from the Windows ClearType Text Tuner setting and applying them to Skia text rendering. This ensures that users' text rendering preferences are respected on Windows devices.

    • Chrome 124 on Windows, MacOS, Linux

   

   

  • Removed policies in Chrome browser back to top 
    Policy Description
    WebSQLAccess Force WebSQL to be enabled
    InsecureHashesInTLSHandshakesEnabled Insecure Hashes in TLS Handshakes Enabled
    RSAKeyUsageForLocalAnchorsEnabled Check RSA key usage for server certificates issued by local trust anchors
    GetDisplayMediaSetSelectAllScreensAllowedForUrls Enables auto-select for multi screen captures
    ThrottleNonVisibleCrossOriginIframesAllowed Allows enabling throttling of non-visible, cross-origin iframes

ChromeOS updates

   

  • WebHID permission delegation back to top

    Chrome Apps now enables WebHID features in Chrome App Webview, for VDI and Zoom HID support.

   

  • WiFi QoS on ChromeOS back to top

    ChromeOS 124 now includes a new Quality of Service (QoS) feature that ensures better traffic prioritization of video conferencing and gaming applications on congested Wi-Fi networks. As a result, users can experience smoother video play with less buffering. In this initial release, this feature is not available for managed users.

   

  • Scanning DLC back to top

    To optimize the size of ChromeOS updates, we now download the required driver once the user signs in and connects a scanner that requires a driver. The driver downloads automatically without any prompt that the user needs to answer. A notification appears to indicate that external drivers are being installed and when installation is complete.

   

  • Increase the max size for the mouse pointer slider back to top

    We have expanded the mouse cursor sizes. You can adjust the cursor size by going into settings, accessibility, cursor and touchpad, and sliding the slider to your preferred size. This can be helpful for people who have low vision, for teachers who want students to follow along during a lesson while presenting, for people who are presenting on a video call, or if you just want to have a larger mouse cursor. 

    Mouse pointer size

   

  • Fast Pair for HID back to top

    Fast Pair is now available for mice on ChromeOS. You can now bring a Fast Pair-compatible mouse close to your ChromeOS device, and be prompted to pair it with one click. For details, see our Help Center article.

   

  • Extension Cache Invalidation for managed guest login screen back to top

    From ChromeOS 124, the ExtensionInstallForcelist policy supports the rollback of extensions for managed guest sessions and the login screen. This gives admins the option to rollback extensions in case of an erroneous rollout of a new version.

   

  • Instant reboot in Managed Guest Session back to top

    ChromeOS 124 introduces a UI for admins to initiate an instant reboot action for Managed Guest Sessions.

    MGS instant reboot

   

  • ChromeOS carrier lock back to top

    ChromeOS now supports carrier lock for mobile providers that want to provide subsidized devices to users. On all cellular enabled devices, carriers can lock the device to only allow connection to approved SIM profiles (both eSIM and physical SIM). Locked devices get enrolled to a carrier lock server and when the contract ends, the carrier simply releases the lock and the user is notified on their device. Note that in addition to being blocked for using unauthorized SIM profiles, dev mode is blocked on carrier locked devices.

Admin console updates

   
  • Inactive browser deletion in Chrome Enterprise Core   back to top

    Starting in April 2024 until May 2024, for Chrome Enterprise Core, the Inactive period for browser deletion policy will start rolling out and automatically delete enrolled browsers in the Admin console that have been inactive for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time will have a default value of 540 days. Meaning that by default, all enrolled browsers that have been inactive for more than 540 days will be deleted from your account. Administrators can change the inactive period value using this policy. The maximum value to determine the browser inactivity period will be 730 days and the minimum value is 28 days (learn more). 

     

    If you lower the set policy value, it might have a global impact on any currently enrolled browsers. All impacted browsers will be considered inactive and, therefore, be irreversibly deleted. To ensure the deleted browsers re-enroll automatically next time they restart, set the Device Token Management policy value to Delete token before lowering the value of this policy. The enrollment tokens on these browsers need to still be valid at the time of the restart.

   
  • New filter on the App details page   back to top

    Introducing a new filter for All users and browsers on the App Details page. This filter allows IT admins to easily view all the managed browsers and managed users where a specific extension or app is installed.

    App Details filter
   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

    

  • UI Automation accessibility framework provider on Windows back to top 

    Starting in Chrome 126, Chrome will start directly supporting accessibility client software that uses Microsoft Windows' UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome by way of a compatibility shim in Microsoft Windows. This change is being made to improve the accessible user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and will improve third-party apps that use Windows's UI Automation accessibility framework. Users of Chrome will find reduced memory usage and processing overhead when used with accessibility tools. It will also ease development of software using assistive technologies.

    Administrators may use the UiAutomationProviderEnabled enterprise policy starting in Chrome 125 to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they may fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider.

    • Chrome 125 on Window: The UiAutomationProviderEnabled policy is introduced so that administrators can enable Chrome's UI Automation accessibility framework provider and validate that third-party accessibility tools continue to work.
    • Chrome 126 on Windows: The Chrome variations framework will be used to begin enabling Chrome's UI Automation accessibility framework provider for users. It will be progressively enabled to the full stable population, with pauses as needed to address compatibility issues that can be resolved in Chrome. Enterprise administrators may continue to use the UiAutomationProviderEnabled policy to either opt-in early to the new behavior, or to temporarily opt-out through Chrome 136.
    • Chrome 137 on Windows: The UiAutomationProviderEnabled policy will be removed from Chrome. All clients will use the browser's UI Automation accessibility framework provider.

    

  • Keyboard-focusable scroll containers back to top 

    Making scroll containers focusable using sequential focus navigation greatly improves accessibility. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more.

    By making scrollers focusable by default, users who can't (or don't want to) use a mouse will be able to focus clipped content using a keyboard's tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

    • Chrome 125 on Windows, MacOS, Linux, Android

    

  • Interoperable mousemove default action back to top 

    Chrome allowed canceling mousemove events to prevent other APIs like text selection (and even drag-and-drop in the past). This does not match other major browsers; nor does it conform to the UI (event spec).

    Through this feature, text selection will no longer be the default-action of mousemove. Text selection and drag-and-drop can still be prevented through canceling selectstart and dragstart events respectively, which are spec compliant and fully interoperable.

    • Chrome 125 on Windows, MacOS, Linux, Android

    

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

    • Chrome 125 on Windows: Network Service sandboxed on Windows.

    

  • Telemetry about pages that trigger keyboard and pointer Lock APIs back to top 

    When an Enhances Safe Browsing user visits a page that triggers keyboard or pointer lock APIs, attributes of that page will be sent to Safe Browsing. 

    If the telemetry is sent and the page seems to be malicious, users will see a Safe Browsing warning and their keyboard or pointer will be unlocked if they were locked. 

    • Chrome 125 on Android, ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia

    

  • Extending Storage Access API (SAA) to non-cookie storage back to top 

    We propose an extension of the Storage Access API (backwards compatible) to allow access to unpartitioned (cookie and non-cookie) storage in a third-party context, and imagine the API mechanics to be roughly like this (JS running in an embedded iframe):

    // Request a new storage handle via rSA (this should prompt the user)
    let handle = await document.requestStorageAccess({all: true});

    // Write some cross-site localstorage
    handle.localStorage.setItem("userid", "1234");

    // Open or create an indexedDB that is shared with the 1P context
    let messageDB = handle.defaultBucket.indexedDB.open("messages");

    The same flow would be used by iframes to get a storage handle when their top-level ancestor successfully called rSAFor, just that in this case the storage-access permission was already granted and thus the rSA call would not require a user gesture or show a prompt, allowing for hidden iframes accessing storage.

    

  • Remove window-placement alias for permission and permission policy descriptors back to top 
    Chrome 124 removes the window-placement alias for permission and permission policy descriptors. All instances of window-placement are replaced with window-management, which better describes the related API functionality. This is a follow-up to Multi-Screen Window Placement API feature enhancements; for more details, see Chrome Platform Status.
    • Chrome 125 on Windows, MacOS, Linux

    

  • Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies back to top 

    Chrome 125 adds a cross-site ancestor bit to the keying of the partitioned cookie's CookiePartitionKey. This change unifies the partition key with the partition key values used in storage partitioning and adds protection against clickjacking attacks by preventing cross-site embedded frames from having access to the top-level-site's partitioned cookies.

    If an enterprise experiences any breakage with embedded iframes, they can use the CookiesAllowedForUrls policy or use SameSite=None cookies without the Partitioned attribute and then invoke the Storage Access API (SAA) or use the Cross-Origin Resource Sharing (CORS) to ensure that embedded iframes have access to the same cookies as the top level domain. 

    • Chrome 126 on Windows, MacOS, Linux

    

  • Extract text from PDFs for screen reader users back to top 

    Chrome browser is launching an Optical character recognition (OCR) AI reader for PDFs, creating the first browser built-in PDF screen reader for inaccessible documents, further filling the gap in accessibility for low vision and blind users across the web.

    This feature leverages Google's OCR models to extract, compartmentalize, and section PDF documents to make them more accessible. A local machine intelligence library will be added that uses Screen AI technology to analyze screenshots or the accessibility tree, and extract more information to help assistive technology, such as texts (OCR) and main content of the page.

    • Chrome 126 on ChromeOS, Linux, MacOS, Windows
    PDF reader

    

  • Deprecate Safe Browsing Extended reporting back to top 

    Safe Browsing Extended reporting is a feature that enhances the security of all users by collecting telemetry information from participating users that is used for Google Safe Browsing protections. The data collected includes URLs of visited web pages, limited system information, and some page content. However, this feature is now superseded by Enhanced protection mode. We suggest users switch to Enhanced protection to continue providing security for all users in addition to enabling the strongest security available in Chrome. For more information, see Safe Browsing protection levels

    • Chrome 126 on iOS, ChromeOS, Linux, MacOS, Windows: Deprecation of Safe Browsing Extended Reporting
      Safe browsing

    

    

  • App-Bound encryption for cookies back to top 

    To improve the security of cookies on Windows, the encryption key used for cookie encryption will be further secured by binding it to Chrome's application identity. This can help protect against malware that might attempt to steal cookies from the system. This does not protect against an attacker who is able to elevate privilege or inject into Chrome's processes.

    An enterprise policy ApplicationBoundEncryptionEnabled will be available to disable Application Bound encryption.

    • Chrome 125 on Windows

    

  • Intent to deprecate: mutation events back to top 

    Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. Starting in Chrome 124, a temporary enterprise policy, MutationEventsEnabled, will be available to re-enable deprecated or removed mutation events. If you encounter any issues, file a bug here.

    • Chrome 127 on Android, ChromeOS, Linux, MacOS, Windows: Mutation events will stop functioning in Chrome 127, around July 30, 2024.

    

  • User link capturing on PWAs back to top 

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

    • Chrome 121 on Linux, MacOS, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Earliest in Chrome 127 on Linux, MacOS, Windows: We will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).
    Link PWAs

    

  • All extensions must be updated to leverage Manifest V3 by June 2025 back to top 

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 

    Beginning June 2024, Chrome will gradually disable Manifest V2 extensions running in the browser. An Enterprise policy - ExtensionManifestV2Availability - is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Enterprise Core. Read more on the Manifest timeline, including: 

    • Chrome 110 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Chrome 127 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Chrome will gradually disable Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.

    

    

  • Chrome will no longer support MacOS 10.15 back to top 

    Chrome will no longer support MacOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems to continue to use Chrome browser. Running on a supported operating system is essential to maintaining security. If run on MacOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 will no longer support MacOS 10.15.

    • Chrome 129 on MacOS: Chrome no longer supports MacOS 10.15

    

  • Deprecate the includeShadowRoots argument on DOMParser back to top 

    The includeShadowRoots argument was a never-standardized argument to the DOMParser.parseFromString() function, which was there to allow imperative parsing of HTML content that contains declarative shadow DOM. This was shipped in Chrome 90 as part of the initial shipment of declarative shadow DOM. Since the standards discussion rematerialized in 2023, the shape of DSD APIs changed, including this feature for imperative parsing. To read more, see details of the context on the related standards, and information is also available on the related deprecations of shadow DOM serialization and shadow root attribute

    Now that a standardized version of this API, in the form of setHTMLUnsafe() and parseHTMLUnsafe() will ship in Chrome 124, the non-standard includeShadowRoots argument needs to be deprecated and removed. All usage should shift accordingly:

    Instead of:

      (new DOMParser()).parseFromString(html,'text/html',{includeShadowRoots: true});

    This can be used instead:

      document.parseHTMLUnsafe(html);

    • Chrome 129 on Windows, Mac, Linux, Android

↑ back to top  

Upcoming ChromeOS changes

   

  • ChromeOS Passpoint settings back to top 

    As early as ChromeOS 125, you will be able to view and manage Wi-Fi Passpoint in ChromeOS Settings. You will be able to view and remove your installed passpoint subscription under the passpoint detailed page.

   

  • New policy to control Kiosk wake and sleep times back to top 

    As early as ChromeOS 125, we will introduce a new kiosk device policy that will allow Admins to schedule when a device will wake and sleep. For more details, see Kiosk settings.

 

Upcoming Admin console changes

   

  • Policy parity: Custom Configurations for IT admins back to top

    The Custom Configurations page allows IT admins to configure Chrome policies that are not yet in the Admin console, using JSON scripts. As a result, all Chrome policies are now configurable in Chrome Enterprise Core in the Admin console, either using the Settings page or the Custom Configurations page. You can also use the page to configure extension installation mode not supported in the Admin console, such as “normal_installed”.

    • As early as Chrome 125 on Android, iOS, Linux, Mac, Windows: Trusted Tester access
    • As early as Chrome 126 on Android, iOS, Linux, Mac, Windows: Feature rolls out
       
  • Legacy Technology report back to top

    As early as Chrome 127, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, third-party cookies, SameSite cookie changes, and older security protocols like TLS 1.0/1.1 and third-party cookies. This information will enable IT administrators to work with developers to plan required tech migrations before the deprecation feature removals goes into effect.

    This feature is currently released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
    • As early as Chrome 127 on Linux, MacOS, Windows: Legacy Technology report will be available in the Admin console.
    Legacy tech report

Chrome 123

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Third-Party Cookie Deprecation (3PCD)     
Generative AI features    
Resume tabs  
Chrome on Android and iOS: cross-device resumption    
Resume the last opened tab on any device     
Change in behavior of the JavaScript JIT policies    
Chrome Sync ends support for Chrome 81 and earlier  
New idle timeout policies on iOS    
Cross-profile password reuse detection    
Telemetry for permission prompts and accepting notification permissions    
ServiceWorker static routing API    
Private network access checks for navigation requests: warning-only mode    
Local passwords stored in Play services    
Zstd content encoding    
Force Sign-in flows revamp    
Google Update changes    
New and updated policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
ChromeOS Flex Bluetooth migration    
Customizing keyboard shortcuts    
Mouse button customization    
Faster Split Screen setup    
ChromeOS Tether Hotspot    
Per-app language preferences on Android    
New natural-sounding voices for text-to-speech    
Data Processor mode rollout for Norway and Belgium    
Per-app privacy settings    
Enhanced Android security for new enterprise customers    
Admin console updates Security/ Privacy User productivity/ Apps Management
Enhanced Settings page experience    
Remote log collection for ChromeOS devices    
Inactive browser deletion in Chrome Browser Cloud Management    
Chrome crash report    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Default Search Engine choice screen    
User link capturing on PWAs - Windows, MacOS and Linux    
Permissions prompt for Web MIDI API    
Three Chrome extensions will be upgraded to Manifest V3  
Bookmarks and reading list improvements on Android    
Deprecate enterprise policy used for throttling    
Chrome Desktop support for Windows ARM64    
Remove enterprise policy used for GREASE    
Network Service on Windows will be sandboxed    
Deprecate and remove WebSQL    
Form controls support direction value in vertical writing mode    
Remove enterprise policies used for TLS handshake and RSA key usage    
Shadow root cloneable attribute    
Remove enterprise policy used for Base URL inheritance    
Intent to deprecate: mutation events    
Remove enterprise policy used for legacy same site behavior    
All extensions must be updated to leverage Manifest V3 by June 2025    
Chrome will no longer support macOS 10.15    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Record GIFs with Screen capture    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Legacy Technology report    
Policy parity: Custom Configurations for IT admins    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top 

    As previously announced, Chrome 120 started to restrict third-party cookies by default for 1% of Chrome users to facilitate testing, and subsequent releases will ramp up to 100% of users as early as Q3 2024. The ramp up to 100% of users is subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA). Browsers that are part of the 1% experiment group also see new Tracking Protection user controls. You can try out these changes in Chrome 120 or higher by enabling chrome://flags/#test-third-party-cookie-phaseout.

    This testing period allows sites to meaningfully preview what it's like to operate in a world without third-party cookies. As bounce-tracking protections are also a part of 3PCD, the users in this group with third-party cookies blocked have bounce tracking mitigations taking effect, so that their state is cleared for sites that get classified as bounce trackers. Most enterprise users are excluded from this 1% experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out managed browsers ahead of the experiment. This gives enterprises time to make the changes required to avoid relying on this policy or on third-party cookies. 

    We are launching the Legacy Technology Report to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to false to re-enable third-party cookies for all sites but this will prevent users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue receiving third-party cookies. 

    For enterprise end users that are pulled into this experiment group and that are not covered by either enterprise admin policy, they can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site, when necessary. See this Help Center article for more details on how to toggle these settings for the desired configuration.

    Bounce tracking protections are also covered by the same policies as cookies and these protections are enforced when the bouncing site is not permitted to use 3P cookies. So setting the BlockThirdPartyCookies policy to false, or setting the CookiesAllowedForUrls policy for a site, prevents bounce tracking mitigations from deleting state for sites. 

    Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.

    The heuristics feature grants temporary third-party cookie access in limited scenarios based on user behavior. This mitigates site breakage caused by third-party cookie deprecation in established patterns, such as identity provider pop ups and redirects.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, MacOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • Generative AI features back to top 

    In Chrome 122, 3 Generative AI (GenAI) features became available for managed users that have signed into Chrome browser: Tab Organizer, Create themes, and Help me write (not available on ChromeOS). Initially, these 3 features are only available to users (18+) in English in the USA. Admins can control these by using the TabOrganizerSettings, CreateThemesSettings and HelpMeWriteSettings policies. 

    Starting in Chrome 123, we will gradually roll out these features and some users will no longer need to opt in to Experimental AI to use the features if admins set the policies to enabled. 

    • Chrome 122 on ChromeOS, Linux, Mac, Windows: GenAI features (Tab Organizer, Create themes) become available to managed users in the USA. Users need to turn on Experimental AI. 
    • Chrome 123 on ChromeOS, Linux, Mac, Windows: Features (Tab Organizer, Create themes) become available to managed users in the USA. Some users will have the feature enabled by default; others will still be able to manually opt in via the Experimental AI settings page. In both cases, the features will not be available if disabled via policy.

   

  • Resume tabs back to top 

    Chrome 123 introduces a new card on the New tab page, which helps users continue with tab suggestions from other devices. Using the NTPCardsVisible policy, admins can control this feature, and other cards on the New tab page. 

    • Chrome 123 on ChromeOS, Linux, Mac, Windows

    Resume tabs

   

  • Chrome on Android and iOS: cross-device resumption back to top 

    To help users resume tasks originating from other devices, Chrome now provides cross-device tab suggestions on the New tab page or Home surfaces on Chrome on Android and Chrome on iOS.

    • Chrome 123 on Android, iOS: Feature launches

   

  • Resume the last opened tab on any device back to top 

    For the last open tab on any device within the last 24 hours with the same signed-in user profile, Chrome now offers users a quick shortcut to resume that tab. Admins can control this feature using an existing enterprise policy called SyncTypesListDisabled.

    • Chrome 123 on iOS: Feature launches

   

  • Change in behavior of the JavaScript JIT policies back to top 

    As early as Chrome 122, enabling the DefaultJavaScriptJitSetting policy and disabling JavaScript JIT no longer resulted in WebAssembly being fully disabled. The V8 optimizing JIT will continue to be disabled by setting this policy. This allows Chrome to render web content in a more secure configuration.

   

  • Chrome Sync ends support for Chrome 81 and earlier back to top 

    Chrome Sync will no longer support Chrome 81 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome Sync.

    • Chrome 123 on Android, iOS, ChromeOS, Linux, MacOS, Windows: The change will be implemented.

   

  • New idle timeout policies on iOS back to top 

    Enterprises are now able to enforce taking an action after Chrome has been idle for some amount of time on iOS devices. Admins can use the IdleTimeout policy to set a timeout period and the IdleTimeoutActions policy to specify actions on timeout. The setting will be available as a platform policy and will be available per user profile at a future date. 

    • Chrome 123 on iOS: Policies available on iOS.

   

  • Cross-profile password reuse detection back to top 

    Previously, password reuse detection of corporate credentials was only detectable in the corporate profile. In Chrome 123, password reuse detection will detect corporate credential reuse across all non-Incognito profiles on the managed browser.

   

  • Telemetry for permission prompts and accepting notification permissions back to top 

    When Enhanced Protection is turned on, and a user visits a page that prompts the user to accept a notification permission, attributes of that page might be sent to Safe Browsing. If the telemetry is sent and the page is deemed dangerous, users will see a Safe Browsing warning. 

    When Enhanced Protection or Safe Browsing Extended Reporting is turned on, and a user accepts a notification permission for a blocklisted page, this event will be sent to Safe Browsing.

    These features can be controlled by the SafeBrowsingProtectionLevel and SafeBrowsingExtendedReportingEnabled policies.

    • Chrome 123 Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia: Feature rolls out to enterprises that have MetricsReportingEnabled set to enabled.

   

  • ServiceWorker static routing API back to top 

    This API allows developers to configure the routing, and allows them to offload simple things ServiceWorkers do. If the condition matches, the navigation happens without starting ServiceWorkers or executing JavaScript, which allows web pages to avoid performance penalties due to ServiceWorker interceptions.

    • Chrome 123 on Windows, Mac, Linux, Android

   

  • Private network access checks for navigation requests: warning-only mode back to top 

    Before a website navigates to a destination site in a user's private network, Chrome will do the following:

    1. Checks whether the original navigation request has been initiated from a secure context.

    2. Sends a preflight request, and checks whether the destination site responds with a header that allows private network access.

     

    The above checks are made to protect the user's private network. Since this feature operates in warning-only mode, we do not fail the requests if any of the checks fail. Instead, a warning will be shown in DevTools Chrome console, to help developers prepare for the coming enforcement. To read about these changes, see Private Network Access (PNA) for Navigation Requests. To learn more, see the PNA specification.

    • Chrome 123 on Android (except for WebView), ChromeOS, Linux, MacOS, Windows: Warning-only mode.
    • Earliest Chrome 130 on Android (except for WebView), ChromeOS, Linux, MacOS, Windows: Requests will fail.

   

  • Local passwords stored in Play services back to top 

    Chrome changes the way local (not syncable) passwords are stored. Previously they were stored in the Chrome profile. Now they are gonna be migrated to the local password storage of the Google Play services similarly to how the Google account passwords are already stored. It also changes the management UI for them to be provided by Google Play services. The Chrome policy PasswordManagerEnabled is still valid but it doesn't control the behavior outside the Chrome binary. Thus, the new password management UI allows users to import or add passwords there manually.

    • Chrome 123 on Android: The feature kicks-in for users without local passwords 
    • Chrome 124 on Android: All local passwords are migrated to the Google Play services.

   

  • Zstd content encoding back to top 

    Chrome is adding support for Zstandard (zstd) as a data compression mechanism. Supporting zstd content encoding in the browser allows sites to spend less time and CPU or power on compression on their servers, resulting in reduced server costs. A temporary enterprise policy ZstdContentEncodingEnabled is available to turn off the zstd content encoding feature.

    • Chrome 123 on Android, ChromeOS, LaCrOS, Linux, Mac, Windows, Fuchsia: Support for zstd is added.

   

  • Force sign-in flows revamp back to top 

    When the BrowserSignin policy is set to Force users to sign-in to use the browser, users now sign in to Chrome browser by following the standard sign-in procedure through the Profile Picker.

    Previously, the Force sign-in flow had a specific UI dialog that did not follow typical Chrome style or standards. Now the flows are aligned with the regular sign-in flows. We’ve also improved error handling by displaying sign-in errors in a regular dialog with actionable buttons.

    • Chrome 123 on Mac, Windows: Full launch

    Force sign-in

   

  • Google Update changes back to top 

    We are in the process of rolling out a new version of Google Update. As part of this change, the location for GoogleUpdate.exe on Windows will change and will be named updater.exe. Note that the previous path will continue to persist until the transition is fully completed.

    • Previous: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    • Current: C:\Program Files (x86)\Google\GoogleUpdater\VERSION\updater.exe

   

ChromeOS updates

   

  • ChromeOS Flex Bluetooth migration  back to top

    In ChromeOS 123, ChromeOS Flex will upgrade to the Floss Bluetooth stack. As part of this upgrade, the listed devices no longer support Bluetooth functionality. If Bluetooth functionality is critical for these devices, we recommend moving these devices to the LTS channel to extend the Bluetooth functionality through to October 2024. 

    • HP Probook 4530s
    • Lenovo ThinkPad T420
    • HP Elitebook 8460p
    • Apple iMac 11,2
    • Lenovo ThinkPad x220
    • Dell Vostro 3550
    • HP 3115m
    • HP Elitebook 2560p
    • HP ProBook 6465b
    • Lenovo ThinkPad L420
     

    If your devices are unable to connect to Bluetooth after updating to ChromeOS 123, switch the Chrome flag Use Floss instead of BlueZ to Disabled.

     

    Floss vs Bluetooth

 

   

  • Customizing keyboard shortcuts  back to top

    Using shortcuts boosts productivity, and we all have our favorites. In ChromeOS 123, with shortcut customization, you will be able to assign your preferred key combination to personalize your shortcuts. Whether you want them to be easier to do with one hand, simpler to remember, or identical to the ones you're familiar with, this feature will simplify your day-to-day workflows. 

       

    Customize keyboard shortcuts

 

   

  • Mouse button customization  back to top

    Mouse button customization on Chromebook helps users complete quick actions with the click of a button. If your mouse has more than two buttons, you can now assign those to a set list of actions such as taking a screenshot, muting and unmuting, inserting emojis, and so on. You can also select a key combination to assign to your buttons any action performed by a keyboard shortcut.

     

    Customize mouse shortcuts

 

   

  • Faster Split Screen setup  back to top

    Chromebooks provide a variety of ways to arrange the windows on your screen to help make you more productive — one of which is Split Screen. Just as it sounds, Faster Split Screen setup offers a quicker way to set up your window layout by showing an overview of your open windows on the other side of the screen. With Faster Split Screen, once you snap (or lock) a window in place on one side, you can choose an already-open window from Overview to snap into the other side, or select something from the shelf (the row of apps located at the bottom or side of your screen).

     

    Split screen

 

   

  • ChromeOS Tether Hotspot  back to top  

    Hotspot is now available on ChromeOS! You can now share your cellular network on your Chromebook as a hotspot to other devices without an internet connection! Enable your first hotspot by opening Network Settings and toggling on Hotspot. In ChromeOS 123, we only support T-Mobile in the US but we are working to add other networks in future releases.

     

   

  • Per-app language preferences on Android  back to top

    You can now change to your preferred language for your Android apps. These new settings are available in Settings > Apps > Manage your apps > App language

     

   

  • New natural-sounding voices for text-to-speech  back to top

    In ChromeOS 123, we’ve added new natural sounding TTS voices that work offline and are available in 31 languages.  

    TTS natural voices

 

   

  • Data Processor mode rollout for Norway and Belgium  back to top

    In August 2023, data processor mode for ChromeOS was launched in the Netherlands to give organizations more transparency and control over data sent to, and processed by Google. As interest in this space increased recently, we are making data processor mode generally available in additional countries, starting with Norway and Belgium. This product is available in the Admin console through Device > Chrome > Compliance. For more information, see our Help Center article.

     

   

  • Per-app privacy settings  back to top

    ChromeOS 123 makes privacy controls on Chromebooks easier to manage by consolidating app permissions and privacy controls. This gives users more transparency by showing what apps need access to privacy sensors, and how app permissions are affected by privacy control states. Now with the per-app permissions, for microphone and camera, instead of going to two separate places (privacy controls and app settings), users can directly go to privacy settings to view what apps need access to these sensors and modify app permissions.

 

   

  • Enhanced Android security for new enterprise customers  back to top

    ChromeOS 123 enhances the default app security level for enterprise customers. On new enterprise domains, ChromeOS now deactivates Android apps for unaffiliated ChromeOS users by default. Unaffiliated ChromeOS users are users on unmanaged devices or on devices that are managed by a different domain than the user.

    Existing enterprise domains will not be affected by this change. Any new or existing education customer will not be affected.

    Enterprise customers who want to change the default setting, see our Help Center article.

     

Admin console updates

   
  • Enhanced Settings page experience   back to top

    Starting in March 2024, all admins will use our updated Settings page experience–that means you’ll no longer be able to use the legacy Settings page experience. Most of you already use the updated experience. This just means that admins will no longer be able to access the legacy view, but you'll still have access to all the same functionality in the updated view.

    Enhanced settings page
   
  • Remote log collection for ChromeOS devices   back to top

    If you experience problems with a managed ChromeOS device, you can troubleshoot by capturing additional logs from the Device details page in the Admin console.You can remotely collect logs for following use cases : 

    • Kiosk devices
    • Affiliated and unaffiliated signed-in users
    • Managed guest sessions
    • Login and Locked screen

    For more information, see this Help Center article, Remote log collection for ChromeOS devices.

    Remote log collection

   

  • Inactive browser deletion in Chrome Browser Cloud Management   back to top

    The Inactive period for browser deletion policy is now available for early access in the Admin console. For IT admins who find the 18 month default inadequate, this will allow them to explicitly set a policy value (inactivity period of time) a few weeks before the actual deletion starts. 

    Starting in April 2024 until May 2024, the Inactive period for browser deletion policy will start rolling out and automatically delete enrolled browsers in the Admin console that have been inactive for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time will have a default value of 540 days. Meaning that by default, all enrolled browsers that have been inactive for more than 540 days will be deleted from your account. Administrators can change the inactive period value using this policy. The maximum value to determine the browser inactivity period will be 730 days and the minimum value is 28 days. 

    If you lower the set policy value, it might have a global impact on any currently enrolled browsers. All impacted browsers will be considered inactive and, therefore, be irreversibly deleted. To ensure the deleted browsers re-enroll automatically next time they restart, set the Device Token Management policy value to Delete token before lowering the value of this policy. The enrollment tokens on these browsers need to still be valid at the time of the restart.
   
  • Chrome crash report   back to top

    In Chrome 123, you can visualize crash events in the Admin console using the new Chrome crash report page. In this report, you will find a dynamic chart representing Chrome crash events over time, grouped by versions of Chrome. Additional filtering is available for the following fields: OS platforms, Chrome channels and dates. This report helps you proactively identify potential Chrome issues within your organization.

    • Chrome 121 on Linux, MacOS, Windows: Trusted Tester program
    • Chrome 123 on Linux, MacOS, Windows: Feature rolls out
    Crash report

   

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

    

  • Default Search Engine choice screen back to top 

    As part of our Digital Markets Act (DMA) compliance, Google is introducing choice screens for users to choose their default search engine within Chrome. The choice from the prompt controls the default search engine setting, currently available at chrome://settings/search.

    For enterprises that have chosen to have their administrator set their enterprise users’ search settings using the enterprise policies DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, those policies continue to control their enterprise’s search settings. Where the administrator has not set their enterprise users’ search settings by policy, enterprise users might see a prompt to choose their default search engine within Chrome.

    Read more about these policies and the related atomic group.

    • Chrome 120 on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: 1% users might start getting the choice screen with Chrome 120. 
    • Later this year on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: full roll-out for applicable users.

   

  • User link capturing on PWAs - Windows, MacOS and Linux back to top 
     

    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it easier to move between the browser and installed web apps. When the user clicks a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. When the user clicks the chip, this either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking a link always automatically opens the app.

    Some issues were discovered with the current implementation, so we will not launch this feature in Chrome 123 as initially announced. We definitely plan to launch link capturing this year (bug).

    • Chrome 121 on Linux, MacOS, Windows: When some users click a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Future milestone in 2024 on Linux, MacOS, Windows: We will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).

    Linked webapps

   

  • Permissions prompt for Web MIDI API back to top 
     

    The Web MIDI API connects to and interacts with Musical Instrument Digital Interface (MIDI) Devices. There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (see related Chromium bug). To address this problem, the W3C Audio Working Group decided to place an explicit permission on general Web MIDI API access. Originally, the explicit permission was only required for advanced Web MIDI usage in Chrome, including the ability to send and receive system exclusive (SysEx) messages, with gated access behind a permissions prompt. We now intend to expand the scope of the permission to regular Web MIDI API usage.

    In Chrome 124, all access to the Web MIDI API will require a user permission. No policies will be available to control these changes. If you encounter any issues, file a bug here.

    • Chrome 124 on Windows, MacOS, Linux, Android 

   

   

  • Bookmarks and reading list improvements on Android back to top 
     

    On Chrome 124 on Android, some users who sign in to Chrome from the Bookmark manager will be able to use and save bookmarks and reading list items in their Google Account. Relevant enterprise policies, such as BrowserSignin, SyncTypesListDisabled, EditBookmarksEnabled, ManagedBookmarks and ShoppingListEnabled will continue to work as before, to configure whether users can use and save items in their Google Account.

    • Chrome 124 on Android: Feature rolls out.

   

  • Deprecate enterprise policy used for throttling back to top 
     

    The underlying code change (throttling same-process, cross-origin display:none iframes) that the ThrottleNonVisibleCrossOriginIframesAllowed enterprise policy overrides has been enabled in stable releases since early 2023. Since known issues have been dealt with, we intend to remove the ThrottleNonVisibleCrossOriginIframesAllowed enterprise policy by Chrome 124. The discussions around the throttling issue (and its resolution) can be found in this Chromium bug.

    • Chrome 124: Policy is removed.

   

  • Chrome Desktop support for Windows ARM64 back to top 
     

    Chrome is rolling out support for Windows ARM64. We are working on publishing the Enterprise installers. You can continue to test the Canary channel and report bugs there. Note that this is subject to change based on overall stability, as well as feedback from customers. If you encounter any issues, file a bug here

    • Chrome 124 on Windows (ARM): New Enterprise installers are available.

   

  • Remove enterprise policy used for GREASE back to top 
     

    We plan to deprecate the UserAgentClientHintsGREASEUpdateEnabled policy since the updated GREASE algorithm has been on by default for over a year. The policy will eventually be removed. 

    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows: Policy is deprecated.
    • Chrome 126 on Android, ChromeOS, Linux, MacOS, Windows: Policy is removed.

   

  • Network Service on Windows will be sandboxed back to top 
     

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

    • Chrome 124 on Windows: Network Service sandboxed on Windows.

   

  • Deprecate and remove WebSQL back to top 
     

    With SQLite over WASM as its official replacement, we plan to remove WebSQL entirely. This will help keep our users secure.

    The Web SQL database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. 

    • Chrome 101: In Chrome 101 the WebSQLAccess policy is added. WebSQL will be available when this policy is enabled, while the policy is available until Chrome 123.
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL Deprecation Trial starts. The trial ends in Chrome 123. During the trial period, a deprecation trial token is needed for the feature to be available.
    • Chrome 119: Starting Chrome 119, WebSQL is no longer available. Access to the feature is available until Chrome 123 using the WebSQLAccess policy, or a deprecation trial token.
    • Chrome 124: on ChromeOS, LaCrOS, Linux, MacOS, Windows, Android: Starting in Chrome 124, the policy WebSQLAccess and the deprecation trial, which allows for WebSQL to be available, will no longer be available.

   

  • Form controls support direction value in vertical writing mode back to top 

    The CSS property writing-mode allows elements to go vertical, but users cannot set the direction in which the value changes. With this feature, we are allowing the form control elements (meter, progress and range) input type to have vertical writing mode and choose the form control's value direction. If direction is rtl, the value is rendered from bottom to top. If direction is ltr, the value is rendered from top to bottom. For more information, see this Chrome for Developers blog post.

    • Chrome 124 on Windows, Mac, Linux, Android

   

   

  • Shadow root cloneable attribute back to top 
     

    The shadow root clonable attribute enables individual control over whether a shadow root is cloneable (via standard platform cloning commands such as `cloneNode()`). Imperative shadow roots can now be controlled via a parameter to `attachShadow({clonable:true})`. Declarative shadow roots can be controlled via a new attribute, `<template shadowrootmode=open shadowrootclonable>`

     

    Breakage can occur if you are:

    1. using declarative shadow DOM
    2. cloning templates that contain DSD and
    3. expecting those clones to contain cloned shadow roots
     
    • Chrome 124 on Android, ChromeOS, Linux, MacOS, Windows

   

   

  • Intent to deprecate: mutation events back to top 
     

    Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. Starting in Chrome 124, a temporary enterprise policy, MutationEventsEnabled, will be available to re-enable deprecated or removed mutation events. If you encounter any issues, file a bug here.

    • Chrome 127 on Android, ChromeOS, Linux, MacOS, Windows: Mutation events will stop functioning in Chrome 127, around July 30, 2024.

   

   

  • All extensions must be updated to leverage Manifest V3 by June 2025 back to top 
     

    Extensions must be updated to leverage Manifest V3. Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 

     

    Beginning June 2024, Chrome will gradually disable Manifest V2 extensions running in the browser. An Enterprise policy - ExtensionManifestV2Availability - is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.

     

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management. Read more on the Manifest timeline, including: 

    • Chrome 110 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Enterprise policy ExtensionManifestV2Availability is available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions.
    • Chrome 127 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Chrome will gradually disable Manifest V2 extensions on user devices. Only those with the ExtensionManifestV2Availability enterprise policy enabled would be able to continue using Manifest V2 extensions in their organization.
    • Chrome 139 on ChromeOS, LaCrOS, Linux, MacOS, Windows: Remove ExtensionManifestV2Availability policy.

   

  • Chrome will no longer support macOS 10.15 back to top 
     

    Chrome will no longer support macOS 10.15, which is already outside of its support window with Apple. Users have to update their operating systems to continue to use Chrome browser. Running on a supported operating system is essential to maintaining security. If run on macOS 10.15, Chrome continues to show an infobar that reminds users that Chrome 129 will no longer support macOS 10.15.

    • Chrome 129 on MacOS: Chrome no longer supports macOS 10.15

↑ back to top  

Upcoming ChromeOS changes

   

  • Record GIFs with Screen capture back to top

    As early as ChromeOS 124, Screen capture will let you record your screen in .GIF format to easily capture, share, and play the recording inline in chat, slides, docs, and more. 

 

↑ back to top  

Upcoming Admin console changes

       
  • Legacy Technology report back to top

    As early as Chrome 124, the Legacy Technology report will be available in the Admin console and it will proactively report websites (both internal and external) that are using technology that will be deprecated, for example, third-party cookies, SameSite cookie changes, and older security protocols like TLS 1.0/1.1 and third-party cookies. This information will enable IT administrators to work with developers to plan required tech migrations before the deprecation feature removals goes into effect.


    This feature is currently released in our Trusted Tester program. If you’re interested in helping us test this feature, you can sign up for the Chrome Enterprise Trusted Tester program here.
     
    • As early as Chrome 124 on Linux, MacOS, Windows: Legacy Technology report will be available in the Admin console.
    Legacy tech report
   
  • Policy parity: Custom Configurations for IT admins back to top

    The Custom Configurations page allows IT admins to configure Chromium policies that are not yet in the Admin console, using JSON scripts. As a result, all Chrome policies are now configurable in Chrome Browser Cloud Management in the Admin console, either using the Settings page or the Custom Configurations page.

     

    • As early as Chrome 124 on Android, iOS, Linux, Mac, Windows: Trusted Tester access
    • As early as Chrome 125 on Android, iOS, Linux, Mac, Windows: Feature rolls out

↑ back to top  

Chrome 122

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome Third-Party Cookie Deprecation (3PCD)     
Generative AI features    
Simplified sign-in and sync experience on iOS  
SharedImages for PPAPI Video Decode    
New download URLs for Chrome browser (Enterprise)      
New V8 security setting    
Read aloud    
Removal of enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed    
Asynchronous server-side Safe Browsing check    
Improved download warnings on the Chrome Downloads page    
Skip unload events    
Autofill: security code updates     
Removing unenrollment from Unified Password Manager    
Chrome on iOS: bottom address bar    
DefaultSearchProvider policy changes    
Change in behavior of the JavaScript JIT policies    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Content scanning with BCE    
Battery Saver    
Enhanced SAML reauthentication flows    
Badge-based authentication    
Edit your recordings with Screencast    
IkeV2 VPN support  
Mandatory extensions in Incognito  
New look for ChromeOS media player    
Admin console updates Security/ Privacy User productivity/ Apps Management
Inactive browser deletion in Chrome Browser Cloud Management    
New policies in the Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Default Search Engine choice screen    
User link capturing on PWAs - Windows, MacOS and Linux    
Resume tabs    
Chrome on Android or iOS: cross-device resumption    
Resume the last opened tab on any device     
Permissions prompt for Web MIDI API    
Network Service on Windows will be sandboxed     
Chrome Sync ends support for Chrome 81 and earlier  
Deprecate and remove WebSQL    
IdleTimeout and IdleTimeoutActions Policies on iOS    
Cross Profile Password Reuse Detection    
Telemetry for permission prompts and accepting notification permissions     
ServiceWorker static routing API    
Private network access checks for navigation requests: warning-only mode    
Bookmarks and reading list improvements on Android    
Deprecate enterprise policy ThrottleNonVisibleCrossOriginIframesAllowed    
Remove support for UserAgentClientHintsGREASEUpdateEnabled    
Intent to deprecate: Mutation Events    
Remove LegacySameSiteCookieBehaviorEnabledForDomainList policy    
Extensions must be updated to leverage Manifest V3
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
ChromeOS Flex Bluetooth Migration    
Customizing keyboard shortcuts    
Record GIFs with Screen capture    
Faster Split Screen setup    
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
Enhanced Settings page experience    
Chrome crash report    
Legacy Technology report    

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

  • Chrome Third-Party Cookie Deprecation (3PCD) back to top

    As previously announced, Chrome 120 started to restrict third-party cookies by default for 1% of Chrome users to facilitate testing, and subsequent releases will ramp up to 100% of users as early as Q3 2024. The ramp up to 100% of users is subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA). Browsers that are part of the 1% experiment group also see new Tracking Protection user controls. You can try out these changes in Chrome 120 or higher by enabling chrome://flags/#test-third-party-cookie-phaseout.

    This testing period allows sites to meaningfully preview what it's like to operate in a world without third-party cookies. As bounce-tracking protections are also a part of 3PCD, the users in this group with third-party cookies blocked have bounce tracking mitigations taking effect, so that their state is cleared for sites that get classified as bounce trackers. Most enterprise users are excluded from this 1% experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies and opt out managed browsers ahead of the experiment. This gives enterprises time to make the changes required to avoid relying on this policy or on third-party cookies. 

    We are launching the Legacy Technology Report to help identify third-party cookies use cases. Admins can set the BlockThirdPartyCookies policy to false to re-enable third-party cookies for all sites but this will prevent users from changing the corresponding setting in Chrome. Alternatively, to prevent breakage, you can set the CookiesAllowedForUrls policy to allowlist your enterprise applications to continue receiving third-party cookies. 

    For enterprise end users that are pulled into this experiment group and that are not covered by either enterprise admin policy, they can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site, when necessary. See this help article for more details on how to toggle these settings for the desired configuration.

    Bounce tracking protections are also covered by the same policies as cookies and these protections are enforced when the bouncing site is not permitted to use 3P cookies. So setting the BlockThirdPartyCookies policy to false, or setting the CookiesAllowedForUrls policy for a site, prevents bounce tracking mitigations from deleting state for sites. 

    Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.

    The heuristics feature grants temporary third-party cookie access in limited scenarios based on user behavior. This mitigates site breakage caused by third-party cookie deprecation in established patterns, such as identity provider pop ups and redirects.

    For more details on how to prepare, provide feedback and report potential site issues, refer to our updated landing page on preparing for the end of third-party cookies.

    • Starting in Chrome 120 on ChromeOS, Linux, MacOS, Windows
      1% of global traffic has third-party cookies disabled. Enterprise users are excluded from this automatically where possible, and a policy is available to override the change.

   

  • Generative AI features back to top

    Starting in Chrome 122, there are 3 Generative AI (GenAI) features that are now also available for managed users that have signed into Chrome browser: 

    • Tab organizer: Chrome can automatically suggest tab groups for users based on the URL and title of opened websites. To use this feature, right-click on a tab, and select Organize similar tabs.
    • Create themes with AI: Chrome lets users create a unique Chrome theme (a combination of a color and a wallpaper image) using GenAI. To use the feature, open a new tab, and at the bottom right, click Customize Chrome. On the side panel, select Change theme > Create with AI. Users can then choose from preset options for subject, mood, style, and color.
    • Get help writing on the web with AI: This feature helps users write with more confidence and kickstart the writing process in free-form text fields on the web. To use this feature, right-click on a text field, and select Help me write (not available on ChromeOS).

    Initially, these 3 features are only available to users in English in the US. Admins can control these by using the TabOrganizerSettings, CreateThemesSettings and HelpMeWriteSettings policies. For each feature, you have the following options for your organization:  

    •   0 = Enable the feature and send data to help improve AI models
    •   1 = Enable the feature but don’t send data to help improve AI models
    •   2 = Fully disable feature
     

    You can find more information in the Tab group suggestions, Create themes, and Help me write help center articles.

   

  • Simplified sign-in and sync experience on iOS back to top

    Starting in Chrome 122, existing users on iOS with Chrome sync turned on now experience a simplified and consolidated version of sign-in and sync in Chrome. Chrome sync no longer appears as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.

    As before, the functionality that saves and accesses Chrome data in the Google Account can be turned off fully (via SyncDisabled) or partially (via SyncTypesListDisabled). Sign-in to Chrome can be required or disabled via BrowserSignin as before.

    Note that the changes do not affect users’ ability to sign in to Google services on the web (like Gmail) without signing in to Chrome, their ability to stay signed out of Chrome, or their ability to control what information is synced with their Google Account.

    • Chrome 117: no longer shows Chrome sync as a separate feature for users who didn't have Chrome sync enabled at the time.
    • Chrome 122: no longer shows Chrome sync as a separate feature for users who had Chrome sync enabled by migrating them to an equivalent state.

     

   

  • SharedImages for PPAPI video decoder back to top

    Chrome 122 removes the PPAPISharedImagesForVideoDecoderAllowed policy, used to control the recent refactor for VideoDecoder APIs in PPAPI plugin. This policy was introduced on a temporary basis in Chrome 119.

    • Chrome 119 on ChromeOS, LaCrOS: Introduces escape hatch policy.
    • Chrome 122 on ChromeOS, LaCrOS: Escape hatch policy and corresponding old code paths are removed.

   

   

  • New V8 security setting back to top

    Chrome 122 adds a new setting on chrome://settings/security to disable the V8 JIT optimizers, to reduce the attack surface of Chrome browser. This behavior continues to be controlled by the DefaultJavaScriptJitSetting enterprise policy, and the associated JavaScriptJitAllowedForSites and JavaScriptJitBlockedForSites policies. The setting is integrated into Site Settings. The enterprise policies have been available since Chrome 93.

    • Chrome 122 on ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia

   

  • Read aloud back to top

    Read aloud allows users of Chrome on Android to listen to web pages using text to speech technology. Users can now access this feature via the overflow menu and control playback via audio controls. 

    Read aloud sends the page URL to Google servers to power playback, and users who use it need to enable the settings menu item Make searches and browsing better

    Setting the ListenToThisPageEnabled policy to true allows users to have eligible web pages read aloud using text-to-speech. This is achieved by server side content distillation and audio synthesis. Setting to false disables this feature, and if this policy is set to default or left unset, Read aloud is enabled.

    • Chrome 122 on Android: Feature launches

   

  • Removal of enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed back to top

    Chrome 122 removes the temporary enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed, which was made available in Chrome 116 to give enterprises time to address possible breakage related to Chrome Apps webview usage changes. 

    • Chrome 122 on Linux, MacOS, Windows, ChromeOS: Enterprise Policy ChromeAppsWebViewPermissiveBehaviorAllowed removed 

   

  • Asynchronous server-side Safe Browsing check back to top

    Today Safe Browsing checks are on the blocking path of page loads, meaning that users cannot see the page until the checks are complete. To improve Chrome's loading speed, checks with the server-side Safe Browsing list no longer block page loads in Chrome 122. 

    We have evaluated the risk and put mitigations in place: 

    1) To protect against direct exploits against the browser, local list checks are still conducted in a synchronous manner so that malicious payloads cannot run until the local list check is complete. 

    2) To protect against phishing attacks, we've looked at data and concluded that it is unlikely the user would have significantly interacted with the page (for example, typed a password) by the time we show a warning.

    • Chrome 122 on Android, ChromeOS, LaCrOS, Linux, MacOS, Windows: Feature launches 

   

  • Improved download warnings on the Chrome Downloads page back to top

    To help reduce consequences of downloading malware, we’re cleaning up desktop download warning strings and patterns to be clear and consistent.

    • Chrome 122 on ChromeOS, LaCrOS, Linux, MacOS, Windows, Fuchsia: Feature launches
    Chrome Web Store Chrome Web Store

   

  • Skip unload events back to top

    The presence of unload event listeners is a primary blocker for back/forward cache on Chromium based browsers and for Firefox on desktop platforms. On the other hand, for mobile platforms, almost all browsers prioritize the bfcache by not firing unload events in most cases. To improve the situation, we’ve been working with lots of partners and successfully reduced the use of unload event listeners over the last few years. To further accelerate this migration, we propose to have Chrome for desktop gradually skip unload events. 

    In case you need more time to migrate away from unload events, we’ll offer temporary opt-outs in the form of a Permissions-Policy API and an enterprise policy ForcePermissionPolicyUnloadDefaultEnabled, which allow you to selectively keep the behavior unchanged.

    • Chrome 117 on ChromeOS, Linux, MacOS, Windows: Dev Trial
    • Chrome 119 on ChromeOS, Linux, MacOS, Windows: Introduces ForcePermissionPolicyUnloadDefaultEnabled policy
    • Chrome 122 -132 on ChromeOS, Linux, MacOS, Windows: Deprecation trial (general rollout of deprecation will be limited scope until deprecation trial is ready)
    • Chrome 122 unload handlers will be gradually skipped for 1% of users on top-50 sites, as proposed here.

   

  • Autofill: security code updates back to top

    In Chrome 122, payments autofill allows you to save security codes for local and server cards to improve user experience. Security codes are only saved if a user consents to saving it. Users always have the option to turn security code saving off in Chrome Settings.

    • Chrome 122 on Android, MacOS: feature rolls out

   

  • Removing unenrollment from Unified Password Manager back to top

    Chrome 122 removes unenrollment from Unified Password Manager on Android. When Google Play Services responds with an error users lose access to Password Manager features (password saving or updating, password generation) until the error is resolved. For some errors, there is an error message with an action button to resolve the problem. Other issues are supposed to be temporary (for example, during Google Play Services update).

    • Chrome 122 on Android: feature rolls out
    Chrome Web Store

   

  • Chrome on iOS: bottom address bar on iPhone back to top

    We recently launched a customizable address bar that allows users to choose between a top and a bottom address bar on iPhone. The address bar position picker screen is now added to the First Run Experience. 

    • Chrome 122 on iOS: feature rolls out
    Chrome Web Store

   

  • DefaultSearchProvider policy changes back to top

    In Chrome 122, we are making some changes to the DefaultSearchProvider*  policies. We have removed the DefaultSearchProviderIconURL on all platforms because Chrome now uses the favicon image provided by the search engine. DefaultSearchProviderKeyword and DefaultSearchProviderNewTabURL are not supported on iOS and Android, alongside (but support continues on) Linux, Mac OS and Windows. We fixed the supported platform set to reflect this.

   

  • Change in behavior of the JavaScript JIT policies back to top

    In Chrome 122, enabling the DefaultJavaScriptJitSetting policy and disabling JavaScript JIT no longer results in WebAssembly being fully disabled. The V8 optimizing JIT continues to be disabled by setting the DefaultJavaScriptJitSetting policy. This allows Chrome to render web content in a more secure configuration.

   

  • New and updated policies in Chrome browser back to top 
    Policy Description
    InsecureFormsWarningsEnabled Enable warnings for insecure forms (now available on iOS)
    ListenToThisPageEnabled Enable read aloud (text distillation and text-to-speech synthesis) for web pages

   

  • Removed policies in Chrome browser   back to top
     
    Policy Description
    PPAPISharedImagesForVideoDecoderAllowed Allow Pepper to use shared images for video decoding.
    ChromeAppsWebViewPermissiveBehaviorAllowed Restore permissive Chrome Apps webview behavior
    DefaultSearchProviderIconURL Default search provider icon (removed on all platforms)
    DefaultSearchProviderKeyword Default search provider keyword (removed on Android and iOS only)
    DefaultSearchProviderNewTabURL Default search provider new tab page URL (removed on Android and iOS only)

ChromeOS updates

   

  • Content scanning with BCE back to top
    ChromeOS data controls are a set of controls that are applied by the admin, which protect users from data leakage on endpoints using a Data Loss Prevention (DLP) layer in ChromeOS. For details, see this help center article.  BeyondCorp Enterprise (BCE) enables continuous and real-time end-to-end protection. Content scanning with BCE is a new way to evaluate and enforce data controls restrictions on file transfers based on signals from BeyondCorp Enterprise.

   

  • Battery Saver  back to top

    As early as ChromeOS 122, Battery Saver is available to reduce brightness on both display and keyboard backlight, throttle display refresh rate and available compute budget, and also turn off certain energy-intensive background functions to allow users squeeze more battery life out of their devices. This helps when users need that last couple minutes to finish a task and don't have a charger handy. When enabled, Battery Saver switches on automatically when the user's battery level reaches 20%. You can control this feature using the BatterySaverModeAvailability enterprise policy.

    Battery saver

   

  • Enhanced SAML reauthentication flows back to top

    To optimize the sign-on experience of our customers, we've introduced certain internal changes to our SAML single sign-on implementation. These changes will impact customers with misconfigured SAML settings.

    In particular if you set the policy LoginAuthenticationBehavior to Redirect to SAML IdP by default, ensure that the Single Sign-on policy is set to Enable SAML, otherwise your SAML-based IdP won’t be loaded anymore.

   

  • Badge-based authentication back to top

    From ChromeOS 122, certain third-party Identity Management Providers (IdPs) can use badge authentication on ChromeOS devices. Users can simply start a session with a badge tap, and leave the session with another badge tap. The solution is focused on frontline workers in various industries including retail, hospitality, and manufacturing. 

    In ChromeOS 122, we are starting with the Ilex Card Management System, but we aim to add additional reader and authentication partners in the upcoming months. If you want to learn more, see Set up badge-based authentication.

   

  • Edit your recordings with Screencast back to top

    With ChromeOS Screencast, users can create and share transcribed screen recordings. As early as ChromeOS 122, users can trim their screencasts sentence-by-sentence, add and remove paragraph breaks, mute segments of their recordings, and title sections to make long recordings easier to navigate.  

   

  • IKEv2 VPN support back to top

    ChromeOS 122 includes new options in the Admin console for Internet Key Exchange Protocol Version 2 (IKEv2) VPN protocol.

    Chrome Web Store

   

  • Mandatory extensions in Incognito back to top

    Admins can now specify if there are certain extensions that users must turn on to use Incognito mode. There is a new toggle in Admin console > Apps & extensions that can be applied for individual extensions. This allows enterprises that have debugging or multi-account use cases that rely on Incognito mode to safely leave it enabled across their managed fleet. If they want to use Incognito mode, users need to turn on Allow in Incognito for all required enterprise extensions.

    Chrome Web Store

   

  • New look for ChromeOS media player back to top

    ChromeOS media player will soon have bigger buttons and colors to match your wallpaper. The media player will appear when you are playing any video or audio (like Spotify or YouTube) in Quick Settings. You will be able to click the pin icon to move the media player to the shelf. In addition to controlling media that is being cast, you will be able to start casting web media to any speakers or screens on your local network.

     

 

Admin console updates

   

  • Inactive browser deletion in Chrome Browser Cloud Management   back to top

    As early as March 2024, the Inactive period for browser deletion policy will automatically delete browser data in the Admin console for managed browsers that have not contacted the server for more than the inactivity period of time determined by the policy. When releasing the policy, the inactivity period of time will have a default value of 540 days. All enrolled browsers that have been inactive for more than 540 days will be deleted from your account shortly after the release of this policy. Administrators can change the inactive period value using this policy. The maximum value to determine the browser inactivity period will be 730 days and the minimum value is 28 days. 

     

    If you lower the set policy value, it might have a global impact on any currently enrolled browsers. All impacted browsers will be considered inactive and, therefore, be irreversibly deleted. To ensure the deleted browsers re-enroll automatically next time they restart, set the Device Token Management policy value to Delete token before lowering the value of this policy. The enrollment tokens on these browsers need to still be valid at the time of the restart.

    • As early as Chrome 122: The Inactive period for browser deletion policy UI will be available for early access in the Admin console. For IT admins who find the 18 month default inadequate, this will allow them to explicitly set a policy value (inactivity period of time) a few weeks before the actual deletion starts.

   

↑ back to top  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

  • Default Search Engine choice screen back to top

    As part of our Digital Markets Act (DMA) compliance, Google is introducing choice screens for users to choose their default search engine within Chrome. The choice from the prompt controls the default search engine setting, currently available at chrome://settings/search.

    For enterprises that have chosen to have their administrator set their enterprise users’ search settings using the enterprise policies DefaultSearchProviderEnabled and DefaultSearchProviderSearchUrl, those policies continue to control their enterprise’s search settings. Where the administrator has not set their enterprise users’ search settings by policy, enterprise users might see a prompt to choose their default search engine within Chrome.

    Read more about these policies and the related atomic group.

    • Chrome 120 on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: 1% users might start getting the choice screen with Chrome 120. 
    • Later this year on iOS, ChromeOS, LaCrOS, Linux, MacOS, Windows: full roll-out for applicable users

   

  • User link capturing on PWAs - Windows, MacOS and Linux back to top 
    Web links automatically direct users to installed web apps. To better align with users' expectations around installed web apps, Chrome makes it more seamless to move between the browser and installed web apps. When the user clicks on a link that could be handled by an installed web app, Chrome adds a chip in the address bar to suggest switching over to the app. Clicking on the chip either launches the app directly, or opens a grid of apps that can support that link. For some users, clicking on a link always automatically opens the app.
     
    • Chrome 121 on Linux, MacOS, Windows: When some users click on a link, it always opens in an installed PWA, while some users see the link open in a new tab with a chip in the address bar, clicking on which will launch the app. A flag is available to control this feature: chrome://flags/#enable-user-link-capturing-pwa.
    • Chrome 123 on Linux, MacOS, Windows: Based on the outcome of the experiment in Chrome 121, we will launch to 100% of Stable with either a default on (always launch apps on link clicks) or a default off (always open in a tab, only launch if user clicks on chip on address bar).


   

  • Resume tabs back to top

    Chrome 123 will introduce a new card on the New tab page, which will help users continue with tab suggestions from other devices. Using the NTPCardsVisible policy, admins will be available to control this feature.
    • Chrome 123 on ChromeOS, Linux, Mac, Windows

   

  • Chrome on Android and iOS: cross-device resumption back to top 
     

    To help users resume tasks originating from other devices, Chrome will provide cross-device tab suggestions on the New tab page or Home surfaces on Chrome on Android and Chrome on iOS. This component will be displayed within the existing continue browsing card on Start and the Magic Stack on Chrome on Android and Chrome on iOS.

    • Chrome 123 on Android, iOS: Feature launches

   

  • Resume the last opened tab on any device back to top 

    For the last open tab on any device within the last 24 hours with the same signed-in user profile, Chrome will offer users with a quick shortcut to resume that tab. Admins will be able to control this feature using an existing enterprise policy called SyncTypesListDisabled.
    • Chrome 123 on iOS: Feature launches

   

  • Permissions prompt for Web MIDI API back to top 

    The Web MIDI API connects to and interacts with Musical Instrument Digital Interface (MIDI) Devices. There have been several reported problems around Web MIDI API's drive-by access to client MIDI devices (see related Chromium bug). To address this problem, the W3C Audio Working Group decided to place an explicit permission on general Web MIDI API access. Originally, the explicit permission was only required for advanced Web MIDI usage in Chrome, including the ability to send and receive system exclusive (SysEx) messages, with gated access behind a permissions prompt. We now intend to expand the scope of the permission to regular Web MIDI API usage.

    In Chrome 123, all access to the Web MIDI API will require a user permission. No policies will be available to control these changes. If you encounter any issues, file a bug here.

    • Chrome 123 on Windows, MacOS, Linux, Android

   

  • Network Service on Windows will be sandboxed back to top 

    To improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

    • Chrome 123 on Windows: Network Service sandboxed on Windows
 

   

  • Chrome Sync ends support for Chrome 81 and earlier back to top 

    Chrome Sync will no longer support Chrome 81 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome Sync.

    • Chrome 123 on Android, iOS, ChromeOS, Linux, MacOS, Windows: The change will be implemented.
 

   

  • Deprecate and remove WebSQL back to top 

    With SQLite over WASM as its official replacement, we plan to remove WebSQL entirely. This will help keep our users secure.

    The Web SQL database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database. 

    Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebSQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. 

    • Chrome 101: In Chrome 101 the WebSQLAccess policy is added. WebSQL will be available when this policy is enabled, while the policy is available until Chrome 123.
    • Chrome 115: Deprecation message added to console.
    • Chrome 117: In Chrome 117 the WebSQL D