Previous release notes

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

• Reminder of change in launch schedule   
  
  Starting in Chrome 110, Chrome started rolling out to the Stable channel one week earlier than previously planned to a very small subset of users. For example, the Chrome 111 Stable release moves from March 7 to March 1, 2023.
  
  You can also expect to see a much smaller rollout at a significantly reduced percentage of our user population for the first week of the published Stable release date. The wider rollout to most users happens at a similar timeframe to the earlier communicated dates. This slower initial rollout leads to better stability and makes it easier for enterprises to stay on the latest and safest version of Chrome.
  
  For more details, read about managing Chrome updates and check out the Chrome release schedule.

• Privacy Sandbox updates in Chrome 111   
  
  Chrome 111 updates the user experience of the new ad privacy features related to the Privacy Sandbox project. As part of this, Chrome now shows users a confirmation dialog that introduces the new features to users, and directs them to the appropriate settings pages to allow them to set their preferences.
  
  IT admins can disable Chrome's Privacy Sandbox settings via the PrivacySandboxAdTopicsEnabled, PrivacySandboxSiteEnabledAdsEnabled, and PrivacySandboxAdMeasurementEnabled enterprise policies, and suppress the user-facing prompt via the PrivacySandboxPromptEnabled policy.
  
  For more information, see the developer documentation about Privacy Sandbox technologies in Chrome. 
  
   
  
   
   

• PPB_VideoDecoder(Dev) API removed   
  
  The PPB_VideoDecoder(Dev) API was introduced for Adobe Flash. Since Flash is no longer supported in Chrome, we are removing this API in Chrome 111. If you need any extra time to migrate legacy applications, you can use the ForceEnablePepperVideoDecoderDevAPI enterprise policy. This policy will only be supported through Chrome 114. If you need to use the policy after that, file a bug on crbug.com before May 5, 2023, explaining your use case. 

• New Chrome sync dialog in Chrome for Desktop   
  
  Some users now see a visually updated dialog to turn on Chrome Sync in Chrome 111. Relevant enterprise policies such as BrowserSignin, SyncDisabled, RestrictSigninToPattern and SyncTypesListDisabled continue to work as before to configure Chrome sync.  
  
   
   

• Payment Handler API requires CSP connect-src   
  
  If your organization uses the Web Payment API (Payment Handler and Payment Request) and also uses Content-Security-Policy (CSP) for better protection, then you need to add the domains of HTTP requests sent from the Web Payment API to the connect-src directive of the CSP. This is enforced in Chrome 111. For more information, see this developer blog post.  

• Out-of-process System DNS Resolution   
  
  Starting gradually in Chrome 111, as part of the Linux and Android network service sandboxes, system DNS resolution moves out of the network service and into the unsandboxed browser process, as system DNS resolution cannot run while sandboxed on these platforms. The Enterprise policy OutOfProcessSystemDnsResolutionEnabled is available to control this feature. Setting this policy to false causes system DNS resolution to run in the network process rather than the browser process. This might force the network service sandbox to be disabled, degrading the security of Google Chrome.  

• Azure AD single sign-on (SSO)   
  
  Chrome 111 now supports automatic sign-on into Microsoft identity providers using account information from Microsoft Windows. This feature is disabled by default and can be enabled using the CloudAPAuthEnabled policy. 

• Web speech recognition API on iOS   
  
  On Chrome 111 on iOS, websites can use the Web Speech API for speech recognition-based features. Speech-to-text conversion is performed by Apple servers.  

• Chrome updater on Windows and Mac serves the most recent 12 versions   
  
  The Chrome updater now supports serving versions of Chrome that reached 100% rollout, within the latest 12 releases on the Beta, Stable, and Extended Stable channels. If you're using the TargetVersionPrefix enterprise policy, ensure you are within 12 versions of the latest release. If you don't manually manage Chrome updates, no action is required. 

• Policy name changes   
  
  We’ve renamed the policies related to Window Placement, to better align with the underlying API and permissions, which have recently been renamed to Window Management. Starting in Chrome 111, DefaultWindowManagementSetting, WindowManagementAllowedForUrls, WindowManagementBlockedForUrls,  WindowManagementSettings policies now supercede the DefaultWindowPlacementSetting, WindowPlacementAllowedForUrls, and WindowPlacementBlockedForUrls policies. The WindowPlacement variants will be removed in a future version. The WindowPlacementSettings atomic group has been renamed to WindowManagementSettings.  

• Chrome Browser Cloud Management subscription   
  
  As early as March 2023, the Chrome Browser Cloud Management (CBCM) subscription will be automatically added to all Admin console accounts who are using CBCM without the subscription. CBCM customers are now required to have the Chrome Browser Cloud Management subscription to use the service. This change adds no new cost to your existing account and there are no actions required.  

• New and updated policies in Chrome browser   
   

  Policy	Description
  DomainReliabilityAllowed	Allow reporting of domain reliability related data.
  MixedContentAutoupgradeEnabled	Enable mixed content auto upgrading on HTTPS sites.
  DefaultWindowManagementSetting	Default Window Management permission setting.
  WindowManagementAllowedForUrls	Allow Window Management permission on these sites.
  WindowManagementBlockedForUrls	Block Window Management permission on these sites.
  OutOfProcessSystemDnsResolutionEnabled	Enable system DNS resolution outside of the network service.
  ForceEnablePepperVideoDecoderDevAPI	Enable support for the PPB_VideoDecoder(Dev) API.
  CloudAPAuthEnabled	Allow automatic sign-in to Microsoft® cloud identity providers.
  PrivacySandboxPromptEnabled	Choose whether the Privacy Sandbox prompt can be shown to your users.
  PrivacySandboxAdMeasurementEnabled	Choose whether the Privacy Sandbox ad measurement setting can be disabled.
  PrivacySandboxAdTopicsEnabled	Choose whether the Privacy Sandbox Ad topics setting can be disabled.
  PrivacySandboxSiteEnabledAdsEnabled	Choose whether the Privacy Sandbox Site-suggested ads setting can be disabled.
  GetDisplayMediaSetSelectAllScreensAllowedForUrls (now on Linux)	Enables auto-select for multi screen captures.

• Removed policies in Chrome browser   
   

  Policy	Description
  FileSystemSyncAccessHandleAsyncInterfaceEnabled	Re-enable the deprecated async interface for FileSystemSyncAccessHandle in File System Access API.

  
   

ChromeOS updates

• Fast Pair   
  
  Fast Pair now makes Bluetooth pairing easier on ChromeOS devices and Android phones. When you turn on your Fast Pair-enabled accessory, it automatically detects and pairs with your ChromeOS device or Android phone in a single tap. Fast Pair also associates your Bluetooth accessory with your Google account, making it incredibly simple to move between devices without missing a beat.
  
   
   

• Keyboard shortcuts link in Text app   
  
  The ChromeOS Text app has a series of built-in keyboard shortcuts. ChromeOS 111 adds a link to the Help Center article from the Text app settings, to provide instructions on how to use these keyboard shortcuts. 

• Print job origin identification for managed devices   
  
  To improve support for specific advanced printing workflows in managed environments, mostly encountered in the Healthcare space, print jobs need to contain information about the device that they originated from. ChromeOS 111 introduces the client-info IPP attribute to populate an admin-specified value, which identifies a device used for downstream printing workflow or reporting activities.
  
  Additionally, all print jobs now indicate ChromeOS together with the running release version.
  
  This new attribute in print jobs is only available for jobs originating from managed devices and controlled by a new admin policy.
  
   

Admin console updates

• Configure print server policies with Google groups   
  
  Admins can now use new or existing Google groups to configure print servers for users in your organization. That means when you need to configure a print server for a specific set of users–who may or may not belong to different Organizational Units (OUs)–you can now use the flexibility of groups without needing to reconfigure your OUs. Note that configuration of print server policies for user groups works exactly the same as it does for printers.
  
   

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  LensDesktopNTPSearchEnabled	User & Browser Settings; Managed Guest Session	Chrome ChromeOS	Startup > New Tab Google Lens button
  SendMouseEventsDisabled FormControlsEnabled	User & Browser Settings; Managed Guest Session	Chrome ChromeOS Android	Legacy site compatibility > Disabled element MouseEvents
  UserBorealisAllowed	User & Browser Settings; Managed Guest Session	ChromeOS	User experience > Allow Borealis on ChromeOS
  OffsetParentNewSpecBehaviorEnabled	User & Browser Settings; Managed Guest Session	Chrome ChromeOS Android	Legacy site compatibility > Enable Legacy HTMLElement Offset behavior
  AccessControlAllowMethods InCORSPreflightSpecConformant	User & Browser Settings; Managed Guest Session	Chrome ChromeOS Android	Network > CORS Access Control Allow Methods Conformance

  
  
   

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

Upcoming browser changes

• LegacySameSiteCookieBehaviorEnabledForDomainList policy extended   
  
  In Chrome 79, we introduced the LegacySameSiteCookieBehaviorEnabledForDomainList policy to revert the SameSite behavior of cookies (possibly on specific domains) to legacy behavior. LegacySameSiteCookieBehaviorEnabledForDomainList policy will continue to be supported up until Chrome 121.

• Enable access to WebHID API from extension service workers in Chrome 112   
  
  This launch will enable access to WebHID API from extension service workers as a migration path for Manifest V2 extensions that currently access the API from a background page. 

• Unused site permissions module in Safety Check  
  
  In Chrome 112, Safety Check will be expanded to include auto-revocation of unused site permissions on Chrome. Chrome will reset permissions from sites that have low recent engagement. Chrome informs the user about auto-revocation of permissions and offers options to opt out or re-grant. Permissions granted by enterprise policies are not affected. This launch follows the first extension of Safety Check that introduced proactive notification of permission reminders.  

• Default to origin-keyed agent clustering in Chrome 112   
  
  In Chrome 112, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior. You can read more in the blog post.
  
  Note: document.domain has no effect if only one document sets it.
  
  The OriginAgentClusterDefaultEnabled enterprise policy will allow you to extend the current behavior.  

• New Chrome Sync data types available in Takeout in Chrome 112   
  
  There will be more Chrome data available to export in Takeout and Domain Wide Takeout (DWT). The following data types are available: AUTOFILL, PRIORITY_PREFERENCE, WEB_APP, DEVICE_INFO, TYPED_URL, ARC_PACKAGE, OS_PREFERENCE, OS_PRIORITY_PREFERENCE, PRINTER.
  
  You can control which data types are synced to Chrome Sync using the SyncTypesListDisabled enterprise policy.  

• Chrome for Testing   
  
  In Chrome 112, Puppeteer, Chrome's browser automation library, will start using the Chrome for Testing binary instead of a Chromium binary. In case you have the Chromium binary allowlisted, you might consider allowlisting the Chrome for Testing binary too.
  
  Chrome for Testing is a dedicated Chrome flavor for the automated testing use case. It’s not an end-user facing product, but rather a tool to be used by automation engineers through other projects such as Puppeteer. Chrome for Testing is a completely separate binary from regular Chrome.  

• Policy troubleshooting page available on Android   
  
  chrome://policy/logs is a new page that admins will be able to use to help troubleshoot enterprise policies on Android.  

• Risk Assessment card   
  
  In Chrome 112, we’re creating a new card  in the Extension details page, which will show 3rd party risk scores, such as CRXcavator.io or Spin.ai, for public extensions.  

• Chrome apps no longer supported on Windows, Mac, and Linux   

  As previously announced, we are phasing out support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 112 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.

   

  Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable. 

  
  Starting with Chrome 112, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
  
   

  Property	Extension ID (Chrome App)	install_url (PWA / Web App)
  Gmail	pjkljhegncpnkpknbcohdijeoejaedia	https://mail.google.com/mail/ installwebapp?usp=admin
  Docs	aohghmighlieiainnegkcijnfilokake	https://docs.google.com/document/ installwebapp?usp=admin
  Drive	apdfllckaahabafndbhieahigkjlhalf	https://drive.google.com/drive/ installwebapp?usp=admin
  Sheets	felcaaldnbdncclmgdcncolpebgiejap	https://docs.google.com/spreadsheets/ installwebapp?usp=admin
  Slides	aapocclcgogkmnckokdopfmhonfmgoek	https://docs.google.com/presentation/ installwebapp?usp=admin
  Youtube	blpcfgokakmgnkcojhhkbfbldkacnbeo	https://www.youtube.com/s/ notifications/manifest/cr_install.html

      

• Auto upgrade mixed content to HTTPS on iOS in Chrome 112   
  
  Chrome on iOS will start automatically upgrading passive mixed content (HTTP image, audio and video on HTTPS pages) to HTTPS when possible. The current behavior on iOS is to block passive mixed content. All other Chrome platforms already optimistically upgrade passive mixed content. An Enterprise policy MixedContentAutoupgradeEnabled is available to disable mixed content auto upgrading on HTTPS sites on iOS. The policy will be removed in 116.  

• Launching FastCheckout for Checkout experiences   
  
  In Chrome 112, some users will see an updated Autofill UI targeting checkout pages on shopping websites. It can be disabled by either disabling policy AutofillAddressEnabled or AutofillCreditCardEnabled.  
  
   
   

• Collect additional data for off-store extensions in telemetry reports   
  
  When Enhanced Safe Browsing is enabled, Chrome 112 will start collecting additional telemetry on off-store extensions, such as file hashes and the manifest.json file. The data collected are analyzed on Google servers to detect malicious off-store extensions and improve protection for all Chrome extension users. This functionality along with the entire extension telemetry feature can be turned off by setting SafeBrowsingProtectionLevel to any value other than 2; this disables Enhanced Safe Browsing. Enterprise admins can use the SafeBrowsingProtectionLevel policy if they have any concerns about exposing this data. 

• Updated onboarding experience   
  
  In Chrome 112, some users may see a simplified onboarding experience with a more intuitive way to sign into Chrome. Enterprise policies like BrowserSignin, SyncDisabled, EnableSyncConsent, RestrictSigninToPattern and SyncTypesListDisabled will continue to be available as before to control whether the user can sign into Chrome and turn on sync. The PromotionalTabsEnabled policy can be used to skip the onboarding altogether. 
  
   
   

• Deprecation Trial for Unpartitioned 3rd party Storage, Service Workers, and Communication APIs   
  
  Beginning gradually in Chrome 113, storage, service workers, and communication APIs will be partitioned in third-party contexts. In addition to being isolated by the same-origin policy, the affected APIs used in third-party contexts would also be separated by the site of the top-level context. Sites that haven’t had time to implement support for third-party storage partitioning can take part in a deprecation trial to temporarily unpartition (continue isolation by same-origin policy but remove isolation by top-level site) and restore prior behavior of storage, service workers, and communication APIs in content embedded on their site. 
  
  The following APIs will remain unpartitioned in third-party contexts should you enroll the top-level site in the DisableThirdPartyStoragePartitioning deprecation trial: Storage APIs (such as localStorage, sessionStorage, IndexedDB, Quota, and so on), Communication APIs (such as BroadcastChannel, SharedWorkers, and WebLocks), and ServiceWorker API.
  
  Chrome 112 will also add the ThirdPartyStoragePartitioningEnabled enterprise policy, which will allow for unpartitioning all APIs in third-party contexts, to be supported for at least 12 milestones.  

• Changes to phishing protection on Android as early as Chrome 113   
  
  When a user authenticates to Android with their Google password, for example during account setup, Chrome will be notified so the password can begin receiving phishing protection when surfing the Web with Chrome. In previous versions of Chrome on Android, users needed to explicitly provide their password within a Chrome tab, for example, sign in to Gmail, to receive phishing protection for their Google password. 
  
  You can disable warnings regarding password reuse by setting PasswordProtectionWarningTrigger to 0.  

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 113, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.  

• Enable access to WebUSB API from extension service workers in Chrome 113   
  
  As early as Chrome 113, we will enable access to WebUSB API from extension service workers as a migration path for Manifest V2 extensions that currently access the API from a background page.
  
  WebUSB policies can also be applied to extension origins to control this behavior. See DefaultWebUsbGuardSetting, WebUsbAskForUrls, WebUsbBlockedForUrls, and WebUsbAllowDevicesForUrls for more details.  

• Extensions must be updated to leverage Manifest V3   
  
  Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 
  
  As mentioned earlier in our blog post, More details on the transition to Manifest V3, the Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed.
  
  During the timeline review, existing Manifest V2 extensions can still be updated, and still run in Chrome. However, all new extensions submitted to the Chrome Web Store must implement Manifest V3.
  
  Starting with Chrome 110, an Enterprise policy ExtensionManifestV2Availability will be available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions until at least January 2024. 
  
  You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.
  
  For more details, refer to the Manifest V2 support timeline. 

• First-Party Sets user controls   
  
  First-Party Sets is an upcoming framework for developers to declare relationships between domains, such that the browser can make decisions regarding access based on the third party’s relationship to the first party. A set may enjoy first party benefits, including continued access to their cookies when the top-level domain is in the same set.
  
  First-Party Sets are part of Chrome's roadmap for a more privacy-focused web.
  
  Chrome 113 will introduce user controls for these First-Party Sets. Two enterprise policies will be made available to manage First-Party sets: one to disable First-Party Sets and one to provide your own sets. 
  
   
   

• Removal ChromeRootStoreEnabled policy   
  
  In Chrome 105, we announced the launch of the Chrome Root Store on Windows and Mac. A new policy, called ChromeRootStoreEnabled, was introduced to allow selective disabling of the Chrome Root Store in favor of the platform root store. This policy will be removed from Windows and Mac on Chrome 113. Support for trusted leaf certificates and the Windows Trusted People store was added for Chrome 111. If you previously disabled the Chrome Root Store to work around either of these issues, please test again with Chrome 111. We are working on launching the Chrome Root Store for Android, Linux, and ChromeOS. As the Chrome Root Store launches on more platforms, we will continue to provide the policy on those platforms for six months after launch.  

• Full History sync   
  
  Starting with Chrome 112, Typed URLs will stop syncing for Enterprise users. Open Tabs will continue syncing as usual, unless disabled by existing SyncDisabled and SyncTypesListDisabled policies.  

• Removal of permissive Chrome Apps webview behaviors   
  
  In Chrome 113, Chrome Apps webview usage will have the following restrictions:
   
  • SSL errors within webview will show an error page that does not provide the user the option to unsafely proceed.
  • The use of the webview NewWindow event to attach to a webview element in another App window will cause the window reference returned by the window.open call in the originating webview to be invalidated.
  
  In Chrome 112, you’ll be able to test out this new behavior by navigating to chrome://flags and enabling the chrome://flags/#enable-webview-tag-mparch-behavior.
  
  A temporary enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed will be available to give enterprises time to address possible breakage related to these changes.  
   

Upcoming ChromeOS changes

• Cursive pre-installed for Enterprise and Education accounts   
  
  As early as ChromeOS 112, Cursive, a stylus-first notes app, will be available for Chromebooks. In an upcoming release, it will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks. If you want to block access to the app, you can prevent Chromebooks in your enterprise from accessing cursive.apps.chrome.  

• Screencast supports multi-language transcription in recordings   
  
  As early as ChromeOS 112, we plan to dramatically expand Screencast recording capabilities by including a wide range of languages by integrating with Google's S3 transcription API. 
  
  The Screencast app for ChromeOS lets users record transcribed screencasts on their Chromebook. In previous versions, this feature was available in EN-US only, which meant that only English speaking users in the US could record screencasts. Soon, it will be possible to record and transcribe screencasts in a wide range of languages including Spanish, Japanese, French, Italian, and German.    

• Passpoint: Seamless, secure connection to Wi-Fi networks   
  
  Starting as early as ChromeOS 114, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.
  
   
   

Upcoming Admin console changes

• New Chrome browser insights   
  
  As early as Chrome 112, a new Browsers that need attention insights card will allow IT admins to quickly identify browsers that have a pending Chrome update, browsers that are inactive and browsers that have recently enrolled. 
  
   
   

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

• Windows 7/8/8.1 and Windows Server 2012/2012 R2 are no longer supported   
  
  Microsoft is ending support for most variants of Windows 7/8/8.1 in January 2023. As announced in a previous blog post, Chrome 109 is the last supported version of Chrome for these operating systems.
  
  Chrome running on Windows Server 2012 and Windows Server 2012 R2 will not be updated beyond Chrome 109, as those operating systems (OS) are based on Windows 8/8.1. However, critical security fixes will be issued to Chrome 109 on these two OS versions until October 10, 2023 to ease customer transitions. For the most up-to-date information, see this post in the Chrome Enterprise and Education help center.

• Detailed translation settings   
  
  Chrome 110 adds new detailed translation settings for controlling the current target language: Never translate languages and Always translate languages. These settings were previously only editable from the Translate UI bubble but now are permanently exposed under chrome://settings/language. Enterprise admins can use the existing TranslateEnabled policy to globally enable or disable translation.  

• Manual translation on iOS   
  
  In addition to detecting and translating languages automatically, Chrome on iOS allows the user to trigger translation manually, if the language was not detected automatically.  

• Change in launch schedule   
  
  Starting in Chrome 110, Chrome rolls out to the Stable channel one week earlier than previously planned to a very small subset of users. For example, the Chrome 110 Stable release moves from February 7 to February 1, 2023.
  
  You can also expect to see a much smaller rollout at a significantly reduced percentage of our user population for the first week of the published Stable release date. The wider rollout to most users happens at a similar timeframe to the earlier communicated dates. This slower initial rollout leads to better stability and makes it easier for enterprises to stay on the latest and safest version of Chrome.
  
  For more details, read about managing Chrome updates and check out the Chrome release schedule.

• Biometrics protection for passwords   
  
  For improved security, Chrome Desktop users can opt into requiring biometrics to autofill their passwords every time.
  
   

• App Store rating on iOS   
  
  In Chrome 110, some iOS users might be presented with Apple’s standardized App Store rating prompt at most once per year. The prompt gives users the option to rate the app or dismiss the prompt. An enterprise policy, AppStoreRatingEnabled, is available to disable any appearance of the prompt.

• Custom web app default network error page   
  
  Chrome provides a custom default network error page (when the network is down) for web apps that don't define their own custom offline experience.
  
   

• User-level Enhanced Safe Browsing on iOS   
  
  For Chrome on iOS where the Safe Browsing protection level is not controlled by SafeBrowsingProtectionLevel, users who are signed in and syncing, and have enabled Enhanced Safe Browsing on their Google Account, are now notified that Enhanced Safe Browsing has been enabled on their Chrome profile. Disabling Enhanced Safe Browsing on a synced Google Account disables Enhanced Safe Browsing for their Chrome profile. Additionally, users that are signed-in and non-synced might be prompted to enable Chrome Enhanced Safe Browsing within 5 minutes of enabling Account Level Enhanced Safe Browsing.
   

• Chrome Headless mode upgrades   
  
  Chrome’s Headless mode provides a full Chrome browser to tooling vendors and developers that don’t need to bring pixels to the screen. It's used for test automation, automation of workflow steps, for example, steps required when setting up a new machine in an enterprise or autofill-like behavior, scraping web content, web rendering services, and so on.
  
  We’ve rebuilt Headless mode so that it’s much closer to Chrome’s regular mode. This provides more consistent experiences, including respecting enterprise policies when in Headless mode.  

• MetricsReportingEnabled policy available on Android in Chrome   
  
  As early as Chrome 110, Chrome on Android slightly modifies the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there is no change to the first run experience. If the admin enables metrics, users can still change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.  

• WebAuthn cannot be used on sites with TLS certificate errors   
  
  Starting on Chrome 110, Chrome stops allowing WebAuthn requests on websites with TLS certificate errors. The criteria are the same as those used for showing danger interstitials or a Not secure pill on the omnibox. This prevents bad actors from generating valid assertions in a Man-in-the-Middle attack on users who might skip the interstitial.
  
  Enterprises can use the AllowWebAuthnWithBrokenTlsCerts policy if needed as a workaround.

• Cookie information from extensions   
  
  When you enable Enhanced Safe Browsing, Chrome now collects telemetry information about the cookie information extensions request. These activities are analyzed on Google servers and further improve the detection of malicious and policy violating extensions. This improvement allows better protection for all Chrome extension users.  

• Deprecation of WebSQL and other old Storage features   
  
  Chrome 110 removes the window.webkitStorageInfo API. This legacy quota API has been deprecated since 2013, and has been replaced by the now standardized StorageManager API. Admins can re-enable webkitStorageInfo until Chrome 112, using the enterprise policy, PrefixedStorageInfoEnabled.
  
  WebSQL in third-party contexts is already disabled, and it has had a warning in DevTools since Chrome 105. Chrome 110 removes support in non-secure contexts. An enterprise policy, WebSQLNonSecureContextEnabled, allows Web SQL to function in non-secure contexts for a few months past the removal date.

• Easier password updates when a compromise is detected   
  
  The Check passwords tool now has an expanded set of URLs pointing directly to a Change password form. This allows users to take action and fix compromised passwords. The Check passwords tool is only available if PasswordManagerEnabled is set to true or unset.
  
   

• Rolling out GPU changes to NaCL Swapchain and video decoding   
  
  Chrome 110 refactors the implementation of the NaCL swapchain and the Pepper video decoding APIs. These changes are not intended to have any behavioral impact on users. However, it is possible that, due to bugs, they might result in visual artifacts, unacceptably slow performance when playing video, unacceptable increases in power, or crashes.
  
  If your enterprise encounters any unexpected problems, you can use the UseMojoVideoDecoderForPepperAllowed and PPAPISharedImagesSwapChainAllowed enterprise policies to roll back to the previous behavior. If issues appear that are fixed by enabling those policies, please also file a bug at crbug.com before May 5, 2023 with the details.  

• WebView metrics moves app package name filtering to server-side   
  
  WebView metrics only store app package names for a limited set of allowlisted common apps, to preserve user privacy and anonymity. In Chrome 110, the filtering of these apps moves from the client to the server. Apps using WebView can opt out of metrics collection via the app manifest.  

• User-Agent reduction Phase 6   
  
  As of Chrome 110, some portions of the User-Agent string are reduced on Chrome for Android. As previously detailed in the Chromium blog, we intend to proceed with Phase 6 of the User-Agent Reduction plan. For more details, see this reference page and Chromium update. The UserAgentReduction policy allows for opting out of these changes.  

• Real-time URL Allowlist now synced through component updater on Android   
  
  In Chrome 110, Chrome on Android uses an allowlist synced through the component updater. This applies to Enhanced Safe Browsing and Make Browsing Better users who have Safe Browsing URL real-time checking enabled. This allows faster rollout of updated allowlist versions. Since the new allowlist versions are served through the component updater, admins who choose to disable the component updater do not benefit from this feature. In these scenarios, Chrome uses a version of the allowlist that is updated less frequently.  

• Google Update internal upgrades   
  
  In Chrome 109, Google introduced an overhauled version of Google Update that: 
  1. provides a cross-platform core for future development of update-related features. 
  2. improves its performance and reliability.
  
  This rollout is continuing gradually throughout the Chrome 110 timeframe. All existing enterprise policies and controls for managing Chrome's version continue to work the same way. These changes first roll out to macOS and eventually to Windows.
  
  Note: For customers that allowlist specific folders and binaries, there is a path change on Mac as follows:
  • Old: (~)/Library/Google/GoogleSoftwareUpdate
  • New: (~)/Library/Google/GoogleUpdater

• New and updated policies in Chrome browser   
   

  Policy	Description
  ExtensionManifestV2Availability	Controls Manifest v2 extension availability.
  AppStoreRatingEnabled	Allows users to be shown the iOS App Store Rating promo.
  DnsOverHttpsSalt	Specifies a salt value to be used in DnsOverHttpsTemplatesWithIdentifiers when evaluating identify information.
  DnsOverHttpsTemplatesWithIdentifiers	Specifies URI template of desired DNS-over-HTTPS resolver with identity information.
  MetricsReportingEnabled (new on Android)	Enables reporting of usage and crash-related data.
  PPAPISharedImagesSwapChainAllowed	Allows modern buffer allocation for Graphics3D APIs PPAPI plugin.
  PdfLocalFileAccessAllowedForDomains	Allows local file access to file:// URLs on these sites in the PDF Viewer.
  UseMojoVideoDecoderForPepperAllowed	Allows Pepper to use a new decoder for hardware accelerated video decoding.
  AllowWebAuthnWithBrokenTlsCerts	Allows Web Authentication requests on sites with broken TLS certificates.
  ShowCastSessionsStartedByOtherDevices	Shows media controls for Google Cast sessions started by other devices on the local network.
  NewBaseUrlInheritanceBehaviorAllowed	Allows enabling the feature NewBaseUrlInheritanceBehavior.
  ThrottleNonVisibleCrossOriginIframesAllowed	Allows enabling throttling of non-visible, cross-origin iframes.

• Removed policies in Chrome browser   
  
  

  Policy	Description
  SetTimeoutWithout1MsClampEnabled	Control Javascript setTimeout() function minimum timeout.
  AssistantWebEnabled	Allow using Google Assistant on the web, for example, to enable changing passwords automatically.

ChromeOS updates

• Super Resolution Audio for Bluetooth headset microphones   
  
  Starting in 110, your ChromeOS device helps you sound more natural in calls and conferences by reconstructing the high-frequency audio components that are not transmitted from Bluetooth headsets.
   

• Channel labeling on ChromeOS   
  
  Trying out the latest version of ChromeOS? For users on non-stable channels (Beta, Dev, Canary), starting in ChromeOS 110, you now see which channel you are on in the bottom right. You can click the time to open quick settings, which now include the device build and a feedback button.
  
     

• Search autocomplete redesign   
  
  In ChromeOS Search, we’ve redesigned the Launcher Search autocomplete to help users optimize their Search journey. We've included: 
  • robust autocomplete for mistyped or misspelled queries.
  • clear search result categories for selected results.
  • and intuitive keyboard navigation for result selection.
     
   

• ChromeOS 110 no longer supports Active Directory Management   
  
  As previously announced, ChromeOS 110 no longer supports Active Directory Management for ChromeOS devices, and login to these devices is blocked.
  
  If you are still using Active Directory Management for ChromeOS devices, make sure to finalize your migration to Cloud Management before updating to ChromeOS 110. If you are not using Active Directory Management for ChromeOS devices, this feature update does not affect you.  

• Select-to-speak improvements   
  
  Chromebook users can now start Select-to-speak from the context menu (right-click menu) of the selected text. For users who continue to start Select-to-speak from the status-tray icon, we've updated the instructions shown when hovering over the icon.
  
   
  
   
  
  Select-to-speak can now automatically switch language to match the content selected by the user, so that words are pronounced correctly in that language, without the user having to manually change the voice settings.
  
  In addition, we've made setting up Select-to-speak easier, by moving the Select-to-speak settings to a ChromeOS settings page, rather than opening a separate browser tab.
  
   

• Local website approvals for Family Link users   
  
  Parents now have the option to quickly approve blocked websites directly on their child’s Chromebook without the Family Link app. When blocked from accessing a website, children can now choose to Ask in person to allow parents to approve access. For details, see Manage your child's account on Chromebook.
  
  
   

• Low storage warning for ChromeOS Camera App   
  
  If ChromeOS Camera App detects that the system is running low on storage, it now shows a warning message, then stops recording before all storage is used up.
  
  
   

• Feedback tool refresh with inline assistive capabilities   
  
  Users can report a problem or share feedback with Google with the Feedback form. In ChromeOS 110, a refreshed Feedback form shows users several related help articles, to help them diagnose problems.
  
   

• View PPDs for installed printers   
  
  You can now view the PostScript Printer Description (PPD) information for any of the installed printers on your system. Select Settings>Advanced>Print and scan>Printers>Edit printer. To view the PPD for any of the saved printers, click View printer PPD.
  
   

Admin console updates

• Recent changes on Chrome Settings page   
  
  Admins now see a new Recent changes option on the Chrome settings pages. With a single click, admins can access the audit log and see recent policy changes in their domains.
  
   

• Plugins section removed from the Browser details view   
  
  Plugins have been integrated into Chrome; they are now updated and versioned in line with the browser. Chrome 110 removes the Plugins section of the Browser details page as it is no longer relevant. 

• New policies in the Admin console   
  
  

  Policy Name	Pages	Supported on	Category/Field
  PdfLocalFileAccess AllowedForDomains	User & Browser Settings; Managed Guest Session	Chrome (Linux, Mac, Windows) ChromeOS	Content > Allow local file access to file:// URLs on these sites in the PDF Viewer
  ThrottleNonVisibleCrossOrigin IframesAllowed	User & Browser Settings; Managed Guest Session	Chrome (Linux, Mac, Windows, Android) ChromeOS	Content > Allows enabling throttling of non-visible, cross-origin iframes
  AllowWebAuthnWithBroken TlsCerts	User & Browser Settings; Managed Guest Session	Chrome (Linux, Mac, Windows, Android) ChromeOS	Security > Allow Web Authentication requests on sites with broken TLS certificates.

  
  
   

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

Upcoming browser changes

• Azure AD Single sign-on (SSO)   
  
  Chrome 111 will support automatic sign-on into Microsoft identity providers using account information from Microsoft Windows. This feature will be disabled by default. 

• Unused site permissions module in Safety Check   
  
  To better protect user security and privacy, Chrome 111 will automatically revoke the granted permissions that belong to unused websites (not used for 2 months). Chrome will also show the revoked permissions on settings so that users can review them. The revoked permission data will be wiped out 1 month after revocation happens. Permissions granted by enterprise policies are not affected.  

• Web speech recognition API on iOS   
  
  On Chrome 111 on iOS, websites will be able to use the Web Speech API for speech recognition-based features. Speech-to-text conversion is performed by Apple servers.

• Privacy Sandbox updates in Chrome 111   
  
  Chrome 111 will update the user experience of the new ad privacy features related to the Privacy Sandbox project. As part of this, Chrome will show users a confirmation dialog that explains their options and allows them to set their preferences.
  
  IT admins will be able to disable Chrome's Privacy Sandbox settings via the PrivacySandboxAdTopicsEnabled, PrivacySandboxSiteEnabledAdsEnabled, and PrivacySandboxAdMeasurementEnabled enterprise policies, and suppress the user-facing prompt via the PrivacySandboxPromptEnabled policy.
  
  For more information, see the developer documentation about Privacy Sandbox technologies in Chrome.  

• New Chrome Sync data types available in Takeout in Chrome 111   
  
  There will be more Chrome data available to export in Takeout and Domain Wide Takeout (DWT). The following data types are available: AUTOFILL, PRIORITY_PREFERENCE, WEB_APP, DEVICE_INFO, TYPED_URL, ARC_PACKAGE, OS_PREFERENCE, OS_PRIORITY_PREFERENCE, PRINTER.
  
  You can control which data types are synced to Chrome Sync using the SyncTypesListDisabled enterprise policy. 

• Chrome for Testing   
  
  As early as Chrome 111, Puppeteer, Chrome's browser automation library, will use the Chrome for Testing binary instead of a Chromium binary. In case you have the Chromium binary allowlisted, you might consider allowlisting the Chrome for Testing binary too.
  
  Chrome for Testing is a dedicated Chrome flavor for the automated testing use case. It’s not an end-user facing product, but rather a tool to be used by automation engineers through other projects such as Puppeteer. Chrome for Testing is a completely separate binary from regular Chrome. 

• Enable access to WebHID API from extension service workers in Chrome 111   
  
  This launch will enable access to WebHID API from extension service workers as a migration path for manifest V2 extensions that currently access the API from a background page.

• PPB_VideoDecoder(Dev) API removed   
  
  The PPB_VideoDecoder(Dev) API was introduced for Adobe Flash. Since Flash is no longer supported in Chrome, this API will be removed in Chrome 111. If you need any extra time to migrate legacy applications, you will be able to use the ForceEnablePepperVideoDecoderDevAPI enterprise policy. As this policy will only be supported through Chrome 114, please file a bug on crbug.com by May 5, 2023 at the absolute latest, explaining your use case if you must use the policy. 

• New Chrome sync dialog in Chrome for Desktop   
  
  Some users will see a visually updated dialog to turn on Chrome Sync in Chrome 111. Relevant enterprise policies such as BrowserSignin, SyncDisabled, RestrictSigninToPattern and SyncTypesListDisabled will continue to work as before and can be used to configure Chrome sync.

• Strict MIME type checks for Worker scripts   
  
  As early as Chrome 112, Chrome will strictly check MIME types for Worker scripts, like Service Workers or Web Workers. Strict checking means that Chrome will only accept JavaScript resources for Workers with a MIME type of text/javascript. Currently, Chrome will also accept other MIME types, like text/ascii. This change is aimed at improving the security of web applications, by preventing inclusion of inappropriate resources as JavaScript files.
  
  Disabling the StrictMimetypeCheckForWorkerScriptsEnabled policy allows you to keep the current behavior. 

• Default to origin-keyed agent clustering in Chrome 112   
  
  In Chrome 112, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior. You can read more in the blog post.
  
  Note: document.domain has no effect if only one document sets it.
  
  The OriginAgentClusterDefaultEnabled enterprise policy will allow you to extend the current behavior.  

• Changes to phishing protection on Android as early as Chrome 112   
  
  When a user authenticates to Android with their Google password, for example during account setup, Chrome will be notified so the password can begin receiving phishing protection when surfing the Web with Chrome. In previous versions of Chrome on Android, users needed to explicitly provide their password within a Chrome tab, for example, sign in to Gmail, to receive phishing protection for their Google password. 
  
  You can disable warnings regarding password reuse by setting PasswordProtectionWarningTrigger to 0.

• Chrome apps no longer supported on Windows, Mac, and Linux   
  
  As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 112 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.
  
  Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable. 
  
  Starting with Chrome 112, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
  
   

  Property	Extension ID (Chrome App)	install_url (PWA / Web App)
  Gmail	pjkljhegncpnkpknbcohdijeoejaedia	https://mail.google.com/mail/ installwebapp?usp=admin
  Docs	aohghmighlieiainnegkcijnfilokake	https://docs.google.com/document/ installwebapp?usp=admin
  Drive	apdfllckaahabafndbhieahigkjlhalf	https://drive.google.com/drive/ installwebapp?usp=admin
  Sheets	felcaaldnbdncclmgdcncolpebgiejap	https://docs.google.com/spreadsheets/ installwebapp?usp=admin
  Slides	aapocclcgogkmnckokdopfmhonfmgoek	https://docs.google.com/presentation/ installwebapp?usp=admin
  Youtube	blpcfgokakmgnkcojhhkbfbldkacnbeo	https://www.youtube.com/s/ notifications/manifest/cr_install.html

      

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 112, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

• Enable access to WebUSB API from extension service workers in Chrome 112 or later   
  
  As early as Chrome 112, we will enable access to WebUSB API from extension service workers as a migration path for Manifest V2 extensions that currently access the API from a background page.
  
  WebUSB policies can also be applied to extension origins to control this behavior. See DefaultWebUsbGuardSetting, WebUsbAskForUrls, WebUsbBlockedForUrls, and WebUsbAllowDevicesForUrls for more details.

• Extensions must be updated to leverage Manifest V3   
  
  Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 
  
  As mentioned earlier in our blog post, More details on the transition to Manifest V3, the Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed.
  
  During the timeline review, existing Manifest V2 extensions can still be updated, and still run in Chrome. However all new extensions submitted to the Chrome Web Store must implement Manifest V3.
  
  Starting with Chrome 110, an Enterprise policy ExtensionManifestV2Availability will be available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions until at least January 2024. 
  
  You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.
  
  For more details, refer to the Manifest V2 support timeline.

• Payment Handler API will require CSP connect-src   
  
  If your organization is using the Web Payment API (Payment Handler and Payment Request) and also uses Content-Security-Policy (CSP) for better protection, then you need to make sure the domains of HTTP requests sent from the Web Payment API are added to the connect-src directive of the CSP. This will be enforced in Chrome 111. For more information, see this Chrome developer blog post.
   

• First-Party Sets user controls   
  
  First-Party Sets is an upcoming framework for developers to declare relationships between domains, such that the browser can make decisions regarding access based on the third party’s relationship to the first party. A set may enjoy first party benefits, including continued access to their cookies when the top-level domain is in the same set.
  
  First-Party Sets are part of Chrome's roadmap for a more privacy-focused web.
  
  Chrome 112 introduces user controls for these First-Party Sets. 
  
  

• Removal ChromeRootStoreEnabled policy   
  
  In Chrome 105, we announced the launch of the Chrome Root Store. A new policy, called ChromeRootStoreEnabled, was introduced to allow selective disabling of the Chrome Root Store in favor of the platform root store. This policy will be removed in Chrome 113.

Upcoming ChromeOS changes

• Fast Pair   
  
  Fast Pair will make Bluetooth pairing easier on ChromeOS devices and Android phones. When you turn on your Fast Pair-enabled accessory, it will automatically detect and pair with your ChromeOS device or Android phone in a single tap. Fast Pair will also associate your Bluetooth accessory with your Google account, making it incredibly simple to move between devices without missing a beat. This feature will be available as early as ChromeOS 111.  

• Managed DoH (DNS over https) with user identification   
  
  As early as ChromeOS 111, admins will be able to specify secure DNS resolvers with URI templates that include identifying device or user information on supported DNS servers for managed network traffic solutions.  

• Cursive pre-installed for Enterprise and Education accounts   
  
  As early as ChromeOS 112, Cursive, a stylus-first notes app, will be available for Chromebooks. In an upcoming release, it will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks. If you want to block access to the app, you can prevent Chromebooks in your enterprise from accessing cursive.apps.chrome.

• Updated emoji picker   
  
  The updated emoji picker will include commonly used symbols and characters, such as scientific notations and math operators. In addition, we will also include text-based emoticons (kaomoji) for even more expressive conversations. The new top-level navigation bar will help you find the high-level category quickly, ranging from emojis, symbols, and emoticons. The improved universal search will show possible matches from all categories.
  
   

• Passpoint: Seamless, secure connection to Wi-Fi networks   
  
  Starting as early as ChromeOS 114, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.

Upcoming Admin console changes

• Configure print server policies with Google groups   
  
  Admins will be able to use new or existing Google groups to configure print servers for users in your organization. That means when you need to configure a print server for a specific set of users–who may or may not belong to different Organizational Units (OUs)–you will be able to use the flexibility of groups without needing to reconfigure your OUs. Note that configuration of print server policies for user groups works exactly the same as it does for printers. 

• New Chrome browser insights   
  
  As early as Chrome 111, a new Browsers that need attention insights card will allow IT admins to quickly identify browsers that have a pending Chrome update, browsers that are inactive and browsers that have recently enrolled.  

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

• Confirmation permission chips in the address bar   
  
  Chrome is consolidating permission prompts and indicators to make them more consistent and easier to understand. Some users now see a new permissions chip experience in the address bar, showing a chip after a user has made a decision on a permission prompt. It confirms the action a user has just taken and is shown for 4 seconds. If the user clicks on it, the page info bubble is shown, which allows users to manage their permission settings for the current site.
  
  For some users, the lock icon in the address bar is hidden while a chip is displayed. Note that chips are only visible during certain permission requests and while a confirmation chip is displayed. As soon as the chip disappears, the lock icon becomes visible again.
  
   

• About this page on Desktop in Chrome 109   
  
  We are improving the From the web feature in the site info UI. It is now called About this page and it opens a website with multiple pieces of information regarding the source and topic of a website. Our goal is to empower users with the context to evaluate the trustworthiness of a webpage for themselves. You can learn more about helpful Search tools in this blog post.
  
  This feature is only enabled when Make searches and browsing better is enabled in Settings > Sync and Google Services > Other Google services. You can control this setting with the UrlKeyedAnonymizedDataCollectionEnabled policy.
  
  

• UI changes for some download warnings   
  
  As early as Chrome 109, to protect users from malware, Chrome shows detailed context and customized UIs for some download warnings. For example, if Chrome detects a download to potentially steal user's information, the description changes from Chrome blocked this file because it is dangerous to This file contains malware that can compromise your personal or social network accounts. You can disable download warnings by setting the SafeBrowsingProtectionLevel enterprise policy, or you can allowlist specific domains using SafeBrowsingAllowlistDomains.
  
  

• Changes to HTMLElement.offsetParent   
  
  In Chrome 109, the Javascript APIs HTMLElement.offsetParent, HTMLElement.offsetTop, and HTMLElement.offsetLeft are changed in an edge case involving ShadowDOM to match the behavior of Firefox and Safari. A new enterprise policy, OffsetParentNewSpecBehaviorEnabled, is available to disable the new behavior until Chrome 120. A polyfill was made to help migrate to the new behavior: https://github.com/josepharhar/offsetparent-polyfills.

• Changes to mouse events on disabled form controls   
  
  In Chrome 109, some users see changes to the behavior of mouse events: clicking on form control elements with the disabled attribute triggers slightly different DOM events. Additional mouse events, including mousemove, mouseenter, mouseleave, mouseover,  are fired on these elements. The ancestors of some types of form controls no longer receive click, mouseup, or mousedown events. A new enterprise policy, SendMouseEventsDisabledFormControlsEnabled, can disable the new behavior until at least Chrome 120.

• Intent to deprecate and remove: Event.path   
  
  To improve web compatibility, Chrome 109 no longer supports the non-standard API Event.path. Websites should migrate to Event.composedPath(), which is a standard API that returns the same result. If you need additional time to adjust, a policy EventPathEnabled, available on Windows, Mac, Linux, ChromeOS, Android and WebView, allows you to extend the lifetime of Event.path by an additional 6 milestones.

• Release of Speculation Rules API for prerender in Android   
  
  Chrome 103 introduced same-origin prerendering triggered by the Speculation Rules API. Chrome 109 expands  coverage to also allow triggering same-site cross-origin pages. This allows web authors to suggest to Chrome which cross-origin pages that the user is likely to navigate to next. This prerendering is done with credentials and storage access, but such prerender targets must opt in by using the Supports-Loading-Mode: credentialed-prerender header. An enterprise policy, NetworkPredictionOptions, is available to block the usage of all prerendering activities which result in Chrome ignoring the hints provided using this API. See our article for more information.

• Chrome handles case for matching in a different way   
  
  Previously, Chrome uppercased a request's method when matching with Access-Control-Allow-Methods response headers in CORS preflight. After this change, Chrome doesn't uppercase a request's method, except for those normalized in the specification. So, Chrome now requires exact case-sensitive matching.
  
  For example, previously accepted, now rejected:
  
    Request: fetch(url, {method: 'Foo'})
  Response Header: Access-Control-Allow-Methods: FOO
  
  Previously rejected, now accepted:
  
    Request: fetch(url, {method: 'Foo'})
  Response Header: Access-Control-Allow-Methods: Foo
  
  Namely, post and put are not affected because they are specified in https://fetch.spec.whatwg.org/#concept-method-normalize, while patch is affected.
  
  An enterprise policy AccessControlAllowMethodsInCORSPreflightSpecConformant is available to control whether request methods are uppercased when matching with Access-Control-Allow-Methods response headers in CORS preflight.

• Lens image search in the Google New tab page search box   
  
  In Chrome 109, some users see a camera icon in the search box when navigating to the Google New tab page. This feature allows users to search by image, by uploading a file from their computer or entering an image URL. This feature might only show on the Google New tab page. It does not show in Incognito, Guest User, or non-Google new tab pages. An enterprise policy LensDesktopNTPSearchEnabled, is available to control this feature.
  
  

• DNS queries to Cox resolvers automatically use SecureDNS if enabled   
  
  If SecureDNS is enabled via the DnsOverHttpsMode enterprise policy, insecure DNS requests to Cox DNS resolvers are upgraded to secure DNS requests without requiring a DnsOverHttpsTemplates enterprise policy.

• Chrome unpacks and scans 7z archives for malware   
  
  In Chrome 109, Safe Browsing unpacks 7z archives locally to check for malware. This is similar to the previously-shipped local analysis of zip and rar archives. Chrome now reports contained files, hashes, and lengths to Safe Browsing. You can disable this by disabling Safe Browsing with the SafeBrowsingProtectionLevel policy.

• Measure usage of Web APIs   
  
  As part of the Privacy Sandbox effort, Chrome continues to collect information about APIs commonly called by websites so that we can better understand their use as fingerprinting surfaces. You can disable this collection using the UrlKeyedAnonymizedDataCollectionEnabled enterprise policy.

• Google Update internal upgrades   
  
  Over the coming weeks, Google introduces an overhauled version of Google Update that: 
   
  1. provides a cross-platform core for future development of update-related features. 
  2. improves its performance and reliability. 

  Note: For customers that allowlist specific folders and binaries, there is a path change on Mac as follows:

  • Old: (~)/Library/Google/GoogleSoftwareUpdate
  • New: (~)/Library/Google/GoogleUpdater
  
  All existing enterprise policies and controls for managing Chrome's version will continue to work the same way. These changes first roll out to macOS and eventually to Windows.  

• New and updated policies in Chrome browser   
   

  Policy	Description
  AssistantWebEnabled	Allow using Google Assistant on the web, for example, to enable changing passwords automatically.
  ContextAwareAccessSignalsAllowlist	Enable the Chrome Enterprise Device Trust Connector attestation flow for a list of URLs.
  SendMouseEventsDisabledFormControlsEnabled	Control the new behavior for event dispatching on disabled form controls.
  RequireOnlineRevocationChecksForLocalAnchors	Require online OCSP or CRL checks for local trust anchors (now also available on iOS).
  AccessControlAllowMethodsInCORS PreflightSpecConformant	Make Access-Control-Allow-Methods matching in CORS preflight spec conformant.

• Removed policies in Chrome browser   

  Policy	Description
  UrlParamFilterEnabled	Control the URL parameter filter feature.

ChromeOS updates

• More robust logic for audio device selection   
  
  ChromeOS now remembers multiple previously selected audio peripherals. This should reduce the need to change the audio input or output device when reconnecting a dock, monitor, hub, and so on.

• Ghost windows for ARC Apps launching   
  
  When users try to launch an Android Runtime for Chrome (ARC) app when ARC is still booting or the app is still loading, the shelf presents the App icon with a spinner above it to indicate the App is pending launch. With this feature, the ghost window pops up as an intermediate window state during the ARC booting time which improves perception and sets expectations of ARC apps by actively showing progress in the UI.

• Device metrics and userID information now available to Telemetry API   
  
  The Telemetry API can provide valuable insights about users and devices in your enterprise. ChromeOS 109 now reports device activity status and userID data for the Telemetry API.

• Color Picker improvements   
  
  In ChromeOS Gallery, users can now choose between the Palette and Custom tabs within the color palette dialog. Tapping the Custom tab displays the freeform color select tool. Users can also enter a HEX code to choose a specific color.
  
  

• Disable Trash in the Files app   
  
  In ChromeOS 108, we introduced a new Trash section in the Files app, giving you 30 days to change your mind before files are permanently deleted. Note: This feature doesn't support Play, Linux, Windows file areas.
  
  In ChromeOS 109, you can now disable the Trash section with the TrashEnabled policy.

Admin console updates

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  SerialAllowUsbDevicesForUrls	User & Browser Settings; Managed Guest Session	Chrome ChromeOS Android	Hardware > WebSerial API allowed devices

  
  

Upcoming Chrome browser changes

• Detailed translation settings in Chrome 110   
  
  New detailed translation settings will be added for controlling the current target language, never translate languages, and always translate languages. These settings were previously only editable from the Translate UI bubble but will now be permanently exposed under chrome://settings/language. Enterprise users may use the existing TranslateEnabled enterprise policy to globally enable or disable translation.

• Chrome for Testing   
  
  As early as Chrome 110,  Puppeteer, Chrome's browser automation library, will use the Chrome for Testing binary instead of a Chromium binary. In case you have the Chromium binary allowlisted, you might consider allowlisting the Chrome for Testing binary too.
  
  Chrome for Testing is a dedicated Chrome flavor for the automated testing use case. It’s not an end-user facing product, but rather a tool to be used by automation engineers through other projects such as Puppeteer. Chrome for Testing is a completely separate binary from regular Chrome.

• User-level Enhanced Safe Browsing on iOS in Chrome 110   
  
  For Chrome on iOS where the Safe Browsing protection level is not controlled by SafeBrowsingProtectionLevel, users who are signed in and syncing, and have enabled Enhanced Safe Browsing on their Google Account, will be notified that Enhanced Safe Browsing has been enabled on their Chrome profile. Disabling Enhanced Safe Browsing on a synced Google Account will disable Enhanced Safe Browsing for their Chrome profile. Additionally, users that are signed-in and non-synced might be prompted to enable Chrome Enhanced Safe Browsing within 5 minutes of enabling Account Level Enhanced Safe Browsing.

• MetricsReportingEnabled policy available on Android in Chrome   
  
  As early as Chrome 110, Chrome on Android will slightly modify the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there will be no change to the first run experience. If the admin enables metrics, users will still be able to change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.

• Change in launch schedule starting in Chrome 110   
  
  Starting in Chrome 110, Chrome will be rolled out to the Stable channel one week earlier than previously communicated to a very small subset of users. For example, the Chrome 110 Stable release moves from February 7 to February 1, 2023.
  
  You can also expect to see a much smaller rollout at a significantly reduced percentage of our user population for the first week of the published Stable release date. The wider rollout to most users will happen at a similar timeframe to the earlier communicated dates.

• Content Analysis connector for local DLP agent integration   
  
  Some third party software, for example AV or DLP agents, injects code into Chrome. Though this practice is discouraged, it is still prevalent in the enterprise environment since there are few alternatives for these local agents.
  
  Chrome 110 will provide secure, native integration that allows selected third party DLP agents to protect sensitive data transfers that happen within the browser.

• Windows 7/8/8.1 and Windows Server 2012/2012 R2 will be supported through Chrome 109   
  
  Microsoft is ending support for most variants of Windows 7/8/8.1 in January 2023. As announced in a previous blog post, Chrome 109 will be the last supported version of Chrome for these operating systems.
  
  Update: Chrome running on Windows Server 2012 and Windows Server 2012 R2 will not be updated beyond Chrome 109, as those OSes are based on Windows 8/8.1. However, critical security fixes will be issued to Chrome 109 on these two OS versions until October 10, 2023 to ease customer transitions. For the most up to date information, see this post in the Chrome Enterprise and Education help center.

• Rolling out GPU changes to NaCL Swapchain and video decoding   
  
  As early as Chrome 110, we will refactor the implementation of the NaCL swapchain and the Pepper video decoding APIs. These changes are not intended to have any behavioral impact on users. However, it is possible that due to bugs they might result in visual artifacts, unacceptably slow performance when playing video, unacceptable increases in power, or crashes. Information about how to signal any problems will be available as these refactors roll out.

• WebAuthn cannot be used on sites with TLS certificate errors   
  
  Starting on Chrome 110, Chrome will stop allowing WebAuthn requests on websites with TLS certificate errors. The criteria will be the same used for showing danger interstitials or a Not secure pill on the omnibox. This will prevent bad actors from generating valid assertions in a Man-in-the-Middle attack on users who may skip the interstitial.
  
  Enterprises will be able to use the AllowWebAuthnWithBrokenTlsCerts policy if needed as a workaround.

• Default to origin-keyed agent clustering in Chrome 110   
  
  As early as Chrome 110, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior.
  
  Note: document.domain has no effect if only one document sets it.
  
  The OriginAgentClusterDefaultEnabled enterprise policy will allow you to extend the current behavior.

• Password Change URLs   
  
  The Check passwords tool, chrome://settings/passwords/check, and its analogues on other platforms, query change password URLs from the backend to facilitate fixing compromised passwords, for example, https://example.com/settings/change_password.html. This launch will extend the list of URLs available on the backend.

• User-Agent reduction Phase 6   
  
  As of Chrome 110, some portions of the User-Agent string will be reduced on Chrome for Android. As previously detailed in the Chromium blog, we intend to proceed with Phase 6 of the User-Agent Reduction plan. For more details, see this reference page and Chromium update. The UserAgentReduction policy allows for opting out of these changes.

• Changes to phishing protection on Android as early as Chrome 111   
  
  When a user authenticates to Android with their Google password, for example, during account setup, Chrome will be notified so the password can begin receiving phishing protection when surfing the Web with Chrome. In previous versions of Chrome on Android, users needed to explicitly provide their password within a Chrome tab, for example, sign in to Gmail, to receive phishing protection for their Google password. 
  
  You can disable warnings regarding password reuse by setting PasswordProtectionWarningTrigger to 0.

• Privacy Sandbox updates in Chrome 111   
  
  Chrome 111 will update the user experience of the new ad privacy features related to the Privacy Sandbox project. As part of this, Chrome will show users a confirmation dialog that explains their options and allows them to set their preferences.
  
  IT admins can disable Chrome's Privacy Sandbox settings via the PrivacySandboxAdTopicsEnabled, PrivacySandboxSiteEnabledAdsEnabled, and PrivacySandboxAdMeasurementEnabled enterprise policies, and suppress the user-facing prompt via the PrivacySandboxPromptEnabled policy.
  
  For more information, see the developer documentation about Privacy Sandbox technologies in Chrome.

   

• Strict MIME type checks for Worker scripts   
  
  As early as Chrome 111, Chrome will strictly check MIME types for Worker scripts, like Service Workers or Web Workers. Strict checking means that Chrome will only accept JavaScript resources for Workers with a MIME type of text/javascript. Currently, Chrome will also accept other MIME types, like text/ascii. This change is aimed at improving the security of web applications, by preventing inclusion of inappropriate resources as JavaScript files.
  
  Disabling the StrictMimetypeCheckForWorkerScriptsEnabled policy allows you to keep the current behavior.

• Chrome Private Network Access preflights for subresources enforced in Chrome 113   
  
  Chrome 104 started sending a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching Access-Control-Allow-Private-Network: true header, a warning is shown in DevTools. For more details, see this blog post.
  
  As early as Chrome 111 on Android, the warnings will turn into errors and affected requests will fail, for sites not opted out via an Origin Trial. Remaining platforms will also have these warnings enforced in Chrome 113. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.
  
  If you want to test this feature in advance, you can enable warnings using chrome://flags/#private-network-access-send-preflights. If you want to test how it behaves once warnings turn into errors, you can enable chrome://flags/#private-network-access-respect-preflight-results.
  
  Chrome is making this change to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks. To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion and latest updates about Private Network Access preflights.

• Enable access to WebHID API from extension service workers in Chrome 111   
  
  This launch will enable access to WebHID API from extension service workers as a migration path for manifest V2 extensions that currently access the API from a background page.

• Enable access to WebUSB API from extension service workers   
  
  As early as Chrome 111, we will enable access to WebUSB API from extension service workers as a migration path for Manifest V2 extensions that currently access the API from a background page.
  
  WebUSB policies can also be applied to extension origins to control this behavior. See DefaultWebUsbGuardSetting, WebUsbAskForUrls, WebUsbBlockedForUrls, and WebUsbAllowDevicesForUrls for more details.

• Deprecation of Web SQL and other old Storage features   
  
  The Web SQL API is rarely used, and since its removal by Safari, only Chromium-based browsers have supported it. It requires frequent security fixes, and developers have been discouraged from using it for years. We're now engaging in an effort to seek out and warn anyone who may still be using Web SQL, with the goal of removing it entirely in 2023. 
  
  What you need to do depends on how you're using Web SQL:
   
  • If you're just using Web SQL to detect whether a given browser is Chrome, that method will stop working when Web SQL is removed. Navigator.userAgentData is a better alternative.
  • If you're using Web SQL to simply store a few data points, localStorage and sessionStorage provide easier ways to do this.
  • However, if you're using Web SQL for more complex storage, you'll need to find a proper replacement.

  Here are some migration options for more complex storage:

  • If your storage needs don't require a relational database, IndexedDB is the standard solution for structured storage on the web. Large sites rely on IndexedDB, and all major browsers support it.
  • For those who do need a relational database, we've partnered with the SQLite team to create an evergreen cross-browser Web SQL replacement. In November, SQLite released a web backend, using Emscripten to compile to WebAssembly and leveraging the new File System Access Handles API as a low-level virtual file interface. It's about as fast as Web SQL, and often it's faster. For more information, see our blog post Deprecating and removing Web SQL, which we'll update when noteworthy events occur.

  We've already disabled Web SQL in third-party contexts. The next step is to remove support in non-secure contexts.  In Chrome 105, we introduced a deprecation warning in DevTools. We'll remove this support in Chrome 110. An enterprise policy, WebSQLNonSecureContextEnabled, will let Web SQL function in non-secure contexts for a few months past the removal date.

  In Chrome 110, we will also remove the window.webkitStorageInfo API. This legacy quota API has been deprecated since 2013, and has been replaced by the now standardized StorageManager API.

   

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 111, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

• Chrome apps no longer supported on Windows, Mac, and Linux   
  
  As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 112 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.
  
  Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable.   

  Starting with Chrome 112, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:

   

  Property	Extension ID (Chrome App)	install_url (PWA / Web App)
  Gmail	pjkljhegncpnkpknbcohdijeoejaedia	https://mail.google.com/mail/ installwebapp?usp=admin
  Docs	aohghmighlieiainnegkcijnfilokake	https://docs.google.com/document/ installwebapp?usp=admin
  Drive	apdfllckaahabafndbhieahigkjlhalf	https://drive.google.com/drive/ installwebapp?usp=admin
  Sheets	felcaaldnbdncclmgdcncolpebgiejap	https://docs.google.com/spreadsheets/ installwebapp?usp=admin
  Slides	aapocclcgogkmnckokdopfmhonfmgoek	https://docs.google.com/presentation/ installwebapp?usp=admin
  Youtube	blpcfgokakmgnkcojhhkbfbldkacnbeo	https://www.youtube.com/s/notifications/ manifest/cr_install.html

   

• Extensions must be updated to leverage Manifest V3   
  
  Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 
  
  All new extensions submitted to the Chrome Web Store already must implement Manifest V3, but existing Manifest V2 extensions can still be updated, and still run in Chrome. In 2023, extensions using Manifest V2 may cease running in Chrome. If your organization is running extensions that use Manifest V2, you must update them to leverage Manifest V3.
  
  Starting with Chrome 110, an Enterprise policy ExtensionManifestV2Availability will be available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions until at least January 2024. 
  
  You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.
  
  For more details, refer to the Manifest V2 support timeline.

   

• Payment Handler API will require CSP connect-src   
  
  If your organization is using the Web Payment API (Payment Handler and Payment Request) and also uses Content-Security-Policy (CSP) for better protection, then you need to make sure the domains of HTTP requests sent from the Web Payment API are added to the connect-src directive of the CSP. For more information, see this developer blog post.

   

• First-Party Sets user controls   
  
  First-Party Sets is an upcoming framework for developers to declare relationships between domains, such that the browser can make decisions regarding access based on the third party’s relationship to the first party. A set may enjoy first party benefits, including continued access to their cookies when the top-level domain is in the same set.
  
  First-Party Sets are part of Chrome's roadmap for a more privacy-focused web.
  
  Chrome 111 introduces user controls for these First-Party Sets.
  
  

• Removal of ChromeRootStoreEnabled policy   
  
  In Chrome 105, we announced the launch of the Chrome Root Store. A new policy, called ChromeRootStoreEnabled, was introduced to allow selective disabling of the Chrome Root Store in favor of the platform root store. The policy will be removed in Chrome 113.

Upcoming ChromeOS changes

• Super Resolution Audio for Bluetooth headset microphones   
  
  Starting in 110, your ChromeOS device will help you sound more natural in calls and conferences by reconstructing the high-frequency audio components that are not transmitted from Bluetooth headsets.

• Cursive pre-installed for Enterprise and Education accounts   
  
  As early as ChromeOS 110, Cursive, a stylus-first notes app, will be available for Chromebooks. In an upcoming release, it will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks. If you want to block access to the app, you can prevent Chromebooks in your enterprise from accessing cursive.apps.chrome.

• Channel labeling on ChromeOS   
  
  Trying out the latest version of ChromeOS? For users on non-stable channels (Beta, Dev, Canary), starting in 110, you will see which channel you are on in the bottom right. You will be able to click the time to open quick settings, which will have a new UI showing the device build and a feedback button.

• Fast Pair   
  
  Fast Pair will make Bluetooth pairing easier on ChromeOS devices and Android phones. When you turn on your Fast Pair-enabled accessory, it will automatically detect and pair with your ChromeOS device or Android phone in a single tap. Fast Pair will also associate your Bluetooth accessory with your Google account, making it incredibly simple to move between devices without missing a beat. This feature will be available as early as ChromeOS 111.

• Updates to emoji picker   
  
  The updates for the emoji picker will include commonly used symbols and characters, such as scientific notations and math operators. In addition, we will also include text-based emoticons (kaomoji) for even more expressive conversations. The new top-level navigation bar will help you find the high-level category quickly, ranging from emojis, symbols, and emoticons. The improved universal search will show possible matches from all categories.

• Passpoint: Seamless, secure connection to Wi-Fi networks   
  
  Starting as early as ChromeOS 114, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

• Improving performance: Memory Saver and Energy Saver modes   
  
  In Chrome 108 on Windows, Mac, and ChromeOS, some users experience new performance-enhancing features: Memory Saver and Energy Saver. These features are designed to improve the performance of Chrome, and extend battery life, respectively. Users can control these features using the options under Settings > Performance.
  
  As part of this launch, Chrome now includes the following enterprise policies:
   
  1. TabDiscardingExceptions: By using this policy, you specify URL patterns that are never discarded by the browser. 
  2. BatterySaverModeAvailability: When set to Disabled, the Battery Saver mode is switched off. When set to EnabledBelowThreshold or not set, Battery Saver Mode is enabled when the device is on battery power and battery level is low. When set to EnabledOnBattery, Battery Saver Mode is enabled when the device is on battery power.
  3. HighEfficiencyModeEnabled: This policy enables or disables the High Efficiency Mode setting.

• Google Password Manager: Notes for passwords   
  
  In Chrome 108 on desktop, users can save a note for each saved credential in the Password Manager. Passwords and associated notes display on a sub-page, which is protected by authentication.

• Google Password Manager: Updates on iOS   
  
  From Chrome on iOS 108, it is easier for users to access their passwords. We have simplified the password list view, to show users just their passwords. Password-related settings display on their own screen, making it easier for users to see and manage their settings in one place. Existing features like adding or editing passwords and password checkup remain available on the password list view.

• Windows: pin to taskbar during install   
  
  As early as Chrome 108, the Chrome installer pins Chrome to the Windows taskbar for easier access to Chrome. You can use the do_not_create_desktop_shortcut setting in initial_preferences to control this behavior.
  
  

• Custom default error pages for Progressive Web Apps   
  
  Chrome now provides a custom default error page when Progressive Web Apps (PWAs) and Trusted Web Activities (TWAs) do not define a custom offline experience and the network is down.

• New Chrome sync dialog on iOS   
  
  On Chrome on iOS, some users see a visually updated dialog to turn on Chrome sync in the first run. Relevant enterprise policies such as BrowserSignin, SyncDisabled, RestrictAccountsToPatterns and SyncTypesListDisabled continue to work as before and can be used to configure Chrome sync.
  

• Price tracking   
  
  Chrome 108 enables users to price track products from across the web, and receive email or mobile notifications when the price of a tracked item drops. Tracked items are saved alongside bookmarks with Sync. This feature is only available for signed-in, syncing users who have Web & App activity enabled. You can control this with the ShoppingListEnabled policy.

• Change asynchronous methods to synchronous in FileSystemSyncAccessHandle   
  
  In Chrome 108, getSize(), truncate(), flush() and close() async methods in FileSystemSyncAccessHandle primitive in the File System Access API have been converted to synchronous methods, in line with read() and write() methods. 
  
  This change supports a fully synchronous API for FileSystemSyncAccessHandle, enabling high performance for WebAssembly (WASM) based applications.
  
  We don't anticipate this change causing any issues. However, an enterprise policy, FileSystemSyncAccessHandleAsyncInterfaceEnabled, is available until Chrome 110 to enable the async methods. You can use this to rollback the change temporarily if you need to make any changes to your apps.

• Chrome on Linux to use Chrome's built-in DNS client by default   
  
  The built-in DNS client is enabled by default on Windows, macOS, Android, ChromeOS. As early as Chrome 108, Chrome on Linux also uses the built-in DNS client by default. Enterprises can opt out by setting BuiltInDnsClientEnabled policy to Disabled.

• Improved reporting for internal callback mechanism   
  
  Chrome 108 improves security by reporting misuse of our internal callback mechanism via crash reports. You can control this using the MetricsReportingEnabled policy.

• Cookies and site data dialog improvements   
  
  In Chrome 108, we’ve redesigned and simplified the Cookies and site data dialog so only per-site level information is displayed, and can be easily controlled by users. You can use the DefaultCookiesSetting, CookiesAllowedForUrls, CookiesBlockedForUrls, and CookiesSessionOnlyForUrls enterprise policies to control Chrome's behavior.
  

• Improved sharing of previewed files   
  
  Chrome on iOS is moving the Open in functionality to the share menu. This ensures consistency with iOS patterns.

• New and updated policies in Chrome browser   
   

  Policy	Description
  CopyPreventionSettings	Allows blocking copying to the clipboard on specified URLs.
  TabDiscardingExceptions	URL pattern Exceptions to tab discarding.
  HighEfficiencyModeEnabled	Enable High Efficiency Mode.
  BatterySaverModeAvailability	Enable Battery Saver Mode.
  OnFileTransferEnterpriseConnector	Configuration policy for the OnFileTransfer Chrome Enterprise connector.
  FileSystemSyncAccessHandleAsyncInterfaceEnabled	Re-enable the deprecated async interface for FileSystemSyncAccessHandle in File System Access API.
  VirtualKeyboardResizesLayoutByDefault (Android)	The virtual keyboard resizes the layout viewport by default.

• Removed policies in Chrome browser   
   

  Policy	Description
  PolicyScopeDetection	Allow policy scope detection on macOS
  LoadCryptoTokenExtension	Load the CryptoToken component extension at startup
  PersistentQuotaEnabled	Force persistent quota to be enabled
  DisplayCapturePermissionsPolicyEnabled	Specifies whether the display-capture permissions-policy is checked or skipped

ChromeOS updates

• Cursive canvas lock   
  
  Users of Chrome Cursive can now use a canvas lock to prevent accidental pan or zoom.

• Screencast multi-accounts   
  
  Screencast users can now view restricted recordings associated with secondary accounts. Students, for example, can add a school account to their Family Link profile in ChromeOS and view screencasts created by their teacher.

• ChromeOS version rollback   
  
  The ChromeOS rollback feature enables managed devices to download and run an earlier version of ChromeOS than the one currently installed. Rollback works in conjunction with pinning to a target version, and requires that updates are enabled.
  
  In this first release, rollback supports rolling back up to the previous N-3 release milestone, where N is the current release on the stable channel, as well as, the current release of the LTC and LTS channels.
  
  The rollback feature will be available on the admin console from December 8th 2022.  The earliest version of ChromeOS that you can roll back to is version 107.
  
  Please note that installing an earlier ChromeOS version requires that devices have to perform a powerwash, an operation that erases any local user data.

• ChromeOS Camera App: Document scanning improvements   
  
  From M107, document scanning in the ChromeOS Camera App is automatically downloaded when the user selects it, making it available to more devices including those with Apollo Lake and MT8173 processors. From M108, the document scanning feature supports taking multiple pages and combining them into a single PDF.

• Captive portal improvements   
  
  ChromeOS has improved the user experience for signing into Wi-Fi networks that require captive portal sign-in, for example, at hotels or airports where you are directed to a web page to enter credentials or accept terms and conditions before being connected to the Internet. Improvements include:
  
  • clearer messaging regarding the need to sign in
  • easier to find access to sign in pages
  • more reliable connection to sign in pages

• Easier ways to navigate your virtual keyboard   
  
  If you have a Chromebook with a touchscreen, it’s now even easier to type what you want easily with a newly redesigned virtual keyboard. With just a tap on the new header bar, you can switch between languages, pull up the emoji library, or access the handwriting tool. The virtual keyboard also more quickly processes fast typing – so no need to slow down to make sure that every key is pressed one by one.

• SIM lock policy   
  
  The ChromeOS Admin console now supports the ability to prohibit or allow managed users to lock their SIM card with a PIN.
  
  This feature is available in all ChromeOS devices and is particularly useful for organizations that own their employees’ or students’ SIM cards and want to retain control over them. This is a highly requested feature from EDU because they want to avoid the situation of a student's SIM card PIN locking their device from a reliable internet connection (many students do not have internet at home, for example). EDU also wants to avoid the situation of students intentionally locking themselves out of an internet connection so as to prevent themselves from submitting assignments on time.

• FilesApp Trash   
  
  Previously, deleting a file from the My files would instantly and permanently delete it. Now, it goes to the new Trash section, and you'll have 30 days to change your mind before it's permanently deleted.  Note: This new feature doesn't support Play, Linux, Windows file areas.

• Contact Center Desk API connectors   
  
  For contact center agents, productivity is paramount. But, with the range of apps, tabs and windows that agents use, it can be difficult and time-consuming to locate the right information at the right time. For agents managing multiple customer interactions simultaneously, it becomes even more difficult, leading to stress and frustration for the agent, and a longer wait time for your customers. ChromeOS Desk connectors solve this problem by introducing the desk as a container. Communications solutions that have integrated with ChromeOS Desk API automatically open a new desk per interaction. The desk opens all the tabs and apps an agent needs for this interaction, and once the interaction is complete, the desk closes down all these with one click. For each new interaction, a new desk opens, making it easier and faster for an agent to access the correct agent information at the right time. 
  
  Reach out to the ChromeOS team directly to join the Trusted Tester program and try ChromeOS Desk connectors.

• Human Presence Sensor   
  
  Some Lenovo ThinkPad Chromebooks now have screen privacy features that use Human Presence detection to lock the screen when the user leaves their device and alert the user when another person is looking at their screen. With Lock on Leave, we dim and lock the screen more quickly when no user is detected to protect their privacy. We also have a Keep Awake feature that prevents the screen from dimming when the user is present so that they can continue to view the screen. With Viewing Protection, users are shown an eye alert icon in the shelf and can choose to further mask all private notifications when we detect a second person.

Admin console updates

• ChromeOS data controls   
  
  Data controls are a set of controls for protecting enterprise users from data leakage on endpoints. These capabilities, integrated at the OS level, allow admins to track, restrict, or report the following actions when handling corporate content using simple workflow based rules that do not require content to be scanned: 
  • Copy and paste 
  • Screen capture (screenshots and video capture) 
  • Screen sharing 
  • Printing 
  • And the ability to automatically turn on the electronic privacy screen on a compatible device 
  Admins can define Chrome action rules in the admin console to trigger data controls based on the content source and destination, where relevant. Sources and destinations include URLs, Chrome apps, and PWAs. Please review the guide for more information.

• Apps Details - Installation Requests   
  
  The list of extension requests that were previously shown in the right panel sidebar are now shown in a card in the App Details page called Installation Requests. Admins can see requests by organizational unit, browser, or user - making it easier for admins to make granular installation decisions. To allow extension requests, see our help center article.

• Apps & Extension usage report   
  
  There is a new warning icon for Extensions that are still using Manifest v2. To enable the Apps & Extension Usage Report, see this help center article.  We also recommend contacting your internal developers or vendors that are still publishing Manifest v2 extensions to learn about their migration plans to Manifest v3.  Please review the Extension Manifest v2 deprecation timeline for more information.

• New Chrome Browser Cloud Management sign-up experience   
  
  IT admins can now sign up for Chrome Browser Cloud Management using a new simple four-step sign-up flow. The new sign-up flow allows IT admins to create an Admin console account for Chrome Browser Cloud Management and it allows to optionally add the Chrome Enterprise Update (for ChromeOS) and Workspace free Essentials subscriptions to your new account. Learn more.

• Delegated Admins can see all their devices   
  
  A Delegated Admin can now view devices in all organizational units that they have access to, rather than only devices in a single organizational unit at a time.
  

• Enrolling browsers with Mosyle   
  
  Mosyle is an Unified Endpoint Management platform focused on managing Apple devices. We have updated our documentation to describe how to deploy Chrome Browser Cloud Management tokens with Mosyle.
  
  Enroll browsers with Mosyle (iOS/iPadOS)
  Enroll browsers with Mosyle (macOS)

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  AllowOnlyPolicyNetworksToConnectIfAvailable	Networks Settings	ChromeOS	General settings > Wi-Fi Networks
  CustomSearchDomains	Networks Settings	All Platforms	WIFI / Ethernet Settings > Details > Custom search domains
  HighEfficiencyModeEnabled	User Settings	All platforms	Other settings
  VirtualKeyboardResizesLayoutByDefault	User Settings	All platforms	User experience
  BatterySaverModeAvailability	User Settings	All platforms	Power and shutdown
  TabDiscardingExceptions	User settings	All platforms	Other settings
  FileSystemSyncAccessHandleAsyncInterfaceEnabled	User settings	All platforms	Hardware

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel

Upcoming Chrome browser changes

• Confirmation permission chips in the address bar   
  
  Chrome is consolidating permission prompts and indicators to make them more consistent and easier to understand. Some users will see a new permissions chip experience in the address bar, a chip shown after a user has made a decision on a permission prompt. It confirms the action a user has just taken and is shown for 4 seconds. If the user clicks on it, the page info bubble is shown, which is a surface that among others, allows users to manage their permission settings for the current site.
  
  For some users, the lock icon in the address bar will be hidden while a chip is being shown. Please note, chips are only visible during certain permission requests and while a confirmation chip is being displayed. As soon as the chip disappears, the lock icon is visible again.
   

  

• Google Update internal upgrades   
  
  Chrome 109 introduces the next version of Google Update based on tried-and-true Chromium technology. It will provide a cross-platform core for future development of update-related features. All existing enterprise policies and controls for managing Chrome's version work the same way.

• About this page on Desktop in Chrome 109   
  
  We are improving the From the web feature in the site info UI. It is now called About this page and it opens a website with multiple pieces of information regarding the source and topic of a website.
  
  This feature is only enabled when Make searches and browsing better is enabled in Settings > Sync and Google Services > Other Google services. You can control this setting with the UrlKeyedAnonymizedDataCollectionEnabled policy.

• Chrome to change the UI for some download warnings   
  
  As early as Chrome 109, to protect users from malware, Chrome will start to show detailed context and customized UIs for some download warnings. For example, if Chrome detects a download to potentially steal user's information, the description will be changed from Chrome blocked this file because it is dangerous to This file contains malware that can compromise your personal or social network accounts. You can disable download warnings by setting the SafeBrowsingProtectionLevel enterprise policy, or allowlist specific domains using SafeBrowsingAllowlistDomains.
  

• Detailed translation settings in Chrome 109   
  
  New detailed translation settings have been added for controlling the current target language, never translate languages, and always translate languages. These settings were previously only editable from the Translate UI bubble but are now permanently exposed under chrome://settings/language. Enterprise users may use the existing TranslateEnabled enterprise policy to globally enable or disable translation.

• Changes to HTMLElement.offsetParent   
  
  In Chrome 109, the Javascript APIs HTMLElement.offsetParent, HTMLElement.offsetTop, and HTMLElement.offsetLeft will be changed in an edge case involving ShadowDOM in order to match the behavior of Firefox and Safari. A new enterprise policy, OffsetParentNewSpecBehaviorEnabled, will be added to disable the new behavior until Chrome 120. A polyfill was made in order to help migrate to the new behavior: https://github.com/josepharhar/offsetparent-polyfills.

• Changes to mouse events on disabled form controls   
  
  In Chrome 109, some users will see changes to the behavior of mouse events: clicking on form control elements with the disabled attribute will fire slightly different DOM events. Additional mouse events, including mousemove, mouseenter, mouseleave, mouseover, and more will be fired on these elements. The ancestors of some types of form controls will no longer receive click, mouseup, or mousedown events. A new enterprise policy, SendMouseEventsDisabledFormControlsEnabled, will be added to disable the new behavior until at least Chrome 120.

• UrlParamFilterEnabled removed in Chrome 109   
  
  The UrlParamFilterEnabled policy allows admins to control if parameters are removed when a user selects Open Link in Incognito Window from the context menu. This is a temporary policy introduced when the change was introduced in Chrome. The policy will be removed in Chrome 109.

• Removal of master_preferences in Chrome 109   
  
  master_preferences and initial_preferences are ways of setting default preferences for a Chrome install. The historical name of the file is master_preferences, but it was renamed to initial_preferences in Chrome 91. To make the transition easy for IT admins, from Chrome 91 to Chrome 108, naming the file either initial_preferences or master_preferences has the same effect. In Chrome 109, if you name the file master_preferences, it will not work by default. You should rename the file initial_preferences.
  
  Alternatively, you will be able to use the CompatibleInitialPreferences enterprise policy to extend support for the master_preferences naming. This policy is not currently available.

• User-level Enhanced Safe Browsing on iOS in Chrome 109   
  
  For Chrome on iOS where the Safe Browsing protection level is not controlled by SafeBrowsingProtectionLevel, users that are signed in and syncing that have enabled Enhanced Safe Browsing on their Google Account will be notified that Enhanced Safe Browsing has been enabled on their Chrome profile. Disabling Enhanced Safe Browsing on a synced Google Account will disable Enhanced Safe Browsing for their Chrome profile. Additionally, users that are signed-in and non-synced may be prompted to enable Chrome Enhanced Safe Browsing within 5 minutes of enabling Account Level Enhanced Safe Browsing.

• Intent to deprecate and remove: Event.path   
  
  To improve web compatibility, we will stop supporting the non-standard API Event.path as early as Chrome 109. Websites should migrate to Event.composedPath(), which is a standard API that returns the same result. If you need additional time to adjust, a policy EventPathEnabled, available on Windows, Mac, Linux, ChromeOS, Android and WebView will allow you to extend the lifetime of Event.path by an additional 6 milestones.

• MetricsReportingEnabled policy will be available on Android in Chrome   
  
  As early as Chrome 109, Chrome on Android will slightly modify the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there will be no change to the first run experience. If the admin enables metrics, users will still be able to change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.

• Release of Speculation Rules API for prerender in Android   
  
  Chrome 103 introduced same-origin prerendering triggered by the Speculation Rules API. Chrome 109 expands  coverage to also allow triggering same-site cross-origin pages. This allows web authors to suggest to Chrome which cross-origin pages that the user is likely to navigate to next. This prerendering will be done with credentials and storage access, but such prerender targets will need to opt in by using the Supports-Loading-Mode: credentialed-prerender header. An enterprise policy, NetworkPredictionOptions, is available to block the usage of all prerendering activities which will result in Chrome ignoring the hints provided using this API. See our article for more information.

• Device token deletion   
  
  As early as Chrome 109, when deleting a browser from the managed browsers list in the Admin console, a new policy will allow Chrome Browser Cloud Management to delete the device token on the end-point devices. The default value will remain to invalidate the device token.

• Content Analysis connector for Local DLP Agent Integration   
  
  Some third party software (for example, AV/DLP agents) injects code into Chrome. Though this practice is discouraged, it is still prevalent in the enterprise environment since there are no good alternatives for these local agents.
  
  Chrome 110 will provide secure, native integration that transfers content (file or text) between Chrome and selected 3rd party DLP agents when a Chrome Browser Cloud Management managed user performs an action that sends data from their endpoint using Chrome Enterprise connectors.

• Change in launch schedule starting in Chrome 110   
  
  Starting in Chrome 110, Chrome will be rolled out to the Stable channel one week earlier than previously communicated. For example, the Chrome 110 Stable release moves from Feb 7 to Feb 1, 2023.
  
  You can also expect to see a much smaller rollout at a significantly reduced percentage of our user population for the first week of the published Stable release date. The wider rollout to most users will happen at a similar timeframe to the earlier communicated dates.

• Windows 10 as minimum required version in Chrome 110   
  
  Microsoft ends support for Windows 7 ESU, Windows 8, and Windows 8.1 extended support on January 10, 2023. Chrome 110, tentatively scheduled for release on February 1, is the first version of Chrome which will have a minimum Windows version of Windows 10.

• Chrome Private Network Access preflights for subresources enforced in Chrome 113   
  
  Chrome 104 started sending a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching Access-Control-Allow-Private-Network: true header, a warning is shown in DevTools. For more details, see this  blog post.
  
  As early as Chrome 110 on Android, the warnings will turn into errors and affected requests will fail, for sites not opted out via an Origin Trial. Remaining platforms will also have these warnings enforced in Chrome 113. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.
  
  If you want to test this feature in advance, you can enable warnings using chrome://flags/#private-network-access-send-preflights. If you want to test how it behaves once warnings turn into errors, you can enable chrome://flags/#private-network-access-respect-preflight-results.
  
  Chrome is making this change to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks. To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion and latest updates about Private Network Access preflights.

• Rolling out GPU Changes to NaCL Swapchain and video decoding   
  
  As early as Chrome 110, we will refactor the implementation of the NaCL swapchain and the Pepper video decoding APIs. These changes are not intended to have any behavioral impact on users. However, it is possible that due to bugs they might result in visual artifacts, unacceptably slow performance when playing video, unacceptable increases in power, or crashes. Information about how to signal any problems will be available as these refactors roll out.

• Enable access to WebHID API from extension service workers in Chrome 110   
  
  This launch will enable access to WebHID API from extension service workers as a migration path for manifest V2 extensions that currently access the API from a background page.

• WebAuthn cannot be used on sites with TLS certificate errors   
  
  Starting on M110, Chrome will stop allowing WebAuthn requests on websites with TLS certificate errors. The criteria will be the same used for showing danger interstitials or a Not secure pill on the omnibox. This will prevent bad actors from generating valid assertions in a Man-in-the-Middle attack on users who may skip the interstitial.
  
  Enterprises will be able to use the AllowWebAuthnWithBrokenTlsCerts policy if needed as a workaround.

• Strict MIME type checks for Worker scripts   
  
  As early as Chrome 110, Chrome will strictly check MIME types for Worker scripts, like Service Workers or Web Workers. Strict checking means that Chrome will only accept JavaScript resources for Workers with a MIME type of text/javascript. Currently, Chrome will also accept other MIME types, like text/ascii. This change is aimed at improving the security of web applications, by preventing inclusion of inappropriate resources as JavaScript files.
  
  Disabling the StrictMimetypeCheckForWorkerScriptsEnabled policy allows you to keep the current behavior.

• Default to origin-keyed agent clustering in Chrome 110   
  
  As early as Chrome 110, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior.
  
  Note: document.domain has no effect if only one document sets it.
  
  The OriginAgentClusterDefaultEnabled enterprise policy will allow you to extend the current behavior.

• WebUSB from extension service workers   
  
  Chrome 111 will enable access to WebUSB API from extension service workers as a migration path for manifest V2 extensions that currently access the API from a background page.
  
  WebUSB policies can also be applied to extension origins to control this behavior. See DefaultWebUsbGuardSetting, WebUsbAskForUrls, WebUsbBlockedForUrls, and WebUsbAllowDevicesForUrls for more details.

• Deprecation of Web SQL and other old Storage features   
  
  The Web SQL API is rarely used, and since its removal by Safari, only Chromium-based browsers have supported it. It requires frequent security fixes, and developers have been discouraged from using it for years. We're now engaging in an effort to seek out and warn anyone who may still be using Web SQL, with the goal of removing it entirely in 2023.
  
  What you need to do depends on how you're using Web SQL:
   
  • If you're just using Web SQL to detect whether a given browser is Chrome, that method will stop working when Web SQL is removed. Navigator.userAgentData is a better alternative.
  • If you're using Web SQL to simply store a few data points, localStorage and sessionStorage provide easier ways to do this.
  • However, if you're using Web SQL for more complex storage, you'll need to find a proper replacement.
  
  Here are some migration options for more complex storage:
   
  • If your storage needs don't require a relational database, IndexedDB is the standard solution for structured storage on the web. Large sites rely on IndexedDB, and all major browsers support it.
  • For those who do need a relational database, we are partnering with the SQLite team to create an evergreen cross-browser Web SQL replacement. The team is adding a web backend to SQLite, using Emscripten to compile it to WebAssembly and leveraging the new File System Access Handles API as a low-level virtual file interface. We expect this to be ready for use early in 2023. For more information, see our blog post Deprecating and removing Web SQL, which we'll update when noteworthy events occur.
  
  We've already disabled Web SQL in third-party contexts. The next step is to remove support in non-secure contexts.  In Chrome 105, we introduced a deprecation warning in DevTools. We'll remove this support in Chrome 110. An enterprise policy, WebSQLNonSecureContextEnabled, will let Web SQL function in non-secure contexts for a few months past the removal date.
  
  In Chrome 110, we will also remove the window.webkitStorageInfo API. This legacy quota API has been deprecated since 2013, and has been replaced by the now standardized StorageManager API.

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 111, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

• Chrome apps no longer supported on Windows, Mac, and Linux   
  
  As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 111 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.
  
  Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable. 
  
  Starting with Chrome 111, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
   

  Property	Extension ID (Chrome App)	install_url (PWA / Web App)
  Gmail	pjkljhegncpnkpknbcohdijeoejaedia	https://mail.google.com/mail/ installwebapp?usp=admin
  Docs	aohghmighlieiainnegkcijnfilokake	https://docs.google.com/document/ installwebapp?usp=admin
  Drive	apdfllckaahabafndbhieahigkjlhalf	https://drive.google.com/drive/ installwebapp?usp=admin
  Sheets	felcaaldnbdncclmgdcncolpebgiejap	https://docs.google.com/spreadsheets/ installwebapp?usp=admin
  Slides	aapocclcgogkmnckokdopfmhonfmgoek	https://docs.google.com/presentation/ installwebapp?usp=admin
  Youtube	blpcfgokakmgnkcojhhkbfbldkacnbeo	https://www.youtube.com/s/notifications/ manifest/cr_install.html

• Extensions must be updated to leverage Manifest V3   
  
  Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 
  
  All new extensions submitted to the Chrome Web Store already must implement Manifest V3, but existing Manifest V2 extensions can still be updated, and still run in Chrome.
  
  In 2023, extensions using Manifest V2 will cease running in Chrome. If your organization is running extensions that use Manifest V2, you must update them to leverage Manifest V3. If you need additional time to adjust to the Manifest V3 transition, you'll be able to extend Manifest V2 support in Chrome using an enterprise policy until January 2024.
  
  You can see which manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.
  
  For more details, refer to the Manifest V2 support timeline.

Upcoming ChromeOS changes

• Passpoint: Seamless, secure connection to Wi-Fi networks   
  
  Starting as early as ChromeOS 114, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.

• Super Resolution Audio for Bluetooth headset microphones   
  
  Starting in 109, your ChromeOS device will help you sound more natural in calls and conferences by reconstructing the high-frequency audio components that are not transmitted from Bluetooth headsets.

• Channel labeling on ChromeOS   
  
  Trying out the latest version of ChromeOS? For users on non-stable channels (Beta, Dev, Canary), starting in 109 you will see which channel you are on in the bottom right. Selecting the time to open quick settings will have a new UI with the device build as well as a button directly to submit feedback.

• Cursive pre-installed for Enterprise and Education accounts   
  
  As early as ChromeOS 110, Cursive is a stylus-first notes app for Chromebooks. In an upcoming release, it will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks.

• Fast Pair   
  
  Fast Pair makes Bluetooth pairing easier on ChromeOS devices and Android phones. When you turn on your Fast Pair-enabled accessory, it automatically detects and pairs with your ChromeOS device or Android phone in a single tap. Fast Pair also associates your Bluetooth accessory with your Google account, making it incredibly simple to move between devices without missing a beat. This feature will be available as early as ChromeOS 111.

• Updates to emoji picker   
  
  In ChromeOS 111, the emoji picker will include commonly used symbols and characters, such as scientific notations and math operators. In addition, we will include text-based emoticons (kaomoji) for even more expressive conversations. The new top-level navigation bar will help you find the high-level category quickly, ranging from emojis, symbols, and emoticons. The improved universal search will show possible matches from all categories.

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

• Support for Encrypted Client Hello (ECH)   
  
  Chrome 107 starts rolling out support for ECH on sites that opt in, as a continuation of our network related efforts to improve our users’ privacy and safety on the web, for example, Secure DNS. 
  
  If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it. You can enable the new behavior by navigating to chrome://flags and enabling the #encrypted-client-hello flag. On Windows and Linux, you also need to enable Secure DNS for the flag to have an effect.
  
  If you encounter any incompatibilities, you can use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH.

• User-Agent reduction Phase 5   
  
  User-Agent (UA) reduction describes the effort to minimize the identifying information shared in the User-Agent string which might be used for passive fingerprinting. Beginning in Chrome 107, Chrome reduces some portions of the User-Agent string on desktop devices. As previously detailed in the Chromium blog,  we intend to proceed with Phase 5 of the User-Agent reduction plan. The <platform> and <oscpu> tokens, parts of the User-Agent string, are reduced to the relevant <unifiedPlatform> token values, and are no longer updated. Additionally, the values for navigator.platform are frozen on desktop platforms. For more details, see this reference page and Chromium update.
  
  The UserAgentReduction policy allows for opting out of these changes.

• Marshmallow deprecation for Chrome on Android   
  
  Chrome 106 is the last version that supports Android 6.0 Marshmallow. From Chrome 107, the minimum version supported is Android 7.0 Nougat.

• BuiltinCertificateVerifierEnabled removed on Mac   
  
  In Chrome 107, we have removed the BuiltinCertificateVerifierEnabled policy on Mac. This policy was used to control the use of the built-in certificate verifier while using the platform provided root store. Since Chrome 105, a new implementation is available that uses the built-in certificate verifier with the Chrome Root Store. You can control the new implementation using the ChromeRootStoreEnabled policy.

• Updates to Incognito mode on iOS   
  
  Users can configure Chrome to open external links in Incognito using Settings > Privacy and Security > Ask to open links from other apps in Incognito. If you use the IncognitoModeAvailability policy to disable or to force Incognito mode, the policy setting takes precedence, and this user setting won't be available.

• A redesign for browser downloads   
  
  In Chrome 107, remaining users now see a redesigned downloads experience for desktop that moves downloads into a secondary UI surface, following an initial rollout in Chrome 102. The new download tray stems from the trusted UX of Chrome and allows for more effective warnings to better protect users. If you need extra time to adjust to this change, the DownloadBubbleEnabled enterprise policy is available to temporarily keep the old behavior.

• Password import for Chrome Desktop   
  
  Starting in Chrome 107 Desktop users can import their passwords using Chrome browser. Previously, users were only able to import via passwords.google.com. They can now upload a CSV file of passwords to add them to their saved passwords in Google Password Manager. If the user has sync enabled, their passwords are available across their devices, where they are signed in with the same account.

• Sync after sign-in intercept   
  
  To provide a more consistent experience, Chrome now shows a new welcome screen after the user creates a new profile through the sign-in intercept. The user can optionally enable sync as well as modify the new profile name and theme color. The sign-in intercept bubble now contains an enterprise disclaimer if a new profile is to be managed by an organization. This also modifies the signed-out profile creation experience for consistency with other flows.
  
  Enterprise administrators can disable the welcome dialog by setting the PromotionalTabsEnabled policy to false.

• Updated Media picker on Android   
  
  Some users see the new Android Media Picker instead of Chrome's native Media Picker, when uploading photos and videos to the web.  

• Automatic revocation of disruptive notifications   
  
  Some notification prompts and messages are increasingly disruptive for users. Chrome automatically removes the notification grant for sites that send such notifications to users, as these sites are violating Google’s Developer Terms of Service. These sites also have subsequent notification prompts muted.
  
  Any sites listed in the NotificationsAllowedForUrls enterprise policy do not have their notification permissions revoked.

• DisplayCapturePermissionsPolicyEnabled policy removed   
  
  The display-capture permissions-policy controls access to the getDisplayMedia() method, in accordance with the Screen Capture W3 specification.
  
  In Chrome 94, we introduced display-capture as well as the enterprise policy, DisplayCapturePermissionsPolicyEnabled, for bypassing it. Chrome 107 removes this enterprise policy, so it is no longer possible to bypass the display-capture permissions-policy.

• New and updated policies in Chrome browser   
   

  Policy	Description
  HistoryClustersVisible	Show Journeys on the Chrome history page, available on Android.
  AssistantWebEnabled	Allow using Google Assistant on the web, for example, to enable changing passwords automatically.
  StrictMimetypeCheckForWorkerScriptsEnabled	Enable strict MIME type checking for worker scripts.
  ShoppingListEnabled	This policy controls the availability of the shopping list feature.

ChromeOS updates

• Camera Framing   
  
  Camera Framing provides automatic zooming and centering of the user's face for video conference calls or taking selfies. If the device or camera supports Camera Framing, there’s a prompt and an option in Quick Settings to enable or disable the feature. To center yourself again, simply toggle the feature off and back on.
   

• Files app: Recent tab improvements   
  
  It's now faster and easier to find your recently used files. The Recent tab in the Files app has been split into time periods, and has a new Document filter.

• Lock device on lid close   
  
  Settings now supports locking a device when the lid closes without suspending. This can be helpful if you have background tasks such as an SSH connection and don’t want them to be paused. The existing settings for Show lock screen when waking from sleep now also apply to lock the screen when closing the lid.
  
  On an enterprise level, admins can set Action on lid close to Do nothing, by setting the LidCloseAction policy to 3 = Do nothing, and set Lock screen on sleep or lid close, by setting the ChromeOsLockOnIdleSuspend policy to true. With these settings, devices lock when the lid is closed except if they are docked and using an external monitor. In such a case, the device does not lock when the lid closes, but it locks if the external monitor is removed and the lid is still closed.
  
  After locking, the device sleeps if configured to do so after an idle timeout, determined by the PowerManagementIdleSettings policy. If wake locks are allowed and an application holds a wake lock, with the AllowWakeLocks policy, the device does not sleep, which significantly affects battery consumption.

• 3P Identity Provider: Autofill username   
  
  With ChromeOS 107, we improve the online login flow for Chrome Enterprise and Education users that authenticate with Azure AD or Okta. Admins can activate the DeviceAutofillSAMLUsername policy to ensure that users no longer have to re-enter their username when authenticating with a third-party identity provider (3P IdP).

• Deprecate Assistant stylus features   
  
  ChromeOS 107 deprecates stylus features on Pixelbooks related to the Assistant what's on my screen query. The Assistant option is no longer available on the stylus palette tool and stylus long press actions no longer trigger the Assistant screen selection mode.

• Saved desks   
  
  You can now save and close an entire virtual desk, including all its app windows and their layout — perfect for when you want to switch gears or focus on a different task. When you’re ready to get back to it, you can open your saved desk and all its windows and tabs with a single click.

• Close a desk and its windows in one click   
  
  Create a desk for each project or task and when you’re done, close the desk and all its tabs and windows with a single click. To access this feature, hover the cursor over a desk in the deskbar and select Close desk and windows.

   

• Photos integrations   
  
  As early as Oct 3rd, Chromebook users get access to enhanced video editing features from Google Photos. The experience is optimized for a larger screen, and seamlessly integrates with the built-in Gallery app and your Chromebook files – so you can use local images and clips recorded on your Chromebook camera or stored in your Files app to build your movie. 
  
  While movie editing typically comes with a steep learning curve, the revamped movie creation tools in Google Photos help you make high-quality movies with just a few taps using your video clips and photos. Starting in Q4 2022, you can create beautiful movies from suggested themes, or put yourself in the director's seat and start from scratch, right on your Chromebook.

• Long-press to add accents   
  
  In ChromeOS 107, users with an English (en) hardware keyboard can hold a key to type an accented version or variant of that letter. For example, hold the e key to see a list of accents, such as è in caffè or é in déjà vu.

• ChromeOS Accessibility settings improvements   
  
  Starting in ChromeOS 107, we include improvements to our accessibility settings, including improved search results, easier to understand feature descriptions, and improved layout for better discoverability of accessibility features.

• Multi-touch virtual keyboard   
  
  We’ve made some under-the-hood improvements to the virtual keyboard  to allow for better handling of multiple fingers simultaneously tapping keys. It is now faster to type on, especially for touch typists.

Admin console updates

• Managed browser list: CSV export limit increased to 150,000 records<   
  
  The CSV export limit on the managed browser list increases from 5,000 records to 150,000. This means that you can now download the data of a maximum of 150,000 browsers in one CSV file.  

• Admin console: Extension request card   
  
  As early as Chrome 107, the list of extension requests that were previously shown in the right panel sidebar are now shown in a card in the App Details page.

• Text action buttons instead of icons in devices and browsers lists   
  
  Chrome devices and browsers lists now show text actions instead of icons.

   

  

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  BlocklistedHexSSIDs	Networks Settings	ChromeOS	General settings > Block SSIDs
  PasswordDismissCompromisedAlertEnabled	User & Browser Settings	Chrome ChromeOS	Security > Compromised password alerts
  WebAuthnFactors	User & Browser Settings	ChromeOS	Security > WebAuthn
  DeviceAutoUpdateP2PEnabled	Device Settings	ChromeOS	Device updates > Auto-update settings > Allow peer to peer auto update downloads

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel

Upcoming Chrome browser changes

• Change Async methods to Sync in FileSystemSyncAccessHandle Launch   
  
  In Chrome 108, getSize(), truncate(), flush() and close() async methods in FileSystemSyncAccessHandle primitive in the File System Access API will be converted to synchronous methods, in line with read() and write() methods.
  
  This change supports a fully synchronous API for FileSystemSyncAccessHandle, enabling high performance for WebAssembly (WASM) based applications.
  
  An enterprise policy, FileSystemSyncAccessHandleAsyncInterfaceEnabled, will be available until Chrome 110 to enable the async methods.

• As early as Chrome 108, Chrome will change the UI for some download warnings   
  
  To protect users from malware, Chrome will start to show detailed context and customized UIs for some download warnings. For example, if Chrome detects a download to potentially steal user's information, the description will be changed from Chrome blocked this file because it is dangerous to This file contains malware that can compromise your personal or social network accounts. You can disable download warnings by setting the SafeBrowsingProtectionLevel enterprise policy, or allowlist specific domains using SafeBrowsingAllowlistDomains.

• Password Manager: Updates on iOS   
  
  From Chrome on iOS 108, we plan to make it easier for users to access their passwords. The password list view will be simplified, to show users just their passwords. Password-related settings will be moved to their own screen, making it easier for users to see and manage their settings in one place. Existing features like adding or editing passwords and password checkup will remain available on the password list view.

• Password Manager: Notes for Passwords   
  
  From Chrome for Desktop 108, you will be able to save a note for each saved credential in the password manager. Passwords (and notes) will move to a sub-page and will no longer be accessible from the eye icon on the Password List View, as part of this change. You will now need to re-authenticate before accessing the sub-page.

• Windows: pin to taskbar during install   
  
  As early as Chrome 108, the Chrome installer will pin Chrome to the Windows taskbar for easier access to Chrome. You will be able to use the do_not_create_desktop_shortcut setting in initial_preferences to control this behavior.
  

• Removal of master_preferences   
  
  master_preferences and initial_preferences are ways of setting default preferences for a Chrome install. The historical name of the file is master_preferences, but it was renamed to initial_preferences in Chrome 91. To make the transition easy for IT admins, from Chrome 91 to Chrome 107, naming the file either initial_preferences or master_preferences has the same effect. In Chrome 108, if you name the file master_preferences, it will not work by default. You should rename the file initial_preferences.

   

  Alternatively, you will be able to use the CompatibleInitialPreferences enterprise policy to extend support for the master_preferences naming. This policy is not currently available.

• Device token deletion   
  
  As early as Chrome 108, when deleting a browser from the managed browsers list in the Admin console, a new policy will allow Chrome Browser Cloud Management to delete the device token on the end-point devices. The default value will remain to invalidate the device token.

   

• Rolling out GPU Changes to NaCL Swapchain and video decoding   
  
  As early as Chrome 109, we will refactor the implementation of the NaCL swapchain and the Pepper video decoding APIs. These changes are not intended to have any behavioral impact on users. However, it is possible that due to bugs they might result in visual artifacts, unacceptably slow performance when playing video, unacceptable increases in power, or crashes. Information about how to signal any problems will be available as these refactors roll out.

   

• Strict MIME type checks for Worker scripts   
  
  Starting with Chrome 109, Chrome will strictly check MIME types for Worker scripts, like Service Workers or Web Workers. Strict checking means that Chrome will only accept JavaScript resources for Workers with a MIME type of text/javascript. Currently, Chrome will also accept other MIME types, like text/ascii. This change is aimed at improving the security of web applications, by preventing inclusion of inappropriate resources as JavaScript files.

   

  Disabling the StrictMimetypeCheckForWorkerScriptsEnabled policy allows you to keep the current behavior.

• Chrome sends Private Network Access preflights for subresources   
  
  Chrome 104 started sending a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching Access-Control-Allow-Private-Network: true header, a warning is shown in DevTools. For more details, see this  blog post.
  
  In Chrome 109 at the earliest, the warnings will turn into errors and affected requests will fail. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.
  
  If you want to test this feature in advance, you can enable warnings using chrome://flags/#private-network-access-send-preflights. If you want to test how it behaves once warnings turn into errors, you can enable chrome://flags/#private-network-access-respect-preflight-results.
  
  Chrome is making this change to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks. To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion and latest updates about Private Network Access preflights.

• Default to origin-keyed agent clustering in Chrome 109   
  
  As early as Chrome 109, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior.
  
  Note: document.domain has no effect if only one document sets it.
  
  The OriginAgentClusterDefaultEnabled enterprise policy will allow you to extend the current behavior.

• Intent to deprecate and remove: Event.path   
  
  To improve web compatibility, we will stop supporting the non-standard API Event.path as early as Chrome 109. Websites should migrate to Event.composedPath(), which is a standard API that returns the same result. If you need additional time to adjust, a policy EventPathEnabled, available on Windows, Mac, Linux, ChromeOS, Android and WebView will allow you to extend the lifetime of Event.path by an additional 6 milestones.

• MetricsReportingEnabled policy will be available on Android in Chrome   
  
  As early as Chrome 109, Chrome on Android will slightly modify the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there will be no change to the first run experience. If the admin enables metrics, users will still be able to change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.

• Windows 10 as minimum required version in Chrome 110   
  
  Microsoft ends support for Windows 7 ESU and Windows 8.1 extended support on January 10, 2023. Chrome 110, tentatively scheduled for release on February 7, is the first version of Chrome which will have a minimum Windows version of Windows 10.

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 111, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

• Chrome apps no longer supported on Windows, Mac, and Linux   
  
  As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 111 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.
  
  Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable. 
  
  Starting with Chrome 111, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
   

  Property	Extension ID (Chrome App)	install_url (PWA / Web App)
  Gmail	pjkljhegncpnkpknbcohdijeoejaedia	https://mail.google.com/mail/ installwebapp?usp=admin
  Docs	aohghmighlieiainnegkcijnfilokake	https://docs.google.com/document/ installwebapp?usp=admin
  Drive	apdfllckaahabafndbhieahigkjlhalf	https://drive.google.com/drive/ installwebapp?usp=admin
  Sheets	felcaaldnbdncclmgdcncolpebgiejap	https://docs.google.com/spreadsheets/ installwebapp?usp=admin
  Slides	aapocclcgogkmnckokdopfmhonfmgoek	https://docs.google.com/presentation/ installwebapp?usp=admin
  Youtube	blpcfgokakmgnkcojhhkbfbldkacnbeo	https://www.youtube.com/s/notifications/ manifest/cr_install.html

• Deprecation of Web SQL and other old Storage features   
  
  The Web SQL API is rarely used, and since its removal by Safari, only Chromium-based browsers have supported it. It requires frequent security fixes, and developers have been discouraged from using it for years. We're now engaging in an effort to seek out and warn anyone who may still be using Web SQL, with the goal of removing it entirely in 2023. 
  
  What you need to do depends on how you're using Web SQL:
   
  • If you're just using Web SQL to detect whether a given browser is Chrome, that method will stop working when Web SQL is removed. Navigator.userAgentData is a better alternative.
  • If you're using Web SQL to simply store a few data points, localStorage and sessionStorage provide easier ways to do this.
  • However, if you're using Web SQL for more complex storage, you'll need to find a proper replacement.
  
  
  Here are some migration options for more complex storage:
   
  • If your storage needs don't require a relational database, IndexedDB is the standard solution for structured storage on the web. Large sites rely on IndexedDB, and all major browsers support it.
  • For those who do need a relational database, we are partnering with the SQLite team to create an evergreen cross-browser Web SQL replacement. The team is adding a web backend to SQLite, using Emscripten to compile it to WebAssembly and leveraging the new File System Access Handles API as a low-level virtual file interface. We expect this to be ready for use early in 2023. For more information, see our blog post Deprecating and removing Web SQL, which we'll update when noteworthy events occur.
  
  
  We've already disabled Web SQL in third-party contexts. The next step is to remove support in non-secure contexts.  In Chrome 105, we introduced a deprecation warning in DevTools. We'll remove this support in early 2023. An enterprise policy, WebSQLNonSecureContextEnabled, will let Web SQL function in non-secure contexts for a few months past the removal date.
  
  In early 2023, we will also remove the window.webkitStorageInfo API. This legacy quota API has been deprecated since 2013, and has been replaced by the now standardized StorageManager API.

• Extensions must be updated to leverage Manifest V3   
  
  Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3.
  
  All new extensions submitted to the Chrome Web Store already must implement Manifest V3, but existing Manifest V2 extensions can still be updated, and still run in Chrome.
  
  In 2023, extensions using Manifest V2 will cease running in Chrome. If your organization is running extensions that use Manifest V2, you must update them to leverage Manifest V3. If you need additional time to adjust to the Manifest V3 transition, you'll be able to extend Manifest V2 support in Chrome using an enterprise policy until January 2024.
  
  You can see which manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.
  
  For more details, refer to the Manifest V2 support timeline.
  
  

Upcoming ChromeOS changes

• Fast Pair   
  
  Fast Pair makes Bluetooth pairing easier on ChromeOS devices and Android phones. When you turn on your Fast Pair-enabled accessory, it automatically detects and pairs with your ChromeOS device or Android phone in a single tap. Fast Pair also associates your Bluetooth accessory with your Google account, making it incredibly simple to move between devices without missing a beat. This feature will be available as early as ChromeOS 108.

   

• Passpoint: Seamless, secure connection to Wi-Fi networks   
  
  Starting as early as ChromeOS 108, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.

• ChromeOS Camera App: Document scanning improvements   
  
  From M107, document scanning in the ChromeOS Camera App will be automatically downloaded when the user selects it, making it available to more devices including those with Apollo Lake and MT8173 processors. From M108, the document scanning feature will support taking multiple pages and combining them into a single PDF.

   

• Cursive pre-installed for Enterprise and Education accounts   
  
  As early as ChromeOS 109, Cursive is a stylus-first notes app for Chromebooks. In an upcoming release, it will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks.

   

• Super Resolution Audio for Bluetooth headset microphones   
  
  Starting in 109, your ChromeOS device will help you sound more natural in calls and conferences by reconstructing the high-frequency audio components that are not transmitted from Bluetooth headsets.

• Channel labeling on ChromeOS   
  
  Trying out the latest version of ChromeOS? For users on non-stable channels (Beta, Dev, Canary), starting in 109 you will see which channel you are on in the bottom right. Selecting the time to open quick settings will have a new UI with the device build as well as a button directly to submit feedback.

   

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

• Accurate screen labels for window placement   
  
  Chrome 105 launched a feature to display a label that meaningfully describes the screen to a user. For example, you can use this label to request permission to open and place windows on a connected screen.
  
  This feature is a requested enhancement of the Multi-Screen Window Placement API which launched in Chrome 100, and was first rolled out in Chrome 105. You can read more on our Chrome Platform Status page. Enterprise policies are available to control access to the Window Placement API: WindowPlacementAllowedForUrls and WindowPlacementBlockedForUrls.

• Chrome shows Journeys on the History page on Android     
   

   

  Chrome 96 started clustering local browsing activity on the History page into Journeys. This makes it easier to find prior activity and to resume related search suggestions. This feature rolls out to some users on Android starting in Chrome 106. For keywords typed into the Omnibox that match a cluster, an action chip displays for seamless access to the Journeys view. Users can delete clusters and disable Journeys, if desired. Additionally, admins can disable this feature using the HistoryClustersVisible policy.

• Incognito lock on Android   
  
  Chrome 106 on Android 11 and later requires authentication when resuming an Incognito session. The feature is disabled by default. It can be enabled using the new Lock Incognito tabs when you leave Chrome toggle under Settings > Privacy and security. This feature is not available on managed devices where the IncognitoModeAvailability enterprise policy is set to Disabled.

• Incognito downloads prompt on Android   
  
  When a user initiates a download while browsing on an Incognito tab, they now see a new prompt. Users can dismiss the prompt or tap Download to save the file. Files downloaded on Incognito continue to be accessible through the download manager.

• Release of Prerender2 in Desktop   
  
  Expanding our prerender efforts released on Chrome 101 for Android, we shipped Prerender2 for Desktop in Chrome 105 which allows Chrome to pre-render pages that the user may highly-likely navigate next, aiming to produce an instant navigation. An enterprise policy, NetworkPredictionOptions, is available to block the usage of all prerendering activities which results in Chrome ignoring any hints or triggers to prerender a page. See our article for more information.

• Chrome allows users to search their history, bookmarks, and tabs directly in the Omnibox   
  
  Chrome 106 helps users to quickly find what they are looking for by enabling them to search their history, bookmarks, or tabs directly in the Omnibox.  Using one of the prepopulated shortcuts—@history, @bookmarks, or @tabs—users can choose to conduct a focused search limited to the area selected. You can change or deactivate these shortcuts in Settings -> Search Engine > Manage search engine and site search > Site search.

• New lock screen widgets for iOS 16   
  
  On iOS16 devices and up, Chrome enables four new lock screen widgets. These widgets allow users to search in Chrome, or search with voice, or in Incognito mode, or quickly start the dino game.
  

• Updates to the instructional chip shown when using region search   
  
  When using Google Lens, some users see a new look on their instructional chip, which includes a helpful icon and updated text. This ensures users have all the information they need to search visual elements on their screen. You can control this feature with the LensRegionSearchEnabled enterprise policy.
  
  

• Persistent quota deprecation launch   
  
  In Chrome 106, the window.PERSISTENT quota type in webkitRequestFileSystem is no longer supported. webkitRequestFileSystem still accepts a type parameter and use of the PERSISTENT and TEMPORARY types creates file systems with separate roots, but the PERSISTENT type no longer grants access to a persistent file system. 
  
  Legacy quota API navigator.webkitPersistentStorage is an alias to navigator.webkitTemporaryStorage. The deprecated quota, API webkitStorageInfo, ignores the storageType parameter for its methods.

• Changes to chrome.runtime   
  
  In Chrome 106, chrome.runtime is no longer defined unconditionally on all sites. In contexts where there is no connectable extension, websites should never expect chrome.runtime to be defined.
  
  Over the past couple of months, we have taken steps to remove Chrome's legacy U2F security API. This API was implemented in an internal Chrome extension called CryptoToken, which by design was externally connectable from all URLs. The presence of this extension meant that chrome.runtime was effectively always defined on any web origin, because there was always at least one extension to connect to, even if the user installed no other connectable extensions. As part of the U2F removal process, Chrome 106 stops loading CryptoToken by default, which means that chrome.runtime is now undefined in contexts where there is no other connectable extension. 
  
  Websites should never assume that chrome.runtime is defined unconditionally. As a temporary workaround, the effects of this change can be reversed by enabling the chrome://flags/#load-cryptotoken-extension flag or by using the enterprise policy named LoadCryptoTokenExtension.

• New and updated policies in Chrome browser   
   

  Policy	Description
  LoadCryptoTokenExtension	Load the CryptoToken component extension at startup.
  OnPrintEnterpriseConnector	Configuration policy for the OnPrint Google Enterprise Connector.
  EnterpriseProfileCreationKeepBrowsingData	Keep browsing data by default when creating enterprise profile.
  PersistentQuotaEnabled	Enable or disable persistent quota.
  PrefixedStorageInfoEnabled	Re-enable the deprecated window.webkitStorageInfo API.

  
  
  

ChromeOS updates

• Default link capture behavior   
  
  Newly installed apps no longer handle links clicked in the browser by default. Links clicked in the browser are always opened in the browser, unless the Open supported links setting is enabled from the Settings app.
  

Admin console updates

• Networks management in Chrome Policy API   
  
  We have added support for network management in the Chrome Policy API. This allows admins to use the API to create, delete, and configure WiFi, ethernet, and VPN networks, and certificates. For more details, see Policy schema names.

• CUPS print servers management in Chrome Policy API   
  
  Admins can now create, delete, and manage print server configurations within their ecosystem using the Chrome Policy API. For more details, see the Chrome Printer Management API guide and Policy schema names.

• Support for group-based policies for printers in Policy API   
  
  Adding to existing support for printer management on an OU-by-OU basis, admins can now modify printer settings for particular Google groups within their organization using the Policy API. For more details, see Group policy.

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  WebUsbAllowDevicesForUrls	User & Browser Settings; Managed Guest Session	Chrome ChromeOS Android	Hardware > WebUSB API allowed devices
  ApplicationLocaleValue	User & Browser Settings	Windows	User experience > Browser locale
  RestoreOnStartup	User & Browser Settings; Managed Guest Session	Chrome ChromeOS	Startup > Pages to load on startup

   

Coming soon

Upcoming Chrome browser changes

• Support for Encrypted Client Hello (ECH)   
  
  As early as Chrome 107, Chrome will start rolling out support for ECH on sites that opt-in, as a continuation of our network related efforts to improve our users’ privacy and safety on the web, for example, Secure DNS. 

   

  If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it with Chrome 106. You can enable the new behavior by navigating to chrome://flags and enabling the #encrypted-client-hello flag. On Windows and Linux, you also need to enable Secure DNS for the flag to have an effect.

  If you encounter any incompatibilities, you will be able to use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH.

• Link anonymization when entering Incognito   
  
  As early as Chrome 107, Chrome will remove some URL parameters when a user selects Open link in incognito window from the context menu. You can control this behavior with the UrlParamFilterEnabled enterprise policy.

• Device token deletion   
  
  As early as Chrome 107, when deleting a browser from the managed browsers list in the Admin console, a new policy will allow you to automatically delete the device token on the end-point devices. The default value will remain to invalidate the device token.

• MetricsReportingEnabled policy will be available on Android in Chrome   
  
  As early as Chrome 107, Chrome on Android will slightly modify the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there will be no change to the first run experience. If the admin enables metrics, users will still be able to change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.

• Removal of window.webkitStorageInfo   
  
  As early as Chrome 107, window.webkitStorageInfo API will be removed. This legacy quota API has been deprecated since 2013, and has been replaced by the now standardized StorageManager API.

• Removal of master_preferences   
  
  master_preferences and initial_preferences are ways of setting default preferences for a Chrome install. The historical name of the file is master_preferences, but it was renamed to initial_preferences in Chrome 91. To make the transition easy for IT admins, from Chrome 91 to Chrome 107, naming the file either initial_preferences or master_preferences has the same effect. In Chrome 108, if you name the file master_preferences, it will not work by default. You should rename the file initial_preferences.
  
  Alternatively, you will be able to use the CompatibleInitialPreferences enterprise policy to extend support for the master_preferences naming. This policy is not currently available.

• User-Agent reduction Phase 5   
  
  Beginning in Chrome 107, some portions of the User-Agent string will be reduced on desktop devices. As previously detailed in the Chromium blog,  we intend to proceed with Phase 5 of the User-Agent reduction plan. The <platform> and <oscpu> tokens, parts of the User-Agent string, are reduced to the relevant <unifiedPlatform> token values, and will no longer be updated. Additionally, the values for navigator.platform are frozen on desktop platforms. For more details, see this Chromium update.
  
  The UserAgentReduction policy will allow for opting out of these changes.

• Automated password changes on Desktop   
  
  Chrome 107 will allow users to change their passwords automatically using Google Assistant on Desktop. If their passwords have been compromised, for example, this feature makes it easier to change passwords, and ultimately will help keep users safer. A policy will be available to enable or disable automated password changes in Google Assistant.

• Chrome sends Private Network Access preflights for subresources   
  
  Chrome 104 started sending a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching Access-Control-Allow-Private-Network: true header, a warning is shown in DevTools. For more details, see this blog post).
  
  In Chrome 107 at the earliest, the warnings will turn into errors and affected requests will fail. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.
  
  If you want to test this feature in advance, you can enable warnings using chrome://flags/#private-network-access-send-preflights. If you want to test how it behaves once warnings turn into errors, you can enable chrome://flags/#private-network-access-respect-preflight-results.
  
  Chrome is making this change to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks. To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion and latest updates about Private Network Access preflights.

• Marshmallow deprecation for Chrome on Android   
  
  Chrome 106 is the last version that supports Android 6.0 Marshmallow. From Chrome 107 and onwards, the minimum version supported is Android 7.0 Nougat.

• BuiltinCertificateVerifierEnabled being removed on Mac   
  
  The BuiltinCertificateVerifierEnabled policy will be removed in Chrome 107 on Mac. This policy was used to control the use of the built-in certificate verifier while using the platform provided root store. Starting in Chrome 105, a new implementation is available that uses the built-in certificate verifier with the Chrome Root Store. The new implementation may be controlled by the ChromeRootStoreEnabled policy.

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 108, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

• Chrome apps no longer supported on Windows, Mac, and Linux   
  
  As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 109 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones. 
  
  Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable. 
  
  Starting with Chrome 109, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
   

  Property	Extension ID (Chrome App)	install_url  (PWA / Web App)
  Gmail	pjkljhegncpnkpknbcohdijeoejaedia	https://mail.google.com/mail/installwebapp?usp=admin
  Docs	aohghmighlieiainnegkcijnfilokake	https://docs.google.com/document/ installwebapp?usp=admin
  Drive	apdfllckaahabafndbhieahigkjlhalf	https://drive.google.com/drive/ installwebapp?usp=admin
  Sheets	felcaaldnbdncclmgdcncolpebgiejap	https://docs.google.com/spreadsheets/ installwebapp?usp=admin
  Slides	aapocclcgogkmnckokdopfmhonfmgoek	https://docs.google.com/presentation/ installwebapp?usp=admin
  Youtube	blpcfgokakmgnkcojhhkbfbldkacnbeo	https://www.youtube.com/s/notifications/ manifest/cr_install.html

  
   

• Default to origin-keyed agent clustering in Chrome 109   
  
  As early as Chrome 109, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior.
  
  Note: document.domain has no effect if only one document sets it.

   

  The OriginAgentClusterDefaultEnabled enterprise policy will allow you to extend the current behavior.

• Intent to deprecate and remove: Event.path   
  
  To improve web compatibility, we will stop supporting the non-standard API Event.path as early as Chrome 109. Websites should migrate to Event.composedPath(), which is a standard API that returns the same result. If you need additional time to adjust, a policy EventPathEnabled, available on Windows, Mac, Linux, ChromeOS, Android and WebView will allow you to extend the lifetime of Event.path by an additional 6 milestones.

• Windows 10 as minimum required version in Chrome 110   
  
  Microsoft ends support for Windows 7 ESU and Windows 8.1 extended support on January 10, 2023. Chrome 110, tentatively scheduled for release on February 7, is the first version of Chrome which will have a minimum Windows version of Windows 10.

• Web SQL deprecation in non-secure contexts   
  
  The non-standard Web SQL API is rarely used and requires frequent security fixes. At this point, only Chromium-based browsers support it. Web developers have been discouraged from using it for years. We are engaging in a careful process to seek out and warn partners who may still be using Web SQL, with the goal of removing it from Chrome entirely in 2023. Meanwhile, we're working on a replacement using WebAssembly.
  
  We've already disabled Web SQL in third-party contexts. The next step is to remove support in non-secure contexts.  In Chrome 105, we introduced a deprecation warning in DevTools. In early 2023, we plan to remove support in third-party contexts.
  
  An enterprise policy, WebSQLNonSecureContextEnabled, is available when support ends, to allow Web SQL API to function in non-secure contexts if needed. The policy will expire in alignment with the API’s non-secure context removal schedule, currently planned for Chrome 110.

• Extensions must be updated to leverage Manifest V3   
  
  Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 
  
  All new extensions submitted to the Chrome Web Store already must implement Manifest V3, but existing Manifest V2 extensions can still be updated, and still run in Chrome.
  
  In 2023, extensions using Manifest V2 will cease running in Chrome. If your organization is running extensions that use Manifest V2, you must update them to leverage Manifest V3. If you need additional time to adjust to the Manifest V3 transition, you'll be able to extend Manifest V2 support in Chrome using an enterprise policy until at least January 2024.
  
  You can see which manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.
  
  For more details, refer to our recent update on the transition to Manifest V3 and to the Manifest V2 support timeline.