Last updated on: November 16, 2021
For administrators who manage Chrome browser or Chrome OS devices for a business or school.
We are in the process of improving the release notes and we would love to hear your feedback. Please fill out this survey to let us know what you think.
Chrome 96
Chrome browser updates
- Chrome on Android no longer supports Android Lollipop
Chrome 96 does not support or ship to users running Android Lollipop.
The last version of Chrome that supports Android Lollipop is Chrome 95, and it included a message to affected users informing them to upgrade their operating system.
- Apps shortcut in the bookmarks bar defaults to off
The Apps shortcut in the bookmarks bar now defaults to off. Chrome also updates the current state for all users who have not changed their setting to the new default (off).
- Network data moves to a new folder on Windows
Data that is needed by the network service, including cookies and other data files, is now stored in a subdirectory underneath the previous location called Network. This is to support the upcoming Network Sandbox (see below). This migration happens automatically and transparently. No action is required, however, you might need to update any scripts that rely on the location of these files.
- New security events for BeyondCorp Enterprise Threat and Data Protection
Chrome 96 adds two new security events to BeyondCorp Enterprise Threat and Data Protection: Password leak and login. This functionality allows admins to understand enterprise credential usage, to shadow IT within their organization, and to stay ahead of potential security incidents regarding passwords exposed in data breaches.
- Feature flag to force the Chrome Major Version number to 100
Starting in Chrome 96, users and site owners can experiment with the upcoming three-digit (Chrome 100) major release version number in the User-Agent string by turning on the ForceMajorVersion100InUserAgent flag. This forces the browser to send 100 as the major version number. When browsers went from version 9 to 10, the increase in the number of digits in the major version number uncovered many issues in User-Agent string parsing libraries. With this feature flag, we can uncover and address these issues before Chrome 100 rolls out. We encourage admins to submit any issues encountered here.
- DNS-based HTTP to HTTPS redirect
Chrome queries DNS for HTTPS records (alongside traditional A and AAAA queries). When a website has deployed an HTTPS DNS record and Chrome receives it, Chrome always connects to the website via HTTPS (Chrome Status). This was previously enabled for 50% of users on the Canary, Dev, and Beta channels.
- Chrome shows Journeys in the History page
For some users, Chrome 96 clusters local browsing activity on the History page into Journeys to make it easier to find prior activity and continue it with related search suggestions. For keywords typed into the Omnibox that match a cluster, an action chip displays for seamless access to the Journeys view. Users can delete clusters and disable Journeys, if desired. Additionally, admins will have the option to disable this feature using the HistoryClustersVisible policy, starting in Chrome 97.
- Chrome starts deprecating the U2F security key API
The U2F API is Chrome's legacy API for interacting with USB security keys. It has been superseded by the W3C Web Authentication API (WebAuthn). Beginning with Chrome 96, when sites make U2F API requests, users might see a prompt that includes a notice about the U2F API’s deprecation. In Chrome 98, Chrome will disable the U2F API by default. With Chrome 104, the U2F API will be removed from Chrome.
Sites can continue to use the U2F API beyond Chrome 98 if they enroll in an Origin Trial. Using the Origin Trial also suppresses the deprecation prompt on the enrolled pages. The Origin Trial will end on July 26, 2022, shortly before the release of Chrome 104.
Enterprises can suppress deprecation related changes, and keep the U2F enabled, by using the U2fSecurityKeyApiEnabled enterprise policy. This enterprise policy will be removed from Chrome, together with the U2F API, in Chrome 104.
If you run a website that still uses this API, please refer to the deprecation announcement and blog post for more details.
- Chrome on Android shows reuse warnings for Google passwords
Similar to Chrome on other platforms, Chrome on Android now shows warnings if it detects that your Google passwords were reused on a malicious website. You can control this behavior using the PasswordProtectionWarningTrigger enterprise policy.
- Chrome sync ends support for Chrome 48 and earlier
As previously communicated, Chrome sync no longer supports Chrome 48 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome sync.
- Migrate to Open Screen Library Cast channel
Chrome 96 uses a new implementation, Open Screen Library, to connect to devices that support Cast, such as Chromecast, Nest Hub and Android TV. For Chrome users, this does not affect how Cast works.
- Google Toolbar for Internet Explorer no longer available
The Google Toolbar for Internet Explorer is being phased out. As of mid-November, it will no longer be available for download.
- Chrome installer for macOS now available as a single universal version
The.dmginstaller available to users on macOS now contains both the x86_64 and the arm64 versions of the product. When installing, users no longer have to choose the CPU architecture. With Chrome 96, existing Chrome installations will be updated to universal automatically. This may increase the size of Chrome on disk.
Note that the enterprise-specific.pkginstaller was already a universal installer.
- New and updated policies in Chrome browser
Policy Description SyncDisabled (new on iOS)
Control Chrome sync.
Allow use of the deprecated U2F Security Key API.
Allow user cloud policies to override Chrome Browser Cloud Management policies.
Allow Chrome to block navigations toward external protocols in sandboxed iframes.
BrowsingDataLifetime (new on Android)
Configure (per data-type) when data is deleted by the browser.
Temporarily re-enables WebSQL in third-party contexts.
Prompt for the client certificate when multiple certificates match.
Controls whether or not the network service process runs sandboxed.
Chrome OS updates
For over a decade, Chrome OS has delivered new milestone releases every six weeks, providing users and IT with a secure, speedy, and stable experience. Earlier this year, we announced that Chrome OS would switch to a 4-week stable release, starting with Chrome 96. This shift allows us to deliver features and security updates more quickly.
- Long-term support channel
From Chrome 96, Chrome OS provides an option for organizations to use a new Long-term support (LTS) channel, with feature milestone updates every six months. Devices on the LTS channel will still receive frequent security updates. Admins can easily switch from LTS to other channels if desired. For more details, see this article.
- Cloud Based Certificate Provisioning using SCEP
Chrome OS provides a new way to provision and renew certificates on managed devices in Microsoft Active Directory Certificate Service (ADCS) environments using the Simple Certificate Enrollment Protocol (SCEP). The new provisioning flow, for device-based certificates, enables automated certificate deployment and renewals that occur with no end user interaction and before user sign-in. For more details, see this article.
- SAML password change : Chrome Device Token API
Chrome 96 supports password updates on Chrome OS devices after a user’s password is changed on a third-party Identity Provider (IdP). This helps to increase the convenience for the end user, and to enforce corporate policies on Chrome OS devices. Admins can use the Chrome Device Token API to allow IdPs to notify Chrome OS devices that users have changed their password. API documentation is available, and this article (step 4/5) has been updated with guidance for administrators.
- Terms of Service for managed user sessions
Admins can now display their Terms of Service to users at the beginning of every managed user’s session. This functionality was previously available for managed guest sessions only.
- Side Search on Chrome OS
To make it easier to compare search results and find what you’re looking for more quickly in Chrome browser, there’s a new side panel in Chrome OS. You can now view a page and the search results at the same time. This lets you view a page right in your main browser window without needing to navigate back and forth or losing your search results. Admins can disable this feature via the SideSearchEnabled policy.
- Nearby Share from ARC++ sharesheet
This feature allows users to use Nearby Share from Android Runtime for Chrome (ARC++). Prior to this Nearby Share has been available in Files app, PWAs and other system apps. Nearby Share allows users to easily share content across devices, for example, from Chromebook to a device running Chrome browser, such as an Android phone or a Windows PC.
- Switch Access setup guide
Switch Access is an alternate input method that enables users to control their device with just one or more buttons. As of Chrome 96, Switch Access users will now have a setup guide which will help walk new users through the process of setting up and using their switches.
- New preference setting for link capturing
This adds a new preference to Apps settings that allows users to set apps as the default handler of supported links. For example, the Zoom PWA can become the default handler for zoom.us links.
- Add clipboard suggestions to on-screen keyboard
Chrome 96 suggests recently copied items in the on-screen keyboard or Virtual Keyboard suggestion row to simplify your paste actions. If you copy an item and open your Virtual Keyboard you should see that item as an option in the top row. Click it to paste. Previously, Chrome 94 made clipboard items accessible from the virtual keyboard. Chrome 96 adds clipboard items copied within the last two minutes to the suggestion row in the virtual keyboard for even easier access.
- Chrome Wallpaper app enhancements
TheChrome OS wallpaper picker now has a more visual UI that helps users to select from a variety of wallpaper collections or their own images. Users can open it from the home screen using right-click > Set wallpaper.
- Notification settings move to Chrome OS Settings
Chrome 96 includes a new dedicated Notifications page in Chrome OS Settings. In earlier releases, Notifications were accessed from the Quick Settings menu.
Admin console updates
- New interface for selecting Chrome apps and extensions
The Admin console now uses the same user interface as the Chrome Web Store for selecting new Chrome apps and extensions.
- New policies in the Admin console
Policy Name Pages Supported on Category/Field Device Settings
Chrome OS
Other settings > Data access protection for peripherals
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Android
Content > Request from insecure websites to more-private network endpoints
Device Settings
Chrome OS
Kiosk settings > Kiosk virtual keyboard features
User & Browser Settings;
Managed Guest Session Settings
Chrome OS
User experience > Allowed input methods
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Security > Insecure Media Capture
User & Browser Settings;
Managed Guest Session Settings
Chrome OS
User experience > Allowed chrome OS languages
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
User experience > Spell check > Enforced spellcheck languages
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
User experience > Spell check > Disabled spellcheck languages
User & Browser Settings
Chrome
Chrome OS
Content > Allow WebAssembly cross-origin
User & Browser Settings
Chrome OS
Security > SAML single sign-on password synchronization flows
User & Browser Settings
Chrome OS
Security > SAML single sign-on password synchronization > Password synchronization between third-party SSO providers and Chrome devices
User & Browser Settings
Chrome OS
Security > SAML single sign-on password synchronization > How many days in advance to notify SAML users when their password is due to expire
User & Browser Settings
Chrome
Sign-in settings > Separate profile for managed Google Identity
User & Browser Settings
Chrome OS
Android applications > Sharing from Android apps to Web apps
Coming soon
Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.
Upcoming Chrome browser changes
- Launch Control Flow Guard for Windows
As early as Chrome 97, Chrome will make security improvements by introducing Control Flow Guard (CFG) for Windows. This change might cause interoperability issues with software that injects code into Chrome’s process space, such as Data Loss Prevention software. Please file a bug to let us know if you encounter issues.
As CFG affects how Chrome is compiled, it will not be possible to control it via enterprise policies, but you can test it in the Dev and Beta channels for Chrome 97.
- Network Service on Windows will be sandboxed
As early as Chrome 97, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. An enterprise policy has been added to allow early testing of the new sandbox, and to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.
- Certificate Transparency enabled on Chrome for Android
Certificate Transparency is already enforced on desktop platforms, and will be enforced for some users on Chrome 97 for Android, with a wider release planned for a later version. You can selectively disable Certificate Transparency using the CertificateTransparencyEnforcementDisabledForCas, CertificateTransparencyEnforcementDisabledForLegacyCas, and CertificateTransparencyEnforcementDisabledForUrls enterprise policies.
- CORS Authorization mishandling
When scripts make a cross-origin network request via fetch() and XMLHttpRequest with an Authorization header, the header should be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response (Chrome Status). The wildcard symbol (*) in the Access-Control-Allow-Headers should not work. This has not been implemented correctly, and the wildcard symbol has taken effect. This will be fixed in Chrome 97.
Note that Authorization headers attached by Chrome during the authentication process are out of scope for this change.
- Chrome will maintain its own default root store
As early as Chrome 98, to improve user security, and provide a consistent experience across different platforms, Chrome intends to maintain its own default root store. If you are an enterprise admin managing your own Certificate Authority (CA), you should not have to manage multiple root stores. We do not anticipate any changes will be required for how enterprises currently manage their fleet and trusted enterprise CAs, such as through group policy, macOS Keychain Access, or system management tools like Puppet.
- Chrome will no longer allow TLS 1.0 or TLS 1.1
The SSLVersionMin policy no longer allows setting a minimum version of TLS 1.0 or 1.1. This means the policy can no longer be used to suppress Chrome's interstitial warnings for TLS 1.0 and 1.1. Administrators must upgrade any remaining TLS 1.0 and 1.1 servers to TLS 1.2.
In Chrome 91 we announced that the policy no longer works, but users could still bypass the interstitial. In Chrome 98, it will no longer be possible to bypass the interstitial.
- Chrome Autofill will be more predictable
Chrome Autofill will be more visible with a new menu position. It will also add dynamic highlighting to show precisely what fields will be filled automatically.
- New Manifest V2 extensions not accepted after January 17, 2022
As part of the gradual deprecation of Manifest V2, the Chrome Web Store will stop accepting submissions of new Manifest V2 extensions after January 17, 2022. This applies to all new extension submissions with visibility set to Public or Unlisted.
The change will not affect updates to already published extensions. Also, it will not impact extensions with visibility set to Private. The change is not expected to affect the operation of any existing extensions already deployed in Chrome.
Note that the next phase of deprecation in June of 2022, is expected to expand this restriction to extensions with Private visibility, which may have a more significant impact on Enterprise extension workflows.
For more details, refer to the Manifest V2 support timeline.
- Different-origin iframes JavaScript dialogs deprecation has been postponed indefinitely
Previously, we announced a planned change that would cause Chrome to prevent iframes from triggering prompts (window.alert,window.confirm,window.prompt), if the iframe is a different origin from the top-level page. This change was originally planned for Chrome 92, but has been postponed indefinitely due to the feedback we received on this change. We will provide advance notice in the future if we decide to re-enable this change.
You can test if this future change will affect applications now by setting the enable_features=SuppressDifferentOriginSubframeJSDialogs flag.
Upcoming Admin console changes
- Browser list data downloadable in CSV format
As early as Chrome 97, Chrome will introduce an optional CSV format to download the browser list data from the Admin console.
- Read-only privilege for managed browsers
As early as Chrome 97, Chrome will introduce a read-only privilege for managed browsers. Admins will be able to easily create custom admin roles with read-only access to managed browsers in the Admin console.
- Reports overview page
A new reports overview page will provide a summary of all the reports available. The new page will be available under the Device > Chrome > Reports menu.
- Insights report: Devices that need attention
A new report will highlight categories of devices that require attention. The new report will be available under the Device > Chrome > Reports > Insights menu.
The categories are:- Devices that have not synched policies in 28 days
- Devices that have not seen user activity in 28 days
- Devices that are pending OS updates
- Devices that are not compliant with the OS version that was set by policy
- For example, if a device policy requires Chrome 94 running on devices, but several devices are on Chrome 90
- Devices that are unable to apply a policy due to an OS mismatch
- For example, if a set policy due to be applied has a minimum supported Chrome OS version of Chrome 96, but devices are on Chrome 90
Clicking on the category will take you to the device list page with filters applied according to the category.
For more details, see this Help Center article.
Previous release notes
|
Chrome version & targeted Stable channel release date |
|
|---|---|
| Chrome 95: October 19, 2021 | |
| Chrome 94 OS: October 14, 2021 | |
| Chrome 94: September 21, 2021 | |
| Chrome 93: August 31, 2021 | |
| Archived release notes → |
Open all | Close all Chrome 95
These Chrome 95 release notes contain Chrome Browser updates only. To bridge the gap between Chrome 94 and Chrome 96, Chrome OS will skip Chrome 95 and will include all relevant security fixes on the Chrome 94 milestone.
| Chrome browser updates | Security | User productivity/ Apps | Management |
|---|---|---|---|
| Stricter parsing rules for Legacy Browser Support | ✓ | ||
| Origin Trial for reduced User-Agent strings | ✓ | ||
| Chrome deprecates WebAssembly cross-origin module sharing | ✓ | ||
| Explicit user prompts for Autofill addresses | ✓ | ✓ | |
| New Side Panel feature | ✓ | ||
| New and updated policies in Chrome browser | ✓ | ||
| Admin console updates | Security | User productivity/ Apps | Management |
| New policies in the Admin console | ✓ | ||
| Upcoming Chrome browser updates | Security | User productivity/ Apps | Management |
| Chrome on Android will no longer support Android Lollipop | ✓ | ||
| Apps shortcut in the bookmarks bar will default to off | ✓ | ||
| Network data will be migrated to a new folder on Windows | ✓ | ||
| Network service on Windows will be sandboxed | ✓ | ||
| New security events for BeyondCorp Enterprise Threat and Data Protection | ✓ | ✓ | |
| NewTabPageLocation enterprise policy on Incognito | ✓ | ||
| Feature flag to force the Chrome major version number to 100 | ✓ | ||
| DNS-based HTTP to HTTPS redirect | ✓ | ||
| Chrome will begin deprecating the U2F Security Key API | ✓ | ✓ | |
| CORS Authorization mishandling | ✓ | ||
| Chrome will maintain its own default root store | ✓ | ✓ | |
| Chrome will remove legacy policies with non-inclusive names | ✓ | ||
| Chrome will no longer allow TLS 1.0 or TLS 1.1 | ✓ | ✓ | |
| Different-origin iframes will no longer trigger JavaScript dialogs | ✓ | ✓ | |
| Upcoming Admin console updates | Security | User productivity/ Apps | Management |
| Browser list data downloadable in CSV format | ✓ |
Chrome browser updates
- Stricter parsing rules for Legacy Browser Support
Organizations that rely on Legacy Browser Support (LBS) to redirect their users to Microsoft Edge or Internet Explorer can use the BrowserSwitcherParsingMode policy to choose how their site list is interpreted by Chrome. If set to IESiteListMode, Chrome interprets those rules in the same way as Edge and Internet Explorer.
- Origin Trial for reduced User-Agent strings
Chrome 95 begins an Origin Trial for the fully reduced User-Agent string. We would like sites to begin participating in the trial so we may collect feedback and allow sites to have ample time to address breakage. The reduced User-Agent string appears in both the User-Agent HTTP request header and the JavaScript APIs that access the User-Agent string (navigator.userAgent,navigator.appVersion,navigator.platform). This Origin Trial will run over the next six releases, until the reduced User-Agent starts a phased rollout. Subsequently, for sites that may need more time for migration, a deprecation Origin Trial will be available. Enterprises can opt in to the Origin Trial here when it is available.
- Chrome deprecates WebAssembly cross-origin module sharing
Chrome 95 prevents WebAssembly module sharing between cross-origin but same-site environments. This allows agent clusters to be tied to origins in the long-term. This change conforms to recent changes in the WebAssembly spec (Chrome Status).
If your enterprise needs any additional time to adjust to this change, a temporary enterprise policy CrossOriginWebAssemblyModuleSharingEnabled is available to allow module sharing for cross-origin same-site environments. This policy will be removed in Chrome 97.
- Explicit user prompts for Autofill addresses
In previous releases, when Autofill was enabled, Chrome saved detected addresses as users submitted forms. This update provides more transparency and control to the user by adding a save prompt, and giving the user the control to edit, save, update, or discard the detected address before it is stored. When the AutofillAddressEnabled policy is set to false, this feature is not enabled.
- New Side Panel feature
Chrome on Windows, Mac, ChromeOS, and Linux, introduces a new side panel feature. This panel, opened by a toolbar icon, provides easier access to the Reading list and Bookmarks, in a vertical list. The side panel can be left open while the user browses.
- New and updated policies in Chrome browser
Policy
Description
Setting the policy to Enabled or leaving it unset will enable ProcessExtensionPointDisablePolicy to block legacy extension points in the Browser process.
This policy controls how Google Chrome interprets sitelist/greylist policies for the Legacy Browser Support feature. It affects the following policies: BrowserSwitcherUrlList, BrowserSwitcherUrlGreylist, BrowserSwitcherUseIeSitelist, BrowserSwitcherExternalSitelistUrl, and BrowserSwitcherExternalGreylistUrl.
Enables Chrome Enterprise Platform Identity Connector for a list of URLs.
Setting this policy specifies which URLs should be allowed to be part of the attestation flow to get the set of signals from the machine.Controls if Google Chrome makes the Print as image option default to set when printing PDFs.
Controls how Google Chrome prints on Microsoft Windows.
Admin console updates
- New policies in the Admin console
Policy Name
Pages
Supported on
Category/Field
Managed Guest Session Settings
Chrome OS
Session settings / Display the logout confirmation dialog
Device Settings
Chrome OS
Device update settings / Auto-update settings / Enforce updates
Device Settings
Chrome OS
Device update settings / Auto-update settings / Enforce updates Auto Update Expiration (AUE) message
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Android
Content / JavaScript JIT / Allow JavaScript to use JIT on these sites
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Android
Content / JavaScript JIT
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Android
Content / JavaScript JIT / Block JavaScript from using JIT on these sites
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Security / Allow remote debugging
User & Browser Settings
Chrome
Content / Desktop sharing in the omnibox and 3-dot menu
Coming soon
Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.
Upcoming Chrome browser changes
- Chrome on Android will no longer support Android Lollipop
The last version of Chrome that will support Android Lollipop will be Chrome 95, and it includes a message to affected users informing them to upgrade their operating system. Chrome 96 will not support nor ship to users running Android Lollipop.
- Apps shortcut in the bookmarks bar will default to off
As early as Chrome 96, Chrome will make the Apps shortcut in the bookmark bar default to off. Chrome will also update the current state for all users who have never changed their setting to the new default (off).
- Network data will be migrated to a new folder on Windows
In Chrome 96, data that is needed by the network service, including cookies and other data files, will be migrated to a subdirectory underneath the current location called Network. This is to support the upcoming Network Sandbox (see below). This migration will happen automatically and transparently. No action is required, however, you might need to update any scripts that rely on the location of these files.
- Network Service on Windows will be sandboxed
To improve the security and reliability of the service, the network service, already running in its own process, will be sandboxed on Windows to improve the security and reliability of the service (as early as Chrome 97). As part of this, third-party code that is currently able to tamper with the network service will be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. An enterprise policy has been added to allow early testing of the new sandbox, and to disable the sandbox if incompatibilities are discovered. Please consider testing the sandbox in your environment using these instructions and report any issues encountered.
↵
- New security events to BeyondCorp Enterprise Threat and Data Protection
Chrome 96 will add two new security events to BeyondCorp Enterprise Threat and Data Protection: Password leak and login. This functionality will allow admins to understand enterprise credential usage, to shadow IT within their organization, and to stay ahead of potential security incidents regarding passwords exposed in data breaches.
- NewTabPageLocation enterprise policy on Incognito
Chrome 96 will fix a bug that prevents users from starting new Incognito sessions when the enterprise policy NewTabPageLocation is set to a chrome://… URL. In future, this policy will be ignored in Incognito mode. Users on Incognito will see the default new tab page. There’s no change in how the policy is applied on regular mode (non-Incognito windows).
- Feature flag to force the Chrome Major Version number to 100
Starting in Chrome 96, users and site owners can experiment with the upcoming three-digit (Chrome 100) major release version number in the User-Agent string by turning on the ForceMajorVersion100InUserAgent flag. This forces the browser to send 100 as the major version number. When Chrome went from version 9 to 10, the increase in the number of digits in the major version number uncovered many issues in User-Agent string parsing libraries. With this feature flag, we can uncover and address these issues before Chrome 100 rolls out. We encourage admins to submit any issues encountered here.
- DNS-based HTTP to HTTPS redirect
As early as Chrome 96, Chrome will query DNS for HTTPS records (alongside traditional A and AAAA queries). When a website has deployed an HTTPS DNS record and Chrome receives it, Chrome will always connect to the website via HTTPS (Chrome Status).
- Chrome will begin deprecating the U2F security key API
The U2F API is Chrome's legacy API for interacting with USB security keys. It has been superseded by the W3C Web Authentication API (WebAuthn). Beginning with Chrome 96, when sites make U2F API requests, users may see a prompt that includes a notice about the U2F API’s deprecation. In Chrome 98, Chrome will disable the U2F API by default. With Chrome 104, the U2F API will be removed from Chrome.
Sites can continue to use the U2F API beyond Chrome 98 if they enroll in an Origin Trial. Using the Origin Trial also suppresses the deprecation prompt on the enrolled pages. The Origin Trial will end on July 26, 2022, shortly before the release of Chrome 104.
Enterprises can suppress deprecation related changes, and keep the U2F enabled, by using the U2fSecurityKeyApiEnabled enterprise policy. This enterprise policy will be removed from Chrome, together with the U2F API, in Chrome 104.
If you run a website that still uses this API, please refer to the deprecation announcement for more details.
- CORS Authorization mishandling
When scripts make a cross-origin network request viafetch()andXMLHttpRequestwith an Authorization header, the header should be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response (Chrome Status). The wildcard symbol (*) in the Access-Control-Allow-Headers should not work. This has not been implemented correctly, and the wildcard symbol has taken effect. This will be fixed in Chrome 97.
Note that Authorization headers attached by Chrome during the authentication process are out of scope for this change.
- Chrome will maintain its own default root store
To improve user security, and provide a consistent experience across different platforms, Chrome, as early as Chrome 97, intends to maintain its own default root store. If you are an enterprise admin managing your own Certificate Authority (CA), you should not have to manage multiple root stores. We do not anticipate any changes will be required for how enterprises currently manage their fleet and trusted enterprise CAs, such as through group policy, macOS Keychain Access, or system management tools like Puppet.
- Chrome will remove legacy policies with non-inclusive names
Chrome 86 through Chrome 90 introduced new policies to replace policies with less inclusive names. To minimize disruption for existing managed users, both the old and the new policies currently work. This transition time is to ensure it's easy for you to move to and test the new policies in Chrome.
Note: If both the legacy policy and the new policy are set for any row in the table below, the new policy will override the legacy policy. Deprecated policies will be available in the Deprecated policies folder and deleted policies will be in the Removed policies folder in the GPO editor.
This transition period will end in Chrome 97, and the following policies in the left column will no longer function. This change was originally announced for Chrome 95, but has been extended to Chrome 97. Please ensure you're using the corresponding policy from the right column instead:
Legacy Policy Name
New Policy Name
NativeMessagingBlacklist
NativeMessagingBlocklist
NativeMessagingWhitelist
NativeMessagingAllowlist
AuthNegotiateDelegateWhitelist
AuthNegotiateDelegateAllowlist
AuthServerWhitelist
AuthServerAllowlist
SpellcheckLanguageBlacklist
SpellcheckLanguageBlocklist
AutoplayWhitelist
AutoplayAllowlist
SafeBrowsingWhitelistDomains
SafeBrowsingAllowlistDomains
ExternalPrintServersWhitelist
ExternalPrintServersAllowlist
NoteTakingAppsLockScreenWhitelist
NoteTakingAppsLockScreenAllowlist
PerAppTimeLimitsWhitelist
PerAppTimeLimitsAllowlist
URLWhitelist
URLAllowlist
URLBlacklist
URLBlocklist
ExtensionInstallWhitelist
ExtensionInstallAllowlist
ExtensionInstallBlacklist
ExtensionInstallBlocklist
UserNativePrintersAllowed
UserPrintersAllowed
DeviceNativePrintersBlacklist
DevicePrintersBlocklist
DeviceNativePrintersWhitelist
DevicePrintersAllowlist
DeviceNativePrintersAccessMode
DevicePrintersAccessMode
DeviceNativePrinters
DevicePrinters
NativePrinters
Printers
NativePrintersBulkConfiguration
PrintersBulkConfiguration
NativePrintersBulkAccessMode
PrintersBulkAccessMode
NativePrintersBulkBlacklist
PrintersBulkBlocklist
NativePrintersBulkWhitelist
PrintersBulkAllowlist
UsbDetachableWhitelist
UsbDetachableAllowlist
QuickUnlockModeWhitelist
QuickUnlockModeAllowlist
AttestationExtensionWhitelist
AttestationExtensionAllowlist
PrintingAPIExtensionsWhitelist
PrintingAPIExtensionsAllowlist
AllowNativeNotifications
AllowSystemNotifications
DeviceUserWhitelist
DeviceUserAllowlist
NativeWindowOcclusionEnabled
WindowOcclusionEnabled
If you're managing Chrome via the Admin console (for example, Chrome Browser Cloud Management), no action is required; the Admin console will manage the transition automatically.
- Chrome will no longer allow TLS 1.0 or TLS 1.1
The SSLVersionMin policy no longer allows setting a minimum version of TLS 1.0 or 1.1. This means the policy can no longer be used to suppress Chrome's interstitial warnings for TLS 1.0 and 1.1. Administrators must upgrade any remaining TLS 1.0 and 1.1 servers to TLS 1.2.
In Chrome 91 we announced that the policy no longer works, but users could still bypass the interstitial. As early as Chrome 98, it will no longer be possible to bypass the interstitial.
- Different-origin iframes will no longer trigger JavaScript dialogs
Chrome will prevent iframes from triggering prompts (window.alert,window.confirm,window.prompt) if the iframe is a different origin from the top-level page. This change will prevent embedded content from spoofing the user into believing a message is coming from the website they're visiting, or from Chrome itself. Please note that this change was originally planned for Chrome 92, but has been postponed until at least Chrome 98 due to the feedback we received on this change. Once this deprecation launches, you can control the behavior with the enterprise policy SuppressDifferentOriginSubframeDialogs.
You can test if this future change will affect applications now by setting the enable_features=SuppressDifferentOriginSubframeJSDialogs flag.
Upcoming Admin console changes
- Browser list data downloadable in CSV format
As early as Chrome 97, a CSV format will be introduced as an option to download the browser list data from the Admin console.
Chrome OS updates
- Enhanced voices in select-to-speak
Select-to-speak supports people who have challenges reading text content due to vision impairments and conditions like dyslexia, by allowing them to select pieces of text and hear them out loud. This enhancement gives select-to-speak the ability to produce realistic, natural-sounding voices as it speaks the text content.
- Include desk labels when moving tabs
If you use desks on Chrome OS, it's now easier to organize your browser tabs. Windows in the same desk appear together when you select Move tab to another window.
- Document scanning in the camera app
The camera app now supports document scanning. With document scanning, the camera can identify, capture, and crop your documents. You can also save your documents as a PDF or image.
Admin console updates
- Extensions version pinning
Chrome browser and Chrome OS admins can now pin extensions (and apps) to specific versions, either by self-hosting them or from the Chrome Webstore (based on an automatic hosting in Google Cloud Storage). Learn more
- Read-only delegated admin
A new read-only delegated admin permission allows IT admins to grant read-only access to Chrome OS device info in their Google Admin console and in the Directory API. Read-only access is useful for help desk admins, 3P partners, for reporting tools, and more!
- Search by on-device policy name
IT admins can now search by on-device policy name to the Admin console. For example, if an admin searches for ProxyPacUrl, they’ll see the corresponding setting, Proxy mode, in the Admin console. Admins can also use new info bubbles that appear next to a setting name to see the corresponding on-device policy name.
- New policies in the Admin console
Policy Name
Pages
Supported on
Category/Field
Managed Guest Session Settings
Chrome OS
Session settings / Display the logout confirmation dialog
Device Settings
Chrome OS
Device update settings / Auto-update settings / Enforce updates
Device Settings
Chrome OS
Device update settings / Auto-update settings / Enforce updates Auto Update Expiration (AUE) message
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Android
Content / JavaScript JIT / Allow Javascript to use JIT on these sites
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Android
Content / JavaScript JIT
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Android
Content / JavaScript JIT / Block JavaScript from using JIT on these sites
User & Browser Settings
Chrome
Chrome OS
Android
Security / 3DES cipher suites in TLS
User & Browser Settings;
Managed Guest Session Settings
Chrome
Chrome OS
Security / Allow remote debugging
User & Browser Settings
Chrome
Content / Desktop sharing in the omnibox and 3-dot menu
Chrome browser updates
- Chrome moves to a 4-week stable channel and introduces an 8-week extended stable channel
Chrome on mobile, Windows, Mac, and Linux moves from its 6-week release cycle to a 4-week release cycle, allowing security features, new functionality and bug fixes to reach users more quickly.
No action is required for most enterprises, but if you manually update or test new releases of Chrome and prefer a slower release cadence, you can use the existing TargetChannel policy to switch Chrome on Mac and Windows to an extended stable channel, with a new major release every 8 weeks instead. You can find more details in our help center article. Note: If you decide to move to the extended stable channel, we recommend testing it out on a small set of machines or organizational units before deploying it on your entire fleet. Extended Stable is identical to Stable for the first 4 weeks of each cycle, so this sort of testing is most valuable in the last 4 weeks of the Extended Stable cycle.
To ensure continuous improvements to the Chrome OS platform, Chrome OS will move to a 4-week stable channel starting with Chrome 96. To bridge the gap between Chrome 94 and Chrome 96, Chrome OS will skip Chrome 95 (see the updated Chrome schedule page for milestone-specific details).
- Chrome on iOS can apply .mobileconfig files
A .mobileconfig file can be used to configure an iPhone, iPod touch, and iPad to work with certain enterprise systems. Since iOS 12.2, MOBILECONFIG files can be downloaded and installed from Safari and Mail apps. Chrome on iOS now allows users to download these files. Users then have to manually install the profile from the Settings app.
- Chrome deprecates WebSQL in third-party contexts
Chrome 94 no longer uses WebSQL in third-party contexts, such as cross-origin iframes. A console message is printed each time a WebSQL database opens in a third-party context to alert developers of the upcoming removal. This change does not affect WebSQL in first-party contexts, but the eventual goal is to deprecate and remove all WebSQL.
WebSQL in third-party contexts will be disabled in Chrome 97, but an enterprise policy will be made available to re-enable it. As of Chrome 101, WebSQL in third-party contexts will be removed entirely.
- Chrome launches HTTPS-First mode (Android and desktop)
HTTPS-First mode attempts to upgrade all page loads to HTTPS and displays a full-page warning before loading sites that don’t support it. Users who enable this mode gain confidence that Chrome is connecting them to sites over HTTPS whenever possible. Users see a warning before connecting to sites over HTTP.
An enterprise policy, HttpsOnlyMode, is available to control the use of this mode.
- Chrome blocks the MK external protocol
Chrome now blocks the legacy external MK protocol for use with Internet Explorer. This protocol enables legacy web apps to extract information from compressed files. This is a legacy asynchronous pluggable protocol that is disabled by default in Internet Explorer. Chrome now blocks this protocol to mitigate potential malicious use.
- Chrome / Citrix Workspace (self-service plugin) stability
Recent versions of Citrix Workspace install a DLL on Windows that can interfere with the Chrome browser process. Only Windows 10 or 11 systems with Control-flow Enforcement Technology (CET) or Hardware-enforced Stack Protection (Intel 11th Gen and AMD Zen 3 CPUs) with Citrix Workspace installed and Client Protection enabled are affected. While we are working with Citrix to resolve this, please consider using Citrix Workspace with Client Protection Disabled as a temporary workaround.
- Chrome no longer allows insecure public pages to make requests to private or local URLs
Non-secure contexts served from public IP addresses can no longer make subresource requests to IP addresses belonging to private and local IP addresses (as defined in Private Network Access). For example, http://public.example served on IP 1.2.3.4 cannot make requests targeting IP 192.168.0.1 or IP 127.0.0.1. You can control this behavior using the InsecurePrivateNetworkRequestsAllowed or InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies, which became available for testing in Chrome 92. See this blog post for more details.
- PWAs can register as (platform level) URL handlers
Chrome 94 runs an Origin Trial to allow Progressive Web Apps (PWAs) to register as URL handlers. This means that PWAs can be launched in response to URL link activations, including activations from native apps. PWAs can register to handle any HTTPS URL, not just URLs from their own app scope. If you’re interested in learning more about PWAs as URL handlers, please refer to this article.
- Chrome sync ends support for Chrome 48 and earlier
Chrome sync no longer supports Chrome 48 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome sync.
- Chrome launches a sharing hub
In Chrome 94, users can more easily share their current page, including Send to your devices, get a QR code for the current URL, and share to third-party websites. The option to Send to your devices is only available to signed-in users. If the user is not signed in, the option does not appear. You can control this feature using an enterprise policy called DesktopSharingHubEnabled.
- Admins can enforce profile separation through enterprise policy
Chrome 94 updates the dialog when users sign into a managed profile if the ManagedAccountsSigninRestriction policy is set. The new notice clarifies that a separate profile is required by the admin, and the choices for the user are simplified. Some users see a link to open Chrome in guest mode when they sign in to a new profile that's different from the profile signed in to Chrome.
- New enterprise policies for the Web Serial API
The Web Serial API allows websites to request access to serial devices (USB, Bluetooth, etc.) through a device selection prompt. In previous Chrome versions, policies could only control how the feature was blocked. In Chrome 94, SerialAllowAllPortsForUrls and SerialAllowUsbDevicesForUrls allow admins to grant a website access to specific (or all) connected serial devices, streamlining workflows by removing the need for users to select the correct device.
- Chrome settings restructure
To aid in navigability, Chrome will replace the single long page in Chrome settings with individual sections. The updated experience is available starting with Chrome 94.
- Chrome updates Certificate Transparency log list via Component Updater
Chrome 94 uses Component Updater to dynamically update the Certificate Transparency log list, separating these updates from full browser updates. This allows out-of-date clients to keep enforcing Certificate Transparency. Note that full browser updates still contain the transparency log list.
- Chrome introduces tab grid bulk actions
Chrome for iOS adds an edit mode to the tab grid to allow easier management of open tabs. Users can select multiple tabs and then add them to the reading list, bookmarked, shared, or closed.
- New onboarding experience for Chrome on iOS
Chrome 94 revamps the existing onboarding screens, separating the sign-up and sync features.
- Chrome removes the UserAgentClientHintsEnabled policy
The use of Structured Headers in the User Agent Client Hints, and in particular, the Sec-CH-UA and Sec-CH-UA-Mobile headers, caused some unintended consequences where not all servers were able to accept all characters. An enterprise policy UserAgentClientHintsEnabled was created to disable this feature. Chrome 94 removes this policy.
- Chrome launches an API that allows sites to know when the user is active
Chrome 94 launches the Idle Detection API, allowing websites to request to know if users are idle, allowing messaging apps to direct notifications to the best device. This was previously in Origin Trial and is now rolled out to Stable.
- Chrome launches display-capture
The display-capture permissions-policy allows sites to more safely embed documents in an iframe. It does so by controlling such documents’ access to screen-capture APIs. This permissions-policy’s default setting prevents screen-capture by cross-origin iframes. For websites that are non-compliant with the spec and need more time to implement the display-capture feature, an enterprise policy, named DisplayCapturePermissionsPolicyEnabled, allows selective bypassing of the display-capture permissions-policy. This enterprise policy will be removed after Chrome 100.
- BeyondCorp Enterprise: custom warnings and bypass justifications
Today BeyondCorp Enterprise shows generic, predefined warn and block messages when files are flagged due to DLP Rule violations or other Chrome Security events. Chrome 94 introduces the ability to provide more meaningful, customized warning messages to end users. Administrators can now customize these warning messages to make it meaningful, and also add a learn more link to such warnings.
- Chrome launches What's New in Chrome
What’s New in Chrome is a way for users to discover new features. Starting in Chrome 94, some users see a page that highlights a few features. What’s New in Chrome automatically displays as the focused tab. You can disable this feature by using the existing PromotionalTabsEnabled enterprise policy.
New and updated policies in Chrome browser
| Policy | Description |
|
Specifies whether WebAssembly modules can be sent to another window or worker cross-origin. Cross-origin WebAssembly module sharing will be deprecated as part of the efforts to deprecate document.domain, see https://github.com/mikewest/deprecating-document-domain. This policy allows admins to re-enable cross-origin WebAssembly module sharing to offer a longer transition period in the deprecation process. |
|
|
The display-capture permissions-policy gates access to getDisplayMedia(), as per this spec: https://www.w3.org/TR/screen-capture/#feature-policy-integration. However, if this policy is Disabled, this requirement is not enforced, and getDisplayMedia() is allowed from contexts that would otherwise be forbidden. This Enterprise policy is temporary; it's intended to be removed after Google Chrome version 100. It is intended to unblock Enterprise users whose application is non-spec compliant, but needs time to be fixed. |
|
|
Controls whether users can enable HTTPS-Only Mode in Settings. HTTPS-Only Mode upgrades all navigations to HTTPS. |
|
|
Leaving this policy unset or setting it to Enabled allows users to view and use the Google Lens region search menu item in the context menu. |
|
|
Controls whether a managed account must be a primary account. |
|
|
Controls how Google Chrome makes the Print as image option available on Microsoft Windows and macOS when printing PDFs. |
|
|
Controls print image resolution when Google Chrome prints PDFs with rasterization. |
|
|
Lets you set a list of URL patterns that can capture tabs with their same Origin. |
|
|
Lets you set a list of URL patterns that can use Desktop, Window, and Tab Capture. |
|
|
Allows you to list sites which are automatically granted permission to access all available serial ports. |
|
|
Allows you to list sites which are automatically granted permission to access USB serial devices with vendor and product IDs matching the vendor_id and product_id fields. Omitting the product_id field allows the given sites permission to access devices with a vendor ID matching the vendor_id field and any product ID. |
|
|
Lets you set a list of URL patterns that can use Tab Capture. |
|
|
Lets you set a list of URL patterns that can use Window and Tab Capture. |
Admin console updates
- Search by on-device policy name in the Admin console
Chrome 94 adds the ability to search by on-device policy name to the Admin console. Now when admins enter an on-device policy name, for example, ProxyPacUrl, into the search bar, they’ll see the corresponding setting, for example, Proxy mode, in the Admin console. Admins can also use new info bubbles that appear next to a setting name to see the corresponding on-device policy name.
- New channel option Extended Stable for Chrome Browser Cloud Management
Chrome adds Extended Stable as a drop-down option for channel selection in the Chrome update section.
New policies in the Admin console
| Policy Name | Pages | Supported on | Category/Field |
|
DesktopSharingHubEnabled |
User & Browser Settings |
Chrome Win/Mac/Linux |
Content/Desktop sharing in the omnibox and 3-dot menu |
Coming soon
Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.
Upcoming Chrome browser changes
- Chrome 95 will introduce stricter parsing rules for Legacy Browser Support
Organizations that rely on Legacy Browser Support (LBS) to redirect their users to Microsoft Edge or Internet Explorer can use the BrowserSwitcherParsingMode policy to choose how their site list is interpreted by Chrome. If set to strict mode, Chrome will interpret those rules in the same way as Edge and Internet Explorer.
- As early as Chrome 95, the network Service on Windows will be sandboxed
To improve the security and reliability of the service, the network service, already running in its own process, will be sandboxed on Windows to improve the security and reliability of the service. As part of this, third-party code that is currently able to tamper with the network service will be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. You'll be able to disable the change with an enterprise policy when it becomes available.
- Chrome 95 will conduct an Origin Trial for User-Agent Reduction
Chrome 95 will be conducting an Origin Trial for the fully reduced User-Agent string. We would like sites to begin participating in the trial so we may collect feedback and allow sites to have ample time to address breakage. The reduced User-Agent string will appear in both the User-Agent HTTP request header as well as the JavaScript APIs that access the User-Agent string (navigator.userAgent,navigator.appVersion,navigator.platform). The Origin Trial will last six milestones until the reduced User-Agent string becomes the default in Chrome, with a deprecation Origin Trial to continue receiving the full User-Agent string for those sites that still need more time to migrate. Enterprises can opt in to the Origin Trial here when it is available.
- Chrome 95 will deprecate WebAssembly cross-origin module sharing
Chrome 95 will prevent WebAssembly module sharing between cross-origin but same-site environments. This will allow agent clusters to be tied to origins in the long-term. This change conforms to recent changes in the WebAssembly spec.
If your enterprise needs any additional time to adjust to this change, a temporary enterprise policy will be made available to allow module sharing for cross-origin same-site environments.
- As early as Chrome 95, Apps shortcut in the bookmarks bar will default to off
Chrome will make the Apps shortcut in the bookmark bar default to off and update the current state for all users who have never changed their setting to the new default (off).
- Chrome 96 will add new security events to BeyondCorp Enterprise Threat and Data Protection (Password leak and login)
Chrome 96 will add two new security events to BeyondCorp Enterprise Threat and Data Protection: Password leak and login. This functionality will allow administrators to understand enterprise credential usage and Shadow IT within their organization, and to stay ahead of potential security incidents regarding passwords exposed in data breaches.
- Migrate to Open Screen Library Cast channel
Chrome 96 will use a new implementation, Open Screen Library, to connect to devices that support Cast like Chromecast, Nest Hub and Android TV. Chrome users will not observe any differences in how Cast works.
- NewTabPageLocation enterprise policy on Incognito
Chrome 96 will fix a bug that prevents users from starting new Incognito sessions when the enterprise policy NewTabPageLocation is set to a chrome://… URL. In future, this policy will be ignored in Incognito mode. Users on Incognito will see the default new tab page. There’s no change in how the policy is applied on regular mode (non-Incognito windows).
- As early as Chrome 97, Chrome will no longer allow TLS 1.0 or TLS 1.1
The SSLVersionMin policy no longer allows setting a minimum version of TLS 1.0 or 1.1. This means the policy can no longer be used to suppress Chrome's interstitial warnings for TLS 1.0 and 1.1. Administrators must upgrade any remaining TLS 1.0 and 1.1 servers to TLS 1.2.
In Chrome 91 we announced that the policy no longer works, but users could still bypass the interstitial. As early as Chrome 97, it will no longer be possible to bypass the interstitial.
- CORS Authorization mishandling
When scripts make a cross-origin network request viafetch()andXMLHttpRequestwith an Authorization header, the header should be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response. The wildcard symbol (*) in the Access-Control-Allow-Headers should not work. This has not been implemented correctly, and the wildcard symbol has taken effect. This will be fixed in Chrome 97.
Please note that Authorization headers attached by Chrome during the authentication process are out of scope for this change.
- As early as Chrome 97, Chrome will maintain its own default root store
To improve user security, and provide a consistent experience across different platforms, Chrome intends to maintain its own default root store. If you are an enterprise admin managing your own Certificate Authority (CA), you should not have to manage multiple root stores. We do not anticipate any changes will be required for how enterprises currently manage their fleet and trusted enterprise CAs, such as through group policy, macOS Keychain Access, or system management tools like Puppet.
- Chrome 97 will remove legacy policies with non-inclusive names
Chrome 86 through Chrome 90 introduced new policies to replace policies with less inclusive names. To minimize disruption for existing managed users, both the old and the new policies currently work. This transition time is to ensure it's easy for you to move to and test the new policies in Chrome.
Note: If both the legacy policy and the new policy are set for any row in the table below, the new policy will override the legacy policy.
This transition period will end in Chrome 97, and the following policies in the left column will no longer function. This change was originally announced for Chrome 95, but has been extended to Chrome 97. Please ensure you're using the corresponding policy from the right column instead:
Legacy Policy Name New Policy Name NativeMessagingBlacklist
NativeMessagingBlocklist
NativeMessagingWhitelist
NativeMessagingAllowlist
AuthNegotiateDelegateWhitelist
AuthNegotiateDelegateAllowlist
AuthServerWhitelist
AuthServerAllowlist
SpellcheckLanguageBlacklist
SpellcheckLanguageBlocklist
AutoplayWhitelist
AutoplayAllowlist
SafeBrowsingWhitelistDomains
SafeBrowsingAllowlistDomains
ExternalPrintServersWhitelist
ExternalPrintServersAllowlist
NoteTakingAppsLockScreenWhitelist
NoteTakingAppsLockScreenAllowlist
PerAppTimeLimitsWhitelist
PerAppTimeLimitsAllowlist
URLWhitelist
URLAllowlist
URLBlacklist
URLBlocklist
ExtensionInstallWhitelist
ExtensionInstallAllowlist
ExtensionInstallBlacklist
ExtensionInstallBlocklist
UserNativePrintersAllowed
UserPrintersAllowed
DeviceNativePrintersBlacklist
DevicePrintersBlocklist
DeviceNativePrintersWhitelist
DevicePrintersAllowlist
DeviceNativePrintersAccessMode
DevicePrintersAccessMode
DeviceNativePrinters
DevicePrinters
NativePrinters
Printers
NativePrintersBulkConfiguration
PrintersBulkConfiguration
NativePrintersBulkAccessMode
PrintersBulkAccessMode
NativePrintersBulkBlacklist
PrintersBulkBlocklist
NativePrintersBulkWhitelist
PrintersBulkAllowlist
UsbDetachableWhitelist
UsbDetachableAllowlist
QuickUnlockModeWhitelist
QuickUnlockModeAllowlist
AttestationExtensionWhitelist
AttestationExtensionAllowlist
PrintingAPIExtensionsWhitelist
PrintingAPIExtensionsAllowlist
AllowNativeNotifications
AllowSystemNotifications
DeviceUserWhitelist
DeviceUserAllowlist
NativeWindowOcclusionEnabled
WindowOcclusionEnabled
If you're managing Chrome via the Admin console (for example, Chrome Browser Cloud Management), no action is required; the Admin console will manage the transition automatically.
- In Chrome 98, Chrome apps will be deprecated on Mac, Windows, and Linux
As part of the previously-communicated plan to replace Chrome apps with the open web, Chrome apps will no longer function on Mac, Windows, and Linux in Chrome 98. For enterprises that need extra time to adjust to the removal of Chrome apps, a policy called ChromeAppEnabled will be available to extend support for them until June 2022.
- As early as Chrome 98, different-origin iframes will no longer trigger JavaScript dialogs
Chrome will prevent iframes from triggering prompts (window.alert,window.confirm,window.prompt) if the iframe is a different origin from the top-level page. This change will prevent embedded content from spoofing the user into believing a message is coming from the website they're visiting, or from Chrome itself. Please note that this change was originally planned for Chrome 92, but has been postponed until at least Chrome 98 due to the feedback we received on this change. Once this deprecation launches, you can control the behavior with the enterprise policy SuppressDifferentOriginSubframeDialogs.
You can test if this future change will affect applications now by setting the enable_features=SuppressDifferentOriginSubframeJSDialogs flag.
Upcoming Admin console changes
- Browser list data will be available for download in CSV format in the Admin console
As early as Chrome 95, a CSV format will be introduced as an option to download the browser list data from the Admin console.
- Chrome will delete inactive browsers from Chrome Browser Cloud Management
Many enterprise customers have to adhere to regulation around data retention. To aid in this effort, as early as chrome 95, we will launch a new policy that will automatically delete inactive browser information from Google servers.
By default, browsers that do not connect to the Google servers for 365 days will be considered inactive and automatically deleted. Admins will be able to modify the default value (Allowable range: 28 - 730 days).
Chrome browser updates
- SyncXHR policy is no longer available
Chrome 93 removes the AllowSyncXHRInPageDismissal enterprise policy. Before updating to Chrome 93, web application owners must update all apps that previously relied on legacy platform behavior. This change was previously planned for Chrome 88, but delayed to provide more time for enterprises to update legacy applications.
- New RelaunchWindow policy
The RelaunchWindow enterprise policy allows admins to specify a window of time when Chrome relaunches to force an update to apply. You can use this policy, in conjunction with RelaunchNotification, RelaunchNotificationPeriod, and RelaunchHeadsUpPeriod to control when Chrome relaunches to apply an update. RelaunchWindow helps you to minimize disruption and to force a relaunch outside of business hours. In Chrome 93, these policies are available in Group Policy. These policies will become available in the Admin console at a later date.
- New JavaScript JIT setting policies
Chrome 93 introduces three new policies:
These policies allow Chrome's JavaScript engine to default to using the Ignition interpreter in a JIT-less mode for a set of enterprise-defined sites.
Disabling the JavaScript JIT in this way may allow Chrome to render web content in a more secure configuration, as no executable permissions are needed for memory regions. However, disabling JIT has performance costs and currently disables some parts of JavaScript, including WebAssembly.
- Full launch of Drive priority launchpad on New tab page
To help users get work done faster, Chrome 93 shows the Drive files the user is more likely to need on the New tab page. This feature uses Drive’s existing priority API, which powers the Priority section of drive.google.com. Some users see this change in Chrome 93.
- Publishing updates to extensions requires 2-Step Verification
As part of the rollout of a set of updates and clarifications to the Chrome Web Store extension policies, the Chrome Web Store now requires 2-Step Verification on developer accounts before adding a new extension or updating an existing extension. This does not impact extensions that are self-hosted, sideloaded, or that are no longer being updated.
Developer accounts belonging to organizations where the admin has disabled 2-Step Verification for their organization are exempt from this requirement.
- Updates to the lock icon in the address bar
Some users might see a new icon replacing the lock in the address bar, which is shown on sites that support HTTPS. The new icon aims to improve the discoverability of the Page Info surface, which includes site-level security and privacy information and controls. A Not Secure indicator continues to appear on sites without HTTPS support. An enterprise policy, LockIconInAddressBarEnabled, is available to revert to the original lock icon. See our blog post Increasing HTTPS Adoption for more information.
- New feature changes to the User-Agent Client Hints API updates
Chrome 93 adds four feature changes to the User-Agent client hints API:- Adding a Sec-CH-UA-Bitness User Agent Client Hint to return the bitness of the platform, which might be useful, for example, for sending optimized binaries during a download.
- Making Sec-CH-UA-Platform a low-entropy hint that is sent by default. Prior to this change, this hint would need to be requested.
-
Including low-entropy hints by default in UADataValues (returned by
getHighEntropyValues()): if a hint moves from high to low-entropy, this prevents site compatibility issues. - Adding a
toJSONmethod to NavigatorUAData. Instead of returning {},JSON.stringify(navigator.userAgentData)is now useful.
An enterprise policy UserAgentClientHintsEnabled is available to control this feature. This policy will be removed in Chrome 94. Developers can leave feedback at crbug.com/1241062 on any issues related to this feature.
- Chrome on iOS adds a new way to sign in
On iOS, when a user signs in to their Google Account on the web, they can sign in to Chrome with a Google Account that’s already saved on their device. This does not enable Chrome sync by default; the user can opt into that separately if they want sync enabled. You can control the behavior of sign-in on Chrome on iOS and other platforms using the BrowserSignIn policy.
- Chrome performs sentiment measurement
Chrome 93 performs sentiment measurement of users of Trusted Surface, Privacy Settings and Transactions. These surveys are delivered on the New tab page after the user has engaged with the feature. The delivery of these surveys can be disabled by disabling metrics via the MetricsReportingEnabled policy.
- Chrome redesigns desktop page info surface
Chrome 93 continues to redesign the desktop page info surface. The purpose of this redesign is to improve scalability by introducing modular subpages, toggles for permissions and restructuring the main view to surface the important information first.
- Tab Groups in desktop Recently closed menu
Chrome 93 allows users to see their tab groups in the Recently closed menu and helps alleviate worry about permanent loss of groups. This launch enables the whole group and individual tabs inside a group to restore from the Chrome desktop recently closed menu.
- Save payment information to a Google Account
In Chrome 93, users who are signed in to their managed Google Account see an option to save their payment information to their Google Account. As an administrator, you can turn off this feature (Sync Service setting) in the Google Admin console or by using the AutofillCreditCardEnabled policy. This was previously available on Android and desktop and is now also available on iOS.
- URL protocol handlers in web manifests
Chrome 93 is running an Origin Trial for URL protocol handlers in web manifests. This Origin Trial started in Chrome 92 and will end in Chrome 94. The handlers follow the PWA's lifecycle -- they are set up on PWA install, and removed on PWA uninstall. You can find out more in this article.
Note: The Origin Trial started in Chrome 92 but was initially not part of the Chrome 92 blog post.
- New Incognito Exit Point on Clear browsing data
Chrome 93 introduces a new Close windows confirmation dialog which is displayed when a user selects Clear browsing data from the overflow menu or Chrome Actions on Omnibox while on Incognito mode. This dialog contains text explaining that Clear browsing data ends the Incognito session, and two call-to-action buttons: Close windows and Cancel.
- Pausing quantum computer resistant security
Some devices behaved unexpectedly when Chrome offered quantum-resistant cryptography for TLS connections. We’re working with those companies to provide fixed firmware for their devices and have temporarily disabled this technology.
For more details, see the Chromium Open Source Project.
- LegacySameSiteCookieBehaviorEnabled is no longer available
When same-site cookie behavior was introduced, Chrome included policies to give admins extra time to adjust the implementation of any enterprise apps that relied on the legacy cookie behavior.
The first phase of the transition plan ends in Chrome 93, and LegacySameSiteCookieBehaviorEnabled is no longer taking effect. You will still be able to opt specific sites into the legacy cookie behavior using LegacySameSiteCookieBehaviorEnabledForDomainList until December 31st, 2022.
- 3DES TLS cipher suites are no longer supported
Chrome 93 removes support for 3DES TLS cipher suites. The TripleDESEnabled enterprise policy was made available in Chrome 92 to test this change, and will be available temporarily until Chrome 95, to give enterprises additional time to adjust.
- Ubuntu 16.04 is no longer supported
Ubuntu 16.04 is past the end of standard support, and is no longer supported. The updated system requirements for Chrome are available here.
- New and updated policies in Chrome browser
Policy
Description
Allows you to set whether Google Chrome runs the v8 JavaScript engine with JIT (Just In Time) compiler enabled or not.
Enable the sharing icon from the omnibox and the entry from the 3-dot menu.
Allows you to set a list of site URL patterns that specify sites which are allowed to run JavaScript with JIT (Just In Time) compiler enabled.
Allows you to set a list of site URL patterns that specify sites which are not allowed to run JavaScript JIT (Just In Time) compiler enabled.
Controls the treatment for lock icon in the omnibox. From Chrome 93, there is a new omnibox icon for secure connections. If the policy is Enabled, Chrome uses the existing lock icon for secure connections. If the policy is Disabled or not set, Chrome uses the default icon for secure connections.
Specify a target time window for the end of the relaunch notification period.
Controls whether users may use remote debugging.
Chrome OS updates
- Enable Android applications to access Chrome OS certificates
Previously Android applications could only access certificates provisioned within Android, but not those in Chrome OS. Admins can now enable Android apps to access Chrome OS user and device certificates.
For more information, see the Help Center.
- Regular online re-authentication for identity providers on the login and lock screen
Regular online authentication provides additional security for organizations that require 2FA or MFA authentication and organizations that use third-party identity providers like Okta.
As an admin, you can require regular online re-authentication on the login screen for users of third-party identity providers. Chrome OS 93 expands this capability to re-authenticate using the lock screen and also extends re-authentication support to users of Google identity, including those using 2FA like Yubikeys or SMS.
There are now three new controls to help manage online re-authentication:
- SAML single sign-on unlock frequency
- Google online login frequency
- Google online unlock frequency
Admin console updates
- Sending Extension Requests for Chrome browser Desktop and Chrome OS
As an admin, you can block users from installing extensions and the Chrome Web Store will now have a Request button so that you can see their requests from within the Admin console and take an action to allow or to block the extensions. To enable the feature, please follow the steps in the Help Center.
- Chrome Browser Cloud Management is available for Chrome-on-iOS
Chrome Browser Cloud Management now supports Chrome-on-iOS. The policies for Chrome-on-iOS can be seen at https://chromeenterprise.google/policies (then filter for iOS platform). To get started, please visit the Help Center.
- Chrome Browser Cloud Management Release Channel selector
Admin console now has a release channel selector (Stable, Beta, Dev) for Chrome Browser Cloud Management on Windows, Mac, or Linux. For more details, see the Help Center.
- New policies in the Admin console
Policy Name
Pages
Supported on
Category/Field
User & Browser Settings
Chrome OS
Security/SAML single sign-on unlock frequency
User & Browser Settings
Chrome OS
Security/Google online unlock frequency
User & Browser Settings
Chrome Win/Mac/Linux
User experience/Preferred languages
Coming soon
Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.
- Chrome 94 is moving to a 4-week stable channel and introducing an 8-week extended stable channel
Chrome on mobile, Windows, Mac, and Linux will move from its current 6-week release cycle to a 4-week release cycle, allowing security features, new functionality and bug fixes to reach users more quickly. Note that Chrome 94’s shorter development cycle means Chrome 93 will be live in the stable channel for less time as well; specific release dates for both milestones can be found on our schedule.
No action is required for most enterprises, but if you manually update or test new releases of Chrome and prefer a slower release cadence, you'll be able to use the TargetChannel policy to switch Chrome on Mac and Windows to an extended stable channel, with a new release every 8 weeks instead. The option of Extended Stable will be added to the Target Channel Control in the Admin console in Chrome 94. You can find more details in our blog post at blog.chromium.org.
To ensure continuous improvements to the Chrome OS platform, Chrome OS will move to a 4-week stable channel starting with Chrome 96. To bridge the gap between Chrome 94 and Chrome 96, Chrome OS will skip Chrome 95 (see the updated Chrome schedule page for milestone-specific details).
To provide commercial users with another dependably secure stable platform, Chrome OS will also introduce a new channel with a 6-month update cadence by Chrome 96. More details to be announced soon.
Upcoming Chrome browser changes
- As early as Chrome 94, the browser list data will be available for download in CSV format in the Admin console
Chrome will introduce the CSV format as an option to download the browser list data from the Admin console.
- Chrome 94 on iOS will be able to apply .mobileconfig files
A.mobileconfigfile can be used to configure an iPhone, iPod touch, and iPad to work with certain enterprise systems. Since iOS 12.2, mobileconfig files can be downloaded and installed from Safari and Mail apps. Chrome will be able to download these files and continue to settings so the user can apply them.
- Chrome 94 will support usage of Android phones as security keys
When Chrome on a desktop or laptop is signed into the same account as Chrome on an Android phone, that phone can be used as a security key.
This feature requires that the desktop has a Bluetooth Low Energy (BLE) adaptor. Communication between the devices is end-to-end encrypted with keys exchanged over BLE to prove proximity with the phone.
- Chrome 94 will launch What's New in Chrome
What’s New will be an effortless way for users to discover new features. Starting in Chrome 94 some users will see a page that highlights a few features. What’s New will automatically show as the focused tab. You can disable this feature by using the existing PromotionalTabsEnabled enterprise policy.
- Chrome 94 will no longer allow insecure public pages to make requests to private or local URLs
Non-secure contexts served from public IP addresses will no longer be able to make subresource requests to IP addresses belonging to a more private address space (as defined in Private Network Access). For example, http://public.example served on IP 1.2.3.4 will not be able to make requests targeting IP 192.168.0.1 or IP 127.0.0.1. You can control this behavior using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies, which became available for testing in Chrome 92.
- Ability for PWAs to be registered as (platform level) URL handlers
Chrome 94 will run an Origin Trial to allow Progressive Web Apps (PWAs) to register as URL handlers. This means that PWAs can be launched in response to URL link activations, including activations from native apps. PWAs will be allowed to register to handle any https URL, not just URLs from their own app scope. If you’re interested in learning more about PWAs as URL handlers, please refer to this article.
- Launching a sharing hub
In Chrome 94, users will be able to more easily share their current page, including the ability to send the current page to their devices, get a QR code for the current URL, and share to third-party apps. You will be able to control this feature using an enterprise policy called DesktopSharingHubEnabled.
- Chrome 94 will use updated language in managed profile sign-in notice
Chrome 94 will update the notice when users sign into a managed profile. The new notice will have language clarifying that a separate profile is required and the available buttons will be simplified. Some users will see a link to open Chrome in guest mode when they sign in to a new profile that's different from the profile signed in to Chrome.
- Chrome 94 will add a new enterprise policy for the Web Serial API
The Web Serial API allows sites to request access to serial devices (USB, Bluetooth, etc.) through a device selection prompt. In previous Chrome versions, policy controls could only control how the feature was blocked. In Chrome 94, admins will be able to grant a site access to specific (or all) connected serial devices, streamlining workflows by removing the need for users to select the correct device.
- Chrome settings restructure
To aid in navigability, Chrome will replace the single long page in Chrome settings with individual sections. The updated experience will be available starting with Chrome 94.
- Chrome 94 will launch HTTPS-First mode (Android and Desktop)
HTTPS-First mode will attempt to upgrade all page loads to HTTPS and display a full-page warning before loading sites that don’t support it. Users who enable this mode gain confidence that Chrome is connecting them to sites over HTTPS whenever possible, and that they will see a warning before connecting to sites over HTTP. An enterprise policy will exist to disable the use of this mode.
- Chrome 94 will update certificate transparency log list via component updater
Chrome 94 will start using Component Updater to dynamically update the certificate transparency log list, separating these updates from full browser updates, and allowing out-of-date clients to keep enforcing Certificate Transparency.
- Chrome 94 will introduce tab grid bulk actions
Chrome for iOS will add an edit mode to the tab grid to allow easier management of open tabs. Multiple tabs can be selected and then added to the reading list, bookmarked, shared, or closed.
- As early as Chrome 94, Chrome will delete inactive browsers from Chrome Browser Cloud Management
Many enterprise customers have to adhere to regulation around data retention. To aid in this effort, we will launch a new policy that will automatically delete inactive browser information from Google servers.
By default, browsers that do not connect to the Google servers for 365 days will be considered inactive and automatically deleted. Admins will be able to modify the default value.
- Chrome 94 will test Chrome Accuracy Check
Chrome plans to remind users to evaluate the accuracy of information. Chrome Accuracy Check will show users tips for evaluating information quality for news sites when they might be helpful.
- Chrome 94 will remove UserAgentClientHintsEnabled policy
The use of Structured Headers in the User Agent Client Hints, and in particular, the Sec-CH-UA and Sec-CH-UA-Mobile headers, caused some unintended consequences where not all servers were able to accept all characters. An enterprise policy UserAgentClientHintsEnabled was created to disable this feature. This policy will be removed in Chrome 94.
- Chrome 94 will add new Security Events to BeyondCorp Enterprise Threat and Data Protection (Password Leak and Login)
Chrome 94 will add two new Security Events to BeyondCorp Enterprise Threat and Data Protection: Password leak and login. This functionality will allow administrators to understand enterprise credential usage and Shadow IT within their organization, and to stay ahead of potential security incidents regarding passwords exposed in data breaches.
- Chrome 94 will launch an API that allows sites to know when the user is active
Chrome 94 will launch the Idle Detection API, allowing websites to request the ability to query if users are idle, allowing messaging apps to direct notifications to the best device. This was previously in Origin Trial and is now rolled out to Stable.
- Chrome 94 will launch display-capture
The display-capture permissions-policy allows sites to more safely embed documents in an iframe. The display-capture permissions-policy can be used to remove the capability of a document in an iframe initiating a screen-capture. An enterprise policy will be created to control this feature - DisplayCapturePermissionsPolicyEnabled. This policy will be removed in Chrome 100.
- Migrate to Open Screen Library Cast channel
Chrome 95 will use a new implementation to connect to devices that support Cast like Chromecast, Nest Hub and Android TV. Chrome users will not observe any differences in how Cast works.
- Chrome 95 will introduce stricter parsing rules for Legacy Browser Support
Organizations that rely on Legacy Browser Support (LBS) to redirect their users to Microsoft® Edge® or Internet Explorer® can use the BrowserSwitcherParsingMode policy to choose how their site list is interpreted by Chrome. If set to strict mode, Chrome will interpret those rules in the same way as Edge® and Internet Explorer®.
- In Chrome 95, Chrome apps will be deprecated on Mac, Windows, and Linux
As part of the previously-communicated plan to replace Chrome apps with the open web, Chrome apps will no longer function on Mac, Windows, and Linux. For enterprises that need extra time to adjust to the removal of Chrome apps, a policy will be available to extend support for them until June 2022.
- As early as Chrome 95, Chrome will no longer allow TLS 1.0 or TLS 1.1
The SSLVersionMin policy no longer allows setting a minimum version of TLS 1.0 or 1.1. This means the policy can no longer be used to suppress Chrome's interstitial warnings for TLS 1.0 and 1.1. Administrators must upgrade any remaining TLS 1.0 and 1.1 servers to TLS 1.2.
In Chrome 91 we announced that the policy no longer works, but users could still bypass the interstitial. As early as Chrome 95, it will no longer be possible to bypass the interstitial.
- As early as Chrome 95, the network Service on Windows will be sandboxed
To improve the security and reliability of the service, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service will be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. You'll be able to disable the change with an enterprise policy when it becomes available.
- Chrome 95 will conduct an Origin Trial for User-Agent Reduction
Chrome 95 will be conducting an Origin Trial for the fully reduced User-Agent string. We would like sites to begin participating in the trial so we may collect feedback and allow sites to have ample time to address breakage. The reduced User-Agent string will appear in both the User-Agent HTTP request header as well as the JavaScript APIs that access the User-Agent string (navigator.userAgent,navigator.appVersion,navigator.platform). The Origin Trial will last six milestones until the reduced User-Agent string becomes the default in Chrome, with a deprecation Origin Trial to continue receiving the full User-Agent string for those sites that still need more time to migrate. Enterprises can opt in to the Origin Trial here when it is available.
- Chrome 95 will deprecate WebAssembly cross-origin module sharing
Chrome 95 will prevent WebAssembly module sharing between cross-origin but same-site environments.This will allow agent clusters to be tied to origins in the long-term. This change conforms to recent changes in the WebAssembly spec.
If your enterprise needs any additional time to adjust to this change, a temporary enterprise policy will be made available to allow module sharing for cross-origin same-site environments.
- As early as Chrome 95, Apps shortcut in the Bookmarks Bar will default to off
Chrome will make the Apps shortcut in the bookmark bar default to off and update the current state for all users to the new default (off).
- As early as Chrome 97, Chrome may leverage MiraclePtr to improve security
Chrome will leverage MiraclePtr to reduce the risk of security vulnerabilities relating to memory safety. The Chrome team gathered data on the performance cost of MiraclePtr in Chrome 91, but domain-joined enterprises on the stable channel were excluded from MiraclePtr builds during that phase. A full release of MiraclePtr in Chrome is planned as early as Chrome 97.
- As early as Chrome 97, Chrome will maintain its own default root store
To improve user security, and provide a consistent experience across different platforms, Chrome intends to maintain its own default root store. If you are an enterprise admin managing your own Certificate Authority (CA), you should not have to manage multiple root stores. We do not anticipate any changes will be required for how enterprises currently manage their fleet and trusted enterprise CAs, such as through group policy, macOS Keychain Access, or system management tools like Puppet.
- Chrome 97 will remove legacy policies with non-inclusive names
Chrome 86 through Chrome 90 introduced new policies to replace policies with less inclusive names. To minimize disruption for existing managed users, both the old and the new policies currently work. This transition time is to ensure it's easy for you to move to and test the new policies in Chrome.
Note: If both the legacy policy and the new policy are set for any row in the table below, the new policy will override the legacy policy.
This transition period will end in Chrome 97, and the following policies in the left column will no longer function. This change was originally announced for Chrome 95, but has been extended to Chrome 97.
Please ensure you're using the corresponding policy from the right column instead:
Legacy Policy Name
New Policy Name
NativeMessagingBlacklist
NativeMessagingBlocklist
NativeMessagingWhitelist
NativeMessagingAllowlist
AuthNegotiateDelegateWhitelist
AuthNegotiateDelegateAllowlist
AuthServerWhitelist
AuthServerAllowlist
SpellcheckLanguageBlacklist
SpellcheckLanguageBlocklist
AutoplayWhitelist
AutoplayAllowlist
SafeBrowsingWhitelistDomains
SafeBrowsingAllowlistDomains
ExternalPrintServersWhitelist
ExternalPrintServersAllowlist
NoteTakingAppsLockScreenWhitelist
NoteTakingAppsLockScreenAllowlist
PerAppTimeLimitsWhitelist
PerAppTimeLimitsAllowlist
URLWhitelist
URLAllowlist
URLBlacklist
URLBlocklist
ExtensionInstallWhitelist
ExtensionInstallAllowlist
ExtensionInstallBlacklist
ExtensionInstallBlocklist
UserNativePrintersAllowed
UserPrintersAllowed
DeviceNativePrintersBlacklist
DevicePrintersBlocklist
DeviceNativePrintersWhitelist
DevicePrintersAllowlist
DeviceNativePrintersAccessMode
DevicePrintersAccessMode
DeviceNativePrinters
DevicePrinters
NativePrinters
Printers
NativePrintersBulkConfiguration
PrintersBulkConfiguration
NativePrintersBulkAccessMode
PrintersBulkAccessMode
NativePrintersBulkBlacklist
PrintersBulkBlocklist
NativePrintersBulkWhitelist
PrintersBulkAllowlist
UsbDetachableWhitelist
UsbDetachableAllowlist
QuickUnlockModeWhitelist
QuickUnlockModeAllowlist
AttestationExtensionWhitelist
AttestationExtensionAllowlist
PrintingAPIExtensionsWhitelist
PrintingAPIExtensionsAllowlist
AllowNativeNotifications
AllowSystemNotifications
DeviceUserWhitelist
DeviceUserAllowlist
NativeWindowOcclusionEnabled
WindowOcclusionEnabled
If you're managing Chrome via the Admin console (for example, Chrome Browser Cloud Management), no action is required; the Admin console will manage the transition automatically.
- As early as Chrome 98, different-origin iframes will no longer trigger JavaScript dialogs
Chrome will prevent iframes from triggering prompts (window.alert,window.confirm,window.prompt) if the iframe is a different origin from the top-level page. This change will prevent embedded content from spoofing the user into believing a message is coming from the website they're visiting, or from Chrome itself. Please note that this change was originally planned for Chrome 92, but has been postponed until at least Chrome 98 due to the feedback we received on this change. You can test if this future change will affect applications now by setting the enable_features=SuppressDifferentOriginSubframeJSDialogs flag.
Additional resources
- For emails about future releases, sign up here.
- To try out new features before they're released, sign up for the trusted tester program.
- Connect with other Chrome Enterprise IT admins through the Chrome Enterprise Customer Forum.
- How Chrome releases work—Chrome Release Cycle
- Chrome Browser downloads and Chrome Enterprise product overviews—Chrome Browser for enterprise
- Chrome version status and timelines—Chrome Platform Status | Google Update Server Viewer
- Announcements: Chrome Releases Blog | Chromium Blog
- Developers: Learn about changes to the web platform and features planned for upcoming releases.
Still need help?
- Google Workspace, Cloud Identity customers (authorized access only)—Contact support
- Chrome Browser Enterprise Support—Sign up to contact a specialist
- Chrome Administrators Forum
- Chrome Enterprise Help Center
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.