Chrome Enterprise and Education release notes

Chrome browser updates	Security	User productivity/ Apps	Management
Removing setTimeout(,0) clamping to 1ms		✓
Deprecation Origin Trial for UA reduction	✓
Chrome Browser Cloud Management maintains compatibility with the most recent 12 versions of Chrome			✓
Chrome supports notification permission changes on Android 13 and above		✓
Chrome removes support for WebSQL in a third-party context	✓
Compare search results with new Side Search feature		✓
Control camera and microphone permissions in on iOS		✓
Chrome runs prerendering autocomplete suggestions from the Omnibox		✓
Chrome removes legacy policies with non-inclusive names			✓
New and updated policies in Chrome browser			✓
Chrome OS updates	Security	User productivity/ Apps	Management
Network-based recovery for Chrome OS			✓
Policy support for additional openVPN settings			✓
UI-based firmware updates for peripherals		✓
Crostini upgrade to Debian 11 (Bullseye)			✓
UI improvements for the Camera app		✓
Cursive canvas lock		✓
Forced reboots across managed devices			✓
Admin console updates	Security	User productivity/ Apps	Management
Identification variables for Android managed configuration policy			✓
New policies in the Admin console			✓
Upcoming Chrome browser changes	Security	User productivity/ Apps	Management
Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 102		✓	✓
Privacy Sandbox updates in Chrome 102	✓
Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022			✓
Chrome to send Private Network Access preflights for subresources as early as Chrome 102	✓
Chrome will use MiraclePtr to improve security as early as Chrome 102	✓
MetricsReportingEnabled policy available on Android in Chrome 102			✓
Chrome 103 will use case-matching on CORS preflight requests	✓
Chrome Actions on iOS in Chrome 103		✓
Network Service on Windows will be sandboxed in Chrome 104	✓
Default to origin-keyed agent clustering in Chrome 106	✓
Chrome 107 will replace master_preferences with initial_preferences			✓
Upcoming Admin console changes	Security	User productivity/ Apps	Management
New CSV export for some Admin console reports in Chrome 103		✓	✓

 

DOWNLOAD Release notes (PDF)

↑ back to top

 

The enterprise release notes are available in 8 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, and Japanese. Please allow 1 to 2 weeks for translation for some languages.
 

Chrome browser updates

   

 

• Removing setTimeout(,0) clamping to 1ms   
  
  Chrome 101 removes a web intervention for some users that clamped setTimeout(,0) timers to 1ms. In Chrome 101, those users see timers fire immediately. Note that nested timer calls clamp to 4ms after repeated nested calls. This change brings Chrome in line with web specifications and might improve performance on some pages.
  
  It's possible that this change will introduce bugs in web applications that rely on the current clamped behavior. If you have any apps affected by this change, you can use the SetTimeoutWithout1MsClampEnabled policy to revert to the Chrome 100 behavior.

   

 

• Deprecation Origin Trial for UA reduction   
  
  As previously announced, Chrome 101 protects user privacy by reducing the granularity of information in the User-Agent string. In this phase, the MINOR.BUILD.PATCH version info is reduced to 0.0.0. If a site needs this information, it should migrate to the User Agent Client Hints API. Sites that need more time to test or migrate can take advantage of a Deprecation Trial, which started in Chrome 100.
  
  You can also control this using the UserAgentReduction enterprise policy. You can test the new reduced-granularity User-Agent string by setting the policy to 2, or you can delay the change while you update your apps by setting it to 1.

   

 

• Chrome Browser Cloud Management maintains compatibility with the most recent 12 versions of Chrome   
  
  Starting with Chrome 101, Chrome Browser Cloud Management maintains compatibility with the most recent 12 versions of Chrome. Older versions may lose some Chrome Browser Cloud Management features without notice, or behave unexpectedly. For your security, you should keep Chrome auto-update enabled, which keeps your fleet on the most recent version of Chrome. If you manage Chrome updates manually, staying close to the most recent version both keeps your users safer, and ensures you stay within the compatibility window.

   

 

• Chrome 101 supports notification permission changes in Android 13 and above   
  
  Android 13 is changing the way push notification permissions behave by default. All Android apps require users to explicitly allow OS notification permissions, as opposed to Android 12 and earlier where it was granted by default. Chrome running on Android 13 now prompts the user for permission at app launch up to two times.

   

 

• Chrome removes support for WebSQL in a third-party context   
  
  The WebSQLInThirdPartyContextEnabled policy was introduced to give admins additional time to react to the removal of WebSQL in a third-party context. As planned, this policy is removed in Chrome 101.

   

 

• Compare search results with new Side Search feature   
  
  Side Search allows users to compare search results via a side panel UI to get the right answer faster. This means users can view a page and the search results at the same time, without needing to navigate back and forth or losing their search results. This is helpful for users who are actively searching for something and need more than one site, for example, planning an employee dinner, putting together presentations, and so on. You can control this feature using the SideSearchEnabled policy.

   

 

• Control camera and microphone permissions on iOS   
  
  In Chrome 101, after granting Chrome both app level and site level permission to use the camera or microphone, users can now control camera or microphone usage. Users can tap the icon on the left of the location bar to trigger a popup that shows switches to control the camera or microphone. Alternatively, users can go to Site Information in the context menu and do the same.

   

 

• Chrome runs prerendering autocomplete suggestions from the Omnibox   
  
  Chrome 101 enables Omnibox, or URL bar, prerendering. With this feature, Chrome starts prerendering the high-confidence Omnibox autocomplete suggestions. Chrome is currently prefetching resources for high-confidence suggestions using No-state Prefetch, but with this feature we can further process the webpage, including DOM tree construction and script execution. Enterprises can opt-out of this feature using the NetworkPredictionOptions policy.

   

 

• Chrome removes legacy policies with non-inclusive names   
  
  Chrome 86 through Chrome 90 introduced new policies to replace policies with less inclusive names (for example, whitelist, blacklist). In order to minimize disruption for existing managed users, both the old and the new policies currently work.
  
  This transition period was originally planned for Chrome 95, but was extended to Chrome 101 to give admins more time to transition their policies. In Chrome 101, the policies in the left column of the following table no longer function. Please ensure you're using the corresponding policy from the right column instead:
   

  Legacy Policy Name	New Policy Name
  NativeMessagingBlacklist	NativeMessagingBlocklist
  NativeMessagingWhitelist	NativeMessagingAllowlist
  AuthNegotiateDelegateWhitelist	AuthNegotiateDelegateAllowlist
  AuthServerWhitelist	AuthServerAllowlist
  SpellcheckLanguageBlacklist	SpellcheckLanguageBlocklist
  AutoplayWhitelist	AutoplayAllowlist
  SafeBrowsingWhitelistDomains	SafeBrowsingAllowlistDomains
  ExternalPrintServersWhitelist	ExternalPrintServersAllowlist
  NoteTakingAppsLockScreenWhitelist	NoteTakingAppsLockScreenAllowlist
  PerAppTimeLimitsWhitelist	PerAppTimeLimitsAllowlist
  URLWhitelist	URLAllowlist
  URLBlacklist	URLBlocklist
  ExtensionInstallWhitelist	ExtensionInstallAllowlist
  ExtensionInstallBlacklist	ExtensionInstallBlocklist
  UserNativePrintersAllowed	UserPrintersAllowed
  DeviceNativePrintersBlacklist	DevicePrintersBlocklist
  DeviceNativePrintersWhitelist	DevicePrintersAllowlist
  DeviceNativePrintersAccessMode	DevicePrintersAccessMode
  DeviceNativePrinters	DevicePrinters
  NativePrinters	Printers
  NativePrintersBulkConfiguration	PrintersBulkConfiguration
  NativePrintersBulkAccessMode	PrintersBulkAccessMode
  NativePrintersBulkBlacklist	PrintersBulkBlocklist
  NativePrintersBulkWhitelist	PrintersBulkAllowlist
  UsbDetachableWhitelist	UsbDetachableAllowlist
  QuickUnlockModeWhitelist	QuickUnlockModeAllowlist
  AttestationExtensionWhitelist	AttestationExtensionAllowlist
  PrintingAPIExtensionsWhitelist	PrintingAPIExtensionsAllowlist
  AllowNativeNotifications	AllowSystemNotifications
  DeviceUserWhitelist	DeviceUserAllowlist
  NativeWindowOcclusionEnabled	WindowOcclusionEnabled

  
  
  If both the legacy policy and the new policy are set for any row in the table above, the new policy overrides the legacy policy. 
  
  If you're managing Chrome via the Admin console (for example, Chrome Browser Cloud Management), no action is required; the Admin console manages the transition automatically.

   

 

• New and updated policies in Chrome browser   
   

  Policy	Description
  SideSearchEnabled	Allow showing the most recent default search engine results page in a browser side panel.
  CloudReportingUploadFrequency	Frequency of cloud reporting in hours.
  OptimizationGuideFetchingEnabled	Enable Optimization Guide Fetching.
  WebSQLAccess	Force WebSQL to be enabled.
  SetTimeoutWithout1MsClampEnabled	Control Javascript setTimeout() function minimum timeout.

   

   

Chrome OS updates

   

 

• Network-based recovery for Chrome OS   
  
  Network-based recovery provides a built-in recovery mechanism for Chrome OS that doesn’t need external tools such as a USB stick, an Android device, a second computer, a USB cable, and so on. It is available on most of the new Chrome OS devices launching after April 20, 2022.

   

 

• Policy support for additional openVPN settings   
  
  Additional OpenVPN properties can now be set in the Admin console when configuring a managed VPN connection. This includes packet authentication and encryption algorithms, compression algorithm, key direction, and TLS auth key.

   

 

• UI-based firmware updates for peripherals   
  
  Chrome OS now performs firmware updates for peripherals using fwupd, an open source firmware update framework. The previous automatic firmware update approach has its limits as major market players introduce significant changes requiring long update sessions, which can sometimes cause devices to malfunction.
  
  Using fwupd, Chrome OS provides a UI for firmware updates for peripheral devices, allowing users to perform the update when needed.

   

 

• Crostini upgrades to Debian 11 (Bullseye)   
  
  When users signed up for Crostini, they received a container with Debian 10 (Buster). Debian 11 (Bullseye) is now stable and used for new Crostini installs. We recommend that existing Crostini users upgrade to Bullseye  to access new features and simplify support.
  
  Chrome  allows users to trigger an upgrade, both via a prompt that occurs at certain times, as well as through Settings. The upgrade displays progress to the user and explains any errors that might occur.
  
  In addition, Chrome 101 now stores an upgrade log, in Downloads, and notifies the user about it, so it's easier to troubleshoot upgrade issues.

   

 

• UI improvements for the Camera app   
  
  Chrome 101 includes improvements for the Chrome OS Camera app, to make it simpler and easier to use. On the left-side tool, it is easier to access the different options and users can now clearly see what feature is currently turned on or off. Under the Settings tab, we’ve made all Camera options more readable and easier to find. 

   

 

• Cursive canvas lock   
  
  A new canvas lock toggle in Cursive allows you to quickly enable or disable pan and zoom for the canvas. This helps avoid any accidental movements of the canvas while you write. You can turn on canvas lock from the 3-dot menu, and then quickly toggle it using a button on top of the canvas.

   

 

• Forced reboot across managed devices   
  
  Admins can now automate the reboot process across managed devices. To help reduce operational overhead and improve certain application flows, you can schedule recurring device reboots across kiosks, managed guest and standard user sessions. This essentially forces the device to reboot, even during an active session.

 

Admin console updates

   

 

• Identification variables for Android managed configuration policy   
  
  Managed configuration files can now include placeholders that Chrome OS substitutes for the indicated value(s) before providing the configuration file to the Android app. Admins can work with the Android app developer to determine what values to use in a custom policy. All values are optional. See the help center for more details on specific identification variables.

   

 

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  CORSNonWildcardRequestHeadersSupport	User & Browser Settings	Chrome Chrome OS Android	Network > CORS non-wildcard request headers support
  TouchVirtualKeyboardEnabled	User & Browser Settings Managed Guest Session	Chrome OS	Accessibility > On-screen keyboard in tablet mode
  DeviceRestrictedManagedGuestSessionEnabled	Device Settings	Chrome OS	Imprivata > Shared Kiosk mode
  RestrictedManagedGuestSessionExtensionCleanupExemptList	Device Settings	Chrome OS	Imprivata > Shared apps & extensions
  FastPairEnabled	User & Browser Settings Managed Guest Session	Chrome OS	Other settings > Fast Pair (fast Bluetooth pairing)

   

   

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

   

 

• Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 102   
  
  As previously announced, Chrome apps will be phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 102 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy called ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 releases.
  
  If you're force-installing any Chrome apps, users will be shown a message stating that the app is no longer supported. To fix this, remove the extension ID from the force-install extension list, and if necessary they can add the corresponding install_url to the Web App force install list. For common Google apps, the install_urls are listed below:
   

  Property	Extension ID (Chrome App)	install_url (PWA / Web App)
  Gmail	pjkljhegncpnkpknbcohdijeoejaedia	https://mail.google.com/mail/ installwebapp?usp=admin
  Docs	aohghmighlieiainnegkcijnfilokake	https://docs.google.com/document/ installwebapp?usp=admin
  Drive	apdfllckaahabafndbhieahigkjlhalf	https://drive.google.com/drive/ installwebapp?usp=admin
  Sheets	felcaaldnbdncclmgdcncolpebgiejap	https://docs.google.com/spreadsheets/ installwebapp?usp=admin
  Slides	aapocclcgogkmnckokdopfmhonfmgoek	https://docs.google.com/presentation/ installwebapp?usp=admin
  Youtube	blpcfgokakmgnkcojhhkbfbldkacnbeo	https://www.youtube.com/s/notifications/ manifest/cr_install.html

   

   

   

 

• Privacy Sandbox updates in Chrome 102   
  
  The Privacy Sandbox release in Chrome 102 will provide controls for the new Topics & Interest Group APIs. It will also introduce a one-time dialog that explains Privacy Sandbox to users and will allow them to manage their preferences. This dialog will not be shown for Guest users or managed EDU users.
  
  Admins will be able to prevent the dialog from appearing for their managed users by controlling third party cookies explicitly via policy:
   
  • To allow third party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to disabled 
  • To disallow third party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to enabled. This may cause some sites to stop working.
  Privacy Sandbox features will also be disabled, and no dialog shown, if DefaultCookiesSetting is set to Do not allow any site to set local data.

   

 

• Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022   
  
  As part of the gradual deprecation of Manifest V2, the Chrome Web Store stopped accepting submissions of new Public or Unlisted Manifest V2 extensions after January 17, 2022. In June 2022, Chrome expands this restriction to new extensions with Private visibility, which may have a more significant impact on Enterprise extension workflows. Extensions that are already submitted can continue to be updated until January 2023.
  
  For more details, refer to the Manifest V2 support timeline.

   

 

• Chrome will send Private Network Access preflights for subresources as early as Chrome 102   
  
  As early as Chrome 102, Chrome plans to send a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices.
  
  In a future milestone of Chrome, the response must carry a matching Access-Control-Allow-Private-Network: true header.
  
  A private network request is any request from a public website to a private IP address or localhost, or from a private website, for example, an intranet, to localhost. Sending a preflight request mitigates the risk of cross-site request forgery attacks against private network devices such as routers, which are often not prepared to defend against this threat.

   

 

• Chrome will use MiraclePtr to improve security as early as Chrome 102   
  
  MiraclePtr is a technology that reduces the risk of security vulnerabilities relating to memory safety. Chrome is currently testing the impacts of MiraclePtr for some users. A full release is planned as early as Chrome 102.

   

 

• MetricsReportingEnabled policy available on Android in Chrome 102 
  
  Chrome-on-Android will slightly modify the first run experience to support the MetricsReportingEnabled policy.  If the admin has disabled metrics reporting, there will be no change. If the admin has enabled metrics, users will still be able to disable it.

   

 

• Chrome 103 will use case-matching on CORS preflight requests   
  
  Chrome 101 and below uppercases request methods when matching with Access-Control-Allow-Methods response headers in CORS preflight. Chrome 101 doesn't uppercase request methods, except for those normalized in the spec https://fetch.spec.whatwg.org/#concept-method-normalize, and so requires exact case-sensitive matching.
  
  Previously accepted, but now rejected:
  
      Request: fetch(url, {method: 'Foo'})
      Response Header: Access-Control-Allow-Methods: FOO
  
  Previously rejected, but now accepted:
  
      Request: fetch(url, {method: 'Foo'})
      Response Header: Access-Control-Allow-Methods: Foo
  
  Note: post and put are not affected because they are in https://fetch.spec.whatwg.org/#concept-method-normalize, while patch is affected.

   

 

• Chrome Actions on iOS in Chrome 103   
  
  Chrome Actions help users get things done fast, directly from the address bar. We first released Chrome Actions on desktop a couple of years ago, with Actions like Clear browsing data. In Chrome 103, we will bring some of them to Chrome on iOS, like:
   
  • Manage passwords
  • Open Incognito tab
  • Clear browsing data
  • And more!
  
  
  Chrome on iOS will allow users to take actions directly from the address bar, like clearing browsing data, using a button that will appear among auto-complete suggestions. This feature is already available on desktop platforms.

   

 

• Chrome 104 will no longer support OS X 10.11 and macOS 10.12   
  
  Chrome 104 will no longer support macOS versions 10.11 and 10.12, which are already outside of their support window with Apple. Users will have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security.

   

 

• Network Service on Windows will be sandboxed in Chrome 104   
  
  As early as Chrome 104, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service might be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy will allow you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

• Default to origin-keyed agent clustering in Chrome 106   
  
  As early as Chrome 106, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior.  
  
  Note: document.domain has no effect if only one document sets it.
  
  An enterprise policy will be available to extend the current behavior.

   

 

• Chrome 107 will replace master_preferences with initial_preferences   
  
  Initial preferences allow you to deploy default preferences when users first open Chrome browser. The initial_preferences file will replace the master_preferences file, which accomplished the same thing before Chrome 91. To minimize disruption, Chrome currently accepts both master_preferences and initial_preferences. In Chrome 107, Chrome will stop accepting the old master_preferences file name, and only accept the file if it is named initial_preferences.
  
  Please ensure that if you're using initial preferences, that the file is named initial_preferences and not master_preferences. You do not need to change the contents of the file in any way.

 

Upcoming Admin console changes

   

 

• New CSV export for some Chrome Admin console reports in Chrome 103   
  
  As early as Chrome 103, Chrome will introduce a new CSV download option for the Apps & Extensions Usage report data and the Versions report data.
  
  

Chrome browser updates	Security	User productivity/ Apps	Management
Screen sharing fix for macOS		✓
Chrome major version number reaches 100		✓
Updates for Legacy Browser Support <open-in> rules			✓
Chrome 100 removes the AllowSyncXHRInPageDismissal policy			✓
New WebHID enterprise policies			✓
Chrome 100 removes Lite Mode on Android			✓
Chrome Actions introduced on Android		✓
Chrome on Android supports login using QR codes	✓
Updates to the Certificate Transparency policy	✓
Multi-Screen Window Placement API stable launch		✓
Changes to tab-sharing blue border behavior		✓
Chrome on iOS users can choose their default website view		✓
Chrome adds Google Account-tied tokens to Enhanced Safe Browsing pings	✓
Dismiss password alerts on Desktop	✓	✓
Chrome expands SCT auditing to more users	✓
Chrome no longer supports TLS 1.0/1.1 on Android WebView	✓
Enterprise policies are available for new users on iOS			✓
New and updated policies in Chrome browser			✓
Chrome OS updates	Security	User productivity/ Apps	Management
Chrome OS Dictation text editing		✓
Chrome OS Flex	✓	✓	✓
Admin console updates	Security	User productivity/ Apps	Management
Chrome Browser Cloud Management (CBCM) supports Chrome on Android		✓	✓
Remotely connect to any device from the Admin console			✓
New policies in the Admin console			✓
Upcoming Chrome browser changes	Security	User productivity/ Apps	Management
Chrome 101 will remove setTimeout clamping to 1ms		✓
Chrome 101 will add new CSV Export for some Chrome Admin console reports			✓
Deprecation Origin Trial for UA Reduction in Chrome 101	✓
Chrome Browser Cloud Management will maintain compatibility with the most recent 12 versions of Chrome			✓
Chrome 101 will support Android 13 and above notification permission changes		✓
MetricsReportingEnabled policy available in Chrome 101 on Android			✓
Privacy Sandbox updates in Chrome 101	✓
WebSQLInThirdPartyContextEnabled will be removed in Chrome 101	✓
Compare search results with new Side Search feature in Chrome 101		✓
Legacy policies with non-inclusive names will be removed in Chrome 101			✓
Chrome apps will no longer work in Chrome 102 on Windows, Mac, and Linux		✓	✓
Chrome 102 to use case-matching on CORS preflight requests	✓
Chrome 102 to send Private Network Access preflights for subresources	✓
Chrome will use MiraclePtr to improve security	✓
Network Service on Windows to be sandboxed in Chrome 102	✓
Default to origin-keyed agent clustering in Chrome 106	✓

↑ back to top

 

The enterprise release notes are available in 8 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, and Japanese. Please allow 1 to 2 weeks for translation for some languages.
 

Chrome browser updates

   

 

• Screen sharing fix for macOS   
  
  If your users are having trouble sharing their screens on macOS, please see this guide for instructions on how to fix it.

   

 

• Chrome major version number reaches 100   
  
  Chrome is now on a 3-digit version number.  When browsers went from version 9 to 10, the increase in the number of digits uncovered many issues in User-Agent string parsing libraries.
  
  An Enterprise policy ForceMajorVersionToMinorPositionInUserAgent is available to control whether the User-Agent string major version should be frozen at 99. If you have an app that is broken in version 100 due to a User-Agent parsing error, you can set the policy to 2 and the User-Agent string freezes the major version at 99 and includes the browser's major version in the minor position.

   

 

• Updates for Legacy Browser Support <open-in> rules   
  
  When the BrowserSwitcherParsingMode policy is set to IE-compatible, Chrome updates the Legacy Browser Support rules:
   
  • For v2 sitelists, <open-in> behavior is changed in the following ways:
    • <open-in>None</open-in> entries are treated as a greylist, and will open in any browser, rather than as inverted sitelist entries.
    • <open-in>MSEdge</open-in> entries will open in Chrome, as Windows treats this to mean the default, modern browser.
    • Anything unspecified opens in any browser, the same as greylist entries
  • For v1 sitelists, doNotTransition="true" entries  are treated as a greylist, and will open in any browser, rather than as inverted sitelist entries.
  
  To mitigate disruption, this change only applies if you set BrowserSwitcherParsingMode policy is set to 1.
  
  The documentation for Legacy Browser Support can be found here.

   

 

• Chrome 100 removes the AllowSyncXHRInPageDismissal policy   
  
  The AllowSyncXHRInPageDismissal policy was introduced in Chrome 78 to give enterprises more time to adapt to the removal of synchronous XHR requests during page dismissal. Though this policy was originally planned to be removed in Chrome 93, the transition period was extended to allow developers more time to adapt. This transition period is now closed and Chrome 100 removes this policy.

   

 

• New WebHID enterprise policies   
  
  As early as Chrome 100, Chrome adds new policies to manage the WebHID API. DefaultWebHidGuardSetting configures the default API behavior for all URLs and can be configured to allow origins to Ask for new device permissions or Block all permission requests. The WebHidAskForUrls and WebHidBlockedForUrls policies override the default policy for specific URLs.
  
  Three new policies are added for automatically granting device permissions. URLs contained in the WebHidAllowAllDevicesForUrls policy will be automatically granted permissions for any connected device. The WebHidAllowDevicesForUrls and WebHidAllowDevicesWithHidUsagesForUrls policies can be used to grant narrower permissions by matching against vendor and product IDs or application collection usages in the HID report descriptor.

   

 

• Chrome 100 removes Lite Mode on Android   
  
  Lite Mode was a way to reduce data usage on Android devices. Since its introduction, the cost of data has been reduced in many countries, and Chrome has invested in other ways to save data. As a result, Lite Mode is no longer available, including the DataCompressionProxyEnabled policy used to control it.

   

 

• Chrome Actions introduced on Android   
  
  Chrome Actions help users get things done fast, directly from the address bar. We first released Chrome Actions on desktop a couple of years ago, with Actions like Clear browsing data. Now, we’re bringing some of them to Chrome on Android, like:
   
  • Manage passwords
  • Open Incognito tab
  • Clear browsing data
  • And more!
  
  Chrome on Android allows users to take actions directly from the address bar, like clearing browsing data, using a button that appears among auto-complete suggestions. This feature is already available on desktop platforms.

   

 

• Chrome on Android supports login using QR codes   
  
  Chrome 100 allows users to use any Android phone as a security key by scanning a QR code. Previously, only phones that were syncing to the same Google account as the desktop could be used. Bluetooth is still required to show proximity. 
  
  

   

 

• Updates to the Certificate Transparency policy   
  
  In Chrome 100, the Certificate Transparency requirements in Chrome change; certificates are no longer required to include signed certificate timestamps (SCTs) from one Google operated and one non-Google operated log, and instead are required to include SCTs from at least two logs from different operators. Additionally, the amount of SCTs required for certificates with a lifetime between 180 days and 15 months increase, from 2 to 3. The existing policies that allow selectively disabling CT enforcement (CertificateTransparencyEnforcementDisabledForCas, CertificateTransparencyEnforcementDisabledForLegacyCas, and CertificateTransparencyEnforcementDisabledForUrls) continue to work.

   

 

• Multi-Screen Window Placement API stable launch   
  
  Multi-Screen Window Placement API adds new screen information APIs and makes incremental improvements to existing window placement APIs, allowing web applications to offer compelling multi-screen experiences. The existing singular window.screen offers a limited view of available screen space, and window placement functions generally clamp bounds to the current screen. This feature unlocks modern multi-screen workspaces for web applications.
  
  A new set of policies, DefaultWindowPlacementSetting, WindowPlacementAllowedForUrls, and WindowPlacementBlockedForUrls, lets admins force their fleet to employ a default setting and automatically accept or deny the Window Placement permission without prompting the user, per origin.

   

 

• Changes to tab-sharing blue border behavior   
  
  When a user shares their tab, the blue border used to indicate that a tab is being shared no longer appears around the whole tab. Instead, only the captured content has a blue border.
  
  

   

 

• Chrome on iOS users can choose their default website view   
  
  In Chrome on iOS, users can choose the default view, Desktop or Mobile, in which the websites are requested. You can access this from Settings.

   

 

• Chrome adds Google Account-tied tokens to Enhanced Safe Browsing pings   
  
  For users who consented to Enhanced Safe Browsing and are signed in to their Google accounts, Chrome adds Google Account-tied tokens to various incident reporting pings, except when in Incognito mode. This enables better tailored protection after encountering Safe Browsing warnings.
  
  You control this feature on your environment using the SafeBrowsingProtectionLevel enterprise policy.

   

 

• Dismiss password alerts on Desktop   
  
  To reduce noise from unnecessary alerts, Chrome Desktop users can now dismiss password alerts for compromised passwords. You can prevent end users from dismissing password alerts with the PasswordDismissCompromisedAlertEnabled policy.

   

 

• Chrome expands SCT auditing to more users   
  
  As part of Chrome's Certificate Transparency protections, Chrome expands the existing signed certificate timestamp (SCT) auditing to all users that have Safe Browsing enabled. With this change, Chrome makes rare — less than one in 10,000 TLS connections — privacy-preserving queries to Google to ensure that Certificate Transparency logs are operating correctly. If a query detects a misbehaving log, the client will provide evidence of that misbehavior (the certificate chain and all SCTs) to Google. Chrome does not share certificates that are not issued by publicly trusted root certificates. CT ensures that all certificates or SCTs from publicly trusted roots are already public information, and no additional data is collected.

   

 

• Chrome no longer supports TLS 1.0/1.1  on Android WebView   
  
  In Chrome 98, TLS 1.0/1.1 support was fully removed from Chrome on Windows, Mac, Linux, Android, and iOS. Starting in Chrome 100, TLS 1.0/1.1 is no longer supported on Android WebView. This might affect Android Apps using WebView which rely on connecting to a server that does not support TLS 1.2 or higher. Please update any servers to support modern TLS versions.

   

 

• Enterprise policies are available for new users on iOS   
  
  Chrome 100 on iOS checks for enterprise policies at the very beginning of a user’s first run experience, so that the user's experience immediately corresponds to the enterprise configuration.

   

 

• New and updated policies in Chrome browser   
   

  Policy	Description
  PasswordDismissCompromisedAlertEnabled	Enable dismissing compromised password alerts for entered credentials.
  AllHttpAuthSchemesAllowedForOrigins	List of origins allowing all HTTP authentication.
  DefaultWebHidGuardSetting	Control use of the WebHID API.
  WebHidAskForUrls	Allow the WebHID API on these sites.
  WebHidBlockedForUrls	Block the WebHID API on these sites.
  WebHidAllowAllDevicesForUrls	Automatically grant permission to sites to connect to any HID device.
  WebHidAllowDevicesForUrls	Automatically grant permission to these sites to connect to HID devices with the given vendor and product IDs.
  WebHidAllowDevicesWithHidUsagesForUrls	Automatically grant permission to these sites to connect to HID devices containing top-level collections with the given HID usage.
  OriginAgentClusterDefaultEnabled	Allows origin-keyed agent clustering by default.
  DefaultWindowPlacementSetting	Default Window Placement permission setting.
  WindowPlacementAllowedForUrls	Allow Window Placement permission on these sites.
  WindowPlacementBlockedForUrls	Block Window Placement permission on these sites.
  ExemptDomainFileTypePairsFromFileTypeDownloadWarnings	Disable download file type extension-based warnings for specified file types on domains.

 

Chrome OS updates

   

 

• Chrome OS Dictation text editing   
  
  Dictation lets you use your voice to dictate text anywhere you would usually type on your Chromebook. Now, you can also edit text with your voice using commands like delete, undo, or select all. This feature is particularly useful for those who have motor impairments or anyone who prefers to use their voice to type.
  
  We’re initially launching with a small number of commands; we plan to add more in the future. Try it out by turning on dictation under Settings > Accessibility > Keyboard and text input. Whenever you are in a text area, you can select Search + d to activate dictation.

   

 

• Chrome OS Flex   
  
  We announced early access to a new version of Chrome OS bringing the benefits of Chrome OS to PCs and Macs. Chrome OS Flex is the cloud-first, fast, easy-to manage, and secure operating system for PCs and Macs. Chrome OS Flex is now on the beta channel and since launch, 100+ more devices have been verified to work with Chrome OS Flex. Try it out and share your feedback to help us shape this product.

 

Admin console updates

   

 

• Chrome Browser Cloud Management (CBCM) supports Chrome on Android   
  
  CBCM now supports enrolling Chrome on Android and sends reporting information back to the Admin console. Admins can get reporting information on policies that have been enabled, the OS version, model name, and other important data. More details are in our help center.

   

 

• Remotely connect to any device from the Admin console   
  
  Admins can now establish a remote Chrome Remote Desktop (CRD) connection using a remote command under Device details for any device with an affiliated user or managed guest session. Previously, this feature was only available for devices in kiosk mode. More details are in our help center.

   

 

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  SandboxExternalProtocolBlocked	User & Browser Settings; Managed Guest Session	Chrome Chrome OS	Content > iframe navigation
  NetworkServiceSandboxEnabled	User & Browser Settings	Browser	Network > Network service sandbox
  UserAgentReduction	User & Browser Settings; Managed Guest Session	Chrome Chrome OS Android	Network > User-Agent Reduction
  UserAgentClientHintsGREASEUpdateEnabled	User & Browser Settings; Managed Guest Session	Chrome Chrome OS Android	Network > User-Agent client hints
  DeviceI18nShortcutsEnabled	Device Settings	Chrome OS	Other settings > International keyboard shortcuts mapping
  QuickAnswersEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User experience > Quick Answers > Enable Quick Answers
  QuickAnswersDefinitionEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User experience > Quick Answers > Enable Quick Answers definition
  QuickAnswersTranslationEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User experience > Quick Answers > Enable Quick Answers translation
  QuickAnswersUnitConversionEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User experience > Quick Answers > Enable Quick Answers unit conversion

 

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

   

 

• Chrome 101 will remove setTimeout clamping to 1ms   
  
  Chrome 101 removes a web intervention for some users that clamped setTimeout(function,0) timers to 1ms. In Chrome 101, those users will see timers fire immediately. Note that nested timer calls will clamp to 4ms after repeated nested calls. This change brings Chrome in line with web specifications and may improve performance on some pages.
  
  It's possible that this change will introduce bugs in web applications that rely on the current clamped behavior. If you have any apps affected by this change, you can use the SetTimeoutWithout1MsClampEnabled policy to revert to the Chrome 100 behavior.

   

 

• Chrome 101 will add new CSV Export for some Chrome Admin console reports   
  
  As early as Chrome 101, Chrome will introduce a new CSV download option for the Apps & Extensions Usage report data and the Versions report data.
  
  

   

 

• Deprecation Origin Trial for UA Reduction in Chrome 101   
  
  As previously announced, Chrome 101 protects user privacy by reducing the granularity of information in the User-Agent string. In this phase, the MINOR.BUILD.PATCH version info is reduced to "0.0.0". If a site needs this information, it should migrate to the User Agent Client Hints API. Sites that need more time to test or migrate can take advantage of a Deprecation Trial, starting in Chrome 100.
  
  You can also control this using the UserAgentReduction Enterprise policy. You can test the new reduced-granularity User-Agent string by setting the policy to 2, or you can delay the change while you update your apps by setting it to 1.

   

 

• Chrome Browser Cloud Management will maintain compatibility with the most recent 12 versions of Chrome   
  
  Starting with Chrome 101, Chrome Browser Cloud Management will maintain compatibility with the most recent 12 versions of Chrome. Older versions may lose some CBCM features without notice, or behave unexpectedly. For your security, you should keep Chrome auto-update enabled, which will keep your fleet on the most recent version of Chrome. If you manage Chrome updates manually, staying close to the most recent version will both keep your users safer, and ensure you stay within the CBCM compatibility window.

   

 

• Chrome 101 will support Android 13 and above notification permission changes   
  
  Android 13 is changing the way push notification permissions behave by default. All Android apps will require users to explicitly allow OS notification permissions (as opposed to Android 12 and earlier where it was granted by default). Chrome running on this version of Android will prompt the user for permission at app launch up to two times.

   

 

• MetricsReportingEnabled policy available in Chrome 101 on Android   
  
  Chrome-on-Android will be slightly modifying the First Run Experience to support the MetricsReportingEnabled policy.  If the admin has disabled metrics reporting, there will be no change. If the admin has enabled metrics, users will still be able to disable it.

   

 

• Privacy Sandbox updates in Chrome 101   
  
  The Privacy Sandbox release in Chrome 101 provides controls for the new Topics & Interest Group APIs. It also introduces a one-time dialog that explains Privacy Sandbox to users and allows them to manage their preferences. This dialog is not shown for Guest users or managed EDU users.
  
  Admins can prevent the dialog from appearing for their managed users by controlling third party cookies explicitly via policy:
   
  • To allow third party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to disabled 
  • To disallow third party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to enabled. This may cause some sites to stop working.
  
  Privacy Sandbox features will also be disabled (and no dialog shown) if DefaultCookiesSetting is set to Do not allow any site to set local data.

   

 

• WebSQLInThirdPartyContextEnabled will be removed in Chrome 101   
  
  WebSQLInThirdPartyContextEnabled was introduced to give admins additional time to react to the removal of WebSQL in a third-party context. As planned, it is removed in Chrome 101.

   

 

• Compare search results with new Side Search feature in Chrome 101   
  
  Side Search allows users to compare search results via a side panel UI to get the right answer faster. This means users can view a page and the search results at the same time, without needing to navigate back and forth or losing their search results. This is helpful for users who are actively searching for something and need more than one site, for example, planning an employee dinner, putting together presentations, and so on. This feature can be controlled using the SideSearchEnabled policy.

   

 

• Legacy policies with non-inclusive names will be removed in Chrome 101   
  
  Chrome 86 through Chrome 90 introduced new policies to replace policies with less inclusive names (for example, whitelist, blacklist). In order to minimize disruption for existing managed users, both the old and the new policies currently work.
  
  This transition period was originally planned for Chrome 95, but was extended to Chrome 101 to give admins more time to transition their policies. In Chrome 101, the policies in the left column of the following table will no longer function. Please ensure you're using the corresponding policy from the right column instead:
   

  Legacy Policy Name	New Policy Name
  NativeMessagingBlacklist	NativeMessagingBlocklist
  NativeMessagingWhitelist	NativeMessagingAllowlist
  AuthNegotiateDelegateWhitelist	AuthNegotiateDelegateAllowlist
  AuthServerWhitelist	AuthServerAllowlist
  SpellcheckLanguageBlacklist	SpellcheckLanguageBlocklist
  AutoplayWhitelist	AutoplayAllowlist
  SafeBrowsingWhitelistDomains	SafeBrowsingAllowlistDomains
  ExternalPrintServersWhitelist	ExternalPrintServersAllowlist
  NoteTakingAppsLockScreenWhitelist	NoteTakingAppsLockScreenAllowlist
  PerAppTimeLimitsWhitelist	PerAppTimeLimitsAllowlist
  URLWhitelist	URLAllowlist
  URLBlacklist	URLBlocklist
  ExtensionInstallWhitelist	ExtensionInstallAllowlist
  ExtensionInstallBlacklist	ExtensionInstallBlocklist
  UserNativePrintersAllowed	UserPrintersAllowed
  DeviceNativePrintersBlacklist	DevicePrintersBlocklist
  DeviceNativePrintersWhitelist	DevicePrintersAllowlist
  DeviceNativePrintersAccessMode	DevicePrintersAccessMode
  DeviceNativePrinters	DevicePrinters
  NativePrinters	Printers
  NativePrintersBulkConfiguration	PrintersBulkConfiguration
  NativePrintersBulkAccessMode	PrintersBulkAccessMode
  NativePrintersBulkBlacklist	PrintersBulkBlocklist
  NativePrintersBulkWhitelist	PrintersBulkAllowlist
  UsbDetachableWhitelist	UsbDetachableAllowlist
  QuickUnlockModeWhitelist	QuickUnlockModeAllowlist
  AttestationExtensionWhitelist	AttestationExtensionAllowlist
  PrintingAPIExtensionsWhitelist	PrintingAPIExtensionsAllowlist
  AllowNativeNotifications	AllowSystemNotifications
  DeviceUserWhitelist	DeviceUserAllowlist
  NativeWindowOcclusionEnabled	WindowOcclusionEnabled

  
  
  If both the legacy policy and the new policy are set for any row in the table below, the new policy will override the legacy policy.
  
  If you're managing Chrome via the Google Admin console (for example, Chrome Browser Cloud Management), no action is required; the Google Admin console will manage the transition automatically.
   

   

 

• Chrome apps will no longer work in Chrome 102 on Windows, Mac, and Linux   
  
  As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps on Windows, Mac, and Linux will now stop functioning in Chrome 102. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps for an additional 2 releases.

   

 

• Chrome 102 to use case-matching on CORS preflight requests   
  
  Chrome 101 and previous releases uppercase request methods when matching with Access-Control-Allow-Methods response headers in CORS preflight. Chrome 102 no longer uppercases request methods, except for those normalized in the spec. So, Chrome 102 and later will require exact case-sensitive matching.
   

  Previously accepted, but now rejected:

      Request: fetch(url, {method: 'Foo'})
      Response Header: Access-Control-Allow-Methods: FOO

  Previously rejected, but now accepted:

      Request: fetch(url, {method: 'Foo'})
      Response Header: Access-Control-Allow-Methods: Foo

  
  Note: post and put methods are not affected because they are in in the spec, while patch is affected.

   

 

• Chrome to send Private Network Access preflights for subresources   
  
  As early as Chrome 102, Chrome plans to send a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices.
  
  In a future release of Chrome, the response must carry a matching Access-Control-Allow-Private-Network: true header.
  
  A private network request is any request from a public website to a private IP address or localhost, or from a private website, for example, an intranet, to localhost. Sending a preflight request mitigates the risk of cross-site request forgery attacks against private network devices such as routers, which are often not prepared to defend against this threat.

   

 

• Chrome to use MiraclePtr to improve security   
  
  MiraclePtr is a technology that reduces the risk of security vulnerabilities relating to memory safety. Chrome is currently testing the impacts of MiraclePtr for some users. A full release is planned as early as Chrome 102.

   

 

• Network Service on Windows will be sandboxed in Chrome 102   
  
  As early as Chrome 102, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

• Default to origin-keyed agent clustering in Chrome 106   
  
  As early as Chrome 106, websites will be unable to set document.domain. Websites will need to use alternative approaches  such as postMessage() or Channel Messaging API  to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0  header along with all documents that require that behavior.  
  
  Note: document.domain has no effect if only one document sets it.
  
  An enterprise policy will be available to extend the current behavior.

Chrome browser updates	Security	User productivity/ Apps	Management
Uninstall WebApps from Windows OS settings			✓
Certificate Transparency expanded on Android	✓
Rollback on private network access pre-flights		✓
Chrome 99 the adds NTPMiddleSlotAnnouncementVisible policy			✓
Chrome 99 removes the CrossOriginWebAssemblyModuleSharingEnabled policy			✓
Chrome 99 updates the code signing certificate for Chrome on macOS	✓
New and updated policies in Chrome browser			✓
Chrome OS updates	Security	User productivity/ Apps	Management
Nearby Share background scanning		✓
Keep full-screen mode after unlock		✓	✓
Introducing the Files SWA		✓
Optimized user experience on touch screens		✓
Drag windows to New Desk in Overview		✓
GIF animation mode on Camera		✓
Admin console updates	Security	User productivity/ Apps	Management
New policies in the Admin console			✓
Upcoming Chrome browser changes	Security	User productivity/ Apps	Management
Chrome 100 will remove the AllowSyncXHRInPageDismissal policy			✓
Chrome 100 will update Legacy Browser Support <open-in> rules			✓
Chrome Major Version number will reach 100		✓	✓
Chrome 100 will remove Lite Mode on Android			✓
Updated Certificate Transparency Policy	✓		✓
Network Service on Windows will be sandboxed	✓
New WebHID enterprise policies			✓
Support for Encrypted Client Hello (ECH)	✓
New CSV export for some Admin console reports			✓
Deprecation Origin Trial for UA reduction	✓
chrome://management for Chrome-on-Android			✓
Multi-Screen Window Placement API stable launch		✓	✓
Chrome Browser Cloud Management will extend Chrome compatibility			✓
Legacy policies with non-inclusive names will be removed in Chrome 101			✓
Default to origin-keyed agent clustering	✓

 

↑ back to top

 

Starting with Chrome 99, these release notes are available in 3 additional languages. You can now read about Chrome Enterprise and Education updates in English, German, French, Dutch, Spanish, Portuguese, Korean, and Japanese. Please allow 1 to 2 weeks for translation to some languages.

Chrome browser updates

   

 

• Uninstall WebApps from Windows OS settings   
  
  Windows provides a mechanism to uninstall native Win32 apps through Windows settings or the Control Panel. This feature allows you to uninstall Progressive Web Apps (PWAs) in the same way on the Windows operating system.

   

 

• Certificate Transparency expanded on Android   
  
  Certificate transparency is already enforced on desktop platforms, and for some Android users. Chrome 99 expands certificate transparency to all Android Chrome users.

   

 

• Rollback on private network access pre-flights   
  
  Chrome 98 introduced Private Network Access pre-flights to improve user security. Due to bug reports, Chrome 99 rolls back this feature to better address interactions with developer and enterprise environments. We will announce plans to re-introduce this feature in future release notes.

   

 

• Chrome 99 adds the NTPMiddleSlotAnnouncementVisible policy   
  
  Enterprise administrators are able to control the visibility of the middle slot announcement on the Desktop New tab page using the NTPMiddleSlotAnnouncementVisible enterprise policy. 

   

 

• Chrome 99 updates the code signing certificate for Chrome on macOS   
  
  The code signing certificate for Chrome on macOS is changing. If you are managing Chrome with Parental Controls Application Restrictions, you need to update the designated requirement in the configuration profile, under the appID key. An example profile with the updated designated requirements can be found here: https://crbug.com/1295049#c3.
  
  Similarly, managing Chrome's Privacy Preferences Policy Control with the CodeRequirement key might also require an update. If you have been using the designated requirement from a previous version of Chrome, you need to update the CodeRequirement key. You can view the updated requirement with the following command: 
  
  > codesign -d -r- /Path/to/Chome99.app

   

 

• Chrome 99 removes the CrossOriginWebAssemblyModuleSharingEnabled policy   
  
  Chrome 95 prevented WebAssembly module sharing between cross-origin but same-site environments, but included a temporary policy, CrossOriginWebAssemblyModuleSharingEnabled, to bypass the feature. Chrome 99 removes this temporary policy.

   

 

• New and updated policies in Chrome browser   
   

  Policy	Description
  NTPMiddleSlotAnnouncementVisible	Show the middle slot announcement on the New Tab Page
  ForceMajorVersionToMinorPositionInUserAgent	Test the 3-digit Major Version number in UA strings
  NewTabPageLocation New on iOS	Configure the New Tab page URL

  
   
   

Chrome OS updates

   

 

• Nearby Share background scanning   
  
  Nearby Share is Google’s solution to enable seamless sharing from device to device. To provide a better user experience, Chrome OS adds support for background scanning, which allows a Chrome OS device to detect and proactively notify a user when someone nearby is sharing which makes it easier to share without having to temporarily enter high visibility mode. This functionality has been present on Android since the launch of Nearby Share in 2019, and now behaves the same way on Chrome OS, to ensure consistency and predictability.

   

 

• Keep full-screen mode after unlock   
  
  Chrome 99 improves support for full screen VDI use cases. Until now, full screen virtualized desktops returned to a maximized window after unlocking a device. The new KeepFullscreenWithoutNotificationUrlAllowList policy allows admins to exempt certain URLs and apps from exiting full screen after unlock. This unblocks the use of virtualized desktops in user sessions and in Imprivata-based managed guest sessions.

   

 

• Introducing the Files SWA   
  
  Up to now, the Files app was a Chrome App. Chrome 99 implements FIles as a System Web App (SWA). The Files SWA provides the same features as the Files Chrome App.

   

 

• Optimized user experience on touch screens   
  
  Chrome 99 improves the user experience on touchscreen devices through better palm rejection performance. This is achieved by optimizing touches from multiple fingers.

   

 

• Drag windows to New Desk in Overview   
  
  You can now create a new desk on the fly for an existing window by dragging and dropping a window to New Desk in Overview.

   

 

• GIF animation mode on Camera   
  
  With GIF mode, you can now record up to five-second videos of product demos, and it will automatically turn into a shareable GIF.
   

Admin console updates

   

 

• New policies in the Admin console   
   

  Policy Name	Pages	Supported on	Category/Field
  SideSearchEnabled	User & Browser Settings	Chrome OS	Omnibox search provider > Side panel search history
  NetworkServiceSandboxEnabled	User & Browser Settings	Chrome	Network > Network service sandbox
  FullRestoreEnabled	Additional Apps Settings	Chrome OS	Additional application settings > Full restore
  GhostWindowEnabled	Additional Apps Settings	Chrome OS	Additional application settings > Android ghost windows
  RegisteredProtocolHandlers	User & Browser Settings	Chrome Chrome OS	Content > Custom Protocol Handlers
  WebSQLInThirdPartyContextEnabled	User & Browser Settings; Managed Guest Session	Chrome Chrome OS Android	Security > WebSQL in third-party context
  BrowserSwitcherParsingMode	User & Browser Settings	Chrome	Legacy Browser Support > Sitelist parsing mode
  DeviceScheduledReboot	Device settings	Chrome OS	Power and shutdown > Scheduled reboot
  QuickAnswersEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User Experience > Quick Answers > Enable Quick Answers
  QuickAnswersDefinitionEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User Experience > Quick Answers > Enable Quick Answers definition
  QuickAnswersTranslationEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User Experience > Quick Answers > Enable Quick Answers translation
  QuickAnswersUnitConversionEnabled	User & Browser Settings; Managed Guest Session	Chrome OS	User Experience > Quick Answers > Enable Quick Answers unit conversion

  
  
  

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

Upcoming Chrome browser changes

   

 

• Chrome 100 will remove the AllowSyncXHRInPageDismissal policy   
  
  The AllowSyncXHRInPageDismissal policy was introduced in Chrome 78 to give enterprises more time to adapt to the removal of synchronous XHR requests during page dismissal. Though this policy was originally planned to be removed in Chrome 93, the transition period was extended to allow developers more time to adapt. This transition period is now closed and the policy will be removed in Chrome 100.

   

 

• Chrome 100 will update Legacy Browser Support <open-in> rules   
  
  In Chrome 100, when the BrowserSwitcherParsingMode policy is set to IE-compatible, Legacy Browser Support rules are updated:
   
  • For v2 sitelists, <open-in> behavior is changed in the following ways:
    • <open-in>None</open-in> entries are treated as a greylist, and will open in any browser, rather than as inverted sitelist entries.
    • <open-in>MSEdge</open-in> entries will open in Chrome, as Windows treats this to mean the default, modern browser.
    • Anything unspecified opens in any browser, the same as greylist entries
  • For v1 sitelists: 
    • doNotTransition="true" entries  are treated as a greylist, and will open in any browser, rather than as inverted sitelist entries.
  
  
  To mitigate disruption, this change only applies if you set BrowserSwitcherParsingMode policy is set to 1.
  
  For more details on Legacy Browser Support, see here.

   

 

• Chrome Major Version number will reach 100   
  
  Chrome will reach a 3-digit major version number in March, 2022.  When browsers went from version 9 to 10, the increase in the number of digits uncovered many issues in User-Agent string parsing libraries. In order to avoid the same issue again, developers and IT admins should test their services in advance. 
  
  To help, the Chrome team created the ForceMajorVersion100InUserAgent flag (chrome://flags/#force-major-version-to-100). This forces the browser to send 100 as the major version number; see blog for details.  You should use this flag to uncover and address any issues before Chrome 100 rolls out. We encourage admins to submit any issues encountered here. 
  
  An enterprise policy ForceMajorVersionToMinorPositionInUserAgent is also available to control whether the User-Agent string major version should be frozen at 99. If you have an app that is broken in version 100 (due to a User-Agent parsing error), you can set the policy to 2 and the User-Agent string will freeze the major version as 99 and include the browser's major version in the minor position. 

   

 

• Chrome 100 will remove Lite Mode on Android   
  
  Lite Mode was a way to reduce data usage on Android devices. Since its introduction, the cost of data has been reduced in many countries, and Chrome has invested in other ways to save data. As a result, Lite Mode will no longer be available, including the DataCompressionProxyEnabled policy used to control it.

   

 

• Updates to Certificate Transparency policy   
  
  In Chrome 100, the Certificate Transparency requirements in Chrome will change, certificates will no longer be required to include signed certificate timestamps (SCTs) from one Google operated and one non Google operated log, and instead will be required to include SCTs from at least two logs from different operators. Additionally, the amount of SCTs required for certificates with a lifetime between 180 days and 15 months will increase, from 2 to 3. The existing policies that allow selectively disabling CT enforcement (CertificateTransparencyEnforcementDisabledForCas, CertificateTransparencyEnforcementDisabledForLegacyCas, and CertificateTransparencyEnforcementDisabledForUrls) will continue to work.

   

 

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 100, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

• New WebHID enterprise policies   
  
  As early as Chrome 100, Chrome will add policies to manage the WebHID API. DefaultWebHidGuardSetting configures the default API behavior for all URLs and can be configured to allow origins to Ask for new device permissions or Block all permission requests. The WebHidAskForUrls and WebHidBlockedForUrls policies override the default policy for specific URLs.
  
  Three new policies are added for automatically granting device permissions. URLs contained in the WebHidAllowAllDevicesForUrls policy will be automatically granted permissions for any connected device. The WebHidAllowDevicesForUrls and WebHidAllowDevicesWithHidUsagesForUrls policies can be used to grant narrower permissions by matching against vendor and product IDs or application collection usages in the HID report descriptor.

   

 

• Support for Encrypted Client Hello (ECH)   
  
  As early as Chrome 100, Chrome will start supporting ECH as a continuation of our network related efforts to improve our users’ privacy and safety on the web, for example, Secure DNS. Many organizations’ infrastructure relies on the ability to inspect Server Name Indication (SNI), for example, with filtering, logging, and so on. You might want to explore a DNS-based approach and the associated group policies from the OS, or Chrome browser for DNS-over-HTTPS.

   

 

• New CSV export for some Admin console reports   
  
  As early as Chrome 100, Chrome will introduce a new CSV download option for the Apps & Extensions Usage report data and the Versions report data.
  
   

   

 

• Deprecation Origin Trial for UA reduction   
  
  As previously announced, Chrome 101 protects user privacy by reducing the granularity of information in the User-Agent (UA) string. In this phase, the MINOR.BUILD.PATCH version info is reduced to "0.0.0". If a site needs this information, it should migrate to the User Agent Client Hints API. Sites that need more time to test or migrate can take advantage of a Deprecation Trial, starting in Chrome 100.
  
  You can also control this using the UserAgentReduction enterprise policy. You can test the new reduced-granularity UA string by setting the policy to 2. Alternatively,  you can delay the change while you update your apps by setting it to 1.

   

 

• chrome://management for Chrome-on-Android   
  
  The chrome://management page is being updated to have more detail when Chrome-on-Android is managed via Chrome Browser Cloud Management.
  
  

   

 

• Multi-Screen Window Placement API stable launch   
  
  Multi-Screen Window Placement API will add new screen information APIs and will make incremental improvements to existing window placement APIs. This will allow web applications to offer compelling multi-screen experiences. The existing singular window.screen offers a limited view of available screen space, and window placement functions generally restrict the current screen. This feature will unlock modern multi-screen workspaces for web applications.
  
  A new set of policies, DefaultWindowPlacementSetting, WindowPlacementAllowedForUrls, and WindowPlacementBlockedForUrls, will let admins force their fleet to employ a default setting and automatically accept or deny the Window Placement permission without prompting the user, on a per-origin basis.

   

 

• Chrome Browser Cloud Management will extend Chrome compatibility   
  
  As early as with Chrome 101, Chrome Browser Cloud Management will maintain compatibility with the most recent 12 versions of Chrome. Older versions may lose some CBCM features without notice, or behave unexpectedly. For your security, you should keep Chrome auto-update enabled, which will keep your fleet on the most recent version of Chrome. If you manage Chrome updates manually, staying close to the most recent version will both keep your users safer, and ensure you stay within the CBCM compatibility window.

   

 

• Legacy policies with non-inclusive names will be removed in Chrome 101   
  
  Chrome 86 through Chrome 90 introduced new policies to replace policies with less inclusive names (for example, whitelist, blacklist). In order to minimize disruption for existing managed users, both the old and the new policies currently work.
  
  This transition period was originally planned for Chrome 95, but was extended to Chrome 101 to give admins more time to transition their policies. In Chrome 101, the policies in the left column of the following table will no longer function. Please ensure you're using the corresponding policy from the right column instead:
  
  

  Legacy Policy Name	New Policy Name
  NativeMessagingBlacklist	NativeMessagingBlocklist
  NativeMessagingWhitelist	NativeMessagingAllowlist
  AuthNegotiateDelegateWhitelist	AuthNegotiateDelegateAllowlist
  AuthServerWhitelist	AuthServerAllowlist
  SpellcheckLanguageBlacklist	SpellcheckLanguageBlocklist
  AutoplayWhitelist	AutoplayAllowlist
  SafeBrowsingWhitelistDomains	SafeBrowsingAllowlistDomains
  ExternalPrintServersWhitelist	ExternalPrintServersAllowlist
  NoteTakingAppsLockScreenWhitelist	NoteTakingAppsLockScreenAllowlist<
  PerAppTimeLimitsWhitelist	PerAppTimeLimitsAllowlist
  URLWhitelist	URLAllowlist
  URLBlacklist	URLBlocklist
  ExtensionInstallWhitelist	ExtensionInstallAllowlist
  ExtensionInstallBlacklist	ExtensionInstallBlocklist
  UserNativePrintersAllowed	UserPrintersAllowed
  DeviceNativePrintersBlacklist	DevicePrintersBlocklist
  DeviceNativePrintersWhitelist	DevicePrintersAllowlist
  DeviceNativePrintersAccessMode	DevicePrintersAccessMode
  DeviceNativePrinters	DevicePrinters
  NativePrinters	Printers
  NativePrintersBulkConfiguration	PrintersBulkConfiguration
  NativePrintersBulkAccessMode	PrintersBulkAccessMode
  NativePrintersBulkBlacklist	PrintersBulkBlocklist
  NativePrintersBulkWhitelist	PrintersBulkAllowlist
  UsbDetachableWhitelist	UsbDetachableAllowlist
  QuickUnlockModeWhitelist	QuickUnlockModeAllowlist
  AttestationExtensionWhitelist	AttestationExtensionAllowlist
  PrintingAPIExtensionsWhitelist	PrintingAPIExtensionsAllowlist
  AllowNativeNotifications	AllowSystemNotifications
  DeviceUserWhitelist	DeviceUserAllowlist
  NativeWindowOcclusionEnabled	WindowOcclusionEnabled

  
  
  If both the legacy policy and the new policy are set for any row in the table below, the new policy will override the legacy policy. 
  
  If you're managing Chrome via the Google Admin Console (for example, Chrome Browser Cloud Management), no action is required; the Google Admin Console will manage the transition automatically.

   

 

• Default to origin-keyed agent clustering   
  
  As early as Chrome 103, websites will be unable to set document.domain. Websites will need to use alternative approaches  such as postMessage() or Channel Messaging API  to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0  header along with all documents that require that behavior.  
  
  Note: document.domain has no effect if only one document sets it.
  
  An enterprise policy will be available when this change ships to extend the current behavior.

Chrome browser updates	Security	User productivity/ Apps	Management
Use Chrome passwords in other apps on iOS		✓
Update GREASE brand list generation	✓		✓
Chrome disables the U2F API by default	✓		✓
Chrome no longer allows TLS 1.0 or TLS 1.1	✓
Private network access preflights for subresources	✓
Integrate Enhanced Safe Browsing preference with account settings	✓		✓
TFLite model for client-side phishing detection	✓
Chrome deprecates the installed_browser_version field in the Directory API			✓
New extensions must be submitted with Manifest v3	✓
New and updated policies in Chrome browser			✓
Chrome OS updates	Security	User productivity/ Apps	Management
Expanded keyboard shortcuts for Desks		✓
Add Save to settings to screen capture		✓
Support for Network Based Recovery (NBR)			✓
Admin console updates	Security	User productivity/ Apps	Management
Search devices by version or mode			✓
New policies in the Admin console			✓
Upcoming Chrome browser changes	Security	User productivity/ Apps	Management
Chrome Major Version number will reach 100		✓	✓
Network Service on Windows will be sandboxed	✓
WebHID enterprise policies			✓
Default to origin-keyed agent clustering	✓
Change tab-sharing blue order behavior		✓

 

DOWNLOAD Release notes (PDF)

↑ back to top

 

Chrome browser updates

   

 

• Use Chrome passwords in other apps on iOS   
  
  Chrome 98 informs iOS users that they can use any passwords saved in Chrome in other apps on their device.
  
  The Chrome > Settings > Passwords screen shows a new option for Passwords in Other Apps, which guides users to turn on this feature in iOS autofill settings.
  
  You can control if users can save passwords using Chrome with the PasswordManagerEnabled policy.

   

 

• Update GREASE brand list generation   
  
  User-Agent Client Hints GREASE aims to prevent bad or exclusionary assumptions from being built on top of the proposed replacement for User-Agent strings. This means that users of less well-tested browsers will not be rejected for not matching the precise format of a more-well tested browsers UA string.
  
  This change aligns our implementation of GREASE in User-Agent Client Hints with the current spec, which includes additional GREASE characters beyond the current semicolon and space, and which recommends varying the arbitrary version. While we are rolling out this change gradually and continue to watch for negative impacts, such as WAF software flagging headers as invalid traffic, admins can opt out using the UserAgentClientHintsGREASEUpdateEnabled enterprise policy.

   

 

• Chrome disables the U2F API by default  
  
  The U2F API is Chrome's legacy API for interacting with USB security keys. It has been superseded by the W3C Web Authentication API (WebAuthn). Chrome 98 disables the U2F API by default. With Chrome 104, the U2F API will be removed from Chrome.
  
  Sites can continue to use the U2F API beyond Chrome 98 if they enroll in an Origin Trial. Using the Origin Trial also suppresses the deprecation prompt on the enrolled pages. The Origin Trial will end on July 26, 2022, shortly before the release of Chrome 104.
  
  Enterprises can suppress deprecation related changes, and keep the U2F enabled, by using the U2fSecurityKeyApiEnabled enterprise policy. This enterprise policy will be removed from Chrome, together with the U2F API, in Chrome 104.
  
  If you run a website that still uses this API, please refer to the deprecation announcement and blog post for more details.

   

 

• Chrome no longer allows TLS 1.0 or TLS 1.1   
  
  The SSLVersionMin policy no longer allows setting a minimum version of TLS 1.0 or 1.1. This means the policy can no longer be used to suppress Chrome's interstitial warnings for TLS 1.0 and 1.1. Administrators must upgrade any remaining TLS 1.0 and 1.1 servers to TLS 1.2.
  
  In Chrome 91, we announced that the policy no longer works, but users could still bypass the interstitial. In Chrome 98, it is not possible to bypass the interstitial.

   

 

• Private network access preflights for subresources   
  
  Chrome sends a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header, and the response must carry a matching Access-Control-Allow-Private-Network: true header.
  
  A private network request is any request from a public website to a private IP address or localhost, or from a private website, for example, an Intranet, to a localhost. Sending a preflight request mitigates the risk of cross-site request forgery attacks against private network devices such as routers, which are often not prepared to defend against this threat.
  
  Chrome 98 sends these preflight requests but does not yet require them to succeed. Failed preflights only display warnings in DevTools, which you can use to detect problematic fetches in your web apps.  In Chrome 101 at the earliest, failed preflights will cause the entire request to fail depending on compatibility data. See the blog post for more information.
  
  You can control this behavior using enterprise policies InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls.

   

 

• Integrate Enhanced Safe Browsing preference with account settings   
  
  Chrome now prompts users who opt in to Account Enhanced Safe Browsing to enable Enhanced Safe Browsing in Chrome. Their Safe Browsing setting is still controlled by the SafeBrowsingProtectionLevel policy.

   

 

• TFLite model for client-side phishing detection   
  
  Chrome uses an on-device Machine Learning (ML) model to better detect phishing attempts, and better protect users. As in earlier versions, Chrome displays a full-page interstitial warning if Chrome detects a possible phishing attempt. This was previously launched for Android in Chrome 92, and is now on desktop platforms as well.
  
  With this change, Chrome sends the following to the Safe Browsing service:
  • the version of the model that was executed
  • the scores the model gave for each category
  • a boolean describing whether the new model was used to generate the scores
  
  You can control Safe Browsing using the SafeBrowsingProtectionLevel policy. This feature applies to users with the protection level set at 1 or greater.

   

 

• Chrome deprecates the installed_browser_version field in the Directory API   
  
  The installedBrowserVersion property in Chromebrowser resources in Directory API: Chrome Browsers has been deprecated and replaced by the pendingBrowserVersion property. The pendingBrowserVersion represents the version of Chrome browser that is installed on browser restart.

   

 

• New extensions must be submitted with Manifest v3   
  
  As part of the gradual deprecation of Manifest V2, the Chrome Web Store has stopped accepting submissions of new Manifest V2 extensions as of January 17, 2022. This applies to all new extension submissions with visibility set to Public or Unlisted.
  
  This change does not affect updates to already published extensions. Also, it does not impact extensions with visibility set to Private. The change is not expected to affect the operation of any existing extensions already deployed in Chrome. Note that the next phase of deprecation, in June of 2022, is expected to expand this restriction to extensions with Private visibility, which may have a more significant impact on Enterprise extension workflows. For more details, refer to the Manifest V2 support timeline.

   

 

• New and updated policies in Chrome browser   
  
  

  Policy	Description
  URLBlocklist (new on iOS)	Block access to a list of URLs
  URLAllowlist (new on iOS)	Allow access to a list of URLs
  UserAgentClientHintsGREASEUpdateEnabled	Control the User-Agent Client Hints GREASE Update feature
  UserAgentReduction	Enable or disable the User-Agent Reduction

Chrome OS updates

   

 

• Expanded keyboard shortcuts for Desks   
  
  Chrome 98 adds a new shortcut to make it faster and easier to switch Desks. Create up to 8 desks to organize your projects and use the shortcut Shift + Search  + 1 through Shift + Search  + 8 to jump from one desk to another using only the keyboard.

   

 

• Add Save to settings to screen capture   
  
  Now users can save screen captures to any local or drive folder of their choice, making capturing and using content even more efficient.

   

 

• Support for Network Based Recovery (NBR)   
  
  In Chrome 98, some users can re-flash their devices with a fresh copy of the OS and firmware, letting them recover if the message: Chrome OS is missing or damaged appears. NBR requires a network connection. This feature will roll out to more devices in later releases.

Admin console updates

   

 

• Search devices by version or model   
  
  In the Chrome filters view for the devices page for ChromeOS, you can now filter and search the devices by version and by model.

   

 

• New policies in the Admin console   
  
  

  Policy Name	Pages	Supported on	Category/Field
  ScreenBrightnessPercent	User & Browser Settings; Managed Guest Session	Chrome OS	Security > Screen brightness
  PrintPostScriptMode	User & Browser Settings	Chrome	Printing > PostScript printer mode
  SandboxExternalProtocolBlocked	User & Browser Settings; Managed Guest Session	Chrome Chrome OS	Content > iframe navigation
  U2fSecurityKeyApiEnabled	User & Browser Settings	Chrome	Security > U2F Security Key API
  DeviceRebootOnUserSignout	Device Settings	Chrome OS	Power and shutdown > Reboot on sign-out

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

Upcoming Chrome browser changes

   

• Chrome Major Version number will reach 100   
  
  Chrome will reach a 3-digit major version number in March, 2022.  When browsers went from version 9 to 10, the increase in the number of digits uncovered many issues in User-Agent string parsing libraries. In order to avoid the same issue again, developers and IT admins should test their services in advance. 
  
  To help, the Chrome team created the ForceMajorVersion100InUserAgent flag (chrome://flags/#force-major-version-to-100). This forces the browser to send 100 as the major version number (blog).  You should use this flag to uncover and address any issues before Chrome 100 rolls out. We encourage admins to submit any issues encountered here. 

   

 

• Network Service on Windows will be sandboxed   
  
  As early as Chrome 100, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

• WebHID enterprise policies   
  
  As early as Chrome 100, Chrome will add policies to manage the WebHID API. DefaultWebHidGuardSetting configures the default API behavior for all URLs and can be configured to allow origins to Ask for new device permissions or Block all permission requests. The WebHidAskForUrls and WebHidBlockedForUrls policies override the default policy for specific URLs.
  
  Three new policies are added for automatically granting device permissions. URLs contained in the WebHidAllowAllDevicesForUrls policy will be automatically granted permissions for any connected device. The WebHidAllowDevicesForUrls and WebHidAllowDevicesWithHidUsagesForUrls policies can be used to grant narrower permissions by matching against vendor and product IDs or application collection usages in the HID report descriptor.

   

 

• Default to origin-keyed agent clustering   
  
  As early as Chrome 103, websites will be unable to set document.domain. Websites will need to use alternative approaches  such as postMessage() or Channel Messaging API  to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior. 
  
  Note: document.domain has no effect if only one document sets it.
  
  An enterprise policy will be available when this change ships to extend the current behavior.

   

 

• Change tab-sharing blue border behavior   
  
  When a user chooses to share their tab from a site participating in the region capture origin trial, the blue border used to signify that a tab is being shared will no longer be shown.