Planning your return to office strategy? See how Chrome OS can help.

ขณะนี้หน้าที่คุณขอยังไม่พร้อมให้บริการในภาษาของคุณ คุณสามารถเลือกภาษาอื่นได้ที่ด้านล่างของหน้าหรือแปลหน้าเว็บใดๆ ให้อยู่ในภาษาที่คุณต้องการได้ทันที โดยใช้คุณลักษณะการแปลภาษาในตัวของ Google Chrome

Chrome Enterprise and Education release notes

Last updated on: March 1, 2023

For administrators who manage Chrome browser or ChromeOS devices for a business or school.

Want to remotely manage ChromeOS devices? Start your Chrome Enterprise Upgrade trial at no charge today

Chrome 111 release summary

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Reminder of change in launch schedule    
Privacy Sandbox updates in Chrome 111    
PPB_VideoDecoder(Dev) API removed    
New Chrome sync dialog in Chrome for Desktop    
Payment Handler API requires CSP connect-src    
Out-of-process System DNS Resolution    
Azure AD single sign-on (SSO)    
Web speech recognition API on iOS    
Chrome updater on Windows and Mac serves the most recent 12 versions    
Policy name changes    
Chrome Browser Cloud Management subscription    
New and updated policies in Chrome browser    
Removed policies in Chrome browser    
ChromeOS updates Security/ Privacy User productivity/ Apps Management
Fast Pair    
Keyboard shortcuts link in Text app    
Print job origin identification for managed devices    
Admin console updates Security/ Privacy User productivity/ Apps Management
Configure print server policies with Google groups    
New policies in Admin console    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
LegacySameSiteCookieBehaviorEnabledForDomainList policy extended    
Enable access to WebHID API from extension service workers in Chrome 112    
Unused site permissions module in Safety Check    
Default to origin-keyed agent clustering in Chrome 112    
New Chrome Sync data types available in Takeout in Chrome 112    
Chrome for Testing    
Policy troubleshooting page available on Android    
Risk Assessment card    
Chrome apps no longer supported on Windows, Mac, and Linux    
Auto upgrade mixed content to HTTPS    
Launching FastCheckout for Checkout experiences    
Collect additional data for off-store extensions in telemetry reports    
Updated onboarding experience    
Deprecation trial for unpartitioned 3rd party Storage, Service Workers, and Communication APIs    
Changes to phishing protection on Android as early as Chrome 113    
Network Service on Windows will be sandboxed     
Enable access to WebUSB API from extension service workers in Chrome 113    
Extensions must be updated to leverage Manifest V3  
First-Party Sets user controls    
Removal ChromeRootStoreEnabled policy    
Full History sync    
Removal of permissive Chrome Apps webview behaviors    
Upcoming ChromeOS changes Security/ Privacy User productivity/ Apps Management
Cursive pre-installed for Enterprise and Education accounts    
Screencast supports multi-language transcription in recordings    
Passpoint: Seamless, secure connection to Wi-Fi networks   
Upcoming Admin console changes Security/ Privacy User productivity/ Apps Management
New Chrome browser insights  

 

DOWNLOAD Release notes (PDF)

↑ back to top

The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

 

   

  • Reminder of change in launch schedule   back to top

    Starting in Chrome 110, Chrome started rolling out to the Stable channel one week earlier than previously planned to a very small subset of users. For example, the Chrome 111 Stable release moves from March 7 to March 1, 2023.

    You can also expect to see a much smaller rollout at a significantly reduced percentage of our user population for the first week of the published Stable release date. The wider rollout to most users happens at a similar timeframe to the earlier communicated dates. This slower initial rollout leads to better stability and makes it easier for enterprises to stay on the latest and safest version of Chrome.

    For more details, read about managing Chrome updates and check out the Chrome release schedule.

   

   

  • PPB_VideoDecoder(Dev) API removed   back to top

    The PPB_VideoDecoder(Dev) API was introduced for Adobe Flash. Since Flash is no longer supported in Chrome, we are removing this API in Chrome 111. If you need any extra time to migrate legacy applications, you can use the ForceEnablePepperVideoDecoderDevAPI enterprise policy. This policy will only be supported through Chrome 114. If you need to use the policy after that, file a bug on crbug.com before May 5, 2023, explaining your use case. 

   

↑ back to top  

   

  • Payment Handler API requires CSP connect-src   back to top

    If your organization uses the Web Payment API (Payment Handler and Payment Request) and also uses Content-Security-Policy (CSP) for better protection, then you need to add the domains of HTTP requests sent from the Web Payment API to the connect-src directive of the CSP. This is enforced in Chrome 111. For more information, see this developer blog post.  

   

  • Out-of-process System DNS Resolution   back to top

    Starting gradually in Chrome 111, as part of the Linux and Android network service sandboxes, system DNS resolution moves out of the network service and into the unsandboxed browser process, as system DNS resolution cannot run while sandboxed on these platforms. The Enterprise policy OutOfProcessSystemDnsResolutionEnabled is available to control this feature. Setting this policy to false causes system DNS resolution to run in the network process rather than the browser process. This might force the network service sandbox to be disabled, degrading the security of Google Chrome.  

   

  • Azure AD single sign-on (SSO)   back to top

    Chrome 111 now supports automatic sign-on into Microsoft identity providers using account information from Microsoft Windows. This feature is disabled by default and can be enabled using the CloudAPAuthEnabled policy. 

   

  • Web speech recognition API on iOS   back to top

    On Chrome 111 on iOS, websites can use the Web Speech API for speech recognition-based features. Speech-to-text conversion is performed by Apple servers.  

   

  • Chrome updater on Windows and Mac serves the most recent 12 versions   back to top

    The Chrome updater now supports serving versions of Chrome that reached 100% rollout, within the latest 12 releases on the Beta, Stable, and Extended Stable channels. If you're using the TargetVersionPrefix enterprise policy, ensure you are within 12 versions of the latest release. If you don't manually manage Chrome updates, no action is required. 

↑ back to top  

   

   

  • Chrome Browser Cloud Management subscription   back to top

    As early as March 2023, the Chrome Browser Cloud Management (CBCM) subscription will be automatically added to all Admin console accounts who are using CBCM without the subscription. CBCM customers are now required to have the Chrome Browser Cloud Management subscription to use the service. This change adds no new cost to your existing account and there are no actions required.  

   

   

  • Removed policies in Chrome browser   back to top
     
    Policy Description
    FileSystemSyncAccessHandleAsyncInterfaceEnabled Re-enable the deprecated async interface for FileSystemSyncAccessHandle in File System Access API.

     

ChromeOS updates

 

   

  • Fast Pair   back to top

    Fast Pair now makes Bluetooth pairing easier on ChromeOS devices and Android phones. When you turn on your Fast Pair-enabled accessory, it automatically detects and pairs with your ChromeOS device or Android phone in a single tap. Fast Pair also associates your Bluetooth accessory with your Google account, making it incredibly simple to move between devices without missing a beat.

    fast pair  
     

↑ back to top  

   

  • Keyboard shortcuts link in Text app   back to top

    The ChromeOS Text app has a series of built-in keyboard shortcuts. ChromeOS 111 adds a link to the Help Center article from the Text app settings, to provide instructions on how to use these keyboard shortcuts. 

   

  • Print job origin identification for managed devices   back to top

    To improve support for specific advanced printing workflows in managed environments, mostly encountered in the Healthcare space, print jobs need to contain information about the device that they originated from. ChromeOS 111 introduces the client-info IPP attribute to populate an admin-specified value, which identifies a device used for downstream printing workflow or reporting activities.

    Additionally, all print jobs now indicate ChromeOS together with the running release version.

    This new attribute in print jobs is only available for jobs originating from managed devices and controlled by a new admin policy.

    Printer ID  

Admin console updates

 

   

  • Configure print server policies with Google groups   back to top

    Admins can now use new or existing Google groups to configure print servers for users in your organization. That means when you need to configure a print server for a specific set of users–who may or may not belong to different Organizational Units (OUs)–you can now use the flexibility of groups without needing to reconfigure your OUs. Note that configuration of print server policies for user groups works exactly the same as it does for printers.

    Printer groups  

   

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming browser changes

   

↑ back to top  

   

  • Enable access to WebHID API from extension service workers in Chrome 112   back to top

    This launch will enable access to WebHID API from extension service workers as a migration path for Manifest V2 extensions that currently access the API from a background page. 

   

  • Unused site permissions module in Safety Check  back to top

    In Chrome 112, Safety Check will be expanded to include auto-revocation of unused site permissions on Chrome. Chrome will reset permissions from sites that have low recent engagement. Chrome informs the user about auto-revocation of permissions and offers options to opt out or re-grant. Permissions granted by enterprise policies are not affected. This launch follows the first extension of Safety Check that introduced proactive notification of permission reminders.  

   

  • Default to origin-keyed agent clustering in Chrome 112   back to top

    In Chrome 112, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior. You can read more in the blog post.

    Note: document.domain has no effect if only one document sets it.

    The OriginAgentClusterDefaultEnabled enterprise policy will allow you to extend the current behavior.  

   

  • New Chrome Sync data types available in Takeout in Chrome 112   back to top

    There will be more Chrome data available to export in Takeout and Domain Wide Takeout (DWT). The following data types are available: AUTOFILL, PRIORITY_PREFERENCE, WEB_APP, DEVICE_INFO, TYPED_URL, ARC_PACKAGE, OS_PREFERENCE, OS_PRIORITY_PREFERENCE, PRINTER.

    You can control which data types are synced to Chrome Sync using the SyncTypesListDisabled enterprise policy.  

   

  • Chrome for Testing   back to top

    In Chrome 112, Puppeteer, Chrome's browser automation library, will start using the Chrome for Testing binary instead of a Chromium binary. In case you have the Chromium binary allowlisted, you might consider allowlisting the Chrome for Testing binary too.

    Chrome for Testing is a dedicated Chrome flavor for the automated testing use case. It’s not an end-user facing product, but rather a tool to be used by automation engineers through other projects such as Puppeteer. Chrome for Testing is a completely separate binary from regular Chrome.  

↑ back to top  

   

  • Policy troubleshooting page available on Android   back to top

    chrome://policy/logs is a new page that admins will be able to use to help troubleshoot enterprise policies on Android.  

   

  • Risk Assessment card   back to top

    In Chrome 112, we’re creating a new card  in the Extension details page, which will show 3rd party risk scores, such as CRXcavator.io or Spin.ai, for public extensions.  

   

  • Chrome apps no longer supported on Windows, Mac, and Linux   back to top

    As previously announced, we are phasing out support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 112 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.

     

    Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable. 


    Starting with Chrome 112, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:

     
    Property Extension ID (Chrome App) install_url (PWA / Web App)
    Gmail pjkljhegncpnkpknbcohdijeoejaedia https://mail.google.com/mail/
    installwebapp?usp=admin
    Docs aohghmighlieiainnegkcijnfilokake https://docs.google.com/document/
    installwebapp?usp=admin
    Drive apdfllckaahabafndbhieahigkjlhalf https://drive.google.com/drive/
    installwebapp?usp=admin
    Sheets felcaaldnbdncclmgdcncolpebgiejap https://docs.google.com/spreadsheets/
    installwebapp?usp=admin
    Slides aapocclcgogkmnckokdopfmhonfmgoek https://docs.google.com/presentation/
    installwebapp?usp=admin
    Youtube blpcfgokakmgnkcojhhkbfbldkacnbeo https://www.youtube.com/s/
    notifications/manifest/cr_install.html
        

   

  • Auto upgrade mixed content to HTTPS on iOS in Chrome 112   back to top

    Chrome on iOS will start automatically upgrading passive mixed content (HTTP image, audio and video on HTTPS pages) to HTTPS when possible. The current behavior on iOS is to block passive mixed content. All other Chrome platforms already optimistically upgrade passive mixed content. An Enterprise policy MixedContentAutoupgradeEnabled is available to disable mixed content auto upgrading on HTTPS sites on iOS. The policy will be removed in 116.  

   

  • Launching FastCheckout for Checkout experiences   back to top

    In Chrome 112, some users will see an updated Autofill UI targeting checkout pages on shopping websites. It can be disabled by either disabling policy AutofillAddressEnabled or AutofillCreditCardEnabled.  

    Fast checkout  
     

↑ back to top  

   

  • Collect additional data for off-store extensions in telemetry reports   back to top

    When Enhanced Safe Browsing is enabled, Chrome 112 will start collecting additional telemetry on off-store extensions, such as file hashes and the manifest.json file. The data collected are analyzed on Google servers to detect malicious off-store extensions and improve protection for all Chrome extension users. This functionality along with the entire extension telemetry feature can be turned off by setting SafeBrowsingProtectionLevel to any value other than 2; this disables Enhanced Safe Browsing. Enterprise admins can use the SafeBrowsingProtectionLevel policy if they have any concerns about exposing this data. 

   

   

  • Deprecation Trial for Unpartitioned 3rd party Storage, Service Workers, and Communication APIs   back to top

    Beginning gradually in Chrome 113, storage, service workers, and communication APIs will be partitioned in third-party contexts. In addition to being isolated by the same-origin policy, the affected APIs used in third-party contexts would also be separated by the site of the top-level context. Sites that haven’t had time to implement support for third-party storage partitioning can take part in a deprecation trial to temporarily unpartition (continue isolation by same-origin policy but remove isolation by top-level site) and restore prior behavior of storage, service workers, and communication APIs in content embedded on their site. 

    The following APIs will remain unpartitioned in third-party contexts should you enroll the top-level site in the DisableThirdPartyStoragePartitioning deprecation trial: Storage APIs (such as localStorage, sessionStorage, IndexedDB, Quota, and so on), Communication APIs (such as BroadcastChannel, SharedWorkers, and WebLocks), and ServiceWorker API.

    Chrome 112 will also add the ThirdPartyStoragePartitioningEnabled enterprise policy, which will allow for unpartitioning all APIs in third-party contexts, to be supported for at least 12 milestones.  

   

  • Changes to phishing protection on Android as early as Chrome 113   back to top

    When a user authenticates to Android with their Google password, for example during account setup, Chrome will be notified so the password can begin receiving phishing protection when surfing the Web with Chrome. In previous versions of Chrome on Android, users needed to explicitly provide their password within a Chrome tab, for example, sign in to Gmail, to receive phishing protection for their Google password. 

    You can disable warnings regarding password reuse by setting PasswordProtectionWarningTrigger to 0.  

   

  • Network Service on Windows will be sandboxed   back to top

    As early as Chrome 113, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.  

↑ back to top  

   

  • Enable access to WebUSB API from extension service workers in Chrome 113   back to top

    As early as Chrome 113, we will enable access to WebUSB API from extension service workers as a migration path for Manifest V2 extensions that currently access the API from a background page.

    WebUSB policies can also be applied to extension origins to control this behavior. See DefaultWebUsbGuardSetting, WebUsbAskForUrls, WebUsbBlockedForUrls, and WebUsbAllowDevicesForUrls for more details.  

   

  • Extensions must be updated to leverage Manifest V3   back to top

    Chrome extensions are transitioning to a new manifest version, Manifest V3. This will bring improved privacy for your users—for example, by moving to a model where extensions modify requests declaratively, without the ability to see individual requests. This also improves extension security, as remotely hosted code will be disallowed on Manifest V3. 

    As mentioned earlier in our blog post, More details on the transition to Manifest V3, the Manifest V2 deprecation timelines are under review and the experiments scheduled for early 2023 are being postponed.

    During the timeline review, existing Manifest V2 extensions can still be updated, and still run in Chrome. However, all new extensions submitted to the Chrome Web Store must implement Manifest V3.

    Starting with Chrome 110, an Enterprise policy ExtensionManifestV2Availability will be available to control whether Manifest v2 extensions are allowed. The policy can be used to test Manifest V3 in your organization ahead of the migration. After the migration the policy will allow you to extend the usage of Manifest V2 extensions until at least January 2024. 

    You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Browser Cloud Management.

    For more details, refer to the Manifest V2 support timeline

   

  • First-Party Sets user controls   back to top

    First-Party Sets is an upcoming framework for developers to declare relationships between domains, such that the browser can make decisions regarding access based on the third party’s relationship to the first party. A set may enjoy first party benefits, including continued access to their cookies when the top-level domain is in the same set.

    First-Party Sets are part of Chrome's roadmap for a more privacy-focused web.

    Chrome 113 will introduce user controls for these First-Party Sets. Two enterprise policies will be made available to manage First-Party sets: one to disable First-Party Sets and one to provide your own sets. 

    First party sets  
     

   

  • Removal ChromeRootStoreEnabled policy   back to top

    In Chrome 105, we announced the launch of the Chrome Root Store on Windows and Mac. A new policy, called ChromeRootStoreEnabled, was introduced to allow selective disabling of the Chrome Root Store in favor of the platform root store. This policy will be removed from Windows and Mac on Chrome 113. Support for trusted leaf certificates and the Windows Trusted People store was added for Chrome 111. If you previously disabled the Chrome Root Store to work around either of these issues, please test again with Chrome 111. We are working on launching the Chrome Root Store for Android, Linux, and ChromeOS. As the Chrome Root Store launches on more platforms, we will continue to provide the policy on those platforms for six months after launch.  

   

  • Full History sync   back to top

    Starting with Chrome 112, Typed URLs will stop syncing for Enterprise users. Open Tabs will continue syncing as usual, unless disabled by existing SyncDisabled and SyncTypesListDisabled policies.  

↑ back to top  

   

  • Removal of permissive Chrome Apps webview behaviors   back to top

    In Chrome 113, Chrome Apps webview usage will have the following restrictions:
     
    • SSL errors within webview will show an error page that does not provide the user the option to unsafely proceed.
    • The use of the webview NewWindow event to attach to a webview element in another App window will cause the window reference returned by the window.open call in the originating webview to be invalidated.

    In Chrome 112, you’ll be able to test out this new behavior by navigating to chrome://flags and enabling the chrome://flags/#enable-webview-tag-mparch-behavior.

    A temporary enterprise policy ChromeAppsWebViewPermissiveBehaviorAllowed will be available to give enterprises time to address possible breakage related to these changes.  
     

Upcoming ChromeOS changes

 

   

  • Cursive pre-installed for Enterprise and Education accounts   back to top

    As early as ChromeOS 112, Cursive, a stylus-first notes app, will be available for Chromebooks. In an upcoming release, it will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks. If you want to block access to the app, you can prevent Chromebooks in your enterprise from accessing cursive.apps.chrome.  

   

  • Screencast supports multi-language transcription in recordings   back to top

    As early as ChromeOS 112, we plan to dramatically expand Screencast recording capabilities by including a wide range of languages by integrating with Google's S3 transcription API. 

    The Screencast app for ChromeOS lets users record transcribed screencasts on their Chromebook. In previous versions, this feature was available in EN-US only, which meant that only English speaking users in the US could record screencasts. Soon, it will be possible to record and transcribe screencasts in a wide range of languages including Spanish, Japanese, French, Italian, and German.    

   

  • Passpoint: Seamless, secure connection to Wi-Fi networks   back to top

    Starting as early as ChromeOS 114, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.

     
     

Upcoming Admin console changes

 

   

  • New Chrome browser insights   back to top

    As early as Chrome 112, a new Browsers that need attention insights card will allow IT admins to quickly identify browsers that have a pending Chrome update, browsers that are inactive and browsers that have recently enrolled. 

    Browser insights  
     

↑ back to top  

Previous release notes 

 

Additional resources

Still need help?

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
Was this helpful?
How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
true
false
true
true
410864