Chrome 企业版和教育版版本说明

上次更新日期:2022 年 9 月 20 日

本文供为企业或学校管理 Chrome 浏览器或 ChromeOS 设备的管理员参考。

 

Chrome 105 版本摘要

Chrome 浏览器更新 安全性/隐私权 用户工作效率/应用 管理
Windows、Mac 和 Linux 不再支持 Chrome 应用:Chrome 105 会显示警告消息  
发布渲染程序应用容器  
Chrome 维护自己的默认根存储区    
在不安全的上下文中弃用 Web SQL    
Chrome 同步不再支持 Chrome 73 及更早版本    
Mac 上的政策区分用户和计算机    
将 Set-Cookie 添加为“Fetch”的禁用标头名称    
停用 Chrome 变体版本不会再停用 Chrome 清理工具    
适用于 Mac 和 Windows 上的服务器证书的内部证书查看器    
有关 Android 版 FLEDGE 的 Privacy Sandbox 更新    
WebAuthn:提示用户授予 macOS 上的蓝牙权限    
基于标记的客户端提示委托的语法变更    
关于此页面 (Android)    
针对桌面设备的增强型安全浏览功能 Google 帐号集成    
ForceBrowserSignIn 政策在 Linux 上需要 EnableExperimentalPolicies    
浏览器扩展程序遥测    
为窗口放置设置描述准确的屏幕标签    
Chrome 浏览器中的新政策和更新后的政策    
ChromeOS 更新 安全性/隐私权 用户工作效率/应用 管理
自适应充电功能可延长电池续航时间    
一键关闭桌面及其窗口    
管理控制台更新 安全性/隐私权 用户工作效率/应用 管理
适用于受管理应用和扩展程序的基于群组的政策    
为扩展程序请求配置提醒    
浏览器详细信息:已安装的应用和扩展程序的用户体验变化  
管理控制台中的新政策    
Chrome 浏览器即将发生变化 安全性/隐私权 用户工作效率/应用 管理
支持加密客户端 Hello (ECH)    
对 chrome.runtime 的更改    
弃用永久配额    
Chrome 将在 Android 设备的“历史记录”页面上显示“历程”    
Android 设备上的无痕模式锁定    
Android 设备上的无痕模式下载提示    
Windows 上的网络服务将沙盒化    
移除 window.webkitStorageInfo    
移除 master_preferences    
用户代理缩减第 5 阶段    
在桌面设备上自动更改密码    
Chrome 发送子资源的专用网络访问预检    
Android 版 Chrome 弃用 Marshmallow    
ChromeOS 即将发生变化 安全性/隐私权 用户工作效率/应用 管理
改进 ChromeOS 无障碍设置    
Google 相册集成    
为企业版和教育版帐号预安装手写板    
长按变音符号    
快速配对    
Passpoint:顺畅安全地连接到 Wi-Fi 网络  

 

下载版本说明 (PDF)

↑ 返回页首

企业版版本说明有 9 种语言版本。您可以通过以下语言了解 Chrome 更新:英语、德语、法语、荷兰语、西班牙语、葡萄牙语、韩语、印度尼西亚语和日语。某些语言版本需要 1 到 2 周时间进行翻译。

 

 

Chrome browser updates

   

 

  • Chrome apps no longer supported on Windows, Mac, and Linux: Chrome 105 shows warning message   back to top

    As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 109 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.
     

    Starting in Chrome 105, if you're force-installing any Chrome apps, users are shown a message stating that the app is no longer supported. The installed Chrome Apps are still launchable. 

    Starting with Chrome 109, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary, add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
     

    Property Extension ID (Chrome App) install_url (PWA / Web App)
    Gmail pjkljhegncpnkpknbcohdijeoejaedia https://mail.google.com/mail/
    installwebapp?usp=admin
    Docs aohghmighlieiainnegkcijnfilokake https://docs.google.com/document/
    installwebapp?usp=admin
    Drive apdfllckaahabafndbhieahigkjlhalf https://drive.google.com/drive/
    installwebapp?usp=admin
    Sheets felcaaldnbdncclmgdcncolpebgiejap https://docs.google.com/spreadsheets/
    installwebapp?usp=admin
    Slides aapocclcgogkmnckokdopfmhonfmgoek https://docs.google.com/presentation/
    installwebapp?usp=admin
    YouTube blpcfgokakmgnkcojhhkbfbldkacnbeo https://www.youtube.com/s/notifications/
    manifest/cr_install.html

   

 

  • Launch Renderer AppContainer   back to top

    As early as Chrome 105, a further sandbox security mitigation applies to renderer processes. They are placed inside an additional App Container on top of the existing sandbox. This prevents malicious code from having any network privileges by subverting kernel APIs from within the renderer process.
    While we do not expect any incompatibilities with this new mitigation, some security products might react adversely to this.
    A new policy RendererAppContainerEnabled allows selective disabling of this security mitigation while these issues are resolved. You can  set this policy to Disabled to force disable the mitigation, otherwise it is enabled by default.

   

 

  • Chrome maintains its own default root store   back to top

    As early as Chrome 105, to improve user security and provide a consistent experience across different platforms, Chrome maintains its own default root store and built-in certificate verifier. Chrome continues to use custom local roots installed to the operating system’s trust store. See our article about the Chrome Root Program for more information. 

    We do not anticipate any changes to how enterprises currently manage their fleet and trusted enterprise CAs, such as through group policy, macOS Keychain Access, or system management tools like Puppet. 

    A new policy, called ChromeRootStoreEnabled, allows selective disabling of the Chrome Root Store in favor of the platform root store. You can set this policy to Disabled to force the use of the platform root store, otherwise it is enabled by default. The policy will be available until Chrome 111.

↑ 返回页首

   

 

  • Web SQL deprecation in non-secure contexts   back to top

    The non-standard Web SQL API is rarely used and requires frequent security fixes. At this point, only Chromium-based browsers support it. Web developers have been discouraged from using it for years. We are engaging in a careful process to seek out and warn partners who may still be using Web SQL, with the goal of removing it from Chrome entirely in 2023. Meanwhile, we're working on a replacement using WebAssembly.

    We've already disabled Web SQL in third-party contexts. The next step is to remove support in non-secure contexts.  In Chrome 105, we introduce a deprecation warning in DevTools. In early 2023, we plan to remove support in third-party contexts.

    An enterprise policy, WebSQLNonSecureContextEnabled, is available when support ends, to allow Web SQL API to function in non-secure contexts if needed. The policy will expire in alignment with the API’s non-secure context removal schedule.

   

 

  • Chrome sync ends support for Chrome 73 and earlier   back to top

    As early as Chrome 105, Chrome sync no longer supports Chrome 73 and earlier. You need to upgrade to a more recent version of Chrome if you want to continue using Chrome sync.

   

 

  • Policies on Mac distinguished between user and machine   back to top

    Chrome 105 on Mac adheres to the same policy precedence as other platforms. As of 105, machine-level policies, for example, set via Chrome Browser Cloud Management token management, take precedence over user-level policies. Previously, all policies were set as machine-level, regardless of their origin. If this change has any unexpected effects on your users, you can temporarily use the PolicyScopeDetection enterprise policy to revert to the previous behavior.

   

 

  • Add Set-Cookie as forbidden header name for Fetch   back to top

    Set-Cookie headers are semantically response headers, so they cannot just be combined and require more complex handling in the Headers object. Starting with Chrome 105, the Set-Cookie header is forbidden as a request header to avoid leaking this complexity into requests, as it is not useful for requests anyway. You can read more about this change on Github.

   

 

  • Disabling Chrome Variations no longer disables the Chrome Cleanup Tool   back to top

    Starting in Chrome 105, turning off variations no longer affects whether the Chrome Cleanup Tool runs. This means that enterprises that already have Chrome Variations turned off might notice that the Chrome Cleanup Tool starts running once per week in Chrome 105 on Windows.

    To disable it, you can still set the ChromeCleanupEnabled enterprise policy to Disabled.

↑ 返回页首

   

 

  • Internal certificate viewer for server certificates on Mac and Windows    back to top

    In Chrome 105 on Mac and Windows, the certificate viewer accessed from the page info bubble switches from using the platform provided viewer to one that is provided by Chrome. The Chrome certificate viewer is already used on Linux and ChromeOS.

   

 

  • Privacy Sandbox updates on FLEDGE on Android   back to top

    In Chrome 105, the Privacy Sandbox provides controls for the new Topics & Interest Group APIs on Android. This follows the launch of these APIs on Desktop in Chrome 104. It also introduces a one-time dialog for Android users that explains Privacy Sandbox to users and allows them to manage their preferences. Guest users or managed EDU users do not see this dialog.

    Some users may see this opt-in consent dialog:
    Opt in to private web
    Other users may see this dialog:

    Privacy notice

    Admins can prevent the dialog from appearing for their managed users by controlling third party cookies explicitly via policy:
    • To allow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to disabled. 
    • To disallow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to enabled. This might cause some sites to stop working.

    Any of the above settings will prevent the dialog from showing. Privacy Sandbox features are also disabled, and no dialog shown, if DefaultCookiesSetting is set to Do not allow any site to set local data.

   

 

  • WebAuthn: prompt users for Bluetooth permissions on macOS   back to top

    When a user attempts to use a phone as a security key on macOS, and Chrome does not have Bluetooth permission, and macOS doesn’t show a permission prompt itself, Chrome now prompts the user to open System Preferences to grant the required permission. This is not enabled for macOS 13 because, as of current macOS betas, it’s not yet possible to have the new System Settings open to the correct location.

   

 

  • Syntax changes to markup based Client Hints delegation   back to top

    We’re switching from syntax close to HTTP Permissions-Policy to use syntax closer to the iframe allow attribute at the request of developers.

    There is existing HTML syntax to delegate client hints to third-party content which requires client information lost by user agent reduction. This syntax was introduced in Chrome 100 and is being removed in Chrome 105, for example:
        <meta name="accept-ch" value="sec-ch-dpr=(https://foo.bar 
        https://baz.qux), sec-ch-width=(https://foo.bar)">


    The replacement for this introduced in Chrome 105 is formatted as follows:
        <meta http-equiv="delegate-ch" value="sec-ch-dpr https://foo.bar
        https://baz.qux; sec-ch-width https://foo.bar">

   

 

  • About this page on Android   back to top

    We are improving the From the web feature in the site info UI. It is now called About this page and opens a website with multiple pieces of information regarding the source and topic of a website. 

    This feature is only enabled when Make searches and browsing better is enabled in Settings > Sync and Google Services > Other Google services. You can control this setting with the UrlKeyedAnonymizedDataCollectionEnabled policy.
    About this page

↑ 返回页首

   

 

  • Enhanced Safe Browsing Google accounts integration on desktop   back to top

    For Chrome on desktop where the Safe Browsing protection level is not controlled by the SafeBrowsingProtectionLevel policy, users who are signed in and syncing, and have enabled Safe Browsing > Enhanced protection on their Google Account are notified that Enhanced protection is also enabled on their Chrome profile. Similarly, when a user disables Safe Browsing > Enhanced protection on their Google Account, it is disabled for their Chrome profile too.

   

 

  • ForceBrowserSignIn policy requires EnableExperimentalPolicies on Linux   back to top

    Starting in Chrome 105, you can only enable ForceBrowserSignIn on Linux if you also set EnableExperimentalPolicies to true.

    ForceBrowserSignIn has never been officially supported on Linux, as per its documentation. However, prior to Chrome 105, it was possible to set it on Linux. This update is part of an ongoing effort to reduce Chrome's binary size and to more strictly adhere to Chrome's documented behavior.

    A future release of Chrome will add Force users to sign-in to use the browser support to the BrowserSignIn policy on Linux. Once this is complete,  ForceBrowserSignIn will not function on Linux, even when EnableExperimentalPolicies is enabled.

   

 

  • Browser extension telemetry   back to top

    When you enable Safe Browsing > Enhanced protection, Chrome now collects telemetry information about installed extensions. It also monitors certain activities such as APIs executed and remote hosts contacted. These activities are analyzed on Google servers and further improve the detection of malicious and policy violating extensions. This improvement allows better protection for all Chrome extension users.

   

 

  • 为窗口放置设置描述准确的屏幕标签   back to top

    Chrome 105 现在会显示向用户有效描述屏幕的标签。例如,您可以使用此标签来请求授予在已连接的屏幕上打开和放置窗口的权限。这是在 Chrome 100 中推出的 Multi-Screen Window Placement API 的增强型功能。如需了解详情,请访问我们的“Chrome 平台状态”页面。您可以使用以下企业政策控制对 Window Placement API 的访问权限:WindowPlacementAllowedForUrlsWindowPlacementBlockForUrls

   

 

↑ 返回页首

 

ChromeOS updates

 

   

 

  • Close a desk and its windows in one click   back to top

    Create a desk for each project or task and when you’re done, close the desk and all its tabs and windows with a single click. Access this feature by hovering over a desk in the deskbar and selecting Close desk and windows.

 

Admin console updates

 

   

  • Group-based policy for apps & extensions   back to top

    Admins can configure app & extension permissions for their organizations using Google groups in addition to organizational units. If you want to install an app for a small number of users–who might belong to different organizational units–you can now add those users to a group instead of moving them into a different organizational unit. Note that apps & extensions policies for groups take precedence over those set for organizational units, so if a user belongs to both a group and an organizational unit where you have a policy set, they follow the permissions set for their group rather than their organizational unit. Also note that you are only able to add users to Google groups at this time. Learn more.

    Apps & extensions page  

   

 

  • Configure alerts for extension requests   back to top

    You can now configure alerts for extension requests by creating reporting or activity Rules. Follow the steps listed in this help center article.

   

 

  • Browser Details: Installed apps & extensions UX changes   back to top

    In the Browser Details page, there is an Installed apps & extensions card. When the user clicks on an app, a new page opens up–the App Details page. Previously, an overflow menu allowed admins to take a limited set of actions and now admins can set policy in the App Details page.

    Browser Details:
    Browser details
    App Details:
    App details

↑ 返回页首

   

 

  • New policies in the Admin console   back to top
    Policy Name Pages Supported on Category/Field
    RendererAppContainerEnabled User & Browser Settings Chrome Security > Renderer App Container
    UnthrottledNestedTimeoutEnabled User & Browser Settings; Managed Guest Session Chrome ChromeOS Android Content > Javascript setTimeout() clamping
    ChromeAppsEnabled Additional App Settings Chrome Additional application settings > Extend support for Chrome Apps

     

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

 

   

  • Support for Encrypted Client Hello (ECH)   back to top

    As early as Chrome 106, Chrome will start rolling out support for ECH on sites that opt-in, as a continuation of our network related efforts to improve our users’ privacy and safety on the web, for example, Secure DNS. There is an enterprise policy available to disable ECH, also available in Chrome 105.

    If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it with Chrome 106. If you encounter any incompatibilities, you will be able to use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH.

   

 

  • Changes to chrome.runtime   back to top

    Chrome 106 will include a change that causes chrome.runtime to no longer be defined unconditionally on all sites. In contexts where there is no connectable extension, websites should  never expect chrome.runtime to be defined.

    Over the past couple of months, we have taken steps to remove Chrome's legacy U2F security API. This API was implemented in an internal Chrome extension called CryptoToken, which by design was externally connectable from all URLs. The presence of this extension meant that chrome.runtime was effectively always defined on any web origin, because there was always at least one extension to connect to, even if the user installed no other connectable extensions. As part of the U2F removal process, Chrome 106 stops loading CryptoToken by default, which means that chrome.runtime will now be undefined in contexts where there is no other connectable extension.

    Websites should never assume that chrome.runtime is defined unconditionally. As a temporary workaround, the effects of this change can be reversed by enabling the chrome://flags/#load-cryptotoken-extension flag or an upcoming enterprise policy named LoadCryptoTokenExtension.

   

 

  • Persistent quota deprecation launch   back to top

    In Chrome 106, window.PERSISTENT quota type in webkitRequestFileSystem will no longer be supported. webkitRequestFileSystem will still accept a type parameter and use of the PERSISTENT and TEMPORARY types will create file systems with separate roots, but the PERSISTENT type will no longer grant access to a persistent file system.

   

 

  • Chrome will show Journeys on the History page on Android      back to top

    Chrome 96 started clustering local browsing activity on the History page into Journeys to make it easier to find prior activity and continue it with related search suggestions. This feature will also become available on Android as early as Chrome 106. For keywords typed into the Omnibox that match a cluster, an action chip displays for seamless access to the Journeys view. Users can delete clusters and disable Journeys, if desired. Additionally, admins will have the option to disable this feature using the HistoryClustersVisible policy.

↑ 返回页首

   

 

  • Incognito lock on Android   back to top

    Chrome 106 will introduce an option for users on Android 11 and later to require authentication when resuming an Incognito session. The feature will be OFF by default. It can be turned ON using the new Lock Incognito tabs when you leave Chrome toggle under Settings > Privacy & Security. This feature will not be available on managed devices where the IncognitoModeAvailability enterprise policy is set to Disabled.

   

 

  • Incognito downloads prompt on Android   back to top

    When a user initiates a download while browsing on an Incognito tab, they will see a new informative prompt. Users have the option to dismiss the prompt or tap Download to go ahead and save the file. Files downloaded on Incognito will continue to be accessible through the download manager.
    Download prompt Android

   

 

  • Network Service on Windows will be sandboxed    back to top

    As early as Chrome 107, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

  • Removal of window.webkitStorageInfo    back to top

    As early as Chrome 107, window.webkitStorageInfo API will be removed. This legacy quota API has been deprecated since 2013, and has been replaced by the now standardized StorageManager API.

   

 

  • Removal of master_preferences   back to top

    master_preferences and initial_preferences are ways of setting default preferences for a Chrome install. The historical name of the file is master_preferences, but it was renamed to initial_preferences in Chrome 91. To make the transition easy for IT admins, from Chrome 91 to Chrome 106, naming the file either initial_preferences or master_preferences has the same effect. In Chrome 107, if you name the file master_preferences, it will not work by default. You should rename the file initial_preferences.

    Alternatively, you will be able to use the CompatibleInitialPreferences enterprise policy to extend support for the master_preferences naming. This policy is not currently available.

↑ 返回页首

   

 

  • User-Agent reduction Phase 5   back to top

    As of Chrome 107, some portions of the User-Agent string will be reduced on desktop. As previously detailed in the Chromium blog, we intend to proceed with Phase 5 of the User-Agent reduction plan. The <platform> and <oscpu> tokens, parts of the User-Agent string, are reduced to the relevant <unifiedPlatform> token values, and will no longer be updated. Additionally, the values for navigator.platform are frozen on desktop platforms (see this Chromium update).

    The UserAgentReduction policy will allow for opting out of these changes.

   

 

  • Automated password changes on Desktop   back to top

    Chrome 107 will use the Google Assistant to help users change passwords that have been compromised. This reduces friction in updating passwords to help keep users safe. A policy will be available to control the Google Assistant directly, allowing you to enable password leak detection without the Google Assistant assisting in changing passwords.

   

  • Chrome sends Private Network Access preflights for subresources   back to top

    Chrome 104 started sending a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching Access-Control-Allow-Private-Network: true header, a warning is shown in DevTools (more details here).

    In Chrome 107 at the earliest, the warnings will turn into errors and affected requests will fail. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.

    If you want to test this feature in advance, you can enable warnings using chrome://flags/#private-network-access-send-preflights. If you want to test how it behaves once warnings turn into errors, you can enable chrome://flags/#private-network-access-respect-preflight-results.

    Chrome is making this change to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks. To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion and latest updates about Private Network Access preflights.

   

 

  • Marshmallow deprecation for Chrome on Android   back to top

    Chrome 106 is the last version that will support Android 6.0 Marshmallow. From Chrome 107 and onwards, the minimum version supported is Android 7.0 Nougat.

 

Upcoming ChromeOS changes

   

 

  • ChromeOS Accessibility settings improvements   back to top

    As early as ChromeOS 106, we will include new improvements to our accessibility settings, including improved search results, easier to understand feature descriptions, and improved layout for better discoverability of accessibility features.

   

 

  • Photos integrations   back to top

    As early as ChromeOS 106, Chromebook users will get access to enhanced video editing features from Google Photos. The experience is optimized for a larger screen, and will seamlessly integrate with the built-in Gallery app and your Chromebook files – so you can use local images and clips recorded on your Chromebook camera or stored in your Files app to build your movie. While movie editing typically comes with a steep learning curve, the revamped movie creation tools in Google Photos help you make high-quality movies with just a few taps using your video clips and photos. You’ll be able to create beautiful movies from suggested themes, or put yourself in the director's seat and start from scratch, right on your Chromebook.

   

 

  • Cursive pre-installed for Enterprise and Education accounts   back to top

    As early as ChromeOS 106, Cursive is a stylus-first notes app for Chromebooks. In an upcoming release, it will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks.

↑ 返回页首

   

 

  • Long-press diacritics   back to top

    The Essential Inputs team is planning to launch improvements to diacritic typing by including a key press functionality that showcases a new accent menu. This accent menu reveals diacritical marks associated with characters when the user presses and holds a key down on key characters with diacritics. Users will then have the option to select and insert a diacritic character or close the menu without selection. Look out for this upcoming feature in ChromeOS 106.

   

 

  • Fast Pair   back to top

    Fast Pair makes Bluetooth pairing easier on ChromeOS devices and Android phones. When you turn on your Fast Pair-enabled accessory, it automatically detects and pairs with your ChromeOS device or Android phone in a single tap. Fast Pair also associates your Bluetooth accessory with your Google account, making it incredibly simple to move between devices without missing a beat. This feature will be available as early as ChromeOS 108.

   

 

  • Passpoint: Seamless, secure connection to Wi-Fi networks    back to top

    Starting as early as ChromeOS 108, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.

↑ 返回页首

以往的版本说明

 

 

全部展开  |  全部收起

Chrome 104

Chrome browser updates Security/ Privacy User productivity/ Apps Management
Chrome 104 increases the nesting threshold for setTimeouts and setIntervals  
Chrome sends Private Network Access preflights for subresources    
Privacy Sandbox updates    
Improved first run experience on iOS    
Chrome 104 no longer supports OS X 10.11 and macOS 10.12    
Changes in cookie expiration date limit    
Intent to remove: Legacy Client Hint mode    
U2F API no longer supported    
Improved first run experience changes on Windows    
Calendar integration on iOS    
HTTPS-First mode for iOS    
Block iframe contexts navigating to filesystem: URLs    
Preconnecting on downpressed links    
New and updated policies in Chrome browser    
Chrome OS updates Security/ Privacy User productivity/ Apps Management
Forced reboot in user session  
Smart Lock UX update    
Monthly Calendar View    
Close Desk and Windows    
Notifications UI revamp
PDF annotating support on Gallery app    
Play Store Results in Launcher Search    
Kiosk and Signage solution preview    
Screen saver photo frame    
Multiple display support for Chrome Remote Desktop    
Admin console updates Security/ Privacy User productivity/ Apps Management
CSV export for the Versions and the Apps and extensions usage reports    
New Chrome Guides in the Admin console    
New App Details page    
Upcoming Chrome browser changes Security/ Privacy User productivity/ Apps Management
Launch Renderer AppContainer  
Chrome will maintain its own default root store    
Support for Encrypted Client Hello (ECH)    
Chrome will show Journeys on the History page on Android    
Web SQL Depreciation in non-secure contexts    
Network Service on Windows will be sandboxed    
Chrome sync ends support for Chrome 73 and earlier  
Policies on Mac distinguished between user and machine    
Change to forbidden header names for Fetch    
Disabling Chrome Variations will no longer disable the Chrome Cleanup Tool    
Use internal certificate viewer for server certificates on desktop    
Case-matching on CORS preflight requests    
MetricsReportingEnabled policy will be available on Android in Chrome    
Chrome apps no longer supported on Windows, Mac, and Linux  
Upcoming Chrome OS changes Security/ Privacy User productivity/ Apps Management
Adaptive charging to extend battery life    
Chrome OS Accessibility settings improvements    
Passpoint: Seamless, secure connection to Wi-Fi networks  
Photos integrations    
Cursive pre-installed for Enterprise and Education accounts    
Long-press diacritics    

 

DOWNLOAD Release notes (PDF)

↑ back to top

 

The enterprise release notes are available in 8 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, and Japanese. Please allow 1 to 2 weeks for translation for some languages.

Chrome browser updates

   

 

  • Chrome 104 increases the nesting threshold for setTimeouts and setIntervals   back to top

    setTimeout(..., 0) is commonly used to break down long Javascript tasks and let other internal tasks run, which prevents the browser from hanging. In Chrome 104, some users might see that setTimeouts and setIntervals with an interval < 4ms are not clamped as aggressively as they were before. We have increased the nesting threshold, from 5 to 100, which determines when setTimeout(..., <4ms) are clamped. This improves short horizon performance, but websites abusing the API will still eventually have their setTimeouts clamped. A temporary Enterprise policy UnthrottledNestedTimeoutEnabled allows you to control this feature. When the policy is set to Enabled, setTimeouts and setIntervals with an interval smaller than 4ms are not clamped as aggressively.

   

 

  • Chrome sends Private Network Access preflights for subresources   back to top

    Chrome 104 sends a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching Access-Control-Allow-Private-Network: true header, a warning is shown in DevTools, see here for more details).

    In Chrome 107 at the earliest, the warnings will turn into errors and affected requests will fail. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.

    If you want to test this feature in advance, you can enable warnings using chrome://flags/#private-network-access-send-preflights. If you want to test how it behaves once warnings turn into errors, you can enable chrome://flags/#private-network-access-respect-preflight-results.

    To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion about Private Network Access preflights.

   

 

  • Privacy Sandbox updates   back to top

    The Privacy Sandbox release in Chrome 104 provides controls for the new Topics & Interest Group APIs. It also introduces a one-time dialog that explains Privacy Sandbox to users and allows them to manage their preferences. Guest users or managed EDU users do not see this dialog.

    Some users may see this opt-in consent dialog:
    Privacy sandbox consent dialog
    Other users may see this dialog:
    Global privacy sandbox dialog
    Admins can prevent the dialog from appearing for their managed users by controlling third party cookies explicitly via policy:
    • To allow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to disabled. 
    • To disallow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to enabled. This might cause some sites to stop working.
    Privacy Sandbox features are also disabled, and no dialog shown, if DefaultCookiesSetting is set to Do not allow any site to set local data.

   

 

  • Improved first run experience on iOS   back to top

    In Chrome 104, some users might see a new onboarding experience with fewer steps and a more intuitive way to sign into Chrome. Enterprise policies, like BrowserSignin, SyncDisabled, SyncTypesListDisabled and MetricsReportingEnabled, to control whether the user can sign into Chrome and other aspects of the onboarding experience continue to be available as before.

      Customize fre on iOS

↑ 返回页首

   

 

  • Chrome 104 no longer supports OS X 10.11 and macOS 10.12   back to top

    Chrome 104 no longer supports OS X 10.11 and macOS 10.12, which are already outside of their support window with Apple. Users have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security.

   

 

  • Changes in cookie expiration date limit   back to top

    Beginning with Chrome 104, any newly set or refreshed cookies have their expiration date limited to no more than 400 days in the future. Cookies which request expiration dates after 400 days in the future can still be set, but their expiration is adjusted down to 400 days. Existing cookies retain their prior expiration date (even if it was more than 400 days in the future), but refreshing them causes the cap to be enforced.

   

 

  • Intent to remove: Legacy Client Hint mode   back to top

    In Chrome 104, the Client Hints, dpr, width, viewport-width, and device-memory, are no longer delegated to all third party frames and subresources by default on Android. The Android behavior now replicates that of all other platforms, which is to only delegate to the first party frame and subresources by default.

   

 

  • U2F API no longer supported   back to top

    The U2F API for interacting with USB security keys has been disabled by default since Chrome 98. Websites are advised to migrate to the Web Authentication API. Chrome 104 removes the U2fSecurityKeyApiEnabled enterprise policy for temporarily re-enabling this API. The U2FSecurityKeyAPI origin trial, which lets websites re-enable U2F, will end July 26, 2022. We are offering existing trial participants that have not yet fully migrated to WebAuthn an extension of the trial until September 20, 2022. If you are an existing origin trial participant and would like to extend your trial tokens beyond the July 26 deadline, please get in touch with our team. The U2F API will be fully removed in Chrome 106.

   

 

  • Improved first run experience changes on Windows   back to top

    In Chrome 104 on Windows, some users might see a different sequence of onboarding steps in the chrome://welcome tab that is opened when Chrome is launched for the first time. Admins can use existing Enterprise policies such as BrowserSignin, PromotionalTabsEnabled, SyncDisabled to control the onboarding process.

↑ 返回页首

   

 

  • Calendar integration on iOS   back to top

    Long pressing a date on a page now presents a menu that allows users to add the event to their calendar without switching apps.
    Calendar on iOS

   

 

  • HTTPS-First mode for iOS   back to top

    Beginning with Chrome 104, HTTPS-First mode is available on iOS. This feature allows users to opt-in to a fully default HTTPS experience, via Chrome Settings. In this mode, Chrome attempts to upgrade all navigations to HTTPS. Sites that only support HTTP display an interstitial. 
    The HttpsOnlyMode policy will be available in Chrome 105. This policy will allow enterprises to disable the HTTPS-First mode feature.

   

 

  • Block iframe contexts navigating to filesystem: URLs   back to top

    Beginning in Chrome 104, as part of the Storage Partitioning effort, iframes are no longer allowed to navigate to a filesystem:// URL. This matches the existing behavior of forbidding top-level frame navigation to filesystem://.
    As a possible workaround for sites relying on this pattern, a blob: URL can be created from a filesystem:// URL. For example:
    let url = 'filesystem:example_resource';
    window.webkitResolveLocalFileSystemURL(url, fileEntry => {
      fileEntry.file(file => {
        let blob_url = URL.createObjectURL(file);
        iframe.src = blob_url;
      });
    });

   

 

  • Preconnecting on downpressed links   back to top

    To increase page loading performance, for some users, Chrome 104 preconnects to the target of a link as soon as the user presses on the link without waiting for the user to lift their finger up or for JavaScript to execute. You can disable this behavior using the NetworkPredictionOptions policy.

   

 

↑ 返回页首



Chrome OS updates

   

 

  • Forced reboot in user session   back to top

    Extending the ability to schedule automated device reboots on user devices, irrespective of whether a user is in session or not. During a scheduled reboot, the user in session will be notified one hour in advance.

   

 

  • Smart Lock UX update   back to top

    Starting in Chrome 104, Smart Lock, which allows users to unlock their Chromebook using their connected Android phone, is faster than ever, with greater performance, reliability, and an overhauled design. To get started, navigate to Chrome OS Settings>Connected devices, select your Android phone, and enable Smart Lock.

   

 

  • Monthly Calendar view   back to top

    Monthly Calendar View is accessible from the date in the status area or within quick settings. This feature provides quick access to a monthly calendar view and enables users to view events from Google Calendar.

   

 

  • Close Desk and Windows   back to top

    Create a desk for each project or task and when you’re done, close the desk and all its tabs and windows with a single click. Access this feature by hovering over a desk in the deskbar and selecting Close desk and windows.

   

 

  • Notifications UI revamp   back to top

    In addition to a fresh new look, notifications from multiple senders are now grouped together.

   

 

  • PDF annotating support on Gallery app   back to top

    The Gallery app, a built-in media app on Chromebook, now supports PDF annotating. Besides viewing a PDF, you can highlight text, fill out forms, add text or freeform annotation in the app. And with free hand annotation, you can add your signature to a document, then easily share the PDF through the app.

↑ 返回页首

   

 

  • Play Store results in Launcher Search   back to top

    Starting in 104, ChromeOS displays relevant Play Store app suggestions in Launcher Search.

   

 

  • Kiosk and Signage solution preview   back to top

    We're excited to announce the preview of the new end-to-end solution focused on ChromeOS for kiosks and digital signage. This solution includes a kiosk specific enrollment flow, license management, and user experience. This solution is offered with a new license, Kiosk and Signage Upgrade, for $25 annually.

   

 

  • Screen saver photo frame   back to top

    We are excited to announce a new screen saver feature within personalization settings that allows users to view their personal photos and curated images when their devices are idle.  You can choose albums from Google Photos or curated artwork to display on your screen when screen saver is enabled.

   

 

  • Multiple display support for Chrome Remote Desktop   back to top

    Chrome Remote Desktop now supports switching between multiple displays for remote devices that have more than one display attached.

   

 

  • CSV Export option for Versions and Apps and extensions usage reports   back to top

    Starting in Chrome 104, Chrome introduces a new CSV download option for the Apps and extensions usage and the Versions reports.
      CSV exports for reports

↑ 返回页首

   

 

  • New Chrome Guides in the Admin console   back to top

    Chrome 104 introduces the new Chrome Guides which help IT administrators discover and set common management features for Chrome browser and ChromeOS. For example, the feature provides a series of guides to enroll browsers and devices, set policies and view reports.
      Chrome guides

   

 

  • New App Details page   back to top

    Chrome 104 introduces a new App Details page that gives admins more information when they click on an app in the Apps and extension usage report. Learn more in the help center.
      Apps page

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

   

 

  • Launch Renderer AppContainer   back to top

    As early as Chrome 105, a further sandbox security mitigation will be applied to renderer processes. They will be additionally placed inside an App Container on top of the existing sandbox. This prevents malicious code from having any network privileges by subverting kernel APIs from within the renderer process.

    While we do not expect any incompatibilities with this new mitigation, some security products might react adversely to this. A new policy RendererAppContainerEnabled has been added to allow selective disabling of this security mitigation for a limited time while these issues are resolved. This policy can be set to Disabled to force disable the mitigation, otherwise it will be enabled by default.

   

 

  • Chrome will maintain its own default root store   back to top

    As early as Chrome 105, to improve user security, and provide a consistent experience across different platforms, Chrome intends to maintain its own default root store and built-in certificate verifier. Chrome will continue to use custom local roots installed to the operating system’s trust store. We do not anticipate any changes will be required for how enterprises currently manage their fleet and trusted enterprise CAs, such as through group policy, macOS Keychain Access, or system management tools like Puppet. See our article about the Chrome Root Program for more information. A new policy ChromeRootStoreEnabled will allow selective disabling of the Chrome Root Store in favor of the platform root store for a limited time. This policy can be set to Disabled to force the use of the platform root store, otherwise it will be enabled by default.

↑ 返回页首

   

 

  • Support for Encrypted Client Hello (ECH)   back to top

    As early as Chrome 105, Chrome will start rolling out ECH as a continuation of our network related efforts, for example, Secure DNS, to improve our users’ privacy and safety on the web. While the feature is under development, there will be an enterprise policy available to disable the feature, also available in Chrome 105.
    If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it with Chrome 105. If you encounter any incompatibilities, you will be able to use the EncryptedClientHelloEnabled enterprise policy to revert to the previous behavior.

   

 

  • Chrome will show Journeys on the History page on Android   back to top

    Chrome 96 started clustering local browsing activity on the History page into Journeys to make it easier to find prior activity and continue it with related search suggestions. This feature will also become available on Android as early as Chrome 105. For keywords typed into the Omnibox that match a cluster, an action chip displays for seamless access to the Journeys view. Users can delete clusters and disable Journeys, if desired. Additionally, admins will have the option to disable this feature using the HistoryClustersVisible policy.

   

 

  • Web SQL deprecation in non-secure contexts   back to top

    Starting Chrome 105, Web SQL API will be deprecated for non-secure contexts with the aim to fully deprecate and remove the API from Chrome in the future. For non-secure contexts, the API is planned to be disabled in Chrome 107. 
    An enterprise policy, WebSQLNonSecureContextEnabled, will be available between Chrome 105 and Chrome 110 to allow Web SQL API to function in non-secure contexts if needed.

   

 

  • Network Service on Windows will be sandboxed   back to top

    As early as Chrome 105, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

  • Chrome sync ends support for Chrome 73 and earlier   back to top

    As early as Chrome 105, Chrome sync will no longer support Chrome 73 and earlier. You will need to upgrade to a more recent version of Chrome if you want to continue using Chrome sync.

↑ 返回页首

   

 

  • Policies on Mac distinguished between user and machine   back to top

    Chrome 105 on Mac adheres to the same policy precedence as other platforms. As of 105, machine-level policies,for example, set via CBCM token management, will take precedence over user-level policies. Previously, all policies were set as machine-level, regardless of their origin. If this change has any unexpected effects on your users, you can temporarily use the PolicyScopeDetection enterprise policy to revert to the previous behavior.

   

 

  • Change to forbidden header names for Fetch   back to top

    Set-Cookie headers are semantically response headers, so they cannot just be combined and require more complex handling in the Headers object. Starting with Chrome 105, the Set-Cookie header will be forbidden as a request header to avoid leaking this complexity into requests, as it is not useful for requests anyway. You can read more about this change here.

   

 

  • Disabling Chrome Variations will no longer disable the Chrome Cleanup Tool   back to top

    Starting in Chrome 105, turning off variations will no longer affect whether the Chrome Cleanup Tool runs. This means that enterprises that already have Chrome Variations turned off may notice that the Chrome Cleanup Tool starts running once per week in Chrome 105 on Windows.
    You can still disable it by setting the Enterprise policy ChromeCleanupEnabled to Disabled.

   

 

  • Use internal certificate viewer for server certificates on desktop   back to top

    In Chrome 105 on Mac and Windows, the certificate viewer accessed from the page info bubble will switch from using the platform provided viewer to one that is provided by Chrome. The Chrome certificate viewer is already used on Linux and ChromeOS.

   

 

  • Case-matching on CORS preflight requests   back to top

    Currently Chrome uppercases request methods when matching with Access-Control-Allow-Methods response headers in CORS preflight. Chrome 106 will not uppercase request methods, except for DELETE, GET, HEAD, OPTIONS, POST, and PUT (all case-insensitive). So, Chrome 104 will require exact case-sensitive matching. An enterprise policy will be available to maintain temporary compatibility with existing non-compliant solutions.

    Previously accepted, but rejected in Chrome 106:
       Request: fetch(url, {method: 'Foo'})
       Response Header: Access-Control-Allow-Methods: FOO

    Previously rejected, but accepted in Chrome 106:
       Request: fetch(url, {method: 'Foo'})
       Response Header: Access-Control-Allow-Methods: Foo


    Note: post and put are not affected because they are in https://fetch.spec.whatwg.org/#concept-method-normalize, while patch is affected.

↑ 返回页首

   

 

  • MetricsReportingEnabled policy will be available on Android in Chrome   back to top

    As early as Chrome 106, Chrome-on-Android will slightly modify the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there will be no change to the first run experience. If the admin enables metrics, users will still be able to change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.

   

 

  • Chrome apps no longer supported on Windows, Mac, and Linux   back to top

    As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 109 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.
    If you're force-installing any Chrome apps, starting Chrome 105, users will be shown a message stating that the app is no longer supported. The installed Chrome Apps will still be launchable. 
    As early as Chrome 109, Chrome Apps on Windows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary they can add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
     
     
    Property Extension ID (Chrome App) install_url (PWA / Web App)
    Gmail pjkljhegncpnkpknbcohdijeoejaedia https://mail.google.com/mail/
    installwebapp?usp=admin
    Docs aohghmighlieiainnegkcijnfilokake https://docs.google.com/document/
    installwebapp?usp=admin
    Drive apdfllckaahabafndbhieahigkjlhalf https://drive.google.com/drive/
    installwebapp?usp=admin
    Sheets felcaaldnbdncclmgdcncolpebgiejap https://docs.google.com/spreadsheets/
    installwebapp?usp=admin
    Slides aapocclcgogkmnckokdopfmhonfmgoek https://docs.google.com/presentation/
    installwebapp?usp=admin
    YouTube blpcfgokakmgnkcojhhkbfbldkacnbeo https://www.youtube.com/s/notifications/
    manifest/cr_install.html

 

Upcoming Chrome OS changes

   

 

  • Adaptive charging to extend battery life   back to top

    As early as Chrome 105, adaptive charging will help to extend your battery’s lifespan by understanding how you use your device and optimizing charging accordingly. This new feature will analyze your device usage patterns and keep your battery working in the optimal charge range to avoid overcharging thereby delaying battery deterioration.

   

 

  • Chrome OS Accessibility settings improvements   back to top

    Chrome 105 will include new improvements to our accessibility settings, including improved search results, easier to understand feature descriptions, and improved layout for better discoverability of accessibility features.

   

 

  • Passpoint: Seamless, secure connection to Wi-Fi networks   back to top

    Starting with Chrome 106, Passpoint will streamline Wi-Fi access and eliminate the need for users to find and authenticate a network each time they visit.  Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client device will automatically connect upon subsequent visits.

↑ 返回页首

   

 

  • Photos integrations   back to top

    As early as Chrome 106, Chromebook users will get access to enhanced video editing features from Google Photos. The experience is optimized for a larger screen, and will seamlessly integrate with the built-in Gallery app and your Chromebook files – so you can use local images and clips recorded on your Chromebook camera or stored in your Files app to build your movie. While movie editing typically comes with a steep learning curve, Google Photos’ revamped movie creation tools help you make high-quality movies with just a few taps using your video clips and photos. You’ll be able to create beautiful movies from suggested themes, or put yourself in the director's seat and start from scratch, right on your Chromebook.

   

 

  • Cursive pre-installed for Enterprise and Education accounts   back to top

    As early as Chrome 106,  Cursive will be pre-installed for all Enterprise and Education accounts on stylus-enabled Chromebooks. Cursive is a stylus-first notes app for Chromebooks.

   

 

  • Long-press diacritics   back to top

    The Essential Inputs team is planning to launch improvements to diacritic typing by including a key press functionality that showcases a new accent menu. This accent menu reveals diacritical marks associated with characters when the user presses and holds a key down on key characters with diacritics. Users will then have the option to select and insert a diacritic character or close the menu without selection. Look out for this upcoming feature in Chrome 106.

↑ 返回页首

Chrome 103

Chrome browser updates Security User productivity/ Apps Management
Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022    
Chrome on Windows uses built-in DNS client by default    
Release of Speculation Rules API for prerender on Android    
Local Fonts Access API     
Unified password manager on Android  
Chrome Actions on iOS    
Improved credit and debit card Autofill     
Removing LockIconInAddressBarEnabled policy    
Enhanced Safe Browsing on iOS    
Reporting Connector    
Profile Separation Dialog rolled back    
Thank With Google Android integration    
HTTPS Key Pinning enforcement enabled on Android    
New and updated policies in Chrome browser    
Chrome OS updates Security User productivity/ Apps Management
New built-in Screencast app for Chrome OS    
Fast Pair makes Bluetooth pairing easier    
Receive Wi-Fi credentials with Nearby Share    
Phone Hub camera roll    
Split sync settings on Chrome OS into Browser and OS categories    
Launcher (Search) redesign: Open Tab and Shortcut search    
Block accounts becoming secondary accounts  
Admin console updates Security User productivity/ Apps Management
Customize icon and name of managed websites  
Pin Chrome app updates in Kiosk    
Updates to the Chrome Management Telemetry API     
Remote eSIM provisioning and management  
New policies in the Admin console    
Upcoming Chrome browser changes Security User productivity/ Apps Management
Increase the nesting threshold before which setTimeout(..., <4ms) start being clamped, from 5 to 100.    
Chrome will send Private Network Access preflights for subresources    
Privacy Sandbox updates     
Case-matching on CORS preflight requests    
Improved first run experience on iOS    
Extended support for Legacy Same Site Cookie Behavior policy     
Chrome 104 will no longer support OS X 10.11 and macOS 10.12    
Changes in cookie expiration date limit    
Chrome will show Journeys on the History page on Android       
Network Service on Windows will be sandboxed     
U2F API no longer supported as early as Chrome 104    
Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 106  
Launch Renderer AppContainer  
Intent to Remove: Legacy Client Hint Mode    
Chrome sync will end support for Chrome 73 and earlier  
MetricsReportingEnabled policy will be available on Android in Chrome    
Upcoming Chrome OS changes Security User productivity/ Apps Management
Forced reboot in user session    
PDF annotating support on Gallery app    
Smart Lock UX update    
Upcoming Admin console changes Security User productivity/ Apps Management
New CSV export for some Chrome Admin console reports in Chrome 104  
New App Details page in Chrome 104    

 

DOWNLOAD Release notes (PDF)

↑ back to top

 

Chrome browser updates

   

 

  • Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022   back to top

    As part of the gradual deprecation of Manifest V2, the Chrome Web Store stopped accepting submissions of new Public or Unlisted Manifest V2 extensions after January 17, 2022. On June 29, 2022, Chrome also applies this restriction to new extensions with Private visibility, which may have a more significant impact on Enterprise extension workflows. Extensions which are already submitted may continue to be updated until January 2023.

    For more details, refer to the Manifest V2 support timeline.

   

 

  • Chrome on Windows uses Chrome's built-in DNS client by default   back to top

    The built-in DNS client is enabled by default on macOS, Android and Chrome OS. Chrome on Windows now also uses the built-in DNS client by default. Enterprises can opt out by setting BuiltInDnsClientEnabled policy to Disabled.

   

 

  • Release of Speculation Rules API for prerender on Android   back to top

    Expanding our prerender efforts released in Chrome 101, we now ship the Speculations Rules API for Android in Chrome 103. This API allows web authors to suggest to Chrome which pages that the user is very likely to navigate to next. This influences Chrome during the decision to prerender a particular URL before the user navigates to it, aiming to offer an instant navigation. An enterprise policy, NetworkPredictionOptions, is available to block the usage of all prerendering activities which results in Chrome ignoring the hints provided using this API. See our article on speculative prerendering for more information.

   

 

  • Local Fonts Access API   back to top

    Users of design applications often want to use fonts present on their local device. The Local Fonts Access API gives web applications the ability to enumerate local fonts and some metadata about each. This API also gives web applications access to the font data as a binary blob, allowing those fonts to be rendered within their applications using custom text stacks. The enterprise policies applicable to this feature are DefaultLocalFontsSetting, LocalFontsAllowedForUrls and LocalFontsBlockedForUrls.

↑ 返回页首

   

 

  • Unified password manager on Android   back to top

    For Chrome on Android users who are syncing, they now see a new password management experience, which is the same user journey used to manage passwords when logging in to Android apps.

   

 

  • Chrome Actions on iOS   back to top

    Chrome Actions help users get things done fast, directly from the address bar. We first released Chrome Actions on desktop a couple of years ago, with Actions like Clear browsing data. In Chrome 103, we bring some of them to Chrome on iOS, like:
     
    • Manage Passwords
    • Open Incognito Tab
    • Clear Browsing Data
    • And more!

    Chrome on iOS allows users to take actions directly from the address bar, like clearing browsing data, using a button that appears among auto-complete suggestions. This feature is already available on desktop platforms. For more details about Chrome Actions, see this article in the Help Center.

    Actions on iOS

   

 

  • Improved credit and debit card Autofill   back to top

    Over the course of Chrome 103, credit and debit card Autofill will start supporting cloud-based upload via Google Pay, enabling Autofill for your cards across all your Chrome devices. You can control credit card autofill with the AutofillCreditCardEnabled enterprise policy.

   

 

  • Removing LockIconInAddressBarEnabled policy   back to top

    Chrome 94 launched an experiment to replace the lock icon as the connection security indicator. The LockIconInAddressBarEnabled policy was added to allow organizations to continue to show the lock icon during the experiment. The experiment is no longer active, so the policy is no longer available in Chrome 103.

   

 

  • Enhanced Safe Browsing on iOS   back to top

    To match Safe Browsing functionality from other platforms, we now add functionality so that a user on iOS can choose what type of Safe Browsing protection they would like. Where an enterprise controls this setting, the enterprise is allowed to set the level of Safe Browsing protection, and users under the enterprise are not allowed to change the preference. An enterprise policy SafeBrowsingProtectionLevel is available to control Safe Browsing and the mode it operates in.Enhanced Safe Browsing on iOS

     

    Standard protection

     

   

 

↑ 返回页首

   

 

  • Profile Separation Dialog rolled back   back to top

    The previous release of Chrome introduced a dialog to users when they signed in to a managed account from an unmanaged profile. By default, Chrome would create a new profile for the managed account. This change was surprising to some users and their admins, and it has been removed by default in Chrome 103. If you want to keep it, you can still configure Chrome to show the dialog using the Managed Accounts Sign Restriction enterprise policy.

    The goal of this feature is to improve data separation between personal and enterprise data. Chrome intends to continue making changes to achieve this goal. Future changes will be communicated in the release notes with enterprise controls.

   

 

  • Thank With Google Android integration   back to top

    Thank With Google (Android only) allows en-US users to contribute free or paid digital stickers to sites where the creator has opted in. This appears in the App Menu and in the Follow Feed for enabled sites.

    Thank with Google

   

 

  • HTTPS Key Pinning enforcement enabled on Android   back to top

    For a small set of opt-in domains, including Google properties, Chrome enforces that the HTTPS certificate is issued by the expected CA. This process is known as key pinning. The set of expected issuer keys is the pin set. Key pinning has been enabled on desktop since 2014 and earlier, and is now enabled on Android. Key pinning is bypassed when the HTTPS connection to a pinned site verifies through a locally installed root certificate, such as those used by DLP and TLS interception products. This behavior already exists on desktop, and is being extended to Android. Enterprises that proxy traffic through a private root should see no change in behavior.

   

 

  • New and updated policies in Chrome browser   back to top
     

    Policy

    Description

    DefaultClipboardSetting

    Setting the policy to “2” blocks sites from using the clipboard site permission. Setting the policy to “3” or leaving it unset lets the user change the setting and decide if the clipboard APIs are available when a site wants to use one.

    ClipboardAllowedForUrls

    Setting the policy lets you set a list of URL patterns that specify sites that can use the clipboard site permission. 

    ClipboardBlockedForUrls

    Setting the policy lets you set a list of URL patterns that specify sites that can't use the clipboard site permission. 

    AccessCodeCastDeviceDuration

    This policy specifies how long (in seconds) a cast device that was previously selected via an access code or QR code can be seen within the Google Cast menu of cast devices.

    DefaultLocalFontsSetting

    Setting the policy to BlockLocalFonts (value 2) automatically denies the local fonts permission to sites by default. This will limit the ability of sites to see information about local fonts.

    LocalFontsAllowedForUrls

    Sets a list of site URL patterns that specify sites which will automatically grant the local fonts permission. This will extend the ability of sites to see information about local fonts.

    LocalFontsBlockedForUrls

    Sets a list of site URL patterns that specify sites which will automatically deny the local fonts permission. This will limit the ability of sites to see information about local fonts.

 

Chrome OS updates

   

 

  • New built-in Screencast app for Chrome OS   back to top

    Screencast is a new app built into Chrome OS to record, share, and watch engaging demos and lessons. It uses speech-to-text tools built into your Chromebook to automatically transcribe your narration into text to navigate and search the video, translate, and trim your recordings - no editing/rendering required. You can even draw or write on your screen as you record using a mouse, touchscreen, or stylus to diagram or highlight key concepts. With Screencast, anyone can create their own library of recorded screencasts, automatically uploaded to Google Drive. Learn more. See Screencast in action.

   

 

  • Fast Pair makes Bluetooth pairing easier   back to top

    Fast Pair makes Bluetooth pairing easier on Chrome OS devices and Android phones. When you turn on your Fast Pair-enabled accessory (like Pixel Buds), it automatically detects and pairs with your Chrome OS device in a single tap. Fast Pair also associates your Bluetooth accessory with your Google account, making it incredibly simple to move between your Chrome OS and Android devices.

↑ 返回页首

   

 

  • Receive Wi-Fi credentials with Nearby Share   back to top

    Nearby Share on Chrome OS now supports receiving Wi-Fi credentials from Android devices. To get started, navigate to the Wi-Fi detail page on Android, tap the share icon, then Nearby Share - here, any Chromebook or Android phone discovered nearby that you select is offered the Wi-Fi network credentials, and automatically joins that network thereafter.

   

 

  • Phone Hub camera roll   back to top

    Phone Hub now provides access to your phone's most recent photos, right from the Chrome OS desktop. To use this feature, look for the phone icon in your system tray - if you need to grant any permissions, you will be prompted to do so, after which your most recent photos will automatically appear in Phone Hub, ready for use in docs, emails, and so on.

   

 

  • Split sync settings on Chrome OS into Browser and OS categories   back to top

    OS sync preferences are now distinct from browser sync preferences, so browser-specific sync data types (like Bookmarks) are no longer shown in the OS settings, while OS-specific data types like Apps and Wallpaper are moved to the OS settings. Also, browser-specific toggles have been removed from the Sync and Google services page in OS settings.

   

 

  • Launcher (Search) redesign: Open Tab and Shortcut search   back to top

    Users can now search through their open tabs and device shortcuts using the new Launcher. Launcher is accessible via the Search button on the keyboard or by clicking the dot on the bottom left of the screen. Stay tuned as we will continue to add new capabilities to Launcher search.

   

 

  • Block accounts becoming secondary accounts   back to top

    SecondaryGoogleAccountUsage is a new policy that enables administrators to prevent managed accounts becoming secondary accounts, even if multiple user sign-ins are allowed.

↑ 返回页首

 

Admin console updates

   

 

  • Customize icon and name of managed websites   back to top

    This feature allows IT Admins to customize the appearance of the URLs that they force install in User and Managed Guest Sessions. You can define the name and icon that is presented to end-users.

   

 

  • Pin Chrome app updates in Kiosk   back to top

    As a Chrome Enterprise admin, you can pin the latest version of a Chrome app to control when they are updated to a newer version. Multi-platform zip files are currently not supported.

   

 

  • Updates to the Chrome Management Telemetry API   back to top

    We have enriched the Chrome Management Telemetry API (documentation) with additional fields. These include additional audio telemetry information, for example,  microphone mute status, volume level status, device name for connected input/output devices. It also includes network information, for example, transmission/receiving bit rates, MEID/IMEI/ICCID/MDM info for cellular devices. In addition, for devices with 12th Generation Intel vPro processors the Chrome Management Telemetry API can now report Total Memory Encryption state, Key Locker configuration status and Thunderbolt security info.

   

 

  • Remote eSIM provisioning and management   back to top

    Admins now have the ability to remotely activate an eSIM cellular connection and manage it at scale. Previously, admins had to manually setup an eSIM profile on each individual device with a QR code. In addition to scaled activation of cellular connections, admins can force the use of only managed cellular profiles and remotely clear eSIM profiles on compatible LTE devices.

   

 

↑ 返回页首

 

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

 

   

 

  • Increase the nesting threshold before which setTimeout(..., <4ms) start being clamped, from 5 to 100.   back to top

    setTimeout(..., 0) is commonly used to break down long Javascript tasks and let other internal tasks run, which prevents the browser from hanging. setTimeouts and setIntervals with an interval < 4ms are not clamped as aggressively as they were before. This improves short horizon performance, but websites abusing the API will still eventually have their setTimeouts clamped. A temporary Enterprise policy UnthrottledNestedTimeoutEnabled will be available to control this feature. When the policy is set to Enabled, setTimeouts and setIntervals with an interval smaller than 4ms are not clamped as aggressively.

   

 

  • Chrome will send Private Network Access preflights for subresources   back to top

    In Chrome 104 at the earliest, Chrome will send a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new `Access-Control-Request-Private-Network: true` header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching

    `Access-Control-Allow-Private-Network: true` header, a warning is shown in DevTools (more details here).

    In Chrome 107 at the earliest, the warnings will turn into errors and affected requests will fail. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.

    If you want to test this feature in advance, you can enable warnings using chrome://flags/#private-network-access-send-preflights. If you want to test how it behaves once warnings turn into errors, you can enable chrome://flags/#private-network-access-respect-preflight-results.

    To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion about Private Network Access preflights.

   

 

  • Privacy Sandbox updates   back to top

    The Privacy Sandbox release in Chrome 104 will provide controls for the new Topics & Interest Group APIs. It will also introduce a one-time dialog that explains Privacy Sandbox to users and allows them to manage their preferences. This dialog is not shown for Guest users or managed EDU users.

    Admins can prevent the dialog from appearing for their managed users by controlling third party cookies explicitly via policy:
    • To allow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to disabled 
    • To disallow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to enabled. This might cause some sites to stop working.
    Privacy Sandbox features will also be disabled, and no dialog shown, if DefaultCookiesSetting is set to Do not allow any site to set local data.

   

 

  • Case-matching on CORS preflight requests   back to top

    Currently Chrome uppercases request methods when matching with Access-Control-Allow-Methods response headers in CORS preflight. Chrome 104 will not uppercase request methods, except for DELETE, GET, HEAD, OPTIONS, POST, and PUT (all case-insensitive). So, Chrome 104 will require exact case-sensitive matching.

    Previously accepted, but rejected in Chrome 104:

       Request: fetch(url, {method: 'Foo'})
       Response Header: Access-Control-Allow-Methods: FOO

    Previously rejected, but accepted in Chrome 104:

       Request: fetch(url, {method: 'Foo'})
       Response Header: Access-Control-Allow-Methods: Foo

    Note: post and put are not affected because they are in https://fetch.spec.whatwg.org/#concept-method-normalize, while patch is affected.

   

 

  • Improved first run experience on iOS   back to top

    In Chrome 104, some users might see a new onboarding experience with fewer steps and a more intuitive way to sign into Chrome. Enterprise policies, like BrowserSignin, SyncDisabled, SyncTypesListDisabled and MetricsReportingEnabled, to control whether the user can sign into Chrome and other aspects of the onboarding experience will continue to be available as before.

↑ 返回页首

   

 

   

 

  • Chrome 104 will no longer support OS X 10.11 and macOS 10.12   back to top

    Chrome 104 will no longer support OS X 10.11 and macOS 10.12, which are already outside of their support window with Apple. Users will have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security.

   

 

  • Changes in cookie expiration date limit   back to top

    Beginning with Chrome 104, any newly set or refreshed cookies will have their expiration date limited to no more than 400 days in the future. Cookies which request expiration dates after 400 days in the future will still be set, but their expiration will be adjusted down to 400 days. Existing cookies will retain their prior expiration date (even if it was more than 400 days in the future), but refreshing them will cause the cap to be enforced.

   

 

  • Chrome will show Journeys on the History page on Android   

    Chrome 96 started clustering local browsing activity on the History page into Journeys to make it easier to find prior activity and continue it with related search suggestions. This feature will also become available on Android as early as Chrome 104. For keywords typed into the Omnibox that match a cluster, an action chip displays for seamless access to the Journeys view. Users can delete clusters and disable Journeys, if desired. Additionally, admins will have the option to disable this feature using the HistoryClustersVisible policy.

   

 

  • Network Service on Windows will be sandboxed   back to top

    As early as Chrome 105, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

  • U2F API no longer supported as early as Chrome 104   back to top

    The U2F API for interacting with USB security keys has been disabled by default since Chrome 98. Websites are advised to migrate to the Web Authentication API. Chrome 104 will remove the U2fSecurityKeyApiEnabled enterprise policy for temporarily re-enabling this API. The U2FSecurityKeyAPI origin trial, which lets websites re-enable U2F, is going to end July 26, 2022. We are offering existing trial participants that have not yet fully migrated to WebAuthn an extension of the trial until September 20, 2022. If you are an existing origin trial participant and would like to extend your trial tokens beyond the July 26 deadline, please get in touch with our team. The U2F API will be fully removed in Chrome 106.

   

 

  • Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 106   back to top

    As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 106 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.

    If you're force-installing any Chrome apps, starting Chrome 104, users will be shown a message stating that the app is no longer supported. The installed Chrome Apps will still be launchable.

    Starting with Chrome 106, Chrome Apps on WIndows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary they can add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
     
    Property Extension ID (Chrome App) install_url (PWA / Web App)
    Gmail pjkljhegncpnkpknbcohdijeoejaedia https://mail.google.com/mail/
    installwebapp?usp=admin
    Docs aohghmighlieiainnegkcijnfilokake https://docs.google.com/document/
    installwebapp?usp=admin
    Drive apdfllckaahabafndbhieahigkjlhalf https://drive.google.com/drive/
    installwebapp?usp=admin
    Sheets felcaaldnbdncclmgdcncolpebgiejap https://docs.google.com/spreadsheets/
    installwebapp?usp=admin
    Slides aapocclcgogkmnckokdopfmhonfmgoek https://docs.google.com/presentation/
    installwebapp?usp=admin
    YouTube blpcfgokakmgnkcojhhkbfbldkacnbeo https://www.youtube.com/s/notifications/
    manifest/cr_install.html

↑ 返回页首

   

 

  • Launch Renderer AppContainer   back to top

    In Chrome 104, a further sandbox security mitigation will be applied to renderer processes. They will be additionally placed inside an App Container on top of the existing sandbox. This prevents malicious code from having any network privileges by subverting kernel APIs from within the renderer process.

    While we do not expect any incompatibilities with this new mitigation, some security products might react adversely to this. A new policy RendererAppContainerEnabled will be added in Chrome 104 to allow selective disabling of this security mitigation for a limited time while these issues are resolved. This policy can be set to Disabled to force disable the mitigation, otherwise it will be enabled by default.

   

 

  • Intent to remove: Legacy Client Hint mode   back to top

    In Chrome 104, the Client Hints, `dpr`, `width`, `viewport-width`, and `device-memory`, will no longer be delegated to all third party frames and subresources by default on Android. The Android behavior will now replicate that of all other platforms, which is to only delegate to the first party frame and subresources by default.

   

 

  • Chrome sync ends support for Chrome 73 and earlier   back to top

    As early as Chrome 105, Chrome sync will no longer support Chrome 73 and earlier. You will need to upgrade to a more recent version of Chrome if you want to continue using Chrome sync.

   

 

  • MetricsReportingEnabled policy will be available on Android in Chrome   back to top

    As early as Chrome 106, Chrome-on-Android will slightly modify the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there will be no change to the first run experience. If the admin enables metrics, users will still be able to change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.

 

Upcoming Chrome OS changes

   

 

  • Forced reboot in user session   back to top

    We recently released the ability to schedule forced reboots for kiosk devices. As early as Chrome 104, we will be extending this functionality on user devices, allowing scheduled forced reboots irrespective of whether the user is in session or not.

↑ 返回页首

   

 

  • PDF annotating support on Gallery app   back to top

    As early as Chrome 104, the Gallery app  – Chromebook’s built in media app– will  support PDF annotating. Besides viewing a PDF, you will be able to highlight text, fill out forms, add text or freeform annotation in the app. And with free hand annotation you can add your signature to a document, then easily share the PDF right through the app.

   

 

  • Smart Lock UX update   back to top

    Starting in Chrome 104, Smart Lock, which allows users to unlock their Chromebook using their connected Android phone, will be faster than ever, with greater performance, reliability, and an overhauled design. To get started, navigate to Chrome OS Settings>Connected devices, select your Android phone, and enable Smart Lock.

 

Upcoming Admin console changes

   

 

  • New CSV export for some Chrome Admin console reports in Chrome 104   back to top

    As early as Chrome 104, Chrome will introduce a new CSV download option for the Apps & extensions usage report data and the Versions report data.

    Admin console CSV reports

   

 

  • New App Details page in Chrome 104   back to top

    As early as Chrome 104, Chrome will introduce a new App Details page that will give admins more information when they click on an app in the Apps & Extension Usage report.

    Apps details page

↑ 返回页首

Chrome 102

Chrome browser updates Security User productivity/ Apps Management
Chrome sends Private Network Access preflights for subresources     
Chrome leverages MiraclePtr to improve security     
Virtual card numbers in Autofill  
Changes to URL parameters    
A redesign for browser downloads    
Chrome releases on Windows and Android now include multiple versions    
Chrome New Profile Separation Dialog    
New and updated policies in Chrome browser    
Chrome OS updates Security User productivity/ Apps Management
Long-term Support (LTS)  
USB Type-C cable notifications    
Camera settings improvements    
Launcher redesign: Open Tab search    
File manager ZIP extraction    
Built-in IKEv2 VPN support on Chrome OS  
Admin console updates Security User productivity/ Apps Management
New look for the Device list and Browser list pages    
New security events for the Chrome Audit Log  
New policies in the Admin console    
Upcoming Chrome browser changes Security User productivity/ Apps Management
Privacy Sandbox updates    
Case-matching on CORS preflight requests    
Local Fonts Access API     
Unified password manager on Android  
Chrome Actions on iOS    
Improved credit and debit card Autofill     

Removing LockIconInAddressBarEnabled policy 

   
Improved first run experience on iOS    
Chrome on Windows will use Chrome's built-in DNS client by default    
Release of Speculation Rules API for prerender in Android    
Enhanced Safe Browsing on iOS    
MetricsReportingEnabled policy will be available on Android     
Chrome 104 will no longer support OS X 10.11 and macOS 10.12    
Changes in cookie expiration date limit    
Chrome will show Journeys on the History page on Android       
Network Service on Windows will be sandboxed     
Chrome 104 will remove U2F API     
Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022    
Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 104  
Default to origin-keyed agent clustering     
Upcoming Chrome OS changes Security User productivity/ Apps Management
Fast Pair on Chrome OS    
Forced reboot in user session  
Backlight PDF support with text annotation    
Smart Lock UX update    
Upcoming Admin console changes Security User productivity/ Apps Management
New CSV export for some Admin console reports in Chrome 103  

 

DOWNLOAD Release notes (PDF)

↑ back to top

 

The enterprise release notes are available in 8 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, and Japanese. Please allow 1 to 2 weeks for translation for some languages.
 

Chrome browser updates

   

 

  • Chrome sends Private Network Access preflights for subresources   back to top

    In Chrome 102, Chrome sends a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new `Access-Control-Request-Private-Network: true` header. In this initial phase, this request is sent, but no response is required from network devices. If no response is received, or it does not carry a matching `Access-Control-Allow-Private-Network: true` header, a warning is shown in DevTools (more details here).

    In Chrome 105 at the earliest, the warnings will turn into errors and affected requests will fail. You can disable Private Network Access checks using the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies.

    If you want to test this feature prior to Chrome 106, the Chrome team has created the `--enable-features=PrivateNetworkAccessRespectPreflightResults` command-line flag (also available as chrome://flags/#private-network-access-respect-preflight-results).

    To learn more about mitigating this change proactively, see details on what to do if your site is affected. Read the whole blog post for a more general discussion about Private Network Access preflights.

   

 

  • Chrome leverages MiraclePtr to improve security   back to top

    MiraclePtr is a technology that reduces the risk of security vulnerabilities relating to memory safety. In the past months, Chrome has been testing the impacts of MiraclePtr for some users. A full release is happening in Chrome 102.

   

 

  • Virtual card numbers in Autofill   back to top

    To make checking out with autofill more secure, virtual cards for participating US banks are available in Chrome 102. Virtual cards let users pay with unique virtual card numbers so they don’t need to share their real card numbers with merchants. When autofill is enabled, virtual card numbers are automatically generated at checkout for opted-in users. You can control Chrome's credit card autofill behavior with the AutofillCreditCardEnabled enterprise policy.

   

 

  • Changes to URL parameters   back to top

    Chrome 102 might remove some URL parameters when a user selects Open link in incognito window from the context menu. You can control this behavior with the UrlParamFilterEnabled enterprise policy.

↑ 返回页首

   

 

  • A redesign for browser downloads   back to top

    With Chrome 102, some users see a redesigned user experience for browser downloads.  We are replacing the existing downloads shelf with a dedicated downloads bubble in Chrome browser’s top bar.  You can control this with the DownloadBubbleEnabled enterprise policy.

    Downloads bubble

   

 

  • Chrome releases on Windows and Android include multiple versions   back to top

    To better compare the behavior of a new release of Chrome against the existing one, Chrome now makes multiple new versions available during a rollout. This is an internal change to our update strategy, which  has no effect on enterprises. Admins do not need to adjust their update policies and strategy. However, in the interest of transparency, we're sharing this update so that those responsible for Chrome releases understand why they're seeing extra versions of Chrome available during rollouts.

   

 

  • Chrome New Profile Separation Dialog   back to top

    Chrome 102 brings better separation between personal and enterprise-managed data. When the user signs into a managed account, they will have the option to either keep existing browsing data separate, or merge it with the managed account. By default, the data is kept separate, so a new profile will be created. Or, if they choose, they can merge the existing profile into the managed account. This prevents inadvertent sharing of personal data with work accounts. The ManagedAccountsSigninRestriction policy can be used to hide the checkbox altogether, allowing admins to force users to create a separate work profile.

   

 

  • New and updated policies in Chrome browser   back to top
     

    Policy

    Description

    UrlParamFilterEnabled

    When enabled or not set, the URL parameter filter might remove some parameters when a user selects Open link in incognito window from the context menu. When disabled, no filtering is performed.

    WebAppSettings

    This policy allows an admin to specify settings for installed web apps.

    AccessCodeCastEnabled

    This policy controls whether a user will be presented with an option, within the Google Cast menu, which allows them to cast to devices that do not appear in the Google Cast menu. If enabled, users can cast to the device using either the access code or QR code displayed on the cast device's screen. 

    WarnBeforeQuittingEnabled

    Controls Warn Before Quitting (⌘Q) dialog when the user is attempting to quit the browser (Mac only).

    ManagedAccountsSigninRestriction

    This policy allows adding restrictions on managed accounts. Two new options are available in Chrome 102: primary_account_keep_existing_data and 

    primary_account_strict_keep_existing_data.

     

Chrome OS updates

   

 

  • Long-term support (LTS)   back to top

    With the release of Chrome 102, devices that are on the Long-term support candidate (LTC) channel automatically upgrade from version LTC-96 to version LTC-102. This is our first major LTC update.
    Devices that are on the LTS channel will remain on LTS-96 until LTS-102 releases in September.

    LTS release cadence compared with Stable

    Note: This is a good time to check your organization’s release configuration and verify if your devices are on the LTS or the LTC channel.

    As a best practice, most of your devices should be on the LTS channel. We recommend that you keep some devices on the LTC channel in order to preview features in the upcoming LTS release in advance, and have time to plan and execute any necessary change management before the new LTS is released.

    Admins can switch between LTS and other channels if desired. For more details about LTS, see this article in the Help Center.

   

 

  • USB Type-C cable notifications   back to top

    USB-C cable notifications have been added to Chrome OS. When a user connects a device to their Chromebook, and the features or performance of their device are affected by the cable, they now receive a warning to let them know that there is an issue with the cable.

↑ 返回页首

   

 

  • Camera settings improvements   back to top

    Chrome 102 adds improvements for the Chrome OS Camera app, to make it simpler and easier to use. On the left-side tool, it is easier to access the different options and users can now clearly see what feature is currently turned on or off. Under the Settings tab, we’ve made all Camera options more readable and easier to find.

   

 

  • Launcher redesign includes Open Tab search   back to top

    Chrome 102 adds Open Tab search integration into the redesigned Launcher. This updated version allows users to open the Launcher, and search for a browser tab that is currently open.  

    As a category, open tabs are ranked just like any other category; the order is based on how often the user tends to click on that type of result.
     
    • A match is done on both the URL and the tab name.
    • A user can select the tab and go to it within the browser.


    Tabs playing active audio are returned as top search values, as well as tabs that have been recently used or other tabs with the same name.

   

 

  • File manager ZIP extraction   back to top

    One click extraction for ZIP archives comes to Chrome OS. Users can right click ZIP archives, choose Extract All and the content inside the ZIP archive is extracted.

   

 

  • Built-in IKEv2 VPN support on Chrome OS   back to top

    Chrome OS now supports IKEv2 VPN as a built-in VPN client. It is configurable through system settings and policies, similar to L2TP/IPsec VPN, and OpenVPN.

    IKEv2 VPN is one of the modern and most widely used VPN protocols. This feature allows users to connect to IKEv2 VPNs directly through Chrome OS system settings, without the need to install third-party apps.

Admin console updates

   

 

  • New look for the Device list and Browser list pages   back to top

    The Device list and Browser list pages now have a new look, more consistent with many other pages in the Admin console, designed with better accessibility and responsiveness to different screen sizes.

↑ 返回页首

   

 

  • New security events for the Chrome Audit Log   back to top

    The Chrome Audit Log now has three new categories of security events, which include events for when users login and logout of devices, for when user accounts are added or removed from a device, and for when a managed device changes boot mode to developer or verified mode. For more information, go to the Chrome Workspace Admin Help Center.

   

 

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

   

 

  • Privacy Sandbox updates   back to top

    The Privacy Sandbox release in Chrome 103 will provide controls for the new Topics & Interest Group APIs. It will also introduce a one-time dialog that explains Privacy Sandbox to users and allows them to manage their preferences. This dialog is not shown for Guest users or managed EDU users.

    Admins can prevent the dialog from appearing for their managed users by controlling third party cookies explicitly via policy:
    • To allow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to disabled 
    • To disallow third-party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to enabled. This might cause some sites to stop working.
    Privacy Sandbox features will also be disabled, and no dialog shown, if DefaultCookiesSetting is set to Do not allow any site to set local data.

   

 

  • Case-matching on CORS preflight requests   back to top

    Chrome 102 and below uppercase request methods when matching with Access-Control-Allow-Methods response headers in CORS preflight. Chrome 103 will not uppercase request methods, except for DELETE, GET, HEAD, OPTIONS, POST, and PUT (all case-insensitive). So, Chrome 103 will require exact case-sensitive matching.

    Previously accepted, but rejected in Chrome 103:
    • Request: fetch(url, {method: 'Foo'})
    • Response Header: Access-Control-Allow-Methods: FOO

    Previously rejected, but accepted in Chrome 103:
    • Request: fetch(url, {method: 'Foo'})
    • Response Header: Access-Control-Allow-Methods: Foo

    Note: post and put are not affected because they are in https://fetch.spec.whatwg.org/#concept-method-normalize, while patch is affected.

   

 

  • Local Fonts Access API   back to top

    Users of design applications often want to use fonts present on their local device. The Local Fonts Access API will give web applications the ability to enumerate local fonts and some metadata about each.  This API will also give web applications access to the font data as a binary blob, allowing those fonts to be rendered within their applications using custom text stacks. The enterprise policies applicable to this feature are DefaultLocalFontsSetting, LocalFontsAllowedForUrls and LocalFontsBlockedForUrls. The API will be available as early as Chrome 103.

↑ 返回页首

   

 

  • Unified password manager on Android   back to top

    For Chrome on Android users who are syncing, they will see a new password management experience, which is the same surface used to manage passwords when logging in to Android apps.

   

 

  • Chrome Actions on iOS   back to top

    Chrome Actions help users get things done fast, directly from the address bar. We first released Chrome Actions on desktop a couple of years ago, with Actions like Clear browsing data. In Chrome 103, we’ll be bringing some of them to Chrome on iOS, like:
     
    • Manage passwords
    • Open Incognito tab
    • Clear browsing data
    • And more!


    Chrome on iOS allows users to take actions directly from the address bar, like clearing browsing data, using a button that appears among auto-complete suggestions. This feature is already available on desktop platforms.

   

 

  • Improved credit and debit card Autofill   back to top

    Over the course of Chrome 103, credit and debit card Autofill will start supporting cloud-based upload via Google Pay, enabling Autofill for your cards across all your Chrome devices. You can control credit card autofill with the AutofillCreditCardEnabled enterprise policy.

   

 

  • Removing LockIconInAddressBarEnabled policy   back to top

    Chrome 94 launched an experiment to replace the lock icon as the connection security indicator. The LockIconInAddressBarEnabled policy was added to allow organizations to continue to show the lock icon during the experiment. The experiment is no longer active, so the policy will no longer be available starting with Chrome 103.

   

 

  • Improved first run experience on iOS   back to top

    In Chrome 103, some users might see a new onboarding experience with fewer steps and a more intuitive way to sign into Chrome. Enterprise policies, like BrowserSignin, SyncDisabled, SyncTypesListDisabled and MetricsReportingEnabled, to control whether the user can sign into Chrome and other aspects of the onboarding experience will continue to be available as before.

↑ 返回页首

   

 

  • Chrome on Windows will use Chrome's built-in DNS client by default   back to top

    The built-in DNS client is enabled by default on macOS, Android and Chrome OS. Chrome on Windows will also use the built-in DNS client by default as early as Chrome 103. Enterprises can opt out by setting BuiltInDnsClientEnabled policy to Disabled.

   

 

  • Release of Speculation Rules API for prerender in Android   back to top

    Expanding our prerender efforts released on Chrome 101, we will ship the Speculations Rules API for Android in Chrome 103. This API will allow web authors to suggest to Chrome which pages that the user is very likely to navigate to next. This will influence Chrome during the decision to prerender a particular URL before the user navigates to it, aiming to offer an instant navigation. An enterprise policy, NetworkPredictionOptions, is available to block the usage of all prerendering activities which will result in Chrome ignoring the hints provided using this API. See our article on speculative prerendering for more information.

   

 

  • Enhanced Safe Browsing on iOS   back to top

    To match Safe Browsing functionality from other platforms, we will add functionality so that a user on iOS can choose what type of Safe Browsing protection they would like. Where an enterprise controls this setting, the enterprise will be allowed to set the level of Safe Browsing protection, and users under the enterprise will not be allowed to change the preference. An enterprise policy SafeBrowsingProtectionLevel is available to control Safe Browsing and the mode it operates in.

    Enhanced safe browsing on iOS
     

   

 

  • MetricsReportingEnabled policy will be available on Android in Chrome 103   back to top

    Chrome-on-Android will slightly modify the first run experience to support the MetricsReportingEnabled policy. If the admin disables metrics reporting, there will be no change. If the admin enables metrics, users will still be able to change the setting in Chrome settings. When enabled, the MetricsReportingEnabled policy allows anonymous reporting of usage and crash-related data about Chrome to Google.

   

 

  • Chrome 104 will no longer support OS X 10.11 and macOS 10.12   back to top

    Chrome 104 will no longer support macOS versions 10.11 and 10.12, which are already outside of their support window with Apple. Users will have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security.

↑ 返回页首

   

 

  • Changes in cookie expiration date limit   back to top

    Beginning with Chrome 104, any newly set or refreshed cookies will have their expiration date limited to no more than 400 days in the future. Cookies which request expiration dates after 400 days in the future will still be set, but their expiration will be adjusted down to 400 days. Existing cookies will retain their prior expiration date (even if it was more than 400 days in the future), but refreshing them will cause the cap to be enforced.

   

 

  • Chrome will show Journeys on the History page on Android   back to top

    Chrome 96 started clustering local browsing activity on the History page into Journeys to make it easier to find prior activity and continue it with related search suggestions. These Journeys will become available on Android in Chrome 104. For keywords typed into the Omnibox that match a cluster, an action chip displays for seamless access to the Journeys view. Users can delete clusters and disable Journeys, if desired. Additionally, admins will have the option to disable this feature using the HistoryClustersVisible policy.

   

 

  • Network Service on Windows will be sandboxed   back to top

    As early as Chrome 104, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service may be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy allows you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

  • Chrome 104 will remove U2F API   back to top

    The U2F API for interacting with USB security keys has been disabled by default since Chrome 98. Chrome is currently running an Origin Trial that lets websites temporarily re-enable the U2F API. This Origin Trial will end on July 26, 2022 and the U2F API will be fully removed in Chrome 104.

    If you run a website that still uses this API, please refer to the deprecation announcement and blog post for more details.

   

 

  • Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022   back to top

    As part of the gradual deprecation of Manifest V2, the Chrome Web Store stopped accepting submissions of new Public or Unlisted Manifest V2 extensions after January 17, 2022. In June 2022, Chrome expands this restriction to new extensions with Private visibility, which may have a more significant impact on Enterprise extension workflows. Extensions which are already submitted may continue to be updated until January 2023.

    For more details, refer to the Manifest V2 support timeline.

   

 

  • Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 106   back to top

    As previously announced, Chrome apps are being phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 106 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 milestones.

    If you're force-installing any Chrome apps, starting Chrome 104, users will be shown a message stating that the app is no longer supported. The installed Chrome Apps will still be launchable. 

    Starting with Chrome 106, Chrome Apps on WIndows, Mac and Linux will no longer work. To fix this, remove the extension ID from the force-install extension list, and if necessary they can add the corresponding install_url to the web app force install list. For common Google apps, the install_urls are listed below:
     
    Property Extension ID (Chrome App) install_url (PWA / Web App)
    Gmail pjkljhegncpnkpknbcohdijeoejaedia https://mail.google.com/mail/
    installwebapp?usp=admin
    Docs aohghmighlieiainnegkcijnfilokake https://docs.google.com/document/
    installwebapp?usp=admin
    Drive apdfllckaahabafndbhieahigkjlhalf https://drive.google.com/drive/
    installwebapp?usp=admin
    Sheets felcaaldnbdncclmgdcncolpebgiejap https://docs.google.com/spreadsheets/
    installwebapp?usp=admin
    Slides aapocclcgogkmnckokdopfmhonfmgoek https://docs.google.com/presentation/
    installwebapp?usp=admin
    YouTube blpcfgokakmgnkcojhhkbfbldkacnbeo https://www.youtube.com/s/notifications/
    manifest/cr_install.html

   

 

  • Default to origin-keyed agent clustering in Chrome 106   back to top

    As early as Chrome 106, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API  to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0  header along with all documents that require that behavior.  

    Note: document.domain has no effect if only one document sets it.

    An enterprise policy will be available to extend the current behavior.

↑ 返回页首

Upcoming Chrome OS changes

 

   

 

  • Fast Pair on Chrome OS   back to top

    Starting in Chrome 103, Fast Pair will make Bluetooth pairing easier on Chrome OS devices and Android phones. When you turn on your Fast Pair-enabled accessory (like Pixel Buds), it will automatically detect and pair with your Chrome OS device in a single tap. Fast Pair will also associate your Bluetooth accessory with your Google account, making it incredibly simple to move between your Chrome OS and Android devices.

   

 

  • Forced reboot in user session   back to top

    We recently released the ability to schedule forced reboots for kiosk devices. As early as Chrome 104, we will be extending this functionality on user devices, allowing scheduled forced reboots irrespective of whether the user is in session or not.

   

 

  • Backlight PDF support with text annotation   back to top

    As early as Chrome 104, the Gallery app will support PDF viewing and annotating. You will be able to fill out forms, add text or freeform annotation, or highlight text in the app.

   

 

  • Smart Lock UX update   back to top

    Starting in Chrome 104, Smart Lock, which allows users to unlock their Chromebook using their connected Android phone, will be faster than ever, with greater performance, reliability, and an overhauled design.

     

Upcoming Admin console changes

 

   

 

  • New CSV export for some Chrome Admin console reports in Chrome 104   back to top

    As early as Chrome 104, Chrome will introduce a new CSV download option for the Apps & Extensions Usage report data and the Versions report data.

      New CSV reports

↑ 返回页首

Chrome 101

Chrome browser updates Security User productivity/ Apps Management
Removing setTimeout(,0) clamping to 1ms    
Deprecation Origin Trial for UA reduction    
Chrome Browser Cloud Management maintains compatibility with the most recent 12 versions of Chrome    
Chrome supports notification permission changes on Android 13 and above    
Chrome removes support for WebSQL in a third-party context    
Compare search results with new Side Search feature     
Control camera and microphone permissions in on iOS    
Chrome runs prerendering autocomplete suggestions from the Omnibox    
Chrome removes legacy policies with non-inclusive names     
New and updated policies in Chrome browser    
Chrome OS updates Security User productivity/ Apps Management
Network-based recovery for Chrome OS    
Policy support for additional openVPN settings    
UI-based firmware updates for peripherals    
Crostini upgrade to Debian 11 (Bullseye)    
UI improvements for the Camera app    
Cursive canvas lock    
Forced reboots across managed devices    
Admin console updates Security User productivity/ Apps Management
Identification variables for Android managed configuration policy    
New policies in the Admin console    
Upcoming Chrome browser changes Security User productivity/ Apps Management
Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 102  
Privacy Sandbox updates in Chrome 102    
Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022    
Chrome to send Private Network Access preflights for subresources as early as Chrome 102    
Chrome will use MiraclePtr to improve security as early as Chrome 102    
MetricsReportingEnabled policy available on Android in Chrome 102     
Chrome 103 will use case-matching on CORS preflight requests    
Chrome Actions on iOS in Chrome 103     
Network Service on Windows will be sandboxed in Chrome 104    
Default to origin-keyed agent clustering in Chrome 106    
Chrome 107 will replace master_preferences with initial_preferences    
Upcoming Admin console changes Security User productivity/ Apps Management
New CSV export for some Admin console reports in Chrome 103  

 

↑ back to top

 

The enterprise release notes are available in 8 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, and Japanese. Please allow 1 to 2 weeks for translation for some languages.
 

Chrome browser updates

   

 

  • Removing setTimeout(,0) clamping to 1ms   back to top

    Chrome 101 removes a web intervention for some users that clamped setTimeout(,0) timers to 1ms. In Chrome 101, those users see timers fire immediately. Note that nested timer calls clamp to 4ms after repeated nested calls. This change brings Chrome in line with web specifications and might improve performance on some pages.

    It's possible that this change will introduce bugs in web applications that rely on the current clamped behavior. If you have any apps affected by this change, you can use the SetTimeoutWithout1MsClampEnabled policy to revert to the Chrome 100 behavior.

   

 

  • Deprecation Origin Trial for UA reduction   back to top

    As previously announced, Chrome 101 protects user privacy by reducing the granularity of information in the User-Agent string. In this phase, the MINOR.BUILD.PATCH version info is reduced to 0.0.0. If a site needs this information, it should migrate to the User Agent Client Hints API. Sites that need more time to test or migrate can take advantage of a Deprecation Trial, which started in Chrome 100.

    You can also control this using the UserAgentReduction enterprise policy. You can test the new reduced-granularity User-Agent string by setting the policy to 2, or you can delay the change while you update your apps by setting it to 1.

   

 

  • Chrome Browser Cloud Management maintains compatibility with the most recent 12 versions of Chrome   back to top

    Starting with Chrome 101, Chrome Browser Cloud Management maintains compatibility with the most recent 12 versions of Chrome. Older versions may lose some Chrome Browser Cloud Management features without notice, or behave unexpectedly. For your security, you should keep Chrome auto-update enabled, which keeps your fleet on the most recent version of Chrome. If you manage Chrome updates manually, staying close to the most recent version both keeps your users safer, and ensures you stay within the compatibility window.

   

 

  • Chrome 101 supports notification permission changes in Android 13 and above   back to top

    Android 13 is changing the way push notification permissions behave by default. All Android apps require users to explicitly allow OS notification permissions, as opposed to Android 12 and earlier where it was granted by default. Chrome running on Android 13 now prompts the user for permission at app launch up to two times.

↑ 返回页首

   

 

  • Chrome removes support for WebSQL in a third-party context   back to top

    The WebSQLInThirdPartyContextEnabled policy was introduced to give admins additional time to react to the removal of WebSQL in a third-party context. As planned, this policy is removed in Chrome 101.

   

 

  • Compare search results with new Side Search feature   back to top

    Side Search allows users to compare search results via a side panel UI to get the right answer faster. This means users can view a page and the search results at the same time, without needing to navigate back and forth or losing their search results. This is helpful for users who are actively searching for something and need more than one site, for example, planning an employee dinner, putting together presentations, and so on. You can control this feature using the SideSearchEnabled policy.

   

 

  • Control camera and microphone permissions on iOS   back to top

    In Chrome 101, after granting Chrome both app level and site level permission to use the camera or microphone, users can now control camera or microphone usage. Users can tap the icon on the left of the location bar to trigger a popup that shows switches to control the camera or microphone. Alternatively, users can go to Site Information in the context menu and do the same.

   

 

  • Chrome runs prerendering autocomplete suggestions from the Omnibox   back to top

    Chrome 101 enables Omnibox, or URL bar, prerendering. With this feature, Chrome starts prerendering the high-confidence Omnibox autocomplete suggestions. Chrome is currently prefetching resources for high-confidence suggestions using No-state Prefetch, but with this feature we can further process the webpage, including DOM tree construction and script execution. Enterprises can opt-out of this feature using the NetworkPredictionOptions policy.

   

 

  • Chrome removes legacy policies with non-inclusive names   back to top

    Chrome 86 through Chrome 90 introduced new policies to replace policies with less inclusive names (for example, whitelist, blacklist). In order to minimize disruption for existing managed users, both the old and the new policies currently work.

    This transition period was originally planned for Chrome 95, but was extended to Chrome 101 to give admins more time to transition their policies. In Chrome 101, the policies in the left column of the following table no longer function. Please ensure you're using the corresponding policy from the right column instead:
     

    Legacy Policy Name

    New Policy Name

    NativeMessagingBlacklist

    NativeMessagingBlocklist

    NativeMessagingWhitelist

    NativeMessagingAllowlist

    AuthNegotiateDelegateWhitelist

    AuthNegotiateDelegateAllowlist

    AuthServerWhitelist

    AuthServerAllowlist

    SpellcheckLanguageBlacklist

    SpellcheckLanguageBlocklist

    AutoplayWhitelist

    AutoplayAllowlist

    SafeBrowsingWhitelistDomains

    SafeBrowsingAllowlistDomains

    ExternalPrintServersWhitelist

    ExternalPrintServersAllowlist

    NoteTakingAppsLockScreenWhitelist

    NoteTakingAppsLockScreenAllowlist

    PerAppTimeLimitsWhitelist

    PerAppTimeLimitsAllowlist

    URLWhitelist

    URLAllowlist

    URLBlacklist

    URLBlocklist

    ExtensionInstallWhitelist

    ExtensionInstallAllowlist

    ExtensionInstallBlacklist

    ExtensionInstallBlocklist

    UserNativePrintersAllowed

    UserPrintersAllowed

    DeviceNativePrintersBlacklist

    DevicePrintersBlocklist

    DeviceNativePrintersWhitelist

    DevicePrintersAllowlist

    DeviceNativePrintersAccessMode

    DevicePrintersAccessMode

    DeviceNativePrinters

    DevicePrinters

    NativePrinters

    Printers

    NativePrintersBulkConfiguration

    PrintersBulkConfiguration

    NativePrintersBulkAccessMode

    PrintersBulkAccessMode

    NativePrintersBulkBlacklist

    PrintersBulkBlocklist

    NativePrintersBulkWhitelist

    PrintersBulkAllowlist

    UsbDetachableWhitelist

    UsbDetachableAllowlist

    QuickUnlockModeWhitelist

    QuickUnlockModeAllowlist

    AttestationExtensionWhitelist

    AttestationExtensionAllowlist

    PrintingAPIExtensionsWhitelist

    PrintingAPIExtensionsAllowlist

    AllowNativeNotifications

    AllowSystemNotifications

    DeviceUserWhitelist

    DeviceUserAllowlist

    NativeWindowOcclusionEnabled

    WindowOcclusionEnabled



    If both the legacy policy and the new policy are set for any row in the table above, the new policy overrides the legacy policy. 

    If you're managing Chrome via the Admin console (for example, Chrome Browser Cloud Management), no action is required; the Admin console manages the transition automatically.

↑ 返回页首

   

 

Chrome OS updates

   

 

  • Network-based recovery for Chrome OS   back to top

    Network-based recovery provides a built-in recovery mechanism for Chrome OS that doesn’t need external tools such as a USB stick, an Android device, a second computer, a USB cable, and so on. It is available on most of the new Chrome OS devices launching after April 20, 2022.

   

 

  • Policy support for additional openVPN settings   back to top

    Additional OpenVPN properties can now be set in the Admin console when configuring a managed VPN connection. This includes packet authentication and encryption algorithms, compression algorithm, key direction, and TLS auth key.

   

 

  • UI-based firmware updates for peripherals   back to top

    Chrome OS now performs firmware updates for peripherals using fwupd, an open source firmware update framework. The previous automatic firmware update approach has its limits as major market players introduce significant changes requiring long update sessions, which can sometimes cause devices to malfunction.

    Using fwupd, Chrome OS provides a UI for firmware updates for peripheral devices, allowing users to perform the update when needed.

   

 

  • Crostini upgrades to Debian 11 (Bullseye)   back to top

    When users signed up for Crostini, they received a container with Debian 10 (Buster). Debian 11 (Bullseye) is now stable and used for new Crostini installs. We recommend that existing Crostini users upgrade to Bullseye  to access new features and simplify support.

    Chrome  allows users to trigger an upgrade, both via a prompt that occurs at certain times, as well as through Settings. The upgrade displays progress to the user and explains any errors that might occur.

    In addition, Chrome 101 now stores an upgrade log, in Downloads, and notifies the user about it, so it's easier to troubleshoot upgrade issues.

↑ 返回页首

   

 

  • UI improvements for the Camera app   back to top

    Chrome 101 includes improvements for the Chrome OS Camera app, to make it simpler and easier to use. On the left-side tool, it is easier to access the different options and users can now clearly see what feature is currently turned on or off. Under the Settings tab, we’ve made all Camera options more readable and easier to find. 

   

 

  • Cursive canvas lock   back to top

    A new canvas lock toggle in Cursive allows you to quickly enable or disable pan and zoom for the canvas. This helps avoid any accidental movements of the canvas while you write. You can turn on canvas lock from the 3-dot menu, and then quickly toggle it using a button on top of the canvas.

   

 

  • Forced reboot across managed devices   back to top

    Admins can now automate the reboot process across managed devices. To help reduce operational overhead and improve certain application flows, you can schedule recurring device reboots across kiosks, managed guest and standard user sessions. This essentially forces the device to reboot, even during an active session.

 

Admin console updates

   

 

  • Identification variables for Android managed configuration policy   back to top

    Managed configuration files can now include placeholders that Chrome OS substitutes for the indicated value(s) before providing the configuration file to the Android app. Admins can work with the Android app developer to determine what values to use in a custom policy. All values are optional. See the help center for more details on specific identification variables.

   

 

↑ 返回页首

Coming soon

Note: The items listed below are experimental or planned updates. They might change, be delayed, or canceled before launching to the Stable channel.

 

Upcoming Chrome browser changes

   

 

  • Chrome apps no longer supported on Windows, Mac, and Linux as early as Chrome 102   back to top

    As previously announced, Chrome apps will be phased out in favor of Progressive Web Apps (PWAs) and web-standard technologies. The deprecation schedule was adjusted to provide enterprises who used Chrome apps additional time to transition to other technologies, and Chrome apps will now stop functioning in Chrome 102 or later on Windows, Mac, and Linux. If you need additional time to adjust, a policy called ChromeAppsEnabled will be available to extend the lifetime of Chrome Apps an additional 2 releases.

    If you're force-installing any Chrome apps, users will be shown a message stating that the app is no longer supported. To fix this, remove the extension ID from the force-install extension list, and if necessary they can add the corresponding install_url to the Web App force install list. For common Google apps, the install_urls are listed below:
     

    Property

    Extension ID (Chrome App)

    install_url (PWA / Web App)

    Gmail

    pjkljhegncpnkpknbcohdijeoejaedia

    https://mail.google.com/mail/
    installwebapp?usp=admin

    Docs

    aohghmighlieiainnegkcijnfilokake

    https://docs.google.com/document/
    installwebapp?usp=admin

    Drive

    apdfllckaahabafndbhieahigkjlhalf

    https://drive.google.com/drive/
    installwebapp?usp=admin

    Sheets

    felcaaldnbdncclmgdcncolpebgiejap

    https://docs.google.com/spreadsheets/
    installwebapp?usp=admin

    Slides

    aapocclcgogkmnckokdopfmhonfmgoek

    https://docs.google.com/presentation/
    installwebapp?usp=admin

    Youtube

    blpcfgokakmgnkcojhhkbfbldkacnbeo

    https://www.youtube.com/s/notifications/
    manifest/cr_install.html

     

     

   

 

  • Privacy Sandbox updates in Chrome 102   back to top

    The Privacy Sandbox release in Chrome 102 will provide controls for the new Topics & Interest Group APIs. It will also introduce a one-time dialog that explains Privacy Sandbox to users and will allow them to manage their preferences. This dialog will not be shown for Guest users or managed EDU users.

    Admins will be able to prevent the dialog from appearing for their managed users by controlling third party cookies explicitly via policy:
     
    • To allow third party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to disabled 
    • To disallow third party cookies and Privacy Sandbox features, set BlockThirdPartyCookies to enabled. This may cause some sites to stop working.
    Privacy Sandbox features will also be disabled, and no dialog shown, if DefaultCookiesSetting is set to Do not allow any site to set local data.

   

 

  • Private extensions using Manifest V2 no longer accepted in the Chrome Web Store in June 2022   back to top

    As part of the gradual deprecation of Manifest V2, the Chrome Web Store stopped accepting submissions of new Public or Unlisted Manifest V2 extensions after January 17, 2022. In June 2022, Chrome expands this restriction to new extensions with Private visibility, which may have a more significant impact on Enterprise extension workflows. Extensions that are already submitted can continue to be updated until January 2023.

    For more details, refer to the Manifest V2 support timeline.

   

 

  • Chrome will send Private Network Access preflights for subresources as early as Chrome 102   back to top

    As early as Chrome 102, Chrome plans to send a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. This request carries a new Access-Control-Request-Private-Network: true header. In this initial phase, this request is sent, but no response is required from network devices.

    In a future milestone of Chrome, the response must carry a matching Access-Control-Allow-Private-Network: true header.

    A private network request is any request from a public website to a private IP address or localhost, or from a private website, for example, an intranet, to localhost. Sending a preflight request mitigates the risk of cross-site request forgery attacks against private network devices such as routers, which are often not prepared to defend against this threat.

   

 

  • Chrome will use MiraclePtr to improve security as early as Chrome 102   back to top

    MiraclePtr is a technology that reduces the risk of security vulnerabilities relating to memory safety. Chrome is currently testing the impacts of MiraclePtr for some users. A full release is planned as early as Chrome 102.

↑ 返回页首

   

 

  • MetricsReportingEnabled policy available on Android in Chrome 102 back to top

    Chrome-on-Android will slightly modify the first run experience to support the MetricsReportingEnabled policy.  If the admin has disabled metrics reporting, there will be no change. If the admin has enabled metrics, users will still be able to disable it.

   

 

  • Chrome 103 will use case-matching on CORS preflight requests   back to top

    Chrome 101 and below uppercases request methods when matching with Access-Control-Allow-Methods response headers in CORS preflight. Chrome 101 doesn't uppercase request methods, except for those normalized in the spec https://fetch.spec.whatwg.org/#concept-method-normalize, and so requires exact case-sensitive matching.

    Previously accepted, but now rejected:

        Request: fetch(url, {method: 'Foo'})
        Response Header: Access-Control-Allow-Methods: FOO

    Previously rejected, but now accepted:

        Request: fetch(url, {method: 'Foo'})
        Response Header: Access-Control-Allow-Methods: Foo

    Note: post and put are not affected because they are in https://fetch.spec.whatwg.org/#concept-method-normalize, while patch is affected.

   

 

  • Chrome Actions on iOS in Chrome 103   back to top

    Chrome Actions help users get things done fast, directly from the address bar. We first released Chrome Actions on desktop a couple of years ago, with Actions like Clear browsing data. In Chrome 103, we will bring some of them to Chrome on iOS, like:
     
    • Manage passwords
    • Open Incognito tab
    • Clear browsing data
    • And more!


    Chrome on iOS will allow users to take actions directly from the address bar, like clearing browsing data, using a button that will appear among auto-complete suggestions. This feature is already available on desktop platforms.

   

 

  • Chrome 104 will no longer support OS X 10.11 and macOS 10.12   back to top

    Chrome 104 will no longer support macOS versions 10.11 and 10.12, which are already outside of their support window with Apple. Users will have to update their operating systems in order to continue running Chrome browser. Running on a supported operating system is essential to maintaining security.

↑ 返回页首

   

 

  • Network Service on Windows will be sandboxed in Chrome 104   back to top

    As early as Chrome 104, to improve security and reliability, the network service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the network service might be prevented from doing so. This might cause interoperability issues with software that injects code into Chrome's process space, such as Data Loss Prevention software. The NetworkServiceSandboxEnabled policy will allow you to disable the sandbox if incompatibilities are discovered. You can test the sandbox in your environment using these instructions and report any issues you encounter.

   

 

  • Default to origin-keyed agent clustering in Chrome 106   back to top

    As early as Chrome 106, websites will be unable to set document.domain. Websites will need to use alternative approaches such as postMessage() or Channel Messaging API to communicate cross-origin. If a website relies on same-origin policy relaxation via document.domain to function correctly, it will need to send an Origin-Agent-Cluster: ?0 header along with all documents that require that behavior.  

    Note: document.domain has no effect if only one document sets it.

    An enterprise policy will be available to extend the current behavior.

   

 

  • Chrome 107 will replace master_preferences with initial_preferences   back to top

    Initial preferences allow you to deploy default preferences when users first open Chrome browser. The initial_preferences file will replace the master_preferences file, which accomplished the same thing before Chrome 91. To minimize disruption, Chrome currently accepts both master_preferences and initial_preferences. In Chrome 107, Chrome will stop accepting the old master_preferences file name, and only accept the file if it is named initial_preferences.

    Please ensure that if you're using initial preferences, that the file is named initial_preferences and not master_preferences. You do not need to change the contents of the file in any way.

 

Upcoming Admin console changes

   

 

  • New CSV export for some Chrome Admin console reports in Chrome 103   back to top

    As early as Chrome 103, Chrome will introduce a new CSV download option for the Apps & Extensions Usage report data and the Versions report data.

    Admin console reports

↑ 返回页首

 

其他资源

仍需要帮助?

“Google”以及相关标志和徽标是 Google LLC 的商标。其他所有公司名和产品名是其各自相关公司的商标。

该内容对您有帮助吗?

您有什么改进建议?
搜索
清除搜索内容
关闭搜索框
Google 应用
主菜单