Cross-browser Testing Blog

Firefox 88 Released - What's new?

Mozilla just released Firefox 88 and we rushed to install it on our virtual browser cloud. In this blog post, we'll summarize the new features and changes in this Firefox version so that you know what to expect when cross-browser testing your webapps in it.

Firefox 88 About Dialog

Try Browserling on Firefox 88 now!

New in Firefox 88

  • Enhanced privacy protection - To protect against cross-site privacy leaks, Firefox 88 now isolates window.name data to the website that created it.
  • JavaScript support in PDF forms - Firefox 88 now executes JavaScript in PDF forms that's used for input validation and other interactive features.
  • Smooth pinch-zooming in Linux - As Linux has evolved with new touchpad drivers, Firefox 88 now supports smooth pinch-zoom gesture on Linux.
  • Margin units in Print Dialog are now localized - Depending on your location, margin units are now automatically selected in centimeters or inches.

Changes in Firefox 88

  • Less nagging - Firefox 88 will not prompt for access to your microphone or camera if you've already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you're prompted to grant device access.
  • Take a screenshot has been moved - The "Take a Screenshot" feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize.
  • FTP is gone - FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol.

Developer's Corner

The following section summarizes changes that affect web developer's work.

Switch between raw/formatted JSON

There's now a "Raw" switch in the developer tools that lets you switch between a raw JSON response and formatted JSON response. It can be found in the request/response tab:

Switch between raw and formatted JSON

CSS Changes

  • The default monospace font for MacOS has been changed to Menlo.
  • The :user-valid and :user-invalid pseudo-classes have been implemented.

JavaScript Changes

  • Added support for RegExp match indices.

Network Changes

  • FTP has been disabled on all releases (preference network.ftp.enabled now defaults to false).

Security Changes

  • The localhost URLs will refer to the loopback ip address (127.0.0.1), increasing the overall security of the connection.

DOM API Changes

  • Code can now use the new static method AbortSignal.abort() to return an AbortSignal that is already set as aborted.

Media Changes

  • If the number of tracks being recorded changes, an InvalidModificationError is thrown from the MediaRecorder.start().

Changes for add-on developers

  • Url can now be used to limit the properties for which the tabs.onUpdated event is triggered.

Changes in Firefox 88 for Android

  • Search engine suggestion feature makes it easier to search the web.
  • Fixed an issue where video playing in fullscreen or picture-in-picture mode would not display correctly on sites using a desktop viewport.

Unresolved Issues in Firefox 88

  • Some purchased video content may not play correctly due to a recent Widevine plugin update (this will be addressed in an upcoming bug fix release).

Security Fixes in Firefox 88

  • CVE-2021-23994: Out of bound write due to lazy initialization.
  • CVE-2021-23995: Use-after-free in Responsive Design Mode.
  • CVE-2021-23996: Content rendered outside of webpage viewport.
  • CVE-2021-23997: Use-after-free when freeing fonts from cache.
  • CVE-2021-23998: Secure Lock icon could have been spoofed.
  • CVE-2021-23999: Blob URLs may have been granted additional privileges.
  • CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab.
  • CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process.
  • CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL.
  • CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads.
  • CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View.
  • CVE-2021-29946: Port blocking could be bypassed.
  • CVE-2021-29947: Memory safety bugs fixed in Firefox 88.

Have fun cross-browser testing in Firefox 88!

▶ Read the full post
Chrome 90 Released - What's new?

Today, Google released the 90th version of its Chrome browser. We just installed it on our browser cloud and you can already start testing in it. In this post, we'll summarize the latest features in this new browser version.

Chrome 90 Version

What's New in Chrome 90

  • A new value for the CSS overflow property.
  • The Feature Policy API has been renamed to Permissions Policy.
  • A new way to implement and use Shadow DOM directly in HTML.
  • Chrome's address bar now uses https:// by default.
  • AV1 encoder that is specifically optimized for video conferencing with WebRTC integration.
  • Removal of Content Security Policy directive plugin-types.
  • Removal of WebRTC RTP data channels.
  • Return of empty for navigator.plugins and navigator.mimeTypes.
  • And as always, a number of tiny fixes and improvements.

Detailed Changes in Chrome 90

  • AV1 Encoder - This feature ships an AV1 encoder in Chrome desktop, specifically optimized for video conferencing with WebRTC integration. AV1 encode is requested by a number of RTC applications, including Duo, Meet, and Webex. The primary benefits of AV1 are better compression, better quality on low bandwidth connections, efficient screen sharing compared to VP9 and other codecs.
  • AbstractRange superclass - The bits shared between StaticRange and Range objects are put on a shared superclass named AbstractRange.
  • Add support for CSS properties "overflow: clip" and "overflow-clip-margin" - Adds two CSS features. The 'clip' value results in a box's content being clipped to the box's overflow clip edge. In addition, no scrolling interface is provided, and the content can not be scrolled by the user or programmatically. The overflow-clip-margin property enables specifying how far outside the bounds an element is allowed to paint before being clipped.
  • Block HTTP port 554 - Connections to HTTP, HTTPS or FTP servers on port 554 will fail. This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.
  • CSS aspect-ratio interpolation - The aspect-ratio property allows automatically computing the other dimension if only one of width and height is specified on any element. This property was originally launched as non-interpolable (meaning that it would snap to the target value) when animated.
  • Clipboard: read-only files support - This proposes to expose read-only files on the clipboard to renderers using a similar approach to drag-and drop. Renderers will have access to read file paths from the clipboard, but not write paths to the clipboard. For file paths on the clipboard, renderers will have read-only access.
  • Custom state pseudo class - The feature lets custom elements expose their states via the :state() CSS pseudo class.
  • Declarative Shadow DOM - A declarative API to allow the creation of #shadowroot's using only HTML and no Javascript.
  • Protect application/x-protobuffer via Cross-Origin-Read-Blocking - Protect application/x-protobuffer from speculative execution attacks by adding it to the list of never sniffed MIME types used by Cross-Origin-Read-Blocking. The application/x-protobuf is already protected as a never sniffed mime type and it's another commonly used MIME type that is defined as an "ALT_CONTENT_TYPE" by the protobuf library.
  • Read Chrome device attributes - Device Attributes Web API is a subset of Device Web API, that provides to web applications the capability to query device information (device ID, serial number, location, etc).
  • Remove Content Security Policy directive 'plugin-types' - The directive 'plugin-types' allows developer to restrict which types of plugin can be loaded via <embed> or <object> html elements. The main point was to allow developer to block Flash in their pages. But Flash support has been discontinued, so there is not much point in this anymore.
  • Remove WebRTC RTP data channels - Removes support for the non-standard RTP data channels in WebRTC. Users should use the standard SCTP-based data channels instead.
  • Remove clamping of setTimeout(fn, 0) - Calls to setTimeout(fn, 0) were previously clamped to a 1 ms timeout, instead of resulting in a callback as soon as possible.
  • Seeking past the end of a file in the File System Access API - Rather than rejecting when trying to write past the end of a file, require extending a file with some number of 0x00 (NUL) bytes instead. This enables creating sparse files and greatly simplifies saving content to a file when the data to be written is received out of order.
  • StaticRange constructor - Currently, Range is the only constructible range type available to web authors. However, Range objects are "live" and maintaining them can be expensive. For every tree change, all affected Range objects need to be updated. StaticRange objects are not live and represent a lightweight range type that is not subject to the same maintenance cost as Range. By making StaticRange constructible, we will allow web authors to use them for ranges that do not need to be updated on every DOM tree change.
  • Support specifying width/height on <source< elements for <picture< - This feature allows specifying a width and height on <source> elements that are used in <picture>, which allows the image to compute an aspect ratio from these attributes.
  • New restrictions for file URLs - Aligns behavior with the standard in edge cases when changing the URL protocol to or from "file". Previously, attempting to change the protocol of a URL with credentials or a port to "file" would lead to an invalid URL. Similarly, attempting to change a URL with no host from "file" to "http" would lead to an invalid URL. Now the invalid change will be ignored for consistency with other browsers. This affects the "protocol" attribute on the URL API, location, and <a> and <area> elements.
  • Use focus-visible in the default UA style sheet - Change the Chromium default UA style sheet to use :focus-visible instead of :focus pseudo-class to paint the focus indicator (outline). This will avoid that elements show a focus indicator (because they're focused and match :focus) while they don't match :focus-visible.
  • WebAssembly Exception Handling - This feature is adding exception support to WebAssembly. Exception handling allows code to break control flow when an exception is thrown. The exception can be any exception known by the WebAssembly module, or it may be an unknown exception that was thrown by a called imported function.
  • OscillatorOptions.periodicWave in WebAudio is not nullable - It is no longer possible to set the periodicWave member of OscillatorOptions to null. The WebAudio spec doesn't allow this, so we're aligning Chrome with the spec and also Firefox, which has implemented this correctly for 4 years.
  • WebXR AR Lighting Estimation - Allows sites to query for estimates of the environmental lighting conditions within WebXr sessions. This exposes both spherical harmonics representing the ambient lighting, as well as a cubemap texture representing "reflections". Adding Lighting Estimation can help to make your models feel more natural and like they "fit" better with the user's environment. This can make them feel more "real" or "natural".
  • WebXR Depth API - The Depth API is an extension to WebXR Device API that allows applications access to depth buffer information that conveys information about the user's environment, with primary focus on Augmented Reality scenarios. By leveraging the depth API, web applications could offer more immersive AR experiences to their users.

Security Fixes in Chrome 90 Release

  • High CVE-2021-21201: Use after free in permissions (reported by Gengming Liu and Jianyu Chen).
  • High CVE-2021-21202: Use after free in extensions (reported by David Erceg).
  • High CVE-2021-21203, 21204: Use after free in Blink (reported by Asnine, Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander).
  • High CVE-2021-21205: Insufficient policy enforcement in navigation (reported by Alison Huffman).
  • High CVE-2021-21221: Insufficient validation of untrusted input in Mojo (reported by Guang Gong of Alpha Lab).
  • Medium CVE-2021-21207: Use after free in IndexedDB (reported by Koocola and Nan Wang).
  • Medium CVE-2021-21208: Insufficient data validation in QR scanner (reported by Ahmed Elsobky).
  • Medium CVE-2021-21209: Inappropriate implementation in storage (reported by Tom Van Goethem).
  • Medium CVE-2021-21210: Inappropriate implementation in Network (reported by Bananabr).
  • Medium CVE-2021-21211: Inappropriate implementation in Navigation (reported by Akash Labade).
  • Medium CVE-2021-21212: Incorrect security UI in Network Config UI (reported by Hugo Hue and Sze Yiu Chau).
  • Medium CVE-2021-21213: Use after free in WebMIDI (reported by Raven).
  • Medium CVE-2021-21214: Use after free in Network API (reported by Anonymous).
  • Medium CVE-2021-21215, 21216: Inappropriate implementation in Autofill (reported by Abdulrahman Alqabandi).
  • Low CVE-2021-21217, 21218, 21219: Uninitialized Use in PDFium (reported by Zhou Aiting).

Have fun cross-browser testing in Chrome 90!

▶ Read the full post
Opera 75 Released - What's new?

Yesterday, Opera version 75 was released. As always, we downloaded this version and installed it in our browser testing cloud. Opera 75 is based on Chromium 89 and in this article, we'll summarize the most important changes in this Opera version.

Opera 75 About Dialog

Try Browserling's Opera 75 now!

What's new in Opera 75?

Custom Keyboard Shortcuts

You can now set your own keyboard shortcuts for features like Flow, Crypto Wallet, and Player. The Flow connects your browser (running on your desktop computer) with Opera on iOS and Android. With this feature, you can send notes, notes, images, links, and files between your devices with a single click. The Crypto Wallet Crypto lets you make payments directly from your browser to merchants, other users, and apps. The Player feature is the gateway to all your favorites on music and podcasts from the most popular services, such as Apple Music, Spotify, and YouTube Music.

Opera 75 Keyboard Shortcuts

Two Times Faster

Opera 75 runs 2 times faster compared to the previous version of the browser. This means faster access to your favorite websites, and quicker transition to Opera's built-in features like WhatsApp, Telegram, Twitter, and Instagram - all neatly packed in the sidebar.

Support for Apple M1 Processors

Opera 75 now natively supports the newest line of Apple M1 processors. With the transition from Intel to Apple Silicon chips, Apple can gain more control over the performance of Mac hardware and software that runs on macOS.

Other Changes in Opera 75

  • The Search Tabs preview window is now updated when the tab from another window is closed.
  • IPFS is now enabled for all channels.
  • Better condition to determine if registration is completed in LastCard.
  • Added dark mini player.
  • Make #cashback flag visible.
  • Merge ThemedLabelButton with RoundedLabelButton.
  • Use the default cursor on non-active elements.
  • Replace "Don't show again" text with "Discard".
  • Add "x" button for address bar suggestions.
  • The -incognito command line parameter is now working again.
  • Fix visually misaligned position of labels in Search Tabs.
  • Disable hints on systems with no transparency.
  • Enable KeyboardLockInteractiveBrowserTest tests.
  • Add borders to feedback dialog.
  • Whatsapp in the sidebar works again after clicking a notification.
  • Instagram and Twitter are treated as messengers.
  • Add emoji button when adding or editing workspaces.
  • Improve the quality of smart files and pictures.
  • Once a user sets the location, do not update it again.
  • The top right-hand corner of an overlay is now rounded.
  • Fix translations from English to Spanish.

Happy cross-browser testing in this new release!

▶ Read the full post
Firefox 87 Released - What's new?

Hooray! Today is the Firefox release day. The new version Firefox 87 is getting released right now and we already grabbed it from Mozilla's FTP servers and installed it in our online browser cloud. It's ready for you to start testing!

Firefox 87 About Dialog

Try Browserling on Firefox 87 now!

New in Firefox 87

  • Improved SmartBlock - You'll encounter less breakage in Private Browsing Mode with the Strict Enhanced Tracking Protection turned on in SmartBlock, which provides stand-in scripts so that websites load properly.
  • Trimmed HTTP Referrer - To further protect your privacy, Firefox 87's new default HTTP Referrer policy will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.
  • Highlight All in Find - The "Highlight All" feature on the "Find in Page" now displays tick marks alongside your scrollbar that correspond to the location of matches found on that page.
  • Screen Reader on MacOS - Firefox 87 now has full support for macOS built-in screen reader called VoiceOver.
  • Silesian Locale - Firefox 87 adds the new Silesian (szl) language locale.

Changes in Firefox 87

  • To prevent user data loss when filling out forms, Firefox 87 disables the Backspace key as a navigation shortcut for the back navigation button. To re-enable the Backspace keyboard shortcut, you can change the about:config preference browser.backspace_action to 0. You can also use the recommended Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
  • Firefox 87 removes items from the Library menu that aren't used often or have other access points in the browser: Synced tabs, Recent highlights, and Pocket list.
  • Firefox 87 simplifies the Help menu by reducing redundant items, such as those that point to Firefox support pages that can also be accessed via the Get Help item.
  • The "View Image Info" menu label in the image context menu has been removed.

Accessibility Fixes in Firefox 87

  • Video controls now have visible focus styling and video and audio controls are now keyboard navigable.
  • HTML <meter> is now spoken by screen readers.
  • Firefox now sets a useful initial focus in Add-ons Manager.
  • Firefox will now fire a name/description change event when aria-labelledby/describedby content changes.

Developer's Corner

Firefox 87 brings many changes and improvements to web developers:

  • Firefox 87 greatly simplifies the Web Developer menu. You can now quickly go to Application Menu followed by Web Developer followed by Web Developer Tools to access Inspector, Web Console, Debugger, Network Style Error, Performance, Storage Inspector, Accessibility, and Application.
  • The Page Inspector can now be used to simulate prefers-color-scheme media queries, without having to change the operating system to light or dark mode.
  • The Page Inspector to toggle the :target pseudo-class for the currently selected element in addition to the pseudo-classes that were previously supported: :hover, :active and :focus, :focus-within, :focus-visible, and :visited.
  • More Page Inspector improvements and bug fixes related to inactive CSS rules: the table-layout property is now marked as inactive for non-table elements, the scroll-padding properties (shorthand and longhand) are now marked as inactive for non-scrollable elements, the text-overflow property was previously incorrectly marked as inactive for some overflow values.

CSS Changes

  • The <link> element is no longer matched by :link, :visited, or :any-link. This aligns the behavior in Firefox to existing behavior in Chrome.

Network/HTTP Changes

  • Content-Length HTTP header has been added to the list of CORS safe-listed response headers.

DOM API Changes

  • The beforeinput event and getTargetRanges() method are now enabled by default.

Changes for add-on developers

  • Permission "nativeMessaging" is now optional.

Changes in Firefox 87 for Android

  • The new default HTTP Referrer policy will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.
  • Sharing an image now shares the image itself instead of its URL.
  • Sites that have only been visited once are no longer automatically added as Top Sites on the home screen.
  • WebRender is rolling out to more devices, with the following mobile GPUs now supported: Adreno 505, Adreno 506, and Mali-T.

Security Fixes in Firefox 87

  • CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bounds read.
  • CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage.
  • CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption.
  • CVE-2021-23984: Malicious extensions could have spoofed popup information.
  • CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user.
  • CVE-2021-23986: A malicious extension could have performed credential-less same-origin policy violations.
  • CVE-2021-23987, 23988: Memory safety bugs fixed in Firefox 87.

Have fun cross-browser testing in Firefox 87!

▶ Read the full post
Chrome 89 Released - What's new?

Excellent news - Chrome 89 was released today by Google. Once we read the news, we rushed to install it to our virtual browser platform. You can start testing your applications in the new version starting now.

Chrome 89 Version

What's New in Chrome 89

  • WebHID, WebNFC, and Web Serial are now available.
  • Closed a loophole a few developers used to skirt the PWA installability checks.
  • The arrival of Web Share and Web Share Target.
  • Chrome now allows top level await within JavaScript modules.
  • Updated icon shown in the omnibox for installable PWAs.
  • Allowed users to sign up for the Digital Goods API origin trial if they have used a Trusted Web Activity to make their PWA available in the Play Store for Chrome OS.
  • Removal of legacy prefixed events (webkitprerenderstart, webkitprerenderstop, webkitprerenderload, and webkitprerenderdomcontentloaded) dispatched on <link rel=prerender>.
  • Stopped cloning sessionStorage for windows opened with noopener number.
  • Dropped support for older x86 processors that don't support SSE3.

Detailed Changes in Chrome 89

  • SameParty cookie attribute - Allows sites to indicate which cookies are allowed to be set or sent in contexts where all ancestor frames belong to the same First-Party Set.
  • CSS keywords 'disclosure-open' and 'disclosure-closed' - CSS property 'list-style-type' supports two new keywords 'disclosure-open' and 'disclosure-closed'. In an element with display:list-item, the disclosure-open keyword shows a symbol indicating a widget like <details> is opened. The disclosure-closed keyword shows a symbol indicating a widget like <details> is closed.
  • Use 'display: list-item' for <summary> by default - The default value of CSS display property for <summary> is changed to list-item from block.
  • Encode CBR audio files with MediaRecorder - Adds support for hard constant bitrate (CBR) mode of the Opus encoder when CBR mode is used for MediaRecorder. Without this change it is impossible to encode compressed constant bitrate audio files with the MediaRecorder.
  • Always fallback to network in AppCache controlled pages - All AppCache manifests are treated as if they contain "*" in their network section. This effectively means that we will always fallback to the network if a resource is not otherwise specified in the AppCache manifest.
  • CSS ::target-text pseudo-element - Added a highlight pseudo-element to allow authors to style scroll-to-text fragments different from the default UA highlighting.
  • CSS flow-relative corner rounding properties - Added support for the flow-relative corner-rounding properties following CSS logical properties and values spec. The following logical properties are now included: border-start-start-radius, border-start-end-radius, border-end-start-radius, and border-end-end-radius.
  • Cross-origin opener policy reporting API - Adds a reporting API to help developers deploy cross-origin opener policy.
  • Element Reflection - This feature allows for ARIA relationship attributes to be reflected in IDL as element references rather than DOMStrings.
  • Expose ReadableStreamDefaultController interface - The Streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. Chrome now exposes the ReadableStreamDefaultController interface on the global object, as with the other ReadableStream-related classes. This will align Blink with the current version of the Streams API Standard and consensus among the developer community.
  • Federated Learning of Cohorts - The FLoC API would enable ad-targeting based on the user's general browsing interest, without the websites knowing their exact browsing history. In today's web, people's interests are typically inferred based on observing what sites or pages they visit, which relies on tracking techniques like third-party cookies. User privacy could be better protected if this can be accomplished without needing to collect a particular individual's exact browsing history.
  • First-party sets - Introduces a mechanism by which a set of registrable domains (a "First-Party Set") can declare themselves to be the same "party" or entity, such as web properties owned by the same company, or domains with different ccTLDs used by the same website. A First-Party Set applies to all HTTPS origins with a registrable domain that is the owner or a member element of the set. This proposal is for a simplified initial prototype.
  • Forced colors mode - Adds the 'forced-colors' media feature, which is used to detect if the user agent has enabled a forced colors mode where it enforces a user-chosen limited color palette on the page. Adds the 'forced-color-adjust' property, which allows authors to opt particular elements out of forced colors mode, restoring full control over the colors to CSS.
  • Import maps - Import maps allows control over what URLs get fetched by JavaScript import statements and import() expressions.
  • Network State Partitioning - Partition network state by the network partition key (which consists of top frame site and possibly frame site), to protect against cross-site tracking through the use of side channels. "Network State" here includes connections (H1, H2, H3, websocket), the DNS cache, ALPN/H2 support data, TLS/H3 resumption information, Reporting/NEL configuration and uploads, and Expect-CT information.
  • Remove prefixed events for <link rel=prerender> - Remove legacy prefixed events (webkitprerenderstart, webkitprerenderstop, webkitprerenderload, and webkitprerenderdomcontentloaded) dispatched on <link rel=prerender>.
  • Schemeful same-site - Modifies the definition of same-site for cookies such that requests on the same registrable domain but across schemes are considered cross-site instead of same-site. For example, http://site.example and https://site.example will now be considered cross-site to each other.
  • Sec-CH-UA Client Hints - The set of Sec-CH-UA-* client hints aims to deprecate and replace the User-Agent header in order to reduce the passive fingerprinting surface we expose via HTTP requests.
  • Stop cloning sessionStorage for windows opened with noopener - When a window is opened with noopener, Chrome should not clone the sessionStorage of its opener; it should instead start from an empty sessionStorage namespace.
  • Streams API: Byte Streams - The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. For streams representing bytes, an extended version of the readable stream is provided to handle bytes efficiently, in particular by minimizing copies.
  • Support for full 'filter' property syntax on SVG elements - Allows the full syntax of the 'filter' property to be used on SVG elements which previously only supported single url(...) references. This allows filter functions such as blur(...), sepia(...), and grayscale(...) to apply to SVG elements as well as non-SVG elements. It makes the platform support for 'filter' more uniform and allows for easier application of some "canned" effects.
  • Top-level await - Allow the await keyword at the top-level within JavaScript modules.
  • Web NFC - Web NFC aims to provide sites the ability to read and write to NFC tags when they are brought in close proximity to the user's device (usually 5-10 cm, 2-4 inches). The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported within the current scope.
  • Web Serial API - The Serial API provides an interface for connecting to serial devices, either through a serial port on the user's system or removable USB and Bluetooth devices that emulate a serial port. This API has been requested by the hardware developer community, especially developers building educational tools, as a companion to the WebUSB API because operating systems require applications to communicate with USB-based serial ports using their higher-level serial API rather than the low-level USB API.
  • Web Share API - Web Share is an API for sharing data (text, URLs, images) from the web to an app of the user's choosing.
  • Web Share API Level 2 - Web Share API Level 2 allows sharing of files from the web to an app of the user's choosing. The API enables web developers to build share buttons that display the same system share dialog boxes used by native applications. Level 1 enabled system share dialogs; however only text and urls could previously be shared.
  • Web Share Target - Web Share Target allows websites to receive shared data (text, URLs, images) and register to be choosable by the user as targets from sharing contexts, including (but not limited to) Web Share.
  • Web Share Target Level 2 - Installed web applications can now receive file shares, e.g. images. Using the manifest, the web application can declare which MIME types and/or file extensions it accepts.
  • WebAuthentication API: ResidentKeyRequirement and credProps extension - Adds support for the AuthenticatorSelectionCriteria.residentKey property to specify during Web Authentication API (WebAuthn) credential registration whether a client-side discoverable credential should be created. Also adds support for the WebAuthn "credProps" extension, which indicates to the Relying Party whether a created credential is client-side discoverable.
  • WebHID (Human Interface Device) - Enables web applications to interact with human interface devices (HIDs) other than the standard supported devices (mice, keyboards, touchscreens, and gamepads). However, there are many other HID devices that are currently inaccessible to the web. This API allows web applications to request access to these devices, send and receive HID reports, and retrieve information about the report descriptor.
  • Value navigator.webdriver is false when automation is not enabled. - Prior to this change, Chromium only exposed navigator.webdriver when the browser was being automated. However, other browsers expose it unconditionally per the spec, with the value false in case the browser is not being automated.
  • New web manifest field 'display_override' - Adds a new advanced field to the web manifest, "display_override", where a developer with special requirements can specify an explicit display fallback chain they would like applied.
  • Add performance.measureUserAgentSpecificMemory() - The feature adds a performance.measureUserAgentSpecificMemory() function that estimates the memory usage of the web page. The website needs to be cross-origin isolated to use the API.

Security Fixes in Chrome 89 Release

  • High CVE-2021-21159: Heap buffer overflow in TabStrip (reported by Khalil Zhani).
  • High CVE-2021-21160: Heap buffer overflow in WebAudio (reported by Marcin 'Icewall' Noga).
  • High CVE-2021-21161: Heap buffer overflow in TabStrip (reported by Khalil Zhani).
  • High CVE-2021-21162: Use after free in WebRTC (reported by Anonymous).
  • High CVE-2021-21163: Insufficient data validation in Reader Mode (reported by Alison Huffman).
  • High CVE-2021-21164: Insufficient data validation in Chrome for iOS (reported by Muneaki Nishimura).
  • High CVE-2021-21165, 21166: Object lifecycle issue in audio (reported by Alison Huffman).
  • Medium CVE-2021-21167: Use after free in bookmarks (reported by Leecraso and Guang Gong).
  • Medium CVE-2021-21168: Insufficient policy enforcement in appcache (reported by Luan Herrera).
  • Medium CVE-2021-21169: Out of bounds memory access in V8 (reported by Bohan Liu and Moon Liang).
  • Medium CVE-2021-21170: Incorrect security UI in Loader (reported by David Erceg).
  • Medium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation (reported by Irvan Kurniawan).
  • Medium CVE-2021-21172: Insufficient policy enforcement in File System API (reported by Maciej Pulikowski).
  • Medium CVE-2021-21173: Side-channel information leakage in Network Internals (reported by Tom Van Goethem).
  • Medium CVE-2021-21174: Inappropriate implementation in Referrer (reported by Ashish Gautam Kamble).
  • Medium CVE-2021-21175: Inappropriate implementation in Site isolation (reported by Jun Kokatsu).
  • Medium CVE-2021-21176: Inappropriate implementation in full screen mode (reported by Luan Herrera).
  • Medium CVE-2021-21177: Insufficient policy enforcement in Autofill (reported by Abdulrahman Alqabandi).
  • Medium CVE-2021-21178: Inappropriate implementation in Compositing (reported by Japong).
  • Medium CVE-2021-21179: Use after free in Network Internals (reported by Anonymous).
  • Medium CVE-2021-21180: Use after free in tab search (reported by Abdulrahman Alqabandi).
  • Medium CVE-2020-27844: Heap buffer overflow in OpenJPEG (reported by Sean Campbell).
  • Medium CVE-2021-21181: Side-channel information leakage in autofill (reported by Xu Lin, Panagiotis Ilia, and Jason Polakis).
  • Low CVE-2021-21182: Insufficient policy enforcement in navigations (reported by Luan Herrera).
  • Low CVE-2021-21183, 21184: Inappropriate implementation in performance APIs (reported by Takashi Yoneuchi and James Hartig).
  • Low CVE-2021-21185: Insufficient policy enforcement in extensions (reported by David Erceg).
  • Low CVE-2021-21186: Insufficient policy enforcement in QR scanning (reported by Dhirajkumarnifty).
  • Low CVE-2021-21187: Insufficient data validation in URL formatting (reported by Kirtikumar Anandrao Ramchandani).
  • Low CVE-2021-21188: Use after free in Blink (reported by Woojin Oh).
  • Low CVE-2021-21189: Insufficient policy enforcement in payments (reported by Khalil Zhani).
  • Low CVE-2021-21190: Uninitialized Use in PDFium (reported by Zhou Aiting).

Have fun cross-browser testing in Chrome 89!

▶ Read the full post
Firefox 86 Released - What's new? (February 23, 2021)
Opera 74 Released - What's new? (February 2, 2021)
Firefox 85 Released - What's new? (January 26, 2021)
Chrome 88 Released - What's new? (January 19, 2021)
Firefox 84 Released - What's new? (December 15, 2020)
Opera 73 Released - What's new? (December 9, 2020)
Firefox 83 Released - What's new? (November 17, 2020)
Chrome 87 Released - What's new? (November 17, 2020)
Opera 72 Released - What's new? (October 21, 2020)
Chrome 73 Released - What's new? (March 12, 2019)
Chrome 72 Released - What's new? (January 29, 2019)
Firefox 65 Released - What's new? (January 29, 2019)
Opera 58 Released - What's new? (January 23, 2019)
Firefox 64 Released - What's new? (December 11, 2018)
Chrome 71 Released - What's new? (December 4, 2018)
Opera 57 Released - What's new? (November 28, 2018)
Firefox 63 Released - What's new? (October 23, 2018)
Chrome 70 Released - What's new? (October 16, 2018)
Opera 56 Released - What's new? (September 25, 2018)
Firefox 62 Released - What's new? (September 5, 2018)
Chrome 69 Released - What's new? (September 4, 2018)
Opera 55 Released - What's new? (August 16, 2018)
Chrome 68 Released - What's new? (July 24, 2018)
Opera 54 Released - What's new? (June 28, 2018)
Firefox 61 Released - What's new? (June 26, 2018)
Chrome 67 Released - What's new? (May 31, 2018)
Opera 53 Released - What's new? (May 10, 2018)
Firefox 60 Released - What's new? (May 9, 2018)
Chrome 66 Released - What's new? (April 17, 2018)
Opera 52 Released - What's new? (March 14, 2018)
Firefox 59 Released - What's new? (March 13, 2018)
Chrome 65 Released - What's new? (March 6, 2018)
Opera 51 Released - What's new? (February 7, 2018)
Chrome 64 Released - What's new? (January 24, 2018)
Firefox 58 Released - What's new? (January 23, 2018)
Opera 50 Released - What's new? (January 4, 2018)
Happy browserful Holidays! (December 23, 2017)
Chrome 63 Released - What's new? (December 6, 2017)
Firefox 57 Released - What's new? (November 14, 2017)
Opera 49 Released (November 8, 2017)
Astronomy (New comic) (November 5, 2017)
Chrome 62 Released (October 19, 2017)
Firefox 56 Released (September 28, 2017)
Opera 48 Released (September 27, 2017)
Chrome 61 Released (September 5, 2017)
Opera 47 Released (August 9, 2017)
Firefox 55 Released (August 8, 2017)
Chrome 60 Released (July 25, 2017)
There Are 225 Developer Tools Now! (June 25, 2017)
Opera 46 Released (June 23, 2017)
Firefox 54 Released (June 13, 2017)
Chrome 59 Released (June 5, 2017)
Front End vs Back End (Comic) (April 25, 2017)
Chrome 58 Added to Browser Cloud (April 20, 2017)
Firefox 53 Added to Browser Cloud (April 19, 2017)
Opera 45 Released: Codename Opera Reborn (April 10, 2017)
Opera 44 Released and Deployed to Browserling (March 22, 2017)
Debugging (Programmer Comic) (March 18, 2017)
Chrome 57 Released and available for testing (March 13, 2017)
New Feature: Quick access to latest browsers (March 10, 2017)
Firefox 52 is now available for cross-browser testing (March 7, 2017)
Chrome is a Hungry Browser (Browser comic) (March 3, 2017)
Android 7.1 Added to Browserling for Mobile Testing (March 2, 2017)
Grace Hopper (Computer Scientist Comic) (February 24, 2017)
LISP Winners (Programming comic) (February 16, 2017)
Announcing a new comic series about famous computer scientists (February 10, 2017)
Opera 43 is now available for cross-browser testing (February 7, 2017)
New comic - Programmer (February 2, 2017)
New comic - Two Floats Walk in a Bar (January 26, 2017)
Firefox 51 Cross-Browser Testing Available (January 25, 2017)
Chrome 56 Browser Testing Available (January 25, 2017)
New cartoon - Nordic Programmer (January 17, 2017)
New cartoon - Titanic and Iceberg CSS Pun (January 10, 2017)
Partying with Browsers is a Bad Idea (January 3, 2017)
Happy Holidays! (December 25, 2016)
Opera 42 is now available for online browser testing (December 13, 2016)
New comic - Hide and Seek (December 3, 2016)
Chrome 55 is now available for cross-browser testing (December 1, 2016)
New comic - Browser Wars (November 26, 2016)
New comic - Jon Maddog Hall (November 18, 2016)
Firefox 50 Testing Now Available (November 15, 2016)
New comic - Adobe Love Story (November 11, 2016)
New comic - ASCII/ANSI (November 4, 2016)
New comic - DOM and jQuery (October 28, 2016)
Opera 41 available for browser testing (October 26, 2016)
New cartoon - Euler's Number (October 21, 2016)
New cartoon - Hammer (October 14, 2016)
Chrome 54 released and deployed to browser testing cloud (October 12, 2016)
New cartoon - Bytes (October 6, 2016)
Android Nougat added to mobile browser testing cloud (October 3, 2016)
New cartoon - Peter375 (September 29, 2016)
New cartoon - Lego (September 21, 2016)
Opera 40 released and added to our testing cloud (September 20, 2016)
Firefox 49 is now available for cross-browser testing (September 20, 2016)
New cartoon - Opera (September 15, 2016)
New cartoon - Mendeleev CSS Joke (September 9, 2016)
New cartoon - Threads (September 2, 2016)
Edge 38 (aka Edge 14) released and added to our browser cloud (September 1, 2016)
Chrome 53 Available For Testing (August 31, 2016)
Happy 25th Birthday, Linux! (August 25, 2016)
New cartoon - CSS Ghost (August 18, 2016)
New cartoon - Browserling CEO (August 12, 2016)
New cartoon - Fortran (August 5, 2016)
Opera 39 released and added to browser testing cloud (August 2, 2016)
Firefox 48 released and added to browser testing cloud (August 2, 2016)
New cartoon - Big Bang (July 27, 2016)
New cartoon - Ship (July 21, 2016)
Chrome 52 Released and Deployed to our Browser Cloud (July 20, 2016)
New cartoon - Internet Explorer (July 14, 2016)
New cartoon - Ninja (July 7, 2016)
We've added a bunch more programmer tools! (July 1, 2016)
New cartoon - Home Sweet Home (June 30, 2016)
New cartoon - Brexit (June 23, 2016)
New cartoon - Pisa Tower (June 17, 2016)
New cartoon - Coffee In, Code Out (June 11, 2016)
Opera 38 installed and ready for browser testing (June 8, 2016)
Firefox 47 Released (and available for web testing) (June 7, 2016)
New cartoon - Refreshments (June 4, 2016)
New cartoon - Binary (May 28, 2016)
Chrome 51 Available For Cloud Testing (May 25, 2016)
New cartoon - Titanic (May 21, 2016)
New cartoon - Home Sweet Home (May 13, 2016)
New cartoon - Computer Chips (May 6, 2016)
Opera 37 released and added to our browser-testing cloud (May 4, 2016)
New cartoon - Cold Computer (April 29, 2016)
Firefox 46 available for testing (April 26, 2016)
New cartoon - The Terminator (April 22, 2016)
New cartoon - Bitmask (April 14, 2016)
Chrome 50 is now available for web testing (April 13, 2016)
New cartoon - Dinosaurs (April 8, 2016)
New cartoon - Home Sweet Home (April 1, 2016)
New cartoon - Twins (March 24, 2016)
New cartoon - 1023MB (March 18, 2016)
Opera 36 released and deployed to our browser cloud (March 15, 2016)
Announcing Browserling's Safari Extension! (March 14, 2016)
New cartoon - Keyboard (March 9, 2016)
Firefox 45 Released and Ready for Testing (March 8, 2016)
Chrome 49 added to our cloud (March 2, 2016)
New cartoon - 4:04 AM (March 2, 2016)
Android 6.0 Marshmallow Now Available! (February 25, 2016)
New cartoon - Hobbit (February 24, 2016)
New cartoon - Java (February 17, 2016)
New cartoon - Home IPv6 (February 10, 2016)
New cartoon - SQL Query (February 3, 2016)
Opera 35 Now Available For Web Testing (February 2, 2016)
New cartoon - CSS Float (January 27, 2016)
Firefox 44 is now available for testing (January 26, 2016)
Chrome 48 Released Today (and available for testing) (January 20, 2016)
New cartoon - Dates (January 20, 2016)
New cartoon - VIM (January 14, 2016)
We've added 7 more programming tools! (January 7, 2016)
New cartoon - Table Layout (January 6, 2016)
New cartoon - Glasses (January 1, 2016)
We've added 6 more web developer tools! (December 28, 2015)
Merry Christmas & Happy New Year from Browserling! (December 25, 2015)
New cartoon - Test Engineer (December 23, 2015)
New cartoon - Spaghetti (December 18, 2015)
We've added even more webdev tools! (December 17, 2015)
Firefox 43 Released! (December 15, 2015)
We've added more webdev tools! (December 10, 2015)
New cartoon - Full Stack (December 9, 2015)
Opera 34 added to our browser cloud (December 8, 2015)
Chrome 47 Added to Browserling (December 5, 2015)
New cartoon - Shopping (December 2, 2015)
Announcing Browserling's Web Developer Tools! (December 1, 2015)
New cartoon - Winamp (November 25, 2015)
We added a new cartoon to our web comic - Home (November 18, 2015)
New web cartoon - SEO Expert (November 11, 2015)
Announcing Browserling's Firefox Extension! (November 5, 2015)
New web cartoon - Bathroom (November 5, 2015)
Firefox 42 Installed In Our Browser Testing Cloud (November 3, 2015)
Announcing Browserling's Opera Addon! (October 30, 2015)
New cartoon - Browser History (October 28, 2015)
Opera 33 available for cross-browser testing (October 27, 2015)
New cartoon - Cookie Monster (October 21, 2015)
Chrome 46 Added to Browserling (October 15, 2015)
New cartoon - Internet Explorer CSS Pun (October 14, 2015)
A new cartoon in our comic: Internet Explorer (October 5, 2015)
A new cartoon in our comic: Hotel (September 30, 2015)
A new cartoon in our comic: Bar (September 29, 2015)
Announcing Browserling's Webcomic! (September 28, 2015)
Mozilla Firefox 41 Released and Added to Browserling (September 22, 2015)
More Web Developer Jokes (September 17, 2015)
Opera 32 Released and Added to Browserling (September 15, 2015)
Web Developer Jokes (September 7, 2015)
Chrome 45 Released and Added to Browserling (September 1, 2015)
Browserling now has bookmarklets! (August 28, 2015)
Mozilla Firefox 40 Released and Added to Browserling (August 11, 2015)
Opera 31 Released and Added to Browserling (August 6, 2015)
Announcing Browserling's Chrome Extension! (August 5, 2015)
Browser sharing URL scheme now includes OS platform (July 30, 2015)
Announcing quick /b/ (browse) URLs (July 25, 2015)
Bug Hunter now has Imgur support (July 24, 2015)
Chrome 44 Released and Added to Browserling (July 21, 2015)
Announcing Browserling's Bug Hunter! (July 9, 2015)
Mozilla Firefox 39 Released and Added to Browserling (July 2, 2015)
Live API now supports Windows 8.1 (June 26, 2015)
Browserling now has Windows 8.1 support (June 16, 2015)
Opera 30 Released and Added to Browserling (June 10, 2015)
Live API now supports multiple OS platforms (June 9, 2015)
Browserling now supports multiple operating systems (June 5, 2015)
Chrome 43 Added to Browserling (May 20, 2015)
Firefox 38 Added to Browserling (May 12, 2015)
Live API now supports right click and middle click (wheel click) (May 8, 2015)
Introducing short URLs (May 7, 2015)
Right Click and Wheel Click Now Work in Browserling (May 5, 2015)
New Feature - Browser Sharing through Tools (May 1, 2015)
Opera 29 Added to Browserling (April 29, 2015)
Announcing Browserling's Live API (April 20, 2015)
Chrome 42 Added to Browserling (April 14, 2015)
Firefox 37 Added to Browserling (March 31, 2015)
New Feature - Basic Screenshots (March 26, 2015)
New Feature - On-Screen Keyboard (March 25, 2015)
Android 5.1 Lollipop Added! (March 20, 2015)
Opera 28 Added to Browserling (March 10, 2015)
Chrome 41 Added to Browserling (March 4, 2015)
Firefox 36 Added to Browserling (February 25, 2015)
Local Cross-Browser Testing Tutorial for Linux and Mac (February 18, 2015)
Local Cross-Browser Testing Tutorial for Windows (February 14, 2015)
New Security Feature - Login Rate Limiting (February 7, 2015)
Opera 27 Added to Browserling (January 28, 2015)
Chrome 40 Added to Browserling (January 27, 2015)
Firefox 35 Now Available (January 13, 2015)
Android 4.4 KitKat Added! (December 29, 2014)
Browserling's now much faster - We've upgraded servers to SSDs and 2xRAM and 2xCPU (December 7, 2014)
Opera 26 Added to Browserling (December 3, 2014)
Firefox 34 Now Available (December 1, 2014)
We've added Android 5.0 Lollipop to Browserling (November 25, 2014)
Chrome 39 Added to Browserling (November 18, 2014)
New Pricing Signup Form (November 5, 2014)
Opera 25 Added to Browserling (October 15, 2014)
Firefox 33 Added (October 13, 2014)
Chrome 38 Now Available (October 8, 2014)
Browser Sharing URL Scheme (September 20, 2014)
Opera 24 Now Available (September 4, 2014)
Firefox 32 Added to Browserling (September 3, 2014)
Chrome 37 Added to Browserling (August 26, 2014)
Opera 23 Now Available (July 25, 2014)
Firefox 31 Now Available at Browserling (July 24, 2014)
Chrome 36 Added to Browserling (July 16, 2014)
We just added Firefox 30 to Browserling (June 11, 2014)
Opera 22 Now Available (June 3, 2014)
Chrome 35 Now Available (May 20, 2014)
Opera 21 Added to Browserling (May 6, 2014)
Firefox 29 Added for Testing (April 29, 2014)
Chrome 34 Added to Browserling (April 10, 2014)
Firefox 28 Added for Browser Testing (March 18, 2014)
Opera 20 Added to Browserling (March 5, 2014)
Chrome 33 Added to Browserling (February 21, 2014)
Firefox 27 Added for Cloud Testing (February 4, 2014)
Internet Explorer 11 Added to Browserling (January 30, 2014)
Opera 19 Released (January 29, 2014)
Chrome 32 Added to Browserling (January 14, 2014)
Firefox 26 Added to Browserling (December 10, 2013)
Opera 18 Added to Browser Cloud (November 19, 2013)
Chrome 31 Just Added! (November 12, 2013)
Mozilla Firefox 25 Released (October 29, 2013)
Opera 17 Released and Added to Our Testing Cloud (October 8, 2013)
Chrome 30 Now Available (October 2, 2013)
Firefox 24 Released (September 17, 2013)
Opera 16 Added to Browser Testing Cloud (August 27, 2013)
Chrome 29 Added for Web Testing (August 20, 2013)
Firefox 23 Released (August 6, 2013)
Chrome 28 Added to Cloud Testing Platform (July 9, 2013)
Opera 15 Released (Opera Switches to Chrome!) (July 2, 2013)
Firefox 22 Released (June 25, 2013)
Chrome 27 Available for Browser Testing (May 21, 2013)
Firefox 20 Released (April 2, 2013)
Chrome 26 Added to Browserling (March 26, 2013)
Chrome 25 Released (February 21, 2013)
Chrome 24 Released (January 10, 2013)
We just added Internet Explorer 10 (December 11, 2012)
Chrome 23 Released (November 6, 2012)
Chrome 22 Released (September 25, 2012)
Chrome 21 Released (July 31, 2012)
Chrome 20 Released (June 26, 2012)
Opera 12 Released (June 14, 2012)
Chrome 19 Released (May 15, 2012)
Chrome 18 Released (March 28, 2012)
Chrome 17 Released (February 8, 2012)
Firefox 9 Released (December 20, 2011)
Chrome 16 Released (December 13, 2011)
Chrome 15 Released (October 25, 2011)
Chrome 14 Released (September 16, 2011)
Chrome 13 Released (August 2, 2011)
We just added Firefox 3 to Browserling (January 5, 2011)
We have a blog! (December 1, 2010)