Great news! Chrome has a new version - Chrome 71. We already installed it on our cross-browser testing platform and you can already test how your webapps look, feel and work in this new browser version.

Chrome 71 Version

Try it yourself right away!

What's new in Chrome 71?

The most notable features are as follows:

  • Displaying relative times is now part of the Intl API.
  • Specifying which side of the text the underline should appear on for text that flows vertically.
  • Requiring user activation before using the speech synthesis API.
  • The default credentials mode for module script requests has changed from omit to same-origin.
  • Shadow DOM v1 spec; calculation for specificity for the :host() and :host-context() pseudo classes as well as for the arguments for ::slotted().
  • Removed SpeechSynthesis.speak() without user activation.
  • Removed prefixed versions of APIs.
  • Removed URL.createObjectURL from MediaStream.
  • Removed document.origin.
  • Deprecations and removals of APIs.
  • The Element.requestFullscreen() method can now be customized.
  • Last version available for Android 4.1-4.3 (Jelly Bean).
  • You can now long-press on an image and save to clipboard and paste in other apps.
  • Autofill now works better on sites with iframes (embedded pages).

Chrome blocks intrusive advertising

Chrome 71 will block all ads on sites that contain abusive or misleading web browsing. This includes malware, hidden click areas, fake mouse pointers, non-interactive redirects, fake messages or warnings, phishing or just plain misleading behavior. If Google detects that a website is showing such a content or behavior, it will be notified in the Abusive Experiences Report of the Google Search Console. This report contains regular reviews of a site's advertising and notifies the site owner when something is discovered

Deceptive billing page warnings

Chrome 71 also displays clear warning when you are visiting sites with bad reputation. Fraudulent billing sites try to get users to enter their mobile information to access content such as a game. Then the user is charged a mobile subscription without his knowledge.

Developer features and updates in Chrome 71

  • 'left' and 'right' values for the 'text-underline-position' property - CSS3 Text Decoration spec adds new properties that implement new text decoration styling features such as lines, color, and style. This feature adds support for 'left' and 'right' values of the 'text-underline-position' property. The property itself shipped in Chrome 57. Currently, in vertical flow for Chinese and Japanese, which side the underline appears on is not the same across browsers. This enhancement fixes that.
  • :host, :host-context, and ::slotted specificity - was resolved. From M71 Chrome ships specificity calculations per spec for Shadow DOM v1. The old behavior is kept for v0 for compatibility with existing content.
  • Add FullscreenOptions - Adds the ability to customize the requestFullscreen API with FullscreenOptions on Android. This allows developers to chose between making the navigation bar visible versus a completely immersive mode where no user agent controls are shown until a gesture is performed.
  • Animation Worklet - Animation Worklet allows you to write imperative animations that run at the device's native frame rate for jank-free smoothness, make your animations more resilient to main thread jank, and are linked to scroll instead of time.
  • Async touchpad pinch zoom events - Async touchpad pinch zoom events are for improving the page pinch zoom performance. Currently, the touchpad pinch zoom exposes a control wheel event that allows JS to cancel it. With this change, if the user doesn't make a pinch action on the touchpad, effectively canceling the control wheel event, then following control wheel events are not cancelable. But JavaScript does not know which ctrl wheel is the first one in the sequence, so if you want to cancel pinch zoom, you need to cancel all of t
  • Autoplay Policy for Web Audio - Web Audio will follow the rules of the autoplay policy already followed by other parts of Chrome able to produce sound. When an AudioContext is created, it will start as suspended if it wasn't allowed to play. Calling resume() will only start the AudioContext if it is allowed to play. Furthermore, a previously blocked AudioContext will automatically be resumed if start() is called on a connected node after the document is user activated.
  • COLR/CPAL font support - COLR/CPAL fonts are one type of OpenType color fonts. These fonts compose layers of vector outline glyphs and color palette information into the final colored glyph. With this change, Chrome will support 3 color font formats cross-platform, the other two being CBDT/CBLC and SBIX. Because they are vector based, COLR/CPAL fonts provide for faster downloads and require less storage. An example of a COLR/CPAL font is the Twemoji color font.
  • CSS gradient color stop double-position syntax - Add support for CSS Image Values 4 color stop position syntax.
  • Call capture event listeners in capturing phase at shadow hosts - Call capture event listeners in capturing phase at shadow hosts.
  • Deprecate and Remove URL.createObjectURL for MediaStream - This API has been deprecated in 2013 and superseded by assigning streams to srcObject.
  • ImageCapture support for exposureTime constraint - Image Capture API has a means to set exposureMode to manual which is not useful if you cannot set the exposure time (aka shutter speed, aka exposure duration). This change provides an interface for getting the exposure time range values as well as setting the exposure time in time units.
  • IndexedDB database enumeration - IndexedDB databases() returns a list of all databases accessible by the origin of the current frame. The return value is a Promise that resolves with a list of IDBDatabaseInfo objects (currently just dictionaries of database name and version).
  • Intl.RelativeTimeFormat - Intl.RelativeTimeFormat helps libraries and frameworks format relative time in a localized fashion by providing internationalized messages for date and time fields, using a customary local word or phrase when available. For example, calling its format() method with -5 and 'day' would return the string '5 days ago'.
  • Intrinsic size attribute - This attribute allows developers to specify the intrinsic size of a media element (<img>, <video>, <svg:image>). With this attribute media elements will maintain their aspect ratios. Developers need only specify one dimension, either a percentage or pixel value, and the other dimension will be computed immediately without causing a visual re-flow.
  • Permission API: "persistent-storage" property - The "persistent-storage" property is a new permission for the Permission API. The permission state can already be queried with navigator.storage.persisted(), with this change navigator.permissions.query({name:"persistent-storage"}) can be used as well.
  • Permission Delegation - Currently, iframes on the web can make permission requests and users will be shown permission prompts that contain the origin of the iframe. Making permission decisions for iframes and managing previous decisions is complicated and confusing.
  • Picture-in-Picture (PiP) - The Picture-in-Picture API allows websites to create a floating video window that is always on top of other windows so that users may continue consuming media while they interact with other sites or applications on their device. This change only applies to <video> elements.
  • Remove SpeechSynthesis.speak without user activation - This deprecation will cause speechSynthesis.speak to immediately fire an error if the document has not received user activation. This API is being abused by sites since it is one of the only remaining APIs which didn't adhere to autoplay policies in Chrome. This was deprecated in Chrome 70.
  • Remove importScripts() of new scripts after service worker installation. - Until this deprecation, a service worker could use importScripts() to import any script at any time. After this change, a service worker can only importScripts() in two cases. 1) Before installation finishes (from the initial execution of the service worker until it reaches the installed state). 2) After installation finishes, only for scripts that were already imported in the previous phase.
  • Remove prefixed WebKitAnimationEvent interface - The prefixed WebKitAnimationEvent interface will be removed. It is a non-standard alias for the widely supported AnimationEvent interface. For interoperability between browsers, web developers should use the standard AnimationEvent instead.
  • Remove prefixed WebKitTransitionEvent interface - The prefixed WebKitTransitionEvent interface will be removed. It is a non-standard alias for the widely supported TransitionEvent interface. For interoperability between browsers, web developers should use the standard TransitionEvent instead.
  • Rename Intl.DateTimeFormat.prototype.formatToParts type "dayperiod" to "dayPeriod" - This change corrects a non-compliant type in the formatToParts implementation.
  • TextEncoderStream and TextDecoderStream APIs - Text encoding and decoding will support streams to enable you to easily convert streams of binary data to text and vice-versa. An example of its usefulness is with readable streams. With a non-stream Response object, response.Body.text() returns text. There is no equivalent for the ReadableStream returned by Response.Body, which can only return bytes. With the new API a streaming response body may be converted to text as so: Response.Body.pipeThrough (new TextDecoderStream()).
  • Unprefixed Fullscreen API - The fullscreen API has features for entering, and exiting fullscreen mode as well as event handlers for monitoring such changes. A prefixed version of the API has been supported since Chrome 15. This update adds an unprefixed version of the API.
  • Wake Lock API based on Promises - The Wake Lock API brings a standard, secure, and safe way to prevent some device features such as the screen or CPU cycles going into power saving state. In this latest iteration of API we aim to address some of the shortcomings of the older api which was limited to screen Wake Lock and didn't address some of the security and privacy issues. This 2nd iteration of Wake lock API makes use of Promises and introduces Wake Lock Types.
  • Web Authentication getTransports - provides an official replacement for the internal extension that Chrome ships to implement the FIDO U2F API for security keys.
  • Web Share Target - Web Share Target allows websites to receive shared data (text, URLs, images) and register to be choosable by the user as targets from sharing contexts, including (but not limited to) Web Share.
  • WebAssembly PostMessage - Extends WebAssembly to support PostMessage of WebAssembly. Module objects to Web Workers. To clarify, this is scoped to just Web Workers (same process, different thread), and not extended to cross-process scenarios (such as cross-origin postMessage, or shared web workers).
  • WebAudio: MediaElement and MediaStream nodes defined only for AudioContext - Chrome historically allowed creation of MediaElementAudioSourceNode's, MediaStreamAudioSourceNode's, and MediaStreamAudioDestinationNode's using an OfflineAudioContext. This does not comply with the spec; these nodes should only be available for an AudioContext. The behavior with an OfflineAudioContext is not well-defined and contrary to the real-time nature of the nodes themselves.
  • document.origin - The document.origin property will be deprecated and removed in Chromium, and then likely also removed from the DOM Standard. This property was only ever implemented in Chromium and WebKit. It is redundant with self.origin which can be used in both window and worker contexts and has wider support.
  • globalThis - globalThis enables a universal mechanism to access the global object even in strict functions or modules, regardless of the platform.
  • queueMicrotask - Adds a new method, queueMicrotask() that allows direct queueing of a callback to run as a microtask. Microtasks are callbacks that run just before the current task ends. Current examples are callbacks for promises that resolve immediately. This method is available on the window and worker objects.

Bug fixes in Chrome 71

  • CVE-2018-17480: Out of bounds write in V8.
  • CVE-2018-17481: Use after frees in PDFium.
  • CVE-2018-18335: Heap buffer overflow in Skia.
  • CVE-2018-18336: Use after free in PDFium.
  • CVE-2018-18337: Use after free in Blink.
  • CVE-2018-18338: Heap buffer overflow in Canvas.
  • CVE-2018-18339: Use after free in WebAudio.
  • CVE-2018-18340: Use after free in MediaRecorder.
  • CVE-2018-18341: Heap buffer overflow in Blink.
  • CVE-2018-18342: Out of bounds write in V8.
  • CVE-2018-18343: Use after free in Skia.
  • CVE-2018-18344: Inappropriate implementation in Extensions.
  • CVE-2018-18345: Inappropriate implementation in Site Isolation.
  • CVE-2018-18346: Incorrect security UI in Blink.
  • CVE-2018-18347: Inappropriate implementation in Navigation.
  • CVE-2018-18348: Inappropriate implementation in Omnibox.
  • CVE-2018-18349: Insufficient policy enforcement in Blink.
  • CVE-2018-18350: Insufficient policy enforcement in Blink.
  • CVE-2018-18351: Insufficient policy enforcement in Navigation.
  • CVE-2018-18352: Inappropriate implementation in Media.
  • CVE-2018-18353: Inappropriate implementation in Network Authentication.
  • CVE-2018-18354: Insufficient data validation in Shell Integration.
  • CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
  • CVE-2018-18356: Use after free in Skia.
  • CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
  • CVE-2018-18358: Insufficient policy enforcement in Proxy.
  • CVE-2018-18359: Out of bounds read in V8.
  • CVE-2018-20065: Inappropriate implementation in PDFium.
  • CVE-2018-20066: Use after free in Extensions.
  • CVE-2018-20067: Inappropriate implementation in Navigation.
  • CVE-2018-20068: Inappropriate implementation in Navigation.
  • CVE-2018-20069: Insufficient policy enforcement in Navigation.
  • CVE-2018-20070: Insufficient policy enforcement in URL Formatter.
  • CVE-2018-20071: Insufficient policy enforcement in Payments.

Have fun cross-browser testing in Chrome 71!