Browserling's cross-browser testing bloghttps://www.browserling.com/blog/Browserling's cross-browser testing blog. We write about all the exciting new things that are happening in the browser world and at Browserling!2021-05-26 15:00:00Will Chrome or Firefox Reach Version 100 First?<p>The two most popular browsers - <a href="/chrome-testing">Google Chrome</a> and <a href="/firefox-testing">Mozilla Firefox</a> are currently in a race to version 100. Currently, the latest Firefox version is <a href="/blog/5656-firefox-88-exciting-features">Firefox 88</a> version while Chrome is at version <a href="/blog/5655-chrome-90-exciting-features">Chrome 90</a>. As Chrome is 2 versions ahead, does it mean Google Chrome will be the first to hit version 100? Let's find out!</p>
<p><img src="/images/blog/chrome-firefox-100/chrome-firefox-100.png" alt="Browser Market Share" /></p>
<h2>Firefox Release Cycle Analysis</h2>
<p>To determine which browser will reach the 100th version first, it's best to look at the dates of the past stable releases. Firefox has adopted a <a href="https://wiki.mozilla.org/Release_Management/Calendar">rapid release calendar plan</a>, which means they have a strict four-week release cycle. The following table shows the last five releases by Firefox:</p>
<ul>
<li><a href="/blog/5500-firefox-84-released">Firefox 84</a> - 2020/12/15</li>
<li><a href="/blog/5580-firefox-85-released">Firefox 85</a> - 2021/01/26</li>
<li><a href="/blog/5600-firefox-86-released">Firefox 86</a> - 2021/02/23</li>
<li><a href="/blog/5630-firefox-87-released">Firefox 87</a> - 2021/03/23</li>
<li><a href="/blog/5650-firefox-88-released">Firefox 88</a> - 2021/04/19</li>
</ul>
<p>The latest version is Firefox 88, released on April 19, 2021. As we know that each next version is released every four weeks, we can calculate the future releases. We get the following data:</p>
<ul>
<li>Firefox 89 - 2021/06/01</li>
<li>Firefox 90 - 2021/07/13</li>
<li>Firefox 91 - 2021/08/10</li>
<li>Firefox 92 - 2021/09/07</li>
<li>Firefox 93 - 2021/10/05</li>
<li>Firefox 94 - 2021/11/02</li>
<li>Firefox 95 - 2021/12/07</li>
<li>Firefox 96 - 2022/01/11</li>
<li>Firefox 97 - 2022/02/08</li>
<li>Firefox 98 - 2022/03/08</li>
<li>Firefox 99 - 2022/04/05</li>
<li>Firefox 100 - 2022/05/03</li>
</ul>
<p><strong>From this data, we can see that Firefox is expected to release its 100th version on May 3, 2022</strong>. This is assuming there are no delays in any of the future releases.</p>
<p>Note: You can launch all Firefox versions online from the Browserling cloud infrastructure by visiting the <a href="/online-browser">online browser</a> page or by using this browser selection widget:</p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="88"></div>
</div>
<h2>Chrome Release Cycle Analysis</h2>
<p>On the other side, Google Chrome currently is released every 6 weeks, which is two weeks more than Firefox. To their advantage, Chrome is currently running version 90, which is 2 versions ahead of Firefox and was released on April 13, 2021. Google Chrome's last five releases were the following:</p>
<ul>
<li>Chrome 86 - 2020/10/13</li>
<li>Chrome 87 - 2020/12/01</li>
<li><a href="/blog/5490-chrome-87-released">Chrome 88</a> - 2021/01/26</li>
<li><a href="/blog/5620-chrome-89-released">Chrome 89</a> - 2021/03/09</li>
<li><a href="/blog/5640-chrome-90-released">Chrome 90</a> - 2021/04/13</li>
</ul>
<p>At this rate, Google Chrome is expected to release its 100th version on June 7, 2022 and it looks like Mozilla Firefox will hit their 100th version much earlier than Google Chrome. But, there is a huge twist in this plan!</p>
<h3>New Google Chrome Release Cycle</h3>
<p>On March 4, 2021, Google <a href="https://blog.chromium.org/2021/03/speeding-up-release-cycle.html">announced</a> the following changes to their release cycle:</p>
<p><strong>"We are excited to announce that Chrome is planning to move to releasing a new milestone every 4 weeks, starting with Chrome 94 in Q3 of 2021."</strong></p>
<p>Google Chrome 94 will be released on September 21, 2021 and from this day onwards, Google will push new releases to their users every four weeks instead of six. On this day, Firefox will be at version 92 and both browsers will move at a constant pace relative to each other. Therefore, the first browser with the larger version on September 21, 2021 will be the first to reach version 100 (assuming the release cycles after this date remain the same). <strong>Now that we know this new information, it's easy to see Google Chrome will therefore win the race to the 100th version.</strong></p>
<h2>First Browser to Version 100</h2>
<p>To be absolutely sure, let's check the <a href="https://chromiumdash.appspot.com/schedule">release calendar of Google Chrome</a>. It has the following data:</p>
<ul>
<li>Chrome 91 - 2021/05/25</li>
<li>Chrome 92 - 2021/07/20</li>
<li>Chrome 93 - 2021/08/31</li>
<li>Chrome 94 - 2021/09/21</li>
<li>Chrome 95 - 2021/10/19</li>
<li>Chrome 96 - 2021/11/16</li>
<li>Chrome 97 - 2022/01/04</li>
<li>Chrome 98 - 2022/02/01</li>
<li>Chrome 99 - 2022/03/01</li>
<li>Chrome 100 - 2022/03/29</li>
</ul>
<p>We can see that the expected 100th release date of Chrome is Tuesday, March 29, 2022. On this day, Firefox will be only at version 98 and will have its 100th version released on Tuesday, May 3, 2022.</p>
<p>If you'd like to try all versions of browsers, then you can try <a href="https://www.browserling.com">Browserling - a cloud browser platform</a>. You can get any browser on any operating system with a single click. Try it out!</p>2021-05-26 15:00:005665Harish Rajora5 Exciting New Features in Firefox 88<p>Recently, Mozilla Firefox was updated to version 88 and it includes a bunch of exciting new features. These new features range from upgraded privacy settings to supporting JavaScript in PDF forms. The new update has something for everyone. In this post, we will go through the 5 most exciting new features in Firefox 88. If you're eager to go through the complete list of new features, then we have the <a href="/blog/5650-firefox-88-released">New in Firefox 88</a> post that covers every single updated feature in detail. But now, let's see what Firefox has in the box for us!</p>
<p><img src="/images/blog/firefox-88/new-in-firefox-88.png" alt="Firefox 88 Features" /></p>
<h2>Window.name Isolated to a Website</h2>
<p><a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/name">Window.name</a> is a Javascript property that controls the name of the window's browsing context. This data can then be used by developers as a trick to pass messages or save sessions. Window.name is often also called the "bucket" for the way it behaves. So, what was the problem?</p>
<p>The problem with the window.name was that the data set by a website in this variable would persist until overwritten by the next website or the tab is closed. For example, if I have set my password as the window.name value and now navigate to another website (in the same tab), that website can now extract this value out and can misuse it. Trackers and other malicious software could easily browse a user's private data without their consent.</p>
<p>With Firefox 88, Mozilla now has stepped up towards the <a href="https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy">same-origin policy</a> to prevent window.name misuse across websites by <strong>resetting it to an empty string</strong>. Now, when a user navigates to another website, the website will not be able to explore the user history or any other data through the variable. As an example, if a website sets my email as window.name (such as my-identity@email.com), the window.name clearing will work as follows:</p>
<p><img src="/images/blog/firefox-88/window-name-removed.png" alt="Window.name Removed from Firefox 88" /></p>
<p>Source: <a href="https://blog.mozilla.org/security/2021/04/19/firefox-88-combats-window-name-privacy-abuses/">Mozilla</a>. This is a great step towards keeping up the <a href="https://www.mozilla.org/en-US/firefox/privacy/">privacy promise</a> and making Internet surfing safer on Mozilla Firefox 88.</p>
<h2>"Take Screenshot" Removed From Page Actions</h2>
<p>Mozilla has removed the <strong>Take Screenshot</strong> option from their <a href="https://support.mozilla.org/en-US/kb/page-actions-firefox-focus">Page Action</a> menu which is located below the three dots menu in the address bar.</p>
<p>The following screenshot is from Firefox 86 showing the option which existed before 88:</p>
<p><img src="/images/blog/firefox-88/firefox-86-take-screenshot.png" alt="Take Screenshot in Firefox 86" /></p>
<p>Firefox has also stated that they are working on a redesign that <a href="https://www.omgubuntu.co.uk/2021/02/try-firefox-proton-redesign-ubuntu">removes the page actions menu entirely</a> from the browser. So, does that mean Firefox has deprecated the screenshot feature from their browser? As it turns out, the user still has three ways to take screenshots in Firefox 88.</p>
<h3>How to Take Screenshot in Firefox?</h3>
<p>To take a screenshot in Firefox 88, the user can select "Take Screenshot" from the context menu (right-click on the web page):</p>
<p><img src="/images/blog/firefox-88/firefox-88-take-screenshot.png" alt="Take Screenshot in Firefox 88" /></p>
<p>Screenshots can also be taken through the <a href="https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars">customizable toolbar</a> offered by Firefox.</p>
<p><img src="/images/blog/firefox-88/screenshot-via-customize-toolbar.png" alt="Screenshot via Toolbar" /></p>
<p>The third option is the conventional old-school method of taking a screenshot via keyboard by pressing Win + Print Screen in Windows and it needs no introduction.</p>
<p>Do you want to test this feature without installing the Firefox browser? Use Browserling's cloud-based infrastructure and enter a URL of any website below:</p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="88"></div>
</div>
<h2>FTP Support Disabled in Firefox 88</h2>
<p>FTP is the File Transfer Protocol used for file transfer between a client and a server. Introduced in 1971, FTP has been exhaustively used by engineers as the default file sharing protocol as it's quick and easy to learn and use. Unfortunately, FTP is a non-encrypted protocol, which today in 2021 is a major concern.</p>
<p>For this reason, Firefox has removed the support of FTP from Firefox 88 and has announced its <strong>complete removal from Firefox 89</strong>. The word "complete removal" is used because a user can no longer even enable the FTP from the about:config section (also called flags section).</p>
<p><img src="/images/blog/firefox-88/ftp-gone-from-config.png" alt="FTP Removed from Firefox" /></p>
<p>FTP has been a concern for other major browsers too. Google Chrome has already <a href="/blog/4070-chrome-72-released">deprecated FTP from Chrome 72</a> onwards. Firefox officially stated that "FTP is not used popularly today" and has also mentioned this as a primary reason. </p>
<h2>Smoother Pinch To Zoom - Linux Update</h2>
<p>Pinch to zoom is a popular and everyday-use feature on a web browser. While Apple introduced pinch to zoom in 2011 for Safari, Microsoft in 2012 for IE and Chrome in around 2013, Firefox took a long time and introduced pinch to zoom in 2020 as part of <a href="/blog/5495-firefox-83-released">Firefox 83</a>. Still, it was available only to Windows users with a trackpad or touch screen. </p>
<p>With Firefox 88 release, the smooth pinch to zoom is now supported for Linux users too! This is good news for Linux users as they get a much-awaited feature with this version.</p>
<h2>Screen Reader Glitch Solved</h2>
<p>Taking care of people with accessibility needs, Firefox 88 has rectified the long-standing screen reader error. Earlier, the screen reader would also read the visually hidden content on the webpage. This created inconsistency in the spoken content and it was a major hurdle for screen reader users. With Firefox 88, this no longer happens.</p>
<p>This feature concludes our list of the 5 most exciting new features in Firefox 88. Update to Firefox 88 to take advantage of these features and enjoy safer internet browsing. For those of you who would like to take a hands-on experience with Firefox 88 without installing it on their system, you can use Browserling's <a href="https://www.browserling.com">cloud-browser infrastructure</a>. Just enter your target URL, select the OS and Browser version below and you'll get an interactive online browser in 5 seconds without installing anything!</p>2021-05-21 12:00:005656Harish Rajora5 Exciting New Features in Chrome 90<p>Recently, Google released <a href="/blog/5640-chrome-90-released">Chrome 90</a> and in this blog post, we'll be looking at what we think are the top 5 most exciting features in this new browser version.</p>
<p><img src="/images/blog/chrome-90/new-in-chrome-90.png" alt="Chrome 90 Features" /></p>
<h2>AV1 Encoder That is Specifically Optimized for Video Conferencing</h2>
<p>Video conferencing has never been more popular than today. Google knows this and they prioritized the work on an <a href="https://www.chromestatus.com/feature/6206321818861568">AV1 video encoder</a> that they just implemented and released in Chrome 90 (on the desktop browser version). The AV1 encoder uses WebRTC protocol to optimize video calls. The WebRTC protocol allows peer-to-peer connections between various web browsers quickly and easily. Once web services start using this codec, it will make online video quality better (even with slow data connections) and it will also use less data bandwidth.</p>
<h2>Chrome's Address Bar will Use HTTPS by Default</h2>
<p>The address bar in Chrome 90 now <a href="https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html">defaults to HTTPS</a> (port 443) instead of HTTP (port 80). This change improves website loading speed and increases privacy as the HTTPS protocol is encrypted. The majority of websites nowadays have switched to HTTPS and if a website does not support HTTPS, then Chrome 90 will automatically fall back to the HTTP protocol.</p>
<h2>Improved Copy and Paste</h2>
<p>Now in Chrome 90, you can copy and paste files from your file manager into a website just like you do in your desktop app. For example, to add an attachment in Gmail or any other file to a web application, you don't need to use other tools or the file selection dialog. You can just copy the file to the clipboard via CTRL+C and then hit CTRL+V to paste into the web application you have opened in Chrome.</p>
<h2>Windows Naming</h2>
<p>If you open a new window or a new tab in Chrome 90, then now it has a new window management feature that you can use for organization purposes. It adds the ability to give windows names. For example, if you have two copies of the same website open, then you can give them short names such as "W1" and "W2" that will let you identify the tabs by just glancing at them. If your browser experiences an unexpected crash, Chrome will also restore the names you have added.</p>
<p><img src="/images/blog/chrome-90/feature-name-window.png" alt="Chrome 90 Feature - Naming Windows" /></p>
<p>This feature can be found under the three-dot menu icon. Select "More tools" and then select the action "Name window". Or you can simply right-click the window title bar and also select the "Name window" action.</p>
<h2>Simpler Access to Gravity Sensor</h2>
<p>Chrome 90 makes it much easier for developers to access the data from the <a href="https://developer.mozilla.org/en-US/docs/Web/API/GravitySensor">gravity sensor</a>. Currently, developers manually collect data from the acceleration sensor and make calculations to find the gravity value and it's pretty cumbersome. The new gravity sensor API allows developers to get this data directly. The new gravity API will help developers to make motion-based apps, such as games, virtual reality simulators, and other apps more accurate. At the moment, the feature is in beta and to access it, you need to edit a configuration flag, and it will take a while until it becomes a stable feature.</p>
<p>Thanks for reading our blog post about the 5 most exciting Chrome 90 features. We also wrote a blog post <a href="/blog/5640-chrome-90-released">What's New in Chrome 90</a> that covers over a dozen other features in this new browser release, as well as security fixes and more developer updates.</p>2021-05-19 12:00:005655Peter KruminsFirefox 88 Released - What's new?<p>Mozilla just released Firefox 88 and we rushed to install it on our <a href="https://www.browserling.com">virtual browser cloud</a>. In this blog post, we'll summarize the new features and changes in this Firefox version so that you know what to expect when cross-browser testing your webapps in it.</p>
<p><img src="/images/blog/firefox-88/firefox-88-about-dialog.png" alt="Firefox 88 About Dialog" /></p>
<p><strong>Try Browserling on Firefox 88 now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="88"></div>
</div>
<h2>New in Firefox 88</h2>
<ul>
<li><strong>Enhanced privacy protection</strong> - To protect against cross-site privacy leaks, Firefox 88 now isolates <code>window.name</code> data to the website that created it.</li>
<li><strong>JavaScript support in PDF forms</strong> - Firefox 88 now executes JavaScript in PDF forms that's used for input validation and other interactive features.</li>
<li><strong>Smooth pinch-zooming in Linux</strong> - As Linux has evolved with new touchpad drivers, Firefox 88 now supports smooth pinch-zoom gesture on Linux.</li>
<li><strong>Margin units in Print Dialog are now localized</strong> - Depending on your location, margin units are now automatically selected in centimeters or inches.</li>
</ul>
<h2>Changes in Firefox 88</h2>
<ul>
<li><strong>Less nagging</strong> - Firefox 88 will not prompt for access to your microphone or camera if you've already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you're prompted to grant device access.</li>
<li><strong>Take a screenshot has been moved</strong> - The "Take a Screenshot" feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize.</li>
<li><strong>FTP is gone</strong> - FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol.</li>
</ul>
<h2>Developer's Corner</h2>
<p>The following section summarizes changes that affect web developer's work.</p>
<h3>Switch between raw/formatted JSON</h3>
<p>There's now a "Raw" switch in the developer tools that lets you switch between a raw JSON response and formatted JSON response. It can be found in the request/response tab:</p>
<p><img src="/images/blog/firefox-88/toggle-raw-formatted-json.png" alt="Switch between raw and formatted JSON" /></p>
<h3>CSS Changes</h3>
<ul>
<li>The default monospace font for MacOS has been changed to Menlo.</li>
<li>The <code>:user-valid</code> and <code>:user-invalid</code> pseudo-classes have been implemented.</li>
</ul>
<h3>JavaScript Changes</h3>
<ul>
<li>Added support for RegExp match indices.</li>
</ul>
<h3>Network Changes</h3>
<ul>
<li>FTP has been disabled on all releases (preference <code>network.ftp.enabled</code> now defaults to false).</li>
</ul>
<h3>Security Changes</h3>
<ul>
<li>The localhost URLs will refer to the loopback ip address (127.0.0.1), increasing the overall security of the connection.</li>
</ul>
<h3>DOM API Changes</h3>
<ul>
<li>Code can now use the new static method <code>AbortSignal.abort()</code> to return an <code>AbortSignal</code> that is already set as aborted.</li>
</ul>
<h3>Media Changes</h3>
<ul>
<li>If the number of tracks being recorded changes, an <code>InvalidModificationError</code> is thrown from the MediaRecorder.start().</li>
</ul>
<h3>Changes for add-on developers</h3>
<ul>
<li>Url can now be used to limit the properties for which the <code>tabs.onUpdated</code> event is triggered.</li>
</ul>
<h2>Changes in Firefox 88 for Android</h2>
<ul>
<li>Search engine suggestion feature makes it easier to search the web.</li>
<li>Fixed an issue where video playing in fullscreen or picture-in-picture mode would not display correctly on sites using a desktop viewport.</li>
</ul>
<h2>Unresolved Issues in Firefox 88</h2>
<ul>
<li>Some purchased video content may not play correctly due to a recent Widevine plugin update (this will be addressed in an upcoming bug fix release).</li>
</ul>
<h2>Security Fixes in Firefox 88</h2>
<ul>
<li>CVE-2021-23994: Out of bound write due to lazy initialization.</li>
<li>CVE-2021-23995: Use-after-free in Responsive Design Mode.</li>
<li>CVE-2021-23996: Content rendered outside of webpage viewport.</li>
<li>CVE-2021-23997: Use-after-free when freeing fonts from cache.</li>
<li>CVE-2021-23998: Secure Lock icon could have been spoofed.</li>
<li>CVE-2021-23999: Blob URLs may have been granted additional privileges.</li>
<li>CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab.</li>
<li>CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process.</li>
<li>CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL.</li>
<li>CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads.</li>
<li>CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View.</li>
<li>CVE-2021-29946: Port blocking could be bypassed.</li>
<li>CVE-2021-29947: Memory safety bugs fixed in Firefox 88.</li>
</ul>
<p>Learn more about <a href="https://www.browserling.com/firefox-testing">testing in Firefox</a> and have fun <a href="https://www.browserling.com">cross-browser testing</a> in Firefox 88!</p>2021-04-19 12:00:005650Peter KruminsChrome 90 Released - What's new?<p>Today, Google released the 90th version of its Chrome browser. We just installed it on our <a href="https://www.browserling.com">browser cloud</a> and you can already start testing in it. In this post, we'll summarize the latest features in this new browser version.</p>
<p><img src="/images/blog/chrome-90/chrome-90-about-dialog.png" alt="Chrome 90 Version" /></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="chrome" data-version="90"></div>
</div>
<h2>What's New in Chrome 90</h2>
<ul>
<li>A new value for the CSS overflow property.</li>
<li>The Feature Policy API has been renamed to Permissions Policy.</li>
<li>A new way to implement and use Shadow DOM directly in HTML.</li>
<li>Chrome's address bar now uses <code>https://</code> by default.</li>
<li>AV1 encoder that is specifically optimized for video conferencing with WebRTC integration.</li>
<li>Removal of Content Security Policy directive <code>plugin-types</code>.</li>
<li>Removal of WebRTC RTP data channels.</li>
<li>Return of empty for <code>navigator.plugins</code> and <code>navigator.mimeTypes</code>.</li>
<li>And as always, a number of tiny fixes and improvements.</li>
</ul>
<h2>Detailed Changes in Chrome 90</h2>
<ul>
<li><strong>AV1 Encoder</strong> - This feature ships an AV1 encoder in Chrome desktop, specifically optimized for video conferencing with WebRTC integration. AV1 encode is requested by a number of RTC applications, including Duo, Meet, and Webex. The primary benefits of AV1 are better compression, better quality on low bandwidth connections, efficient screen sharing compared to VP9 and other codecs.</li>
<li><strong>AbstractRange superclass</strong> - The bits shared between StaticRange and Range objects are put on a shared superclass named AbstractRange.</li>
<li><strong>Add support for CSS properties "overflow: clip" and "overflow-clip-margin"</strong> - Adds two CSS features. The 'clip' value results in a box's content being clipped to the box's overflow clip edge. In addition, no scrolling interface is provided, and the content can not be scrolled by the user or programmatically. The <code>overflow-clip-margin</code> property enables specifying how far outside the bounds an element is allowed to paint before being clipped.</li>
<li><strong>Block HTTP port 554</strong> - Connections to HTTP, HTTPS or FTP servers on port 554 will fail. This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.</li>
<li><strong>CSS aspect-ratio interpolation</strong> - The aspect-ratio property allows automatically computing the other dimension if only one of width and height is specified on any element. This property was originally launched as non-interpolable (meaning that it would snap to the target value) when animated.</li>
<li><strong>Clipboard: read-only files support</strong> - This proposes to expose read-only files on the clipboard to renderers using a similar approach to drag-and drop. Renderers will have access to read file paths from the clipboard, but not write paths to the clipboard. For file paths on the clipboard, renderers will have read-only access.</li>
<li><strong>Custom state pseudo class</strong> - The feature lets custom elements expose their states via the <code>:state()</code> CSS pseudo class.</li>
<li><strong>Declarative Shadow DOM</strong> - A declarative API to allow the creation of #shadowroot's using only HTML and no Javascript.</li>
<li><strong>Protect application/x-protobuffer via Cross-Origin-Read-Blocking</strong> - Protect <code>application/x-protobuffer</code> from speculative execution attacks by adding it to the list of never sniffed MIME types used by Cross-Origin-Read-Blocking. The <code>application/x-protobuf</code> is already protected as a never sniffed mime type and it's another commonly used MIME type that is defined as an "ALT_CONTENT_TYPE" by the protobuf library. </li>
<li><strong>Read Chrome device attributes</strong> - Device Attributes Web API is a subset of Device Web API, that provides to web applications the capability to query device information (device ID, serial number, location, etc).</li>
<li><strong>Remove Content Security Policy directive 'plugin-types'</strong> - The directive 'plugin-types' allows developer to restrict which types of plugin can be loaded via <embed> or <object> html elements. The main point was to allow developer to block Flash in their pages. But Flash support has been discontinued, so there is not much point in this anymore.</li>
<li><strong>Remove WebRTC RTP data channels</strong> - Removes support for the non-standard RTP data channels in WebRTC. Users should use the standard SCTP-based data channels instead.</li>
<li><strong>Remove clamping of setTimeout(fn, 0)</strong> - Calls to <code>setTimeout(fn, 0)</code> were previously clamped to a 1 ms timeout, instead of resulting in a callback as soon as possible.</li>
<li><strong>Seeking past the end of a file in the File System Access API</strong> - Rather than rejecting when trying to write past the end of a file, require extending a file with some number of 0x00 (NUL) bytes instead. This enables creating sparse files and greatly simplifies saving content to a file when the data to be written is received out of order.</li>
<li><strong>StaticRange constructor</strong> - Currently, Range is the only constructible range type available to web authors. However, Range objects are "live" and maintaining them can be expensive. For every tree change, all affected Range objects need to be updated. StaticRange objects are not live and represent a lightweight range type that is not subject to the same maintenance cost as Range. By making StaticRange constructible, we will allow web authors to use them for ranges that do not need to be updated on every DOM tree change.</li>
<li><strong>Support specifying width/height on <source< elements for <picture<</strong> - This feature allows specifying a width and height on <source> elements that are used in <picture>, which allows the image to compute an aspect ratio from these attributes.</li>
<li><strong>New restrictions for file URLs</strong> - Aligns behavior with the standard in edge cases when changing the URL protocol to or from "file". Previously, attempting to change the protocol of a URL with credentials or a port to "file" would lead to an invalid URL. Similarly, attempting to change a URL with no host from "file" to "http" would lead to an invalid URL. Now the invalid change will be ignored for consistency with other browsers. This affects the "protocol" attribute on the URL API, location, and <a> and <area> elements.</li>
<li><strong>Use focus-visible in the default UA style sheet</strong> - Change the Chromium default UA style sheet to use <code>:focus-visible</code> instead of <code>:focus</code> pseudo-class to paint the focus indicator (outline). This will avoid that elements show a focus indicator (because they're focused and match <code>:focus</code>) while they don't match <code>:focus-visible</code>.</li>
<li><strong>WebAssembly Exception Handling</strong> - This feature is adding exception support to WebAssembly. Exception handling allows code to break control flow when an exception is thrown. The exception can be any exception known by the WebAssembly module, or it may be an unknown exception that was thrown by a called imported function.</li>
<li><strong>OscillatorOptions.periodicWave in WebAudio is not nullable</strong> - It is no longer possible to set the periodicWave member of OscillatorOptions to null. The WebAudio spec doesn't allow this, so we're aligning Chrome with the spec and also Firefox, which has implemented this correctly for 4 years.</li>
<li><strong>WebXR AR Lighting Estimation</strong> - Allows sites to query for estimates of the environmental lighting conditions within WebXr sessions. This exposes both spherical harmonics representing the ambient lighting, as well as a cubemap texture representing "reflections". Adding Lighting Estimation can help to make your models feel more natural and like they "fit" better with the user's environment. This can make them feel more "real" or "natural".</li>
<li><strong>WebXR Depth API</strong> - The Depth API is an extension to WebXR Device API that allows applications access to depth buffer information that conveys information about the user's environment, with primary focus on Augmented Reality scenarios. By leveraging the depth API, web applications could offer more immersive AR experiences to their users.</li>
</ul>
<h2>Security Fixes in Chrome 90 Release</h2>
<ul>
<li>High CVE-2021-21201: Use after free in permissions (reported by Gengming Liu and Jianyu Chen).</li>
<li>High CVE-2021-21202: Use after free in extensions (reported by David Erceg).</li>
<li>High CVE-2021-21203, 21204: Use after free in Blink (reported by Asnine, Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander).</li>
<li>High CVE-2021-21205: Insufficient policy enforcement in navigation (reported by Alison Huffman).</li>
<li>High CVE-2021-21221: Insufficient validation of untrusted input in Mojo (reported by Guang Gong of Alpha Lab).</li>
<li>Medium CVE-2021-21207: Use after free in IndexedDB (reported by Koocola and Nan Wang).</li>
<li>Medium CVE-2021-21208: Insufficient data validation in QR scanner (reported by Ahmed Elsobky).</li>
<li>Medium CVE-2021-21209: Inappropriate implementation in storage (reported by Tom Van Goethem).</li>
<li>Medium CVE-2021-21210: Inappropriate implementation in Network (reported by Bananabr).</li>
<li>Medium CVE-2021-21211: Inappropriate implementation in Navigation (reported by Akash Labade).</li>
<li>Medium CVE-2021-21212: Incorrect security UI in Network Config UI (reported by Hugo Hue and Sze Yiu Chau).</li>
<li>Medium CVE-2021-21213: Use after free in WebMIDI (reported by Raven).</li>
<li>Medium CVE-2021-21214: Use after free in Network API (reported by Anonymous).</li>
<li>Medium CVE-2021-21215, 21216: Inappropriate implementation in Autofill (reported by Abdulrahman Alqabandi).</li>
<li>Low CVE-2021-21217, 21218, 21219: Uninitialized Use in PDFium (reported by Zhou Aiting).</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Chrome 90!</p>2021-04-14 12:00:005640Peter KruminsOpera 75 Released - What's new?<p>Yesterday, Opera version 75 was released. As always, we downloaded this version and installed it in our <a href="https://www.browserling.com">browser testing cloud</a>. Opera 75 is based on <a href="/blog/5620-chrome-89-released">Chromium 89</a> and in this article, we'll summarize the most important changes in this Opera version.</p>
<p><img src="/images/blog/opera-75/opera-75-about-dialog.png" alt="Opera 75 About Dialog" /></p>
<p><strong>Try Browserling's Opera 75 now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="opera" data-version="75"></div>
</div>
<h2>What's new in Opera 75?</h2>
<h3>Custom Keyboard Shortcuts</h3>
<p>You can now set your own keyboard shortcuts for features like Flow, Crypto Wallet, and Player. The Flow connects your browser (running on your desktop computer) with Opera on iOS and Android. With this feature, you can send notes, notes, images, links, and files between your devices with a single click. The Crypto Wallet Crypto lets you make payments directly from your browser to merchants, other users, and apps. The Player feature is the gateway to all your favorites on music and podcasts from the most popular services, such as Apple Music, Spotify, and YouTube Music.</p>
<p><img src="/images/blog/opera-75/opera-75-keyboard-shortcuts.png" alt="Opera 75 Keyboard Shortcuts" /></p>
<h3>Two Times Faster</h3>
<p>Opera 75 runs 2 times faster compared to the previous version of the browser. This means faster access to your favorite websites, and quicker transition to Opera's built-in features like WhatsApp, Telegram, Twitter, and Instagram - all neatly packed in the sidebar.</p>
<h3>Support for Apple M1 Processors</h3>
<p>Opera 75 now natively supports the newest line of Apple M1 processors. With the transition from Intel to Apple Silicon chips, Apple can gain more control over the performance of Mac hardware and software that runs on macOS.</p>
<h2>Other Changes in Opera 75</h2>
<ul>
<li>The Search Tabs preview window is now updated when the tab from another window is closed.</li>
<li>IPFS is now enabled for all channels.</li>
<li>Better condition to determine if registration is completed in LastCard.</li>
<li>Added dark mini player.</li>
<li>Make <code>#cashback</code> flag visible.</li>
<li>Merge <code>ThemedLabelButton</code> with <code>RoundedLabelButton</code>.</li>
<li>Use the <code>default</code> cursor on non-active elements.</li>
<li>Replace "Don't show again" text with "Discard".</li>
<li>Add "x" button for address bar suggestions.</li>
<li>The <code>-incognito</code> command line parameter is now working again.</li>
<li>Fix visually misaligned position of labels in Search Tabs.</li>
<li>Disable hints on systems with no transparency.</li>
<li>Enable <code>KeyboardLockInteractiveBrowserTest</code> tests.</li>
<li>Add borders to feedback dialog.</li>
<li>Whatsapp in the sidebar works again after clicking a notification.</li>
<li>Instagram and Twitter are treated as messengers.</li>
<li>Add emoji button when adding or editing workspaces.</li>
<li>Improve the quality of smart files and pictures.</li>
<li>Once a user sets the location, do not update it again.</li>
<li>The top right-hand corner of an overlay is now rounded.</li>
<li>Fix translations from English to Spanish.</li>
</ul>
<p>Happy <a href="https://www.browserling.com">cross-browser testing</a> in this new release!</p>2021-03-25 12:00:005635Peter KruminsFirefox 87 Released - What's new?<p>Hooray! Today is the Firefox release day. The new version Firefox 87 is getting released right now and we already grabbed it from Mozilla's FTP servers and installed it in our <a href="https://www.browserling.com">online browser cloud</a>. It's ready for you to start testing!</p>
<p><img src="/images/blog/firefox-87/firefox-87-about-dialog.png" alt="Firefox 87 About Dialog" /></p>
<p><strong>Try Browserling on Firefox 87 now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="87"></div>
</div>
<h2>New in Firefox 87</h2>
<ul>
<li><strong>Improved SmartBlock</strong> - You'll encounter less breakage in Private Browsing Mode with the Strict Enhanced Tracking Protection turned on in SmartBlock, which provides stand-in scripts so that websites load properly.</li>
<li><strong>Trimmed HTTP Referrer</strong> - To further protect your privacy, Firefox 87's new default HTTP Referrer policy will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.</li>
<li><strong>Highlight All in Find</strong> - The "Highlight All" feature on the "Find in Page" now displays tick marks alongside your scrollbar that correspond to the location of matches found on that page.</li>
<li><strong>Screen Reader on MacOS</strong> - Firefox 87 now has full support for macOS built-in screen reader called VoiceOver.</li>
<li><strong>Silesian Locale</strong> - Firefox 87 adds the new Silesian (szl) language locale.</li>
</ul>
<h2>Changes in Firefox 87</h2>
<ul>
<li>To prevent user data loss when filling out forms, Firefox 87 disables the Backspace key as a navigation shortcut for the back navigation button. To re-enable the Backspace keyboard shortcut, you can change the <code>about:config</code> preference <code>browser.backspace_action</code> to <code>0</code>. You can also use the recommended Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.</li>
<li>Firefox 87 removes items from the Library menu that aren't used often or have other access points in the browser: Synced tabs, Recent highlights, and Pocket list.</li>
<li>Firefox 87 simplifies the Help menu by reducing redundant items, such as those that point to Firefox support pages that can also be accessed via the Get Help item.</li>
<li>The "View Image Info" menu label in the image context menu has been removed.</li>
</ul>
<h2>Accessibility Fixes in Firefox 87</h2>
<ul>
<li>Video controls now have visible focus styling and video and audio controls are now keyboard navigable.</li>
<li>HTML <meter> is now spoken by screen readers.</li>
<li>Firefox now sets a useful initial focus in Add-ons Manager.</li>
<li>Firefox will now fire a name/description change event when aria-labelledby/describedby content changes.</li>
</ul>
<h2>Developer's Corner</h2>
<p>Firefox 87 brings many changes and improvements to web developers:</p>
<ul>
<li>Firefox 87 greatly simplifies the Web Developer menu. You can now quickly go to Application Menu followed by Web Developer followed by Web Developer Tools to access Inspector, Web Console, Debugger, Network Style Error, Performance, Storage Inspector, Accessibility, and Application.</li>
<li>The Page Inspector can now be used to simulate <code>prefers-color-scheme</code> media queries, without having to change the operating system to light or dark mode.</li>
<li>The Page Inspector to toggle the <code>:target</code> pseudo-class for the currently selected element in addition to the pseudo-classes that were previously supported: <code>:hover</code>, <code>:active</code> and <code>:focus</code>, <code>:focus-within</code>, <code>:focus-visible</code>, and <code>:visited</code>.</li>
<li>More Page Inspector improvements and bug fixes related to inactive CSS rules: the table-layout property is now marked as inactive for non-table elements, the scroll-padding properties (shorthand and longhand) are now marked as inactive for non-scrollable elements, the text-overflow property was previously incorrectly marked as inactive for some overflow values.</li>
</ul>
<h3>CSS Changes</h3>
<ul>
<li>The <link> element is no longer matched by :link, :visited, or :any-link. This aligns the behavior in Firefox to existing behavior in Chrome.</li>
</ul>
<h3>Network/HTTP Changes</h3>
<ul>
<li>Content-Length HTTP header has been added to the list of CORS safe-listed response headers.</li>
</ul>
<h3>DOM API Changes</h3>
<ul>
<li>The beforeinput event and getTargetRanges() method are now enabled by default. </li>
</ul>
<h3>Changes for add-on developers</h3>
<ul>
<li>Permission "nativeMessaging" is now optional.</li>
</ul>
<h2>Changes in Firefox 87 for Android</h2>
<ul>
<li>The new default HTTP Referrer policy will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.</li>
<li>Sharing an image now shares the image itself instead of its URL.</li>
<li>Sites that have only been visited once are no longer automatically added as Top Sites on the home screen.</li>
<li>WebRender is rolling out to more devices, with the following mobile GPUs now supported: Adreno 505, Adreno 506, and Mali-T.</li>
</ul>
<h2>Security Fixes in Firefox 87</h2>
<ul>
<li>CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bounds read.</li>
<li>CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage.</li>
<li>CVE-2021-23983: Transitions for invalid <code>::marker</code> properties resulted in memory corruption.</li>
<li>CVE-2021-23984: Malicious extensions could have spoofed popup information.</li>
<li>CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user.</li>
<li>CVE-2021-23986: A malicious extension could have performed credential-less same-origin policy violations.</li>
<li>CVE-2021-23987, 23988: Memory safety bugs fixed in Firefox 87.</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Firefox 87!</p>2021-03-23 12:00:005630Peter KruminsChrome 89 Released - What's new?<p>Excellent news - Chrome 89 was released today by Google. Once we read the news, we rushed to install it to our <a href="https://www.browserling.com">virtual browser platform</a>. You can start testing your applications in the new version starting now.</p>
<p><img src="/images/blog/chrome-89/chrome-89-about-dialog.png" alt="Chrome 89 Version" /></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="chrome" data-version="89"></div>
</div>
<h2>What's New in Chrome 89</h2>
<ul>
<li>WebHID, WebNFC, and Web Serial are now available.</li>
<li>Closed a loophole a few developers used to skirt the PWA installability checks.</li>
<li>The arrival of Web Share and Web Share Target.</li>
<li>Chrome now allows top level await within JavaScript modules.</li>
<li>Updated icon shown in the omnibox for installable PWAs.</li>
<li>Allowed users to sign up for the Digital Goods API origin trial if they have used a Trusted Web Activity to make their PWA available in the Play Store for Chrome OS.</li>
<li>Removal of legacy prefixed events (webkitprerenderstart, webkitprerenderstop, webkitprerenderload, and webkitprerenderdomcontentloaded) dispatched on <link rel=prerender>.</li>
<li>Stopped cloning sessionStorage for windows opened with noopener number.</li>
<li>Dropped support for older x86 processors that don't support SSE3.</li>
</ul>
<h2>Detailed Changes in Chrome 89</h2>
<ul>
<li><strong>SameParty cookie attribute</strong> - Allows sites to indicate which cookies are allowed to be set or sent in contexts where all ancestor frames belong to the same First-Party Set.</li>
<li><strong>CSS keywords 'disclosure-open' and 'disclosure-closed'</strong> - CSS property 'list-style-type' supports two new keywords 'disclosure-open' and 'disclosure-closed'. In an element with <code>display:list-item</code>, the <code>disclosure-open</code> keyword shows a symbol indicating a widget like <details> is opened. The <code>disclosure-closed</code> keyword shows a symbol indicating a widget like <details> is closed.</li>
<li><strong>Use 'display: list-item' for <summary> by default</strong> - The default value of CSS <code>display</code> property for <summary> is changed to <code>list-item</code> from <code>block</code>.</li>
<li><strong>Encode CBR audio files with <code>MediaRecorder</code></strong> - Adds support for hard constant bitrate (CBR) mode of the Opus encoder when CBR mode is used for MediaRecorder. Without this change it is impossible to encode compressed constant bitrate audio files with the MediaRecorder.</li>
<li><strong>Always fallback to network in AppCache controlled pages</strong> - All AppCache manifests are treated as if they contain "*" in their network section. This effectively means that we will always fallback to the network if a resource is not otherwise specified in the AppCache manifest.</li>
<li><strong>CSS ::target-text pseudo-element</strong> - Added a highlight pseudo-element to allow authors to style scroll-to-text fragments different from the default UA highlighting.</li>
<li><strong>CSS flow-relative corner rounding properties</strong> - Added support for the flow-relative corner-rounding properties following CSS logical properties and values spec. The following logical properties are now included: border-start-start-radius, border-start-end-radius, border-end-start-radius, and border-end-end-radius.</li>
<li><strong>Cross-origin opener policy reporting API</strong> - Adds a reporting API to help developers deploy cross-origin opener policy.</li>
<li><strong>Element Reflection</strong> - This feature allows for ARIA relationship attributes to be reflected in IDL as element references rather than DOMStrings.</li>
<li><strong>Expose ReadableStreamDefaultController interface</strong> - The Streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. Chrome now exposes the ReadableStreamDefaultController interface on the global object, as with the other ReadableStream-related classes. This will align Blink with the current version of the Streams API Standard and consensus among the developer community.</li>
<li><strong>Federated Learning of Cohorts</strong> - The FLoC API would enable ad-targeting based on the user's general browsing interest, without the websites knowing their exact browsing history. In today's web, people's interests are typically inferred based on observing what sites or pages they visit, which relies on tracking techniques like third-party cookies. User privacy could be better protected if this can be accomplished without needing to collect a particular individual's exact browsing history.</li>
<li><strong>First-party sets</strong> - Introduces a mechanism by which a set of registrable domains (a "First-Party Set") can declare themselves to be the same "party" or entity, such as web properties owned by the same company, or domains with different ccTLDs used by the same website. A First-Party Set applies to all HTTPS origins with a registrable domain that is the owner or a member element of the set. This proposal is for a simplified initial prototype.</li>
<li><strong>Forced colors mode</strong> - Adds the 'forced-colors' media feature, which is used to detect if the user agent has enabled a forced colors mode where it enforces a user-chosen limited color palette on the page. Adds the 'forced-color-adjust' property, which allows authors to opt particular elements out of forced colors mode, restoring full control over the colors to CSS.</li>
<li><strong>Import maps</strong> - Import maps allows control over what URLs get fetched by JavaScript import statements and import() expressions.</li>
<li><strong>Network State Partitioning</strong> - Partition network state by the network partition key (which consists of top frame site and possibly frame site), to protect against cross-site tracking through the use of side channels. "Network State" here includes connections (H1, H2, H3, websocket), the DNS cache, ALPN/H2 support data, TLS/H3 resumption information, Reporting/NEL configuration and uploads, and Expect-CT information.</li>
<li><strong>Remove prefixed events for <link rel=prerender></strong> - Remove legacy prefixed events (webkitprerenderstart, webkitprerenderstop, webkitprerenderload, and webkitprerenderdomcontentloaded) dispatched on <link rel=prerender>.</li>
<li><strong>Schemeful same-site</strong> - Modifies the definition of same-site for cookies such that requests on the same registrable domain but across schemes are considered cross-site instead of same-site. For example, <code>http://site.example</code> and <code>https://site.example</code> will now be considered cross-site to each other.</li>
<li><strong>Sec-CH-UA Client Hints</strong> - The set of <code>Sec-CH-UA-*</code> client hints aims to deprecate and replace the User-Agent header in order to reduce the passive fingerprinting surface we expose via HTTP requests.</li>
<li><strong>Stop cloning sessionStorage for windows opened with noopener</strong> - When a window is opened with noopener, Chrome should not clone the sessionStorage of its opener; it should instead start from an empty sessionStorage namespace.</li>
<li><strong>Streams API: Byte Streams</strong> - The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. For streams representing bytes, an extended version of the readable stream is provided to handle bytes efficiently, in particular by minimizing copies.</li>
<li><strong>Support for full 'filter' property syntax on SVG elements</strong> - Allows the full syntax of the 'filter' property to be used on SVG elements which previously only supported single <code>url(...)</code> references. This allows filter functions such as <code>blur(...)</code>, <code>sepia(...)</code>, and <code>grayscale(...)</code> to apply to SVG elements as well as non-SVG elements. It makes the platform support for 'filter' more uniform and allows for easier application of some "canned" effects.</li>
<li><strong>Top-level await</strong> - Allow the <code>await</code> keyword at the top-level within JavaScript modules.</li>
<li><strong>Web NFC</strong> - Web NFC aims to provide sites the ability to read and write to NFC tags when they are brought in close proximity to the user's device (usually 5-10 cm, 2-4 inches). The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported within the current scope.</li>
<li><strong>Web Serial API</strong> - The Serial API provides an interface for connecting to serial devices, either through a serial port on the user's system or removable USB and Bluetooth devices that emulate a serial port. This API has been requested by the hardware developer community, especially developers building educational tools, as a companion to the WebUSB API because operating systems require applications to communicate with USB-based serial ports using their higher-level serial API rather than the low-level USB API.</li>
<li><strong>Web Share API</strong> - Web Share is an API for sharing data (text, URLs, images) from the web to an app of the user's choosing.</li>
<li><strong>Web Share API Level 2</strong> - Web Share API Level 2 allows sharing of files from the web to an app of the user's choosing. The API enables web developers to build share buttons that display the same system share dialog boxes used by native applications. Level 1 enabled system share dialogs; however only text and urls could previously be shared.</li>
<li><strong>Web Share Target</strong> - Web Share Target allows websites to receive shared data (text, URLs, images) and register to be choosable by the user as targets from sharing contexts, including (but not limited to) Web Share.</li>
<li><strong>Web Share Target Level 2</strong> - Installed web applications can now receive file shares, e.g. images. Using the manifest, the web application can declare which MIME types and/or file extensions it accepts.</li>
<li><strong>WebAuthentication API: ResidentKeyRequirement and credProps extension</strong> - Adds support for the AuthenticatorSelectionCriteria.residentKey property to specify during Web Authentication API (WebAuthn) credential registration whether a client-side discoverable credential should be created. Also adds support for the WebAuthn "credProps" extension, which indicates to the Relying Party whether a created credential is client-side discoverable.</li>
<li><strong>WebHID (Human Interface Device)</strong> - Enables web applications to interact with human interface devices (HIDs) other than the standard supported devices (mice, keyboards, touchscreens, and gamepads). However, there are many other HID devices that are currently inaccessible to the web. This API allows web applications to request access to these devices, send and receive HID reports, and retrieve information about the report descriptor.</li>
<li><strong>Value navigator.webdriver is false when automation is not enabled.</strong> - Prior to this change, Chromium only exposed <code>navigator.webdriver</code> when the browser was being automated. However, other browsers expose it unconditionally per the spec, with the value <code>false</code> in case the browser is not being automated.</li>
<li><strong>New web manifest field 'display_override'</strong> - Adds a new advanced field to the web manifest, "display_override", where a developer with special requirements can specify an explicit display fallback chain they would like applied.</li>
<li><strong>Add performance.measureUserAgentSpecificMemory()</strong> - The feature adds a performance.measureUserAgentSpecificMemory() function that estimates the memory usage of the web page. The website needs to be cross-origin isolated to use the API.</li>
</ul>
<h2>Security Fixes in Chrome 89 Release</h2>
<ul>
<li>High CVE-2021-21159: Heap buffer overflow in TabStrip (reported by Khalil Zhani).</li>
<li>High CVE-2021-21160: Heap buffer overflow in WebAudio (reported by Marcin 'Icewall' Noga).</li>
<li>High CVE-2021-21161: Heap buffer overflow in TabStrip (reported by Khalil Zhani).</li>
<li>High CVE-2021-21162: Use after free in WebRTC (reported by Anonymous).</li>
<li>High CVE-2021-21163: Insufficient data validation in Reader Mode (reported by Alison Huffman).</li>
<li>High CVE-2021-21164: Insufficient data validation in Chrome for iOS (reported by Muneaki Nishimura).</li>
<li>High CVE-2021-21165, 21166: Object lifecycle issue in audio (reported by Alison Huffman).</li>
<li>Medium CVE-2021-21167: Use after free in bookmarks (reported by Leecraso and Guang Gong).</li>
<li>Medium CVE-2021-21168: Insufficient policy enforcement in appcache (reported by Luan Herrera).</li>
<li>Medium CVE-2021-21169: Out of bounds memory access in V8 (reported by Bohan Liu and Moon Liang).</li>
<li>Medium CVE-2021-21170: Incorrect security UI in Loader (reported by David Erceg).</li>
<li>Medium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation (reported by Irvan Kurniawan).</li>
<li>Medium CVE-2021-21172: Insufficient policy enforcement in File System API (reported by Maciej Pulikowski).</li>
<li>Medium CVE-2021-21173: Side-channel information leakage in Network Internals (reported by Tom Van Goethem).</li>
<li>Medium CVE-2021-21174: Inappropriate implementation in Referrer (reported by Ashish Gautam Kamble).</li>
<li>Medium CVE-2021-21175: Inappropriate implementation in Site isolation (reported by Jun Kokatsu).</li>
<li>Medium CVE-2021-21176: Inappropriate implementation in full screen mode (reported by Luan Herrera).</li>
<li>Medium CVE-2021-21177: Insufficient policy enforcement in Autofill (reported by Abdulrahman Alqabandi).</li>
<li>Medium CVE-2021-21178: Inappropriate implementation in Compositing (reported by Japong).</li>
<li>Medium CVE-2021-21179: Use after free in Network Internals (reported by Anonymous).</li>
<li>Medium CVE-2021-21180: Use after free in tab search (reported by Abdulrahman Alqabandi).</li>
<li>Medium CVE-2020-27844: Heap buffer overflow in OpenJPEG (reported by Sean Campbell).</li>
<li>Medium CVE-2021-21181: Side-channel information leakage in autofill (reported by Xu Lin, Panagiotis Ilia, and Jason Polakis).</li>
<li>Low CVE-2021-21182: Insufficient policy enforcement in navigations (reported by Luan Herrera).</li>
<li>Low CVE-2021-21183, 21184: Inappropriate implementation in performance APIs (reported by Takashi Yoneuchi and James Hartig).</li>
<li>Low CVE-2021-21185: Insufficient policy enforcement in extensions (reported by David Erceg).</li>
<li>Low CVE-2021-21186: Insufficient policy enforcement in QR scanning (reported by Dhirajkumarnifty).</li>
<li>Low CVE-2021-21187: Insufficient data validation in URL formatting (reported by Kirtikumar Anandrao Ramchandani).</li>
<li>Low CVE-2021-21188: Use after free in Blink (reported by Woojin Oh).</li>
<li>Low CVE-2021-21189: Insufficient policy enforcement in payments (reported by Khalil Zhani).</li>
<li>Low CVE-2021-21190: Uninitialized Use in PDFium (reported by Zhou Aiting).</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Chrome 89!</p>2021-03-02 12:00:005620Peter KruminsFirefox 86 Released - What's new?<p>Today, Firefox released a new version of the Firefox browser. It's Firefox 86 and we already deployed it on our <a href="https://www.browserling.com">cross-browser testing platform</a>. You can already start testing your applications and websites in it. Here's what's new in Firefox 86.</p>
<p><img src="/images/blog/firefox-86/firefox-86-about-dialog.png" alt="Firefox 86 About Dialog" /></p>
<p><strong>Try Browserling on Firefox 86 now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="86"></div>
</div>
<h2>New in Firefox 86</h2>
<ul>
<li><strong>New Print Dialog</strong> - Firefox 86 adds a cleaner and improved Print dialog that integrates with your computer's printer settings.</li>
<li><strong>Stricter Cookie Protection</strong> - Firefox 86 adds Total Cookie Protection (TCP) in Strict Mode. In TCP, every website gets its own "cookie jar" that prevents sites from using cookies to track you.</li>
<li><strong>Multiple Picture-in-Picture Videos</strong> - Firefox 86 now supports simultaneously watching multiple videos in Picture-in-Picture mode.</li>
<li><strong>Credit Card Auto-fill</strong> - Firefox 86 users in Canada can now save credit card information and auto-fill payment forms.</li>
</ul>
<p>Here's how the new print dialog looks like:</p>
<p><img src="/images/blog/firefox-86/firefox-86-print-dialog.png" alt="Firefox 86 Print Dialog" /></p>
<h2>Changes in Firefox 86</h2>
<ul>
<li>Notable performance and stability improvements are achieved by moving canvas drawing and WebGL drawing to the GPU process.</li>
<li>The protection to mitigate the stack clash attack has been activated (Linux).</li>
<li>Removal of DTLS 1.0 support for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.</li>
<li>Consolidated all video decoding in the new RDD process which results in a more secure Firefox.</li>
<li>CSS <code>image-set()</code> function in CSS is now enabled, allowing for responsive images in CSS.</li>
</ul>
<h2>Fixes in Firefox 86</h2>
<ul>
<li>Reader mode now works with local HTML pages.</li>
<li>Using screen reader quick navigation to move to editable text controls no longer incorrectly reaches non-editable cells in some grids.</li>
<li>The Orca screen reader's mouse review feature now works correctly after switching tabs in Firefox.</li>
<li>Screen readers no longer report column headers incorrectly in tables containing cells spanning multiple columns.</li>
<li>Links in the reader view now have more color contrast.</li>
</ul>
<h2>Developer's Corner</h2>
<p>Firefox 86 has the following changes that are relevant to web developers:</p>
<h3>Developer Tools</h3>
<ul>
<li>The <code>cd()</code> web console helper function, which was deprecated in Firefox 74, has now been removed.</li>
<li>Inactive CSS tool is now showing a warning when margin or padding is set on internal table elements.</li>
<li>Developer tools toolbox is now showing the number of errors on the current page. This is a quick way to surface information to a developer that something is wrong with their page. Clicking on the red exclamation icon navigates the user to the Console panel.</li>
</ul>
<h3>SVG Changes</h3>
<ul>
<li>SVG filters can now use the <feComposite> element with the <code>lighter</code> operator.</li>
</ul>
<h3>CSS Changes</h3>
<ul>
<li>The <code>:autofill</code> pseudo-class is now enabled, with <code>-webkit-autofill</code> as an alias.</li>
<li>The <code>list-style-image</code> property now accepts any valid <image>.</li>
</ul>
<h3>JavaScript Changes</h3>
<ul>
<li>The <code>Intl.DisplayNames</code> built-in object has been enabled by default.</li>
</ul>
<h3>DOM API Changes</h3>
<ul>
<li>The <code>window.name</code> is now reset to an empty string if a tab loads a page from a different domain, and restored if the original page is reloaded.</li>
<li>The <code>EventTarget.addEventListener()</code> function now supports the signal option.</li>
</ul>
<h3>WebDriver Changes</h3>
<ul>
<li>Updated <code>WebDriver:ElementClick</code> to synthesize a <code>mousemove</code> event before the actual click event.</li>
</ul>
<h3>Changes for add-on developers</h3>
<ul>
<li>Host permissions now grant access to privileged parts of the tabs API.</li>
<li>The option <code>focused: false</code> is now ignored when set in a <code>windows.create()</code> call.</li>
</ul>
<h2>Changes in Firefox 86 for Android</h2>
<ul>
<li>Introduction of Total Cookie Protection in Strict Mode.</li>
<li>The protection to mitigate the stack clash attack has been activated.</li>
</ul>
<h2>Security Fixes in Firefox 86</h2>
<ul>
<li>CVE-2021-23968, 23969: Content Security Policy violation report could have contained the destination of a redirect.</li>
<li>CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains.</li>
<li>CVE-2021-23974: Noscript elements could have led to an HTML Sanitizer bypass.</li>
<li>CVE-2021-23971: A website's Referrer-Policy could have been been overridden, potentially resulting in the full URL being sent as a Referrer.</li>
<li>CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android.</li>
<li>CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories.</li>
<li>CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached.</li>
<li>CVE-2021-23975: About:memory Measure function caused an incorrect pointer operation.</li>
<li>CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources.</li>
<li>CVE-2021-23978, 23979: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Firefox 86!</p>2021-02-23 12:00:005600Peter KruminsOpera 74 Released - What's new?<p>Great news! A new version of Opera has been released today. It's Opera 74 and as always, we'll be taking a look at all the new features and changes. The new Opera version is based on <a href="/5550-chrome-88-released">Chrome 88</a> and we have uploaded this version to our <a href="https://www.browserling.com">virtual browser platform</a> so that you can already test your apps and websites in this new version.</p>
<p><img src="/images/blog/opera-74/opera-74-about-dialog.png" alt="Opera 74 About Dialog" /></p>
<p><strong>Try Browserling's Opera 74 now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="opera" data-version="74"></div>
</div>
<h2>Summary of Opera 74 Changes</h2>
<p>There are 5 key changes in Opera 74:</p>
<ul>
<li>Added Tab Snoozing to save your computer's memory and CPU power.</li>
<li>You can now access more files via the Easy Files feature.</li>
<li>Search Tabs are now more organized: open tabs are shown on top and recently closed tabs at the bottom.</li>
<li>Dify integration has been added.</li>
<li>Support for website-aware virtual cards has been added.</li>
</ul>
<p>Let's take a look at these changes in-depth.</p>
<h3>New Feature: Tab Snoozing</h3>
<p>A new feature that saves the computer's memory called "Tab Snoozing" has been added to Opera 74 and it's enabled by default. This feature pauses tabs that you aren't actively using and that will save your computer's processor and memory. Each tab will become active again when you return to it. This feature can be turned off by going into Settings - User Interface.</p>
<h3>More Files via Easy Files</h3>
<p>The Easy Files feature lets you access files without searching through folders. When attaching a file to an email or uploading it anywhere online, the Easy Files popup will display your most recently downloaded files. The visual display of files makes it quick and easy to see and select exactly what you want. Previously, Easy Files would show the three most recent files but with this update, you can now see all of your downloaded files. You can use the file scroll button to cycle through them to find the right file. Additionally, as Easy Files is a new feature, Opera has added a feedback popup that you can use to report Easy Files bugs or UI issues.</p>
<h3>Search Tabs are More Organized</h3>
<p>Search Tabs is a menu that shows a list of your currently open and recently closed windows. It works like a fuzzy finder and helps you quickly find a specific tab by typing a couple of letters or keywords. If you click the magnifying glass icon in the top right (or press Ctrl+Space), then you can type a couple of letters or a keyword to locate a tab. The list updates and narrows down your options as you type. The new update to Search Tabs puts the open tabs on the top of the list and recently closed tabs at the bottom of the list.</p>
<h2>Other Fixed and Changes in Opera 74</h2>
<ul>
<li>Title was missing in the Extensions toolbar menu.</li>
<li>Fix an invalid memory dereference in <code>PlayerServiceBrowsertest</code>.</li>
<li>Add rich hint support for the cashback badge and popup.</li>
<li>Show more than only 3 recently closed tabs search mode.</li>
<li>Fix the about dialog not showing the version and the "Relaunch" button.</li>
<li>Opera packages are now universal.</li>
<li>Fix a bad translation in the Spanish UI.</li>
<li>Add a separator below BABE (Better Address Bar Experience) column titles.</li>
<li>Blank pages now work in macOS Big Sur.</li>
<li>Fix music player continuing to play after disabling player in the sidebar.</li>
<li>Remove <code>NativeProgressBar</code>.</li>
<li>Enable support for Google Endpoint Verification.</li>
<li>Fix a font size consistency issue in the VPN popup.</li>
<li>Add the new Facebook Messenger icon in the sidebar.</li>
</ul>
<p>Happy <a href="https://www.browserling.com">cross-browser testing</a> in this new release!</p>2021-02-02 12:00:005590Peter KruminsFirefox 85 Released - What's new?<p>Firefox is catching up with Chrome! Last week, <a href="5550-chrome-88-released">Chrome 88</a> was released and today Firefox 85 was released. Firefox is now just 3 versions away from catching Chrome. In this blog post, we'll take a look at the new Firefox features. We have also installed the new Firefox 85 version to our <a href="https://www.browserling.com">cross-browser testing cloud</a> and you can already test your apps in Firefox 85.</p>
<p><img src="/images/blog/firefox-85/firefox-85-about-dialog.png" alt="Firefox 85 About Dialog" /></p>
<p><strong>Try Browserling on Firefox 85 now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="85"></div>
</div>
<h2>Summary: New in Firefox 85</h2>
<ul>
<li>Protection from supercookies.</li>
<li>Bookmarks now have location history.</li>
<li>Improved password manager.</li>
<li>Removal of Adobe Flash support.</li>
<li>Added support for the CSS <code>:focus-visible</code> pseudo-class.</li>
<li>JavaScript prettifier in the developer console.</li>
<li>And as always - bug fixes, security fixes, and new policies.</li>
</ul>
<h2>New in Firefox 85 in Detail</h2>
<h3>Enhanced Protection From Supercookies</h3>
<p>Firefox 85 now protects you from supercookies. Supercookies is a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. Firefox now prevents supercookies from tracking your web browsing from one site to the next by isolating them.</p>
<h3>Improved Bookmarks</h3>
<p>It's easier than ever to save and access your bookmarks. Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder.</p>
<h3>Improved Password Manager</h3>
<p>The password manager now allows you to remove all of your saved logins with one click, as opposed to having to delete each login individually.</p>
<h2>Web Developer's Corner</h2>
<p>If you're a web developer, then you'll be interested in the next section that lists changes for developers. The most notable change is the addition of the JS expression beautifier in the Console source editor:</p>
<p><img src="/images/blog/firefox-85/firefox-85-multi-line-js-editor.png" alt="Firefox 85 JS Expression Editor" /></p>
<h3>Developer Tools Changes</h3>
<ul>
<li>Developers can now use the Page Inspector to toggle the <code>:focus-visible</code> pseudo-class for the currently selected element.</li>
</ul>
<h3>HTML Changes</h3>
<ul>
<li>Link preloading via <code><link rel="preload"></code> is now enabled. The preload keyword for the rel attribute of the <link> element indicates the user is highly likely to require the target resource for the current navigation, and therefore the browser must preemptively fetch and cache the resource.</li>
<li>The <menuitem> HTML element is no longer available - it has been hidden behind the <code>dom.menuitem.enabled</code> flag.</li>
</ul>
<h3>CSS Changes</h3>
<ul>
<li>The <code>:focus-visible</code> pseudo-class is now enabled. The <code>:focus-visible</code> pseudo-class applies while an element matches the <code>:focus</code> pseudo-class and the UA (User-Agent) determines via heuristics that the focus should be made evident on the element.</li>
<li>The <code>pinch-zoom</code> value for the touch-action property is now enabled. The touch-action CSS property sets how an element's region can be manipulated by a touchscreen user. The <code>pinch-zoom</code> value enables multi-finger panning and zooming of the page.</li>
</ul>
<h3>JavaScript Changes</h3>
<ul>
<li>The <code>collation</code> property can now be specified in the options passed to the <code>Intl.Collator()</code> constructor. It creates <code>Intl.Collator</code> objects that enable language-sensitive string comparison.</li>
</ul>
<h3>WebDriver Changes</h3>
<ul>
<li>Fixed a potential page load timeout situation when <code>WebDriver:ElementClick</code> is called for a link with a target other than <code>_blank</code>.</li>
<li>Using web element references on browsing contexts other than the originating one now correctly returns a "no such element" error instead of a stale element reference error.</li>
</ul>
<h3>Adobe Flash Has Been Removed</h3>
<p>Firefox 85 no longer supports Adobe Flash. There is no setting available to re-enable Flash support.</p>
<h2>Security Improvements in Firefox 85</h2>
<ul>
<li>CVE-2021-23953: Cross-origin information leakage via redirected PDF requests.</li>
<li>CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements.</li>
<li>CVE-2021-23955: Clickjacking across tabs through misusing <code>requestPointerLock</code>.</li>
<li>CVE-2021-23956: The file picker dialog could have been used to disclose a complete directory.</li>
<li>CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme.</li>
<li>CVE-2021-23958: Screen sharing permission leaked across tabs.</li>
<li>CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android.</li>
<li>CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC.</li>
<li>CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage.</li>
<li>CVE-2021-23962: Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</code>.</li>
<li>CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions.</li>
<li>CVE-2021-23964, 23965: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7.</li>
</ul>
<p>Happy <a href="https://www.browserling.com">cross-browser testing</a> in Firefox 85!</p>2021-01-26 12:00:005580Peter KruminsChrome 88 Released - What's new?<p>Chrome 88 is here! It was just pushed to Google's browser update servers and we downloaded and installed it on our servers. You can start testing your websites in this new version. Here's what's new in Chrome 88.</p>
<p><img src="/images/blog/chrome-88/chrome-88-about-dialog.png" alt="Chrome 88 Version" /></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="chrome" data-version="88"></div>
</div>
<h2>What's New in Chrome 88</h2>
<ul>
<li>Users can now upload extensions using manifest v3 to the Chrome Web Store.</li>
<li>CSS aspect-ratio property.</li>
<li>Heavy throttling of chained JavaScript timers.</li>
<li>Play billing in Trusted Web Activity.</li>
<li>To conform to a change in the HTML standard, anchor tags with <code>target="_blank"</code> will now imply <code>rel="no-opener"</code> by default.</li>
<li>Pointer Lock API allows users to disable mouse acceleration.</li>
<li>Function <code>addEventListener()</code> now takes an Abort Signal as an option.</li>
<li>No popups during page unload.</li>
<li>Web Components v0 are removed.</li>
<li>Dropped support for OS X Yosemite.</li>
<li>FTP support is now disabled.</li>
</ul>
<h2>Detailed Changes in Chrome 88</h2>
<ul>
<li><strong>AbortSignal in addEventListener</strong> - This feature adds a new AbortSignal option, named "signal", to the options parameter of addEventListener(). The "signal" option must first be created by an AbortController by accessing the "signal" property on an AbortController instance. Once the signal is passed in to addEventListener, calling "abort()" on the AbortController will remove the event listener added with addEventListener.</li>
<li><strong>Anchor target=_blank implies rel=noopener by default</strong> - To mitigate "tab-napping" attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target _blank should behave as if <code>rel="noopener"</code> is set. A page wishing to opt out of this behavior may set <code>rel="opener"</code>.</li>
<li><strong>CSS automatic hyphenation for Windows/Linux/ChromeOS</strong> - Blink supports <code>manual</code> and <code>none</code> values of the CSS <code>hyphens</code> property since M55, but <code>auto</code>, which enables the automatic hyphenation, is supported only on Android and Mac.</li>
<li><strong>CSS selectors: pseudo-classes :is() and :where()</strong> - The matches-any pseudo-class, <code>:is()</code>, is a functional pseudo-class taking a selector list as its argument. It represents an element that is represented by its argument.</li>
<li><strong>CSS selectors: complex :not()</strong> - Allows complex selectors inside the <code>:not()</code> pseudo class, such as <code>:not(.a + .b .c)</code>.</li>
<li><strong>CSS aspect-ratio property</strong> - Normally, only certain replaced elements have an aspect ratio, particularly images. For them, if only one of width and height is specified, the other can be computed from it using the intrinsic aspect ratio.</li>
<li><strong>Deprecate FTP support</strong> - Deprecate and remove support for FTP URLs. The current FTP implementation in Google Chrome has no support for encrypted connections (FTPS), nor proxies. Usage of FTP in the browser is sufficiently low that it is no longer viable to invest in improving the existing FTP client.</li>
<li><strong>Don't clear adoptedStyleSheets on adoption to/from <template></strong> - When adopting a shadow root into a <template> document from a document that the <template> is in (or vice versa), we will no longer clear its adoptedStyleSheets.</li>
<li><strong>ElementInternals.shadowRoot attribute</strong> - A new attribute on ElementInternals, 'shadowRoot', allows custom elements to access their own ShadowRoot, regardless of open/closed status. Additionally, further restrictions are added to the attachInternals() API to ensure that custom elements get the first chance to attach the ElementInternals interface. With this change, the attachInternals() function will throw an exception if called prior to the custom element constructor being run.</li>
<li><strong>Flash player support</strong> - Remove support for Flash Player from Chromium in alignment with Adobe's planned end of life on January 12th, 2021.</li>
<li><strong>Limit characters allowed in extensions in File System Access API file pickers</strong> - To improve security, the File System Access API's showOpenFilePicker() and showSaveFilePicker() methods will limit what characters are allowed in extensions for accepted file types. Specifically only A-Z, a-z, 0-9, + and . will be allowed, extensions can't end in .local or .lnk, and can't be more than 16 characters long.</li>
<li><strong>Make "type" optional in WakeLock.request()</strong> - Make the "type" parameter in WakeLock.request() optional and defaulting to "screen", which is the only allowed value at the moment. In other words, the following two code snippets would do the exact same thing: <code>navigator.wakeLock.request()</code> and <code>navigator.wakeLock.request("screen")</code>.</li>
<li><strong>Origin-keyed agent clusters</strong> - Origin-keyed agent clusters allows developers to opt in to giving up certain cross-origin same-site access capabilities - namely synchronous scripting via document.domain, and postMessage()ing WebAssembly.Module instances. This gives the browser more flexibility in implementation technologies. In particular, in Chrome, we will use this as a hint to put the origin in its own process, subject to resource or platform limitations.</li>
<li><strong>Permissions-Policy header</strong> - The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features.</li>
<li><strong>Add RTCRtpTransceiver.stop()</strong> - Transceivers allow the sending and/or receiving of media in WebRTC. Stopping a transceiver makes it permanently inactive.</li>
<li><strong>Shared Array Buffers (SABs) on Android</strong> - Adds the JavaScript type SharedArrayBuffer to Android gated behind COOP/COEP. The concept of a SharedArrayBuffer is that a message to a worker, is posted but instead of copying the content of the array just a reference to it is shared, so that all have the same view on the shared chunk of data in the memory.</li>
<li><strong>WebAuthn: Large blob storage extension (largeBlob)</strong> - Adds support for the WebAuthn largeBlob client authenticator extension. This extension allows relying parties to store opaque data associated to a credential.</li>
<li><strong>WebXR dynamic viewport scaling</strong> - Applications can optionally render to a subset of the WebXR viewport, using a scale factor that can be changed every animation frame. This is intended to be more efficient than resizing the full framebuffer which requires reallocation, and the UA can supply a recommended scale factor based on internal heuristics.</li>
<li><strong>path() support in clip-path CSS property</strong> - So far clip-path only supported other basic shapes (circle, ellipse, polygon, url). This adds support for path() as a value.</li>
</ul>
<h2>Security Fixes in Chrome 88 Release</h2>
<ul>
<li>Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome (reported by Rory McNamara).</li>
<li>High CVE-2021-21118: Insufficient data validation in V8 (reported by Tyler Nighswander).</li>
<li>High CVE-2021-21119: Use after free in Media (reported by Anonymous).</li>
<li>High CVE-2021-21120: Use after free in WebSQL (reported by Nan Wang and Guang Gong).</li>
<li>High CVE-2021-21121: Use after free in Omnibox (reported by Leecraso and Guang Gong).</li>
<li>High CVE-2021-21122: Use after free in Blink (reported by Renata Hodovan).</li>
<li>High CVE-2021-21123: Insufficient data validation in File System API (reported by Maciej Pulikowski).</li>
<li>High CVE-2021-21124: Potential user after free in Speech Recognizer (reported by Chaoyang Ding).</li>
<li>High CVE-2021-21125: Insufficient policy enforcement in File System API (reported by Ron Masas).</li>
<li>High CVE-2020-16044: Use after free in WebRTC (reported by Ned Williamson).</li>
<li>Medium CVE-2021-21126, 21127: Insufficient policy enforcement in extensions (reported by David Erceg and Jasminder Pal Singh).</li>
<li>Medium CVE-2021-21128: Heap buffer overflow in Blink (reported by Liang Dong).</li>
<li>Medium CVE-2021-21129, 21130, 21131: Insufficient policy enforcement in File System API (reported by Maciej Pulikowski)</li>
<li>Medium CVE-2021-21132: Inappropriate implementation in DevTools (reported by David Erceg).</li>
<li>Medium CVE-2021-21133: Insufficient policy enforcement in Downloads (reported by Wester0x01).</li>
<li>Medium CVE-2021-21134: Incorrect security UI in Page Info (reported by Wester0x01).</li>
<li>Medium CVE-2021-21135: Inappropriate implementation in Performance API (reported by ndevtk).</li>
<li>Low CVE-2021-21136: Insufficient policy enforcement in WebView (reported by Shiv Sahni, Movnavinothan V, and Imdad Mohammed).</li>
<li>Low CVE-2021-21137: Inappropriate implementation in DevTools (reported by bobblybear).</li>
<li>Low CVE-2021-21138: Use after free in DevTools (reported by Weipeng Jiang).</li>
<li>Low CVE-2021-21139: Inappropriate implementation in iframe sandbox (reported by Jun Kokatsu).</li>
<li>Low CVE-2021-21140: Uninitialized Use in USB (reported by David Manouchehri).</li>
<li>Low CVE-2021-21141: Insufficient policy enforcement in File System API (reported by Maciej Pulikowski).</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Chrome 88!</p>2021-01-19 12:00:005550Peter KruminsFirefox 84 Released - What's new?<p>Firefox 84 has been released today on December 15, 2020, and as always, we are here to introduce you with the latest features and improvements to help you befriend your browser. We have also installed it to our browser cloud, so you can already start testing your apps in this new Firefox version.</p>
<p><img src="/images/blog/firefox-84-cross-browser-testing.png" alt="Firefox 84 About Dialog" /></p>
<p><strong>Try Browserling on Firefox 84 now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="84"></div>
</div>
<h2>New Introductions in Firefox 84</h2>
<ul>
<li><strong>Native macOS Support</strong>: Firefox 84 has brought the native support for macOS, which is built with Silicon CPU. This major update from Firefox 83 makes its browser operations faster and puts less load on the CPU. Mozilla claims that the Firefox launches 2.5 times faster with this update as compared to the Firefox 83.</li>
<li><strong>WebRender Support Extended in Windows</strong>: The WebRender Support has been extended to macOS Big Sur, Windows devices running Intel Gen 6 CPU and Windows 7 and 8 running systems. WebRender makes the rendering of the web page faster and smoother.</li>
<li><strong>Linux Gets Improved Performance</strong>: The Linux operating system's shared memory allocation techniques have been improved. This brings out a faster Firefox in Linux and lowers the load on the CPUs.</li>
<li><strong>Support for Adobe Flash</strong>: Mozilla has announced that Firefox 84 release will be the final release that supports Adobe Flash.</li>
</ul>
<h2>Developer's Corner</h2>
<p>The following section demonstrates the changes that affect web developer's work.</p>
<h3>Developer Tools Changes</h3>
<ul>
<li>Keyboard tab order is now displayed on the web page for better accessibility. Key tab order is a way to navigate through the page with the help of tab when conventional mouse and keyboards do not work.</li>
</ul>
<h3>CSS Changes</h3>
<ul>
<li>Support for <code>::not</code> pseudo class has been added.</li>
</ul>
<h3>JavaScript Changes</h3>
<ul>
<li>The argument <code>fractionalSecondDigits</code> (the number of digits used to represent the fraction of a second) has been added to be used from Firefox 84.</li>
</ul>
<h3>Security Changes</h3>
<ul>
<li>The localhost URLs will refer to the loopback ip address (127.0.0.1), increasing the overall security of the connection.</li>
</ul>
<h3>API Inclusions</h3>
<ul>
<li>The <code>PerformancePaintTiming</code> interface of the Paint Timing API has been included.</li>
<li>The <code>browsingData.remove()</code> API supports the removal of a subset of data types by cookieStoreId.</li>
</ul>
<h3>Media Changes</h3>
<ul>
<li>If the number of tracks being recorded changes, an <code>InvalidModificationError</code> is thrown from the MediaRecorder.start().</li>
</ul>
<h3>WebDriver Conformance (Marionette)</h3>
<ul>
<li>The Chrome scope support for <code>WebDriver:PerformActions</code> and <code>WebDriver:ReleaseActions</code> has been added.</li>
<li>The new Fission-compatible API has been enabled by default from the release of Firefox 84.</li>
<li>Method <code>WebDriver:SwitchToWindow</code> has been fixed to always switch back to the top-browsing context.</li>
<li>Browser context checks for <code>WebDriver:SwitchToParentFrame</code> has been improved.</li>
</ul>
<h3>Network Panel Changes</h3>
<ul>
<li>Unexpected crashes can now be handled through the network panel. Useful debugging details can also be rendered.</li>
</ul>
<h2>Removals In Firefox</h2>
<p>The following section describes the features removed in the latest Firefox 84 release.</p>
<ul>
<li>The proprietary property values for <code>-moz-default-appearance</code> has been removed. The developer can use <code>scrollbar-small</code> values instead.</li>
<li>The application cache has been removed. The developers can use the Service Worker API instead.</li>
<li>The "title" parameter from the <code>Navigator.registerProtocolHandler()</code> method has been removed. The only accepted parameters in the same method are now scheme and url.</li>
</ul>
<h2>Firefox 84 For Android Updates and New Features</h2>
<p>The following section explains the new features in the Firefox 84 Android version. There might be some updates that are similar to the native app updates and hence to avoid duplication, those have not been mentioned here.</p>
<h2>New Introduction in Firefox 84 for Android</h2>
<ul>
<li>Grid view now supports side by side tabs.</li>
<li>Downloaded files can be deleted from within the application.</li>
<li>WebRender rolls out to more of our users on Android, those on the Mali-G GPU series, bringing smoother animation and scrolling to the majority of our Android users.</li>
</ul>
<h2>Security Improvements in Firefox 84</h2>
<ul>
<li>CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed.</li>
<li>CVE-2020-26971: Heap buffer overflow in WebGL.</li>
<li>CVE-2020-26972: Use-After-Free in WebGL.</li>
<li>CVE-2020-26973: CSS Sanitizer performed the incorrect sanitization.</li>
<li>CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free.</li>
<li>CVE-2020-26975: Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers.</li>
<li>CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been.</li>
<li>CVE-2020-26977: URL spoofing via an unresponsive port in Firefox for Android.</li>
<li>CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage.</li>
<li>CVE-2020-26979: When entering an address in the address or search bars, a website could have redirected the user before they were navigated to the intended URLs.</li>
<li>CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs.</li>
<li>CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead.</li>
<li>CVE-2020-35113, 35114: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6.</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Firefox 84!</p>2020-12-15 12:00:005500Harish RajoraOpera 73 Released - What's new?<p>We have good news! The new stable release of Opera 73 is out and it's already available for cross-browser testing on our <a href="https://www.browserling.com/">online browser platform</a>. Opera 73 is based on Chromium 87 browser engine.</p>
<p><img src="/images/blog/opera-73/opera-73-about-dialog.png" alt="Opera 73 About Dialog" /></p>
<p><strong>Try Opera 73 in Browserling now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="opera" data-version="73"></div>
</div>
<h2>New Features and Updates in Opera 73</h2>
<h3>More Workspaces</h3>
<p>Opera now allows users to have up to 24 individual workspaces, instead of just 5. This feature was requested by many users around the world who are using Opera's workspace feature.</p>
<h3>Updated Search Tabs</h3>
<p>This is an improvement to the Search Tabs feature. Now every open tab line in your Search Tabs results has a close button that's visible when a line is hovered (similar to the behavior in the address bar dropdown). When clicked, the tab gets closed and removed from the open tabs list and added to the recently closed list.</p>
<p><img src="/images/blog/opera-73/opera-73-close-tabs.png" alt="Opera 73 Search Tab Close Buttons" /></p>
<h2>Full Changelog for Opera 73</h2>
<ul>
<li>Allow choosing initial page background color on navigation in video popout.</li>
<li>Update Chromium on the master branch to 87.0.4252.0.</li>
<li>Recognize social media pageviews.</li>
<li>Two tiles are discarded instead of just one when BABE (Better Address Bar Experience) is shown for the first time.</li>
<li>BABE (Better Address Bar Experience) is light when the browser window is minimized.</li>
<li>Ignore the warning when interstitial located in iframe don't work.</li>
<li>Content matches are now sorted by the match count.</li>
<li>Mark content matches with the number of matches.</li>
<li>Add close tab button in Search Tabs.</li>
<li>Replace "Search in Tabs" string to "Search Tabs".</li>
<li>Fix issue when an improper area was snapped.</li>
<li>Add option to enable/disable the video player.</li>
<li>Add option to enable/disable auto-pause videos.</li>
<li>Add option to auto-resume playing after X seconds.</li>
<li>Update Easy Files dismiss flow.</li>
<li>Add a shortcut entry for "Open player in sidebar".</li>
<li>Fixed an issue when <code>LazySessionLoadingTest.ShouldLoadPagesInProperOrder/4</code> failed.</li>
<li>Show search popup in Opera internal pages.</li>
<li>Fix wrong position of heart popup window.</li>
<li>Start content searches only when searching for words with more than 1 character.</li>
<li>Wait until search is done before updating results.</li>
<li>Do not show URL for internal pages in dropdown.</li>
<li>Apply <code>ScopedRunLoopTimeout</code> correctly.</li>
<li>Add title to search popup window element.</li>
<li>Fix an issue where "Open All" in a new window opened fewer windows.</li>
<li>Retrieve match count when searching for text in a tab without cache.</li>
<li>Popups are now dismissed when opening tab cycler.</li>
<li>Change the layout of the VPN disclaimer.</li>
<li>Fix an issue when refresh didn't work when a popup was opened.</li>
<li>Retrieve match count when searching cached text.</li>
<li>Change text "Register" to "Tab" in the German locale.</li>
<li>Last added bookmark & speed dial not shown in corresponding BABE (Better Address Bar Experience) columns.</li>
<li>Move BrowserWindow out of opera namespace.</li>
<li>Add automatic VPN connection preference setting.</li>
<li>Some preference observers are not unregistered during browser shutdown.</li>
<li>Make the date input and the buttons look better when resizing History windows.</li>
<li>Fix an issue on MacOS where the "Send to My Flow" button in an inactive window was not disabled.</li>
<li>Content search is triggered for a single character when <code>#search-tabs-sort-relevance</code> is enabled in Search Tabs.</li>
<li>Some popups aren't anchored and may occur in different places.</li>
<li>Fix an empty tab list showing up.</li>
<li>Fix hostname not being shown for search results in Search Tabs.</li>
<li>Don't compute average color from the currently set wallpaper.</li>
<li>Split GNU assembler sources into Chromium- and Chrome-branded.</li>
<li>Crash when clicking "Show more" on page info.</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Opera 73!</p>2020-12-09 12:00:005498Peter KruminsFirefox 83 Released - What's new?<p>Woohoo! Mozilla has a new release for us - Firefox 83. We rushed to install it on our cross-browser testing platform as we wanted you to be able to try it as soon as possible.</p>
<p><img src="/images/blog/firefox-83-browser-about-dialog.png" alt="Firefox 83 Version" /></p>
<p><strong>Try Firefox 83 in Browserling now!</strong></p>
<div class="browserling-widget-wrapper">
<div class="browserling-widget" data-browser="firefox" data-version="83"></div>
</div>
<ul>
<li>Firefox keeps getting faster as a result of significant updates to SpiderMonkey, Firefox 83 JavaScript engine, you will now experience improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%. Mozilla has replaced part of the JavaScript engine that helps to compile and display websites for you, improving security and maintainability of the engine at the same time.</li>
<li>Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures that every connection Firefox makes to the web is secure and alerts you when a secure connection is not available. You can enable it in Firefox Preferences.</li>
<li>Pinch zooming will now be supported for users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages.</li>
<li>Picture-in-Picture now supports keyboard shortcuts for fast forwarding and rewinding videos: use the arrow keys to move forward and back 15 seconds, along with volume controls. For a list of supported commands see Support Mozilla</li>
<li>When you are presenting your screen on a video conference in Firefox, you will see our improved user interface that makes it clearer which devices or displays are being shared.</li>
<li>Mozilla has improved functionality and design for a number of Firefox search features.</li>
<li>Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.</li>
<li>Firefox users in India on the English build of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don't see them, you can turn on Pocket articles in your new tab by following these steps.</li>
<li>For the recently released Apple devices built with Apple Silicon CPUs, you can use Firefox 83 and future releases without any change. This release will support emulation under Apple's Rosetta 2 that ships with macOS Big Sur. Mozilla is working toward Firefox being natively-compiled for these CPUs in a future release.</li>
<li>This is a major release for WebRender as Mozilla rolls out to more Firefox users on Windows 7 and 8 as well as on macOS 10.12 to 10.15.</li>
<li>For users on macOS restoring a session with minimized windows, Firefox now uses much less power and you should see much longer battery life.</li>
<li>Developer Information Developers can use the scroll badge in the Page Inspector to Debug scrollable overflow. Selecting the badge highlights elements that are causing overflow and marks them with the overflow badge.</li>
<li>Developers can use the scroll badge in the Page Inspector to Debug scrollable overflow. Selecting the badge highlights elements that are causing overflow and marks them with the overflow badge.</li>
<li>This release adds support for conic gradients in CSS, helping colors to smoothly transition as you spin around the center, rather than as you progress outward from the center.</li>
</ul>
<h2>Fixed issues in Firefox 83</h2>
<p>This release also includes a number of accessibility fixes:</p>
<ul>
<li>Screen reader features which reports paragraphs now correctly reports paragraphs instead of lines in Google Docs.</li>
<li>When reading by word using a screen reader, words are now correctly reported when there is punctuation nearby.</li>
<li>The arrow keys now work correctly after tabbing in the picture-in-picture window.</li>
<li>For users on macOS restoring a session with minimized windows, Firefox now uses much less power and you should see much longer battery life.</li>
</ul>
<h2>Developer details for Firefox 83</h2>
<ul>
<li>When using the <code>:screenshot</code> helper command in the Web Console, the <code>--dpr</code> parameter is no longer ignored when taking a fullscreen screenshot using <code>--fullpage</code>.</li>
<li>Developers can use the scroll badge in the Page Inspector toDebug scrollable overflow. Selecting the badge highlights elements that are causing overflow and marks them with the <code>overflow</code> badge.</li>
<li>The <code>crossorigin</code> attribute is now supported for <code><link rel=icon></code>.</li>
<li>The <code>displaystyle</code> attribute is now implemented for all <code>MathML</code> elements.</li>
<li>The vendor prefixed <code>:-moz-any()</code> is now aliased to the standard <code>:is()</code> CSS pseudo-class function.</li>
<li>Added support for CSS Conic Gradients.</li>
<li><code>Intl[@@toStringTag]</code> has been added, returning a default value of <code>Intl</code> (recent addition to the ECMA spec).</li>
<li>Removed preliminary support for <code>WebDriver:SwitchToShadowRoot</code>, which hasn't been added to the <code>WebDriver</code> specification yet.</li>
<li>Fixed a bug in <code>WebDriver:Back</code> and <code>WebDriver:Forward</code> that caused Marionette to hang when the navigation was triggered from within an <code><iframe></code> that gets removed.</li>
</ul>
<h2>Security fixes in Firefox 83</h2>
<ul>
<li>CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code.</li>
<li>CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption.</li>
<li>CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls.</li>
<li>CVE-2020-26953: Fullscreen could be enabled without displaying the security UI.</li>
<li>CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android.</li>
<li>CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android.</li>
<li>CVE-2020-26956: XSS through paste (manual and clipboard API).</li>
<li>CVE-2020-26957: OneCRL was not working in Firefox for Android.</li>
<li>CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions.</li>
<li>CVE-2020-26959: Use-after-free in WebRequestService.</li>
<li>CVE-2020-26960: Potential use-after-free in uses of nsTArray.</li>
<li>CVE-2020-15999: Heap buffer overflow in freetype.</li>
<li>CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses.</li>
<li>CVE-2020-26962: Cross-origin iframes supported login autofill.</li>
<li>CVE-2020-26963: History and Location interfaces could have been used to hang the browser.</li>
<li>CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android.</li>
<li>CVE-2020-26965: Software keyboards may have remembered typed passwords.</li>
<li>CVE-2020-26966: Single-word search queries were also broadcast to local network.</li>
<li>CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature.</li>
<li>CVE-2020-26968,26969: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5.</li>
</ul>
<p>Have fun <a href="https://www.browserling.com">cross-browser testing</a> in Firefox 83 with Browserling!</p>2020-11-17 13:00:005495Peter Krumins