Chromium Blog
News and developments from the open source browser project
Chrome 51 Beta: Credential Management API and reducing the overhead of offscreen rendering
Friday, April 29, 2016
Unless otherwise noted, changes described below apply to the newest Chrome
Beta
channel release for Android, Chrome OS, Linux, Mac, and Windows.
Credential Management API
Many sites allow their users to sign in to receive personalized content. Today that requires remembering and typing credentials, which lowers account security when users reuse passwords across multiple sites. Modern browsers have credential managers that remember and autofill saved passwords, but these managers cannot account for custom login flows or remember
federated identity
preferences.
The latest version of Chrome now supports the
Credential Management API
, allowing sites to
interact with the browser’s credential manager
to improve the login experience for users. The API enables users to sign in with one tap and lets them automatically sign back in when returning to the site.
Signing in with one tap using the Credential Management API
Reducing the overhead of offscreen rendering
Modern websites commonly embed cross-origin content like videos, social widgets, and ads. Embedding these resources allows sites to offer compelling content experiences, but it also creates a lot of overhead that can jank the page in ways the embedding site can’t control. The latest version of Chrome
no longer runs the rendering pipeline
or
requestAnimationFrame()
callbacks for cross-origin frames that are offscreen. This eliminates unnecessary work and
reduces power consumption by up to 30%
on several popular mobile sites without affecting the user experience.
Additional features in this release
The
Intersection Observer API
allows sites to
detect element intersections
as an asynchronous event, eliminating the need for costly document monitoring.
The latest version of Chrome supports
passive event listeners
, which allow sites to run JavaScript in response to touch and wheel input without blocking scrolling.
Blobs are now
constructed and transferred to the browser asynchronously
, allowing large data files to be moved without janking the page.
The
SameSite
cookie attribute
allows sites to restrict cookies to requests from the same domain.
Support for the
AES_256_GCM
cipher on TLS
improves security on servers that choose cipher by key size, where legacy 256-bit ciphers were used over more secure, but smaller, ciphers.
Array.prototype.values()
makes it easier to iterate over the elements of an array.
The
function
name
property
now infers useful names for properties and methods with computed property names,
making debugging easier with clearer labels and error messages
.
Iterators that are part of a
for-of
loop that terminates early now call a developer-provided
close()
method, making it easier to respond to the end of an iteration.
Symbol.species
makes subclassing
built-in classes such as Array and RegExp
more powerful by allowing custom constructors to be called for derived objects.
RegExp
subclasses can overwrite the
exec()
method to change the matching algorithm, making it easier to write custom subclasses.
Sites can now can implement their own
Symbol.hasInstance()
method to customize behavior of the
instanceof
operator.
Sites can now retrieve a service worker’s
Client
object using
Clients.get(id)
.
ServiceWorker.postMessage()
now fires an
ExtendableMessageEvent
on
ServiceWorkerGlobalScope
, allowing the message to extend the service worker lifetime and provide more accurate message sources.
The HTML
referrerpolicy
attribute
allows sites to control what information is sent in the referrer headers of
<a>
,
<area>
,
<img>
, and
<iframe>
elements.
The
UIEvents KeyboardEvent |key|
attribute
allows sites to reliably
determine the meaning of the key being pressed
.
Sites can now detect the duration of batched offline audio contexts using the
OfflineAudioContext.length
attribute
.
SPDY and ALPN support has been removed in favor of the standards-based HTTP/2 protocol.
Other changes
The ability to customize the message shown in the
onbeforeunload
dialog
has been removed
to protect users from malicious websites and align with other browsers.
Chrome on Android now uses the same media pipeline as desktop Chrome, improving
WebAudio
support and allowing sites to interact with the playback rate on
<audio>
and
<video> tags
.
The latest version of Chrome improves web animations interoperability by supporting lists of values and removing dashed-names in keyframes.
Chrome now
requires a border style
to paint border images, improving
spec
compliance and interoperability.
Percentages can now be used
for the sizes of flex item children.
DHE-based ciphers have been deprecated and will be removed in Chrome 52
in favor of ECDHE
ciphers to improve TLS security.
Posted by Sabine Borsay and Mike West, Authenticator's Apprentices
Labels
accessibility
1
benchmarks
1
beta
1
blink
1
chrome apps
3
Chrome Frame
1
chrome web store
26
chromeframe
3
chromeos
3
chromium
3
cloud print
1
dart
8
devtools
11
extensions
23
gdd
1
googlechrome
12
html5
11
incognito
1
javascript
3
linux
2
mac
1
mobile
2
na
1
native client
8
New Features
5
octane
1
open web
2
releases
2
rlz
1
security
30
spdy
2
ssl
2
v8
5
web intents
1
webaudio
3
webgl
7
webkit
5
webp
5
webrtc
4
websockets
5
webtiming
1
Archive
2016
Sep
Aug
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Feed
Google
on
Follow @ChromiumDev
Give us feedback in our
Product Forums
.
