tag:blogger.com,1999:blog-24713789141991509662024-03-28T20:29:04.291-07:00Chromium BlogNews and developments from the open source browser projectUnknownnoreply@blogger.comBlogger627125tag:blogger.com,1999:blog-2471378914199150966.post-53299851674555332552024-03-11T09:00:00.000-07:002024-03-11T09:09:54.039-07:00Speedometer 3: Building a benchmark that represents the web<p style="text-align: center;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwhyphenhypheng0_39U6yzt-pOO8aVmKnuz6fn2Nk2Vx5Rs-ypGPUDRiOG4v8ItqlD_WLSRfku6utJy6luWI5iDOtwEor5v69en_XiWU-akxtTmCgR8Mm-6NfjW6weeEoXT6msXLmbxGzJ8ZvzKKOEjOv0SZH-RhXHKdHG7I_6TmE5hJq5VFSrXyUV5d8K7zE0KLYJg/s564/The%20Fast%20+%20The%20Curious%20Logo_Revised_Header.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="234" data-original-width="564" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwhyphenhypheng0_39U6yzt-pOO8aVmKnuz6fn2Nk2Vx5Rs-ypGPUDRiOG4v8ItqlD_WLSRfku6utJy6luWI5iDOtwEor5v69en_XiWU-akxtTmCgR8Mm-6NfjW6weeEoXT6msXLmbxGzJ8ZvzKKOEjOv0SZH-RhXHKdHG7I_6TmE5hJq5VFSrXyUV5d8K7zE0KLYJg/s16000/The%20Fast%20+%20The%20Curious%20Logo_Revised_Header.jpg" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p><p>
<em>Today’s The Fast and the Curious post covers the <a href="https://browserbench.org/announcements/speedometer3/">release</a> of Speedometer 3.0 an upgraded browser benchmarking tool to optimize the performance of Web applications. </em>
</p>
<p>
In collaboration with major web browser engines, Blink/V8, Gecko/SpiderMonkey, and WebKit/JavaScriptCore, we’re excited to release <a href="https://browserbench.org/Speedometer3.0/">Speedometer 3.0</a>. Benchmarks, like Speedometer, are tools that can help browser vendors find opportunities to improve performance. Ideally, they simulate functionality that users encounter on typical websites, to ensure browsers can optimize areas that are beneficial to users.
</p>
<p>
Let’s dig into the new changes in Speedometer 3.0.
</p>
<h3 style="text-align: left;"><strong>Applying a multi-stakeholder governance model</strong></h3>
<p>
Since its initial release in <a href="https://webkit.org/blog/3395/speedometer-benchmark-for-web-app-responsiveness/">2014</a> by the WebKit team, browser vendors have successfully used Speedometer to optimize their engines and improve user experiences on the web. Speedometer 2.0, a result of a collaboration between Apple and Chrome, followed in <a href="https://webkit.org/blog/8063/speedometer-2-0-a-benchmark-for-modern-web-app-responsiveness/">2018</a>, and it included an updated set of workloads that were more representative of the modern web at that time.
</p>
<p>
The web has changed a lot since 2018, and so has Speedometer in its latest release, Speedometer 3. This work has been based on a joint <a href="https://github.com/WebKit/Speedometer/blob/main/Governance.md">multi-stakeholder governance model</a> to share work, and build a collaborative understanding of performance on the web to help drive browser performance in ways that help users. The goal of this collaborative project is to create a shared understanding of web performance so that improvements can be made to enhance the user experience. Together, we were able to to improve how Speedometer captures and calculates scores, show more detailed results and introduce an even wider variety of workloads. This cross-browser collaboration introduced more diverse perspectives that enabled clearer insights into a broader set of web users and workflows, ensuring the newest version of Speedometer will help make the web better for everyone, regardless of which browser they use.
</p>
<h3 style="text-align: left;"><strong>Why is building workloads challenging?</strong></h3>
<p>
Building a reliable benchmark with representative tests and workloads is challenging enough. That task becomes even more challenging if it will be used as a tool to guide optimization of browser engines over multiple years. To develop the Speedometer 3 benchmark, the <a href="https://developer.chrome.com/aurora">Chrome Aurora</a> team, together with colleagues from other participating browser vendors, were tasked with finding new workloads that accurately reflect what users experience across the vast, diverse and eclectic web of 2024 and beyond.
</p>
<p>
A few tests and workloads can’t simulate the entire web, but while building Speedometer 3 we have established some criteria for selecting ones that are critical to user’s experience. We are now closer to a representative benchmark than ever before. Let’s take a look at how Speedometer workloads evolved
</p>
<h3 style="text-align: left;"><strong>How did the workloads change?</strong></h3>
<p>
Since the goal is to use workloads that are representative of the web today, we needed to take a look at the previous workloads used in Speedometer and determine what changes were necessary. We needed to decide which frameworks are still relevant, which apps needed updating and what types of work we didn’t capture in previous versions. In Speedometer 2, all workloads were variations of a todo app implemented in different JS frameworks. We found that, as the web evolved over the past six years, we missed out on various JavaScript and Browser APIs that became popular, and apps tend to be much larger and more complicated than before. As a result, we made changes to the list of frameworks we included and we added a wider variety of workloads that cover a broader range of APIs and features.
</p>
<h3 style="text-align: left;"><strong>Frameworks</strong></h3>
<p>
To determine which frameworks to include, we used data from <a href="https://httparchive.org/">HTTP Archive</a> and discussed inclusion with all browser vendors to ensure we cover a good range of implementations. For the initial evaluation, we took a snapshot of the HTTP Archive from March 2023 to determine the top JavaScript UI frameworks currently used to build complex web apps.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNL-3EGN3NyWERFEqb-GnA5UnYi_lDkyp1siFYN5X0qj6qAQWpMcwrC7_3Q0PQPeQCsbQf06FDp6e_RaNB-U6nvnf1JxljO1nUeZxSSAoqmyu2-9VNGP1QjNx6krI8W7EhdmDHyg8_kvzPm7Vf0Xjo1uPKl84R-mrDwXqbY1xf0EkMSHvtu2mcMwGCgxZ7/s1932/1Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_v2_Pages%20vs.%20Framework.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1351" data-original-width="1932" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNL-3EGN3NyWERFEqb-GnA5UnYi_lDkyp1siFYN5X0qj6qAQWpMcwrC7_3Q0PQPeQCsbQf06FDp6e_RaNB-U6nvnf1JxljO1nUeZxSSAoqmyu2-9VNGP1QjNx6krI8W7EhdmDHyg8_kvzPm7Vf0Xjo1uPKl84R-mrDwXqbY1xf0EkMSHvtu2mcMwGCgxZ7/s16000/1Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_v2_Pages%20vs.%20Framework.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
Another approach is to determine inclusion based on popularity with developers: Do we need to include frameworks that have “momentum”, where a framework's current usage in production might be low, but we anticipate growth in adoption? This is somewhat hard to determine and might not be the ideal sole indicator for inclusion. One data point to evaluate momentum might be monthly NPM downloads of frameworks.
</p>
<p>
Here are the same 15 frameworks NPM downloads for March 2023:
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh9SdoPfDPz-wjCUTknvTaTq4D3pRTUDocU7BoUF-y8iePqktwFxZXUgkAkeWF4gG8kJIIXSTJL_-ugHzrW8LnsyFdlCCEz_MleUtADMnyhU6Nlztk_RPw2J9t7dWTtzIad2eB3U9IGOMXMyb-QB4j_26bmL77oUIThz3Otp5FBSPXmn_rG8bumjBpuTj1/s1932/2Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_Downloads%20vs.%20Framework.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1360" data-original-width="1932" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh9SdoPfDPz-wjCUTknvTaTq4D3pRTUDocU7BoUF-y8iePqktwFxZXUgkAkeWF4gG8kJIIXSTJL_-ugHzrW8LnsyFdlCCEz_MleUtADMnyhU6Nlztk_RPw2J9t7dWTtzIad2eB3U9IGOMXMyb-QB4j_26bmL77oUIThz3Otp5FBSPXmn_rG8bumjBpuTj1/s16000/2Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_Downloads%20vs.%20Framework.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
With both data points on hand, we decided on a list that we felt gives us a good representation of frameworks. We kept the list small to allow space for brand new types of workloads, instead of just todo apps. We also selected commonly used versions for each framework, based on the current usage.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWIjTao8HfxmLG3VNzDgwfcu4tHvdY1-Yu1CZxqnmHliA8LjkN4DbQy0uZDeSsdh11c7T53rQruwMoDyfqqcIgXgraNmmZ2rCjDJVCgbm0K4EP087sbjIb2utmxI8xN1OiJ7XG4L7NTYFdcg_DL2S_-kqU5Om46C6vX5dzvXiM8Kw-LJX247jB05iNZprj/s1932/3Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_Commonly%20Used%20Versions.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1037" data-original-width="1932" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWIjTao8HfxmLG3VNzDgwfcu4tHvdY1-Yu1CZxqnmHliA8LjkN4DbQy0uZDeSsdh11c7T53rQruwMoDyfqqcIgXgraNmmZ2rCjDJVCgbm0K4EP087sbjIb2utmxI8xN1OiJ7XG4L7NTYFdcg_DL2S_-kqU5Om46C6vX5dzvXiM8Kw-LJX247jB05iNZprj/s16000/3Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_Commonly%20Used%20Versions.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
In addition, we updated the previous JavaScript implementations and included a new web-component based version, implemented with vanilla JavaScript.
</p>
<h3 style="text-align: left;"><strong>More Workloads</strong></h3>
<p>
A simple Todo-list only tests a subset of functionality. For example: how well do browsers handle complicated flexbox and grid layouts? How can we capture SVG and canvas rendering and how can we include more realistic scenarios that happen on a website?
</p>
<p>
We collected and categorized areas of interest into DOM, layout, API and patterns, to be able to match them to potential workloads that would allow us to test these areas. In addition we collected user journeys that included the different categories of interest: editing text, rendering charts, navigating a site, and so on.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvvQUbw7sWXJeFdASbV66Nn0mJxLkJtevbcCoy1UhZ9IRQj8tkHg657V31yKBiPd8T71ArAQmSedl9NeoqczYvv49MciBUuyfSg5-zyIOIrae807_5N3hzemRyQuTTHYsTiGZ7qV4ARPrQEO7vWIm9-R3kCaKpQcwRsxYr3NkqProgY-8mSe5PjHUNbSf-/s1932/4Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_More%20Workloads.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1321" data-original-width="1932" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvvQUbw7sWXJeFdASbV66Nn0mJxLkJtevbcCoy1UhZ9IRQj8tkHg657V31yKBiPd8T71ArAQmSedl9NeoqczYvv49MciBUuyfSg5-zyIOIrae807_5N3hzemRyQuTTHYsTiGZ7qV4ARPrQEO7vWIm9-R3kCaKpQcwRsxYr3NkqProgY-8mSe5PjHUNbSf-/s16000/4Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_More%20Workloads.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
There are many more areas that we weren’t able to include, but the final list of workloads presents a larger variety and we hope that future versions of Speedometer will build upon the current list.
</p>
<h3 style="text-align: left;"><strong>Validation</strong></h3>
<p>
The Chrome Aurora team worked with the <a href="https://v8.dev/">Chrome V8 team</a> to validate our assumptions above. In Chrome, we can use <a href="https://v8.dev/docs/rcs">runtime-call-stats</a> to measure time spent in each web API (and additionally many internal components). This allows us to get an insight into how dominant certain APIs are.
</p>
<p>
If we look at Speedometer 2.1 we see that a disproportionate amount of benchmark time is spent in innerHTML.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyW_hT0-7IEsnU0vMSGYepKt3W9atMq1rHRw0hKyQ_8zLozWyM0yILERSynI5j5F4rWM5ZKRaWPgaSanJxzwBZD0aqt_wye9p1yQmOzZaOF7cEXRPeMLTF-MhWJorfg-Q9QEAkP6Y1DKVM5AFUieQoP94Y18TyAWb8g-a3sdz_Tgxk-DMMqs_O7CwI03HA/s1932/5Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_v2_Speedometer%202.1%20Chrome%20API%20Usage.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1328" data-original-width="1932" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyW_hT0-7IEsnU0vMSGYepKt3W9atMq1rHRw0hKyQ_8zLozWyM0yILERSynI5j5F4rWM5ZKRaWPgaSanJxzwBZD0aqt_wye9p1yQmOzZaOF7cEXRPeMLTF-MhWJorfg-Q9QEAkP6Y1DKVM5AFUieQoP94Y18TyAWb8g-a3sdz_Tgxk-DMMqs_O7CwI03HA/s16000/5Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_v2_Speedometer%202.1%20Chrome%20API%20Usage.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
While <a href="http://go/mdn/API/Element/innerHTML">innerHTML</a> is an important web API, it's overrepresented in Speedometer 2.1. Doing the same analysis on the new version 3.0 yields a slightly different picture:
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEdKNUJzhrWhWY8AHHiZYGfTLsF-crQZKcvAGhD_RtAfD0fsRDGuufFew8kCUccNrhcyF17K_cEvyR38nFx2_CgS9ZIE2Z2afe4DXCg6Rou8n_J3iY8Jq0A8lUo0TlzAG5AOmstNzaraw_47S8r_TzS9ZYX4t1Mqf5Wpe3QRissuDEhabmzk_q_7lEmVE3/s1932/6Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_Speedometer%203.0%20Chrome%20API%20Usage.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1404" data-original-width="1932" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEdKNUJzhrWhWY8AHHiZYGfTLsF-crQZKcvAGhD_RtAfD0fsRDGuufFew8kCUccNrhcyF17K_cEvyR38nFx2_CgS9ZIE2Z2afe4DXCg6Rou8n_J3iY8Jq0A8lUo0TlzAG5AOmstNzaraw_47S8r_TzS9ZYX4t1Mqf5Wpe3QRissuDEhabmzk_q_7lEmVE3/s16000/6Chrome_Fast%20&%20Curious_Blog%20Assets_Speedometer%203.0_Speedometer%203.0%20Chrome%20API%20Usage.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
We can see that innerHTML is still present, but its overall contribution shrunk from roughly 14% down to 4.5%. As a result, we get a better distribution that favors more DOM APIs to be optimized. We can also see that a few Canvas APIs have moved into this list, thanks to the new workloads in v3.0.
</p>
<p>
While we will never be able to perfectly represent the whole web in a fast-running and stable benchmark, it is clear that Speedometer 3.0 is a giant step in the right direction.
</p>
<p>
Ultimately, we ended up with the following list of workloads presented in the next few sections.
</p>
<h3 style="text-align: left;"><strong>What workloads are included?</strong></h3>
<p>
<strong><em>TodoMVC</em></strong>
</p>
<p>
Many developers might recognize the <a href="https://todomvc.com/">TodoMVC app</a>. It’s a popular resource for learning and offers a wide range of TodoMVC implementations with different frameworks.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3uqFby4YGbOdvIEo3mgb6EjFO4q9OtRNagMiDOEcTzVFyzrMeJCKoab-U4fyKVQr7rfbfTzTgCmbNxgy84pl3-bfvsfVmC6mqBYcxNB739yNTlYORwySDsKmNRIjdjwivLcpI6iG6CzGOz7x2Gy0gq1LIgRCgIJi2neq1nQWfo0G07plVTRF3E6nGs_2q/s842/1TodoMVC.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="706" data-original-width="842" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3uqFby4YGbOdvIEo3mgb6EjFO4q9OtRNagMiDOEcTzVFyzrMeJCKoab-U4fyKVQr7rfbfTzTgCmbNxgy84pl3-bfvsfVmC6mqBYcxNB739yNTlYORwySDsKmNRIjdjwivLcpI6iG6CzGOz7x2Gy0gq1LIgRCgIJi2neq1nQWfo0G07plVTRF3E6nGs_2q/s16000/1TodoMVC.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
TodoMVC is a to-do application that allows a user to keep track of tasks. The user can enter a new task, update an existing one, mark a task as completed, or delete it. In addition to the basic CRUD operations, the TodoMVC app has some added functionality: filters are available to change the view to “all”, “active” or “completed” tasks and a status text displays the number of active tasks to complete.
</p>
<p>
In Speedometer, we introduced a local data source for todo items, which we use in our tests to populate the todo apps. This gave us the opportunity to test a larger character set with different languages.
</p>
<p>
The tests for these apps are all similar and are relatable to typical user journeys with a todo app:
</p>
<ol>
<li>Add a task
</li><li>Mark task as complete
</li><li>Delete task
</li><li>Repeat steps 1-3 a set amount of times
</li>
</ol>
<p>
These tests seem simple, but it lets us benchmark DOM manipulations. Having a variety of framework implementations also cover several different ways how this can be done.
</p>
<p>
<strong><em>Complex DOM / TodoMVC</em></strong>
</p>
<p>
The complex DOM workloads embed various TodoMVC implementations in a static UI shell that mimics a complex web page. The idea is to capture the performance impact on executing seemingly isolated actions (e.g. adding/deleting todo items) in the context of a complex website. Small performance hits that aren’t obvious in an isolated TodoMVC workload are amplified in a larger application and therefore capture more real-world impact.
</p>
<p>
The tests are similar to the TodoMVC tests, executed in the complex DOM & CSSOM environment.
</p>
<p>
This introduces an additional layer of complexity that browsers have to be able to handle effortlessly.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigyFShRHZAVX8SzN0eRf1XyOPAwT1563BKuuzaOYSlG8-rVaeSqGj88DFM3bsiJmveZ5z-XB-2jaZp8Exz6NTvf1wQbN1vmouCnSbMV8QtXbWpsbbAhEFQOk0zuhTxOkUfbcDadVy6nbQ7HhjgsmQEghoO_v3v8FMnsCB7ZWWzk8YsZXeXZbD8zWbItd33/s822/2Complex%20DOM%20%20TodoMVC.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="694" data-original-width="822" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigyFShRHZAVX8SzN0eRf1XyOPAwT1563BKuuzaOYSlG8-rVaeSqGj88DFM3bsiJmveZ5z-XB-2jaZp8Exz6NTvf1wQbN1vmouCnSbMV8QtXbWpsbbAhEFQOk0zuhTxOkUfbcDadVy6nbQ7HhjgsmQEghoO_v3v8FMnsCB7ZWWzk8YsZXeXZbD8zWbItd33/s16000/2Complex%20DOM%20%20TodoMVC.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
<strong><em>Single-page-applications (News Site)</em></strong>
</p>
<p>
Single-page-applications (SPAs) are widely used on the web for streaming, gaming, social media and pretty much anything you can imagine. A SPA lets us capture navigating between pages and interacting with an app. We chose a news site to represent a SPA, since it allows us to capture the main areas of interest in a deterministic way. An important factor was that we want to ensure we are using static local data and that the app doesn’t rely on network requests to present this data to the user.
</p>
<p>
Two implementations are included: one built with Next.js and the other with Nuxt. This gave us the opportunity to represent applications built with meta frameworks, with the caveat that we needed to ensure to use static outputs.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeu13O9BevycHTsDVrYPsWvaM3lJEKPPUz9Ket2PmQLQE3pOpYTE_YNv85egpLFAqW3_5f0c-fHclB283uH7Xh8bTJsxMeFu9ArDW892iBSFNVTrVhqKLw4JN23XrW-zH8BnIdvND1SbC9am0kF16t4DjPuSOoOoF5qqprsyFHiMNOINqpNWZTXsQWtQAE/s826/3Single-page-applications%20(News%20Site).png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="690" data-original-width="826" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeu13O9BevycHTsDVrYPsWvaM3lJEKPPUz9Ket2PmQLQE3pOpYTE_YNv85egpLFAqW3_5f0c-fHclB283uH7Xh8bTJsxMeFu9ArDW892iBSFNVTrVhqKLw4JN23XrW-zH8BnIdvND1SbC9am0kF16t4DjPuSOoOoF5qqprsyFHiMNOINqpNWZTXsQWtQAE/s16000/3Single-page-applications%20(News%20Site).png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
Tests for the news site mimic a typical user journey, by selecting a menu item and navigating to another section of the site.
</p>
<ol>
<li>Click on ‘More’ toggle of the navigation
</li><li>Click on a navigation button
</li><li>Repeat steps 1 and 2 a set amount of times
</li>
</ol>
<p>
These tests let us evaluate how well a browser can handle large DOM and CSSOM changes, by changing a large amount of data that needs to be displayed when navigating to a different page.
</p>
<p>
<strong><em>Charting Apps & Dashboards</em></strong>
</p>
<p>
Charting apps allow us to test SVG and canvas rendering by displaying charts in various workloads.
</p>
<p>
These apps represent popular sites that display financial information, stock charts or dashboards.
</p>
<p>
Both SVG rendering and the use of the canvas api weren’t represented in previous releases of Speedometer.
</p>
<p>
<strong>Observable Plot</strong> displays a stacked bar chart, as well as a dotted chart. It is based on D3, which is a JavaScript library for visualizing tabular data and outputs SVG elements. It loops through a big dataset to build the source data that D3 needs, using map, filter and flatMap methods. As a result this exercises creation and copying of objects and arrays.
</p>
<p>
<strong>Chart.js</strong> is a JavaScript charting library. The included workload displays a scatter graph with the canvas api, both with some transparency and with full opacity. This uses the same data as the previous workload, but with a different preparation phase. In this case it makes a heavy use of trigonometry to compute distances between airports.
</p>
<p>
<strong>React Stockcharts</strong> displays a dashboard for stocks. It is based on D3 for all computation, but outputs SVG directly using React.
</p>
<p>
<strong>Webkit Perf-Dashboard</strong> is an application used to track various performance metrics of WebKit. The dashboard uses canvas drawing and web components for its ui.
</p>
<p>
These workloads test DOM manipulation with SVG or canvas by interacting with charts. For example here are the interactions of the Observable Plot workload:<br />
</p>
<ol>
<li>Prepare data: compute the input datasets to output structures that D3 understands.
</li><li>Add stacked chart: this draws a chart using SVG elements.
</li><li>Change input slider to change the computation parameters.
</li><li>Repeat steps 1 and 2
</li><li>Reset: this clears the view
</li><li>Add dotted chart: this draws another type of graph (dots instead of bars) to exercise different drawing primitives. This also uses a power scale.</li>
</ol><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1QH4eW4eb6BhbRSvNOkbrq9HXwSWc53aNbMKuxv5I5Sw2LzMiN5BMVqAwo6GCag4VGThAy9jifHBmc2yVRDxwNFuJo6C-jymDoTfpZqzcmFNOrtWUsHfbUxeQ0cjixXh7WRajjHdj-V_dK-FrQxCEEV5XXDzgKp7Q3xiHrTc9LJcgDaO9Ryg4_KnsYKhN/s846/4Webkit%20Perf-Dashboard_1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="706" data-original-width="846" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1QH4eW4eb6BhbRSvNOkbrq9HXwSWc53aNbMKuxv5I5Sw2LzMiN5BMVqAwo6GCag4VGThAy9jifHBmc2yVRDxwNFuJo6C-jymDoTfpZqzcmFNOrtWUsHfbUxeQ0cjixXh7WRajjHdj-V_dK-FrQxCEEV5XXDzgKp7Q3xiHrTc9LJcgDaO9Ryg4_KnsYKhN/s16000/4Webkit%20Perf-Dashboard_1.png" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BWgJu6HvFqDwADBq9Q0GblZFHIJpp052nYZM0CgRfQbbsAp-VTN8Xpy1o1XbYhIqUKoGg4uELeo6Un2NHFul2qaAzL99Y7vxJqASK8uMXDD8GyX2jIFIAiBl36suwaHO5hGUmvxQMt09mX38Oh5R8hOXckFneevSpQlChMu5qQmcUiKIqoaAQiCxNjrB/s822/5Webkit%20Perf-Dashboard_2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="696" data-original-width="822" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BWgJu6HvFqDwADBq9Q0GblZFHIJpp052nYZM0CgRfQbbsAp-VTN8Xpy1o1XbYhIqUKoGg4uELeo6Un2NHFul2qaAzL99Y7vxJqASK8uMXDD8GyX2jIFIAiBl36suwaHO5hGUmvxQMt09mX38Oh5R8hOXckFneevSpQlChMu5qQmcUiKIqoaAQiCxNjrB/s16000/5Webkit%20Perf-Dashboard_2.png" /></a></div><br /><div style="text-align: center;"><br /></div>
<p>
<strong><em>Code Editors</em></strong>
</p>
<p>
Editors, for example WYSIWYG text and code editors, let us focus on editing live text and capturing form interactions. Typical scenarios are writing an email, logging into a website or filling out an online form. Although there is some form interaction present in the TodoMVC apps, the editor workloads use a large data set, which lets us evaluate performance more accurately.
</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHb9rJqJXZ95LXsDjo8Zd1l2TciE1uFZ5eolDJf3euB5P7C8KwJ27vB-xlCic8R7CHNy7Qxuea9zuCsqbdJ4k6safN5Z7oA6KadxbzYEus6TRmVV0cHZLcJedupQb6R-0DB4YpMagfvjviPhxGfWAIDmxzJ7jBXGzjALxeMmxuEoTACaNMIrDqEnoAMwXA/s846/6Code%20Editors.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="708" data-original-width="846" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHb9rJqJXZ95LXsDjo8Zd1l2TciE1uFZ5eolDJf3euB5P7C8KwJ27vB-xlCic8R7CHNy7Qxuea9zuCsqbdJ4k6safN5Z7oA6KadxbzYEus6TRmVV0cHZLcJedupQb6R-0DB4YpMagfvjviPhxGfWAIDmxzJ7jBXGzjALxeMmxuEoTACaNMIrDqEnoAMwXA/s16000/6Code%20Editors.png" /></a></div><br /><p style="text-align: center;"><br /></p>
<p>
<strong>Codemirror</strong> is a code editor that implements a text input field with support for many editing features. Several languages and frameworks are available and for this workload we used the JavaScript library from Codemirror.
</p>
<p>
<strong>Tiptap</strong> Editor is a headless, framework-agnostic rich text editor that's customizable and extendable. This workload used Tiptap as its basis and added a simple ui to interact with.
</p>
<p>
Both apps test DOM insertion and manipulation of a large amount of data in the following way:
</p>
<ol>
<li>Create an editable element.
</li><li>Insert a long text.: Codemirror uses the development bundle of React, whileTipTap loads an excerpt of Proust’s Du Côté de Chez Swann.
</li><li>Highlight text: Codemirror turns on syntax highlighting, while TipTap sets all the text to bold.
</li>
</ol>
<h3 style="text-align: left;"><strong>Parting words</strong></h3>
<p>
Being able to collaborate with all major browser vendors and having all of us contribute to workloads has been a unique experience and we are looking forward to continuing to collaborate in the browser benchmarking space.
</p>
<p>
Don’t forget to check out the new release of Speedometer and test it out in your favorite browser, dig into the results, check out our repo and feel free to open issues with any improvements or ideas for workloads you would like to see included in the next version. We are aiming for a more frequent release schedule in the future and if you are a framework author and want to contribute, feel free to file an issue on our <a href="https://github.com/WebKit/Speedometer/issues">Github</a> to start the discussion.
</p>
<p>
<em><span style="font-size: x-small;">Posted by Thorsten Kober, Chrome Aurora</span></em>
</p>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-65208255269571151982024-02-13T09:00:00.000-08:002024-02-13T11:07:04.427-08:00Optimizing Safe Browsing checks in Chrome<span id="docs-internal-guid-70d6c0ca-7fff-dc87-8a1c-c7855c824f96"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Balancing security and usability is always top of mind for us as we strive to stay on top of the constantly evolving threat landscape while building products that are delightful to use. To that end, we'd like to announce a few recent changes to how Chrome works with Google Safe Browsing to keep you safe online while optimizing for smooth and uninterrupted web browsing.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: inherit; font-size: medium;">Asynchronous checks</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: inherit;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Today, Safe Browsing checks are on the blocking path of page loads in Chrome, meaning that users cannot see pages until checks are completed. While this works fine for local-first checks such as those made using </span><a href="https://developers.google.com/safe-browsing/v4" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Safe Browsing API v4</span></a><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, it can add latency for checks made directly with the Safe Browsing server. Starting in Chrome 122, we will begin to introduce an asynchronous mechanism which will allow sites to load even while real-time checks with Safe Browsing servers are in progress. We expect this to reduce page load time and improve user experience as real-time server-side checks will no longer block page load, although if a site is found to be dangerous after the page loads then a warning will still be shown.</span></span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In addition to the performance boost, this change will let us improve the quality of protection over time. By taking the remote lookup outside of the blocking path of the page load, we're now able to experiment with and deploy novel AI and ML based algorithms to detect and block more phishing and social engineering attacks. It was previously challenging to perform such experimentation because of the potential to delay page loads.</span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In terms of potential risks, we evaluated the following and concluded that sufficient mitigations are in place:</span></p><div><span style="font-family: inherit;"><br /></span></div><span id="docs-internal-guid-9a89d10b-7fff-7a14-97bb-c03f9c6672d0" style="font-family: inherit;"><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Phishing and social engineering attacks</span><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">: With the move to asynchronous checks, such sites may start to load while server-side Safe Browsing checks are in progress. We have studied the timing data and concluded that it is extremely unlikely a user would have significantly interacted with (e.g. typed in a password) such a site by the time a warning is shown.</span></p></li><li aria-level="1" dir="ltr" style="color: #434343; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Exploits against the browser</span><span face="Arial, sans-serif" style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">: Chrome maintains a local Safe Browsing list of some sites which are known to deliver browser exploits, and we'll continue to check that synchronously. Besides this, we always recommend </span><a href="https://support.google.com/chrome/answer/95414" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">updating Chrome</span></a><span face="Arial, sans-serif" style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> as soon as an update is available, to stay protected online.</span></p></li></ul></span><div><span face="Arial, sans-serif"><span style="font-family: inherit; font-size: 13.3333px; white-space-collapse: preserve;"><br /></span></span></div><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: inherit; font-size: medium;">Sub-resource checks</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Most sites we encounter include various sub-resources as a way to render their content. These sub-resources can include images, scripts, and more. Chrome has historically checked both top-level URLs as well as sub-resources with Safe Browsing in order to warn on potentially harmful sites. While the majority of sub-resources are safe, in the past, we'd commonly observe compromised sites embedding sub-resources that were being leveraged by bad actors to distribute malware and exploit browsers at scale.</span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In recent years, we've seen this attacker trend decline – large scale campaigns that exploit sub-resources are no longer common, making sub-resource checks less important. Additionally, our advances in intelligence gathering, threat detection, and Safe Browsing APIs mean that we now have other ways to protect users in real-time without relying on sub-resource checks. For example, Chrome’s client-side visual ML model can spot images used to create phishing pages, regardless of their use of sub-resources.</span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">As such, moving forward Chrome will no longer check the URLs of sub-resources with Safe Browsing. This means that Chrome clients now connect to Google less frequently, which reduces unnecessary network bandwidth cost for users. On the Safe Browsing side, the change allows us to drastically simplify detection logic and APIs, which helps improve infrastructure reliability and warning accuracy, thus reducing risk overall.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: inherit; font-size: medium;">PDF download checks</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Finally, we have vastly reduced the frequency with which Chrome contacts Safe Browsing to check PDF downloads.</span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In the past, PDF was a widely exploited file type due to its popularity. As time has passed, thanks in part to the ongoing hardening of PDF viewers (for example, Chrome's PDF viewer is sandboxed), we aren't seeing widespread exploitation of PDF anymore, nor do we hear industry reports about it being a dangerous file type. Even when we have observed malicious PDFs in the wild, they have contained links that redirect users back to Chrome which gives us another chance to protect users.</span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">As a result of this change, Chrome is now contacting Safe Browsing billions of times less often each week.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: inherit; font-size: medium;">What to expect</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-family: inherit; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The changes described above, while mostly under the hood, should result in a smoother web browsing experience for Chrome users without a degradation in security posture. We'll continue to monitor trends in the threat landscape, and remain ready to respond to keep you safe online.</span></p><span style="font-family: inherit;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: inherit; font-size: xx-small;">Posted by Jasika Bawa, Chrome Security & Jonathan Li, Safe Browsing</span></span></p><div><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-55640869564271190802024-02-05T08:42:00.000-08:002024-02-05T09:45:44.450-08:00Chromium Issue Tracker migration is complete<span id="docs-internal-guid-58c93b83-7fff-adfe-35bb-5d0ea88ea6ae"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="'Google Sans',sans-serif" style="background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre;">We are thrilled to share that Chromium issue tracking has migrated!</span><span face="'Google Sans',sans-serif" style="background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;"> </span><a href="https://issues.chromium.org/issues" style="text-decoration: none;"><span face="'Google Sans',sans-serif" style="-webkit-text-decoration-skip: none; background-color: transparent; color: #1155cc; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre;">Access the Issue Tracker</span></a><a href="http://issues.chromium.org" style="text-decoration: none;"><span face="'Google Sans',sans-serif" style="-webkit-text-decoration-skip: none; background-color: transparent; color: #1155cc; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre;">,</span></a><span face="'Google Sans',sans-serif" style="background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;"> and </span><a href="https://www.chromium.org/for-testers/faq/" style="text-decoration: none;"><span face="'Google Sans',sans-serif" style="-webkit-text-decoration-skip: none; background-color: transparent; color: #1155cc; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre;">supporting documentation</span></a><span face="'Google Sans',sans-serif" style="background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;">. </span></p></span><span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><b id="docs-internal-guid-f9bdbf0a-7fff-ed49-7993-33f541a95d22" style="font-weight: normal;"><br /></b></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><b style="font-weight: normal;"><br /></b></p><h1 dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="'Google Sans',sans-serif" style="background-color: transparent; color: #2196f3; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre;"><br /></span></h1><h1 dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="'Google Sans',sans-serif" style="background-color: transparent; color: #2196f3; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre;">Why was this done</span></h1></span><br /><br />Issue tracking moved from Monorail to the Chromium Issue Tracker (powered by the <a href="https://developers.google.com/issue-tracker">Google Issue Tracker</a>) to provide a feature-rich and well-supported issue tracker for Chromium’s ecosystem. Chromium joins other open source projects (Git, Gerrit) on this tooling. <br /><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face="'Google Sans',sans-serif" style="background-color: transparent; color: #2196f3; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre;">What happens moving forward </span></p>Existing Monorail issue links will redirect to the migrated issues in the new issue tracker. We will prioritize feedback to continue to improve the issue tracker experience.<br /><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face="'Google Sans',sans-serif" style="background-color: transparent; color: #2196f3; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre;">Help & Feedback</span></p>You can reach out at any time to <a href="mailto:issue-tracker-support@chromium.org">issue-tracker-support@chromium.org</a> with questions or concerns.Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-20677134602175917412024-02-02T09:02:00.000-08:002024-02-02T09:02:56.503-08:00Chromium Issue Tracker migration beginning Feb 2, 2024 at 5pm PST<span id="docs-internal-guid-7712e48b-7fff-c6f2-514d-bbc411672d89"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">As we shared </span><a href="https://blog.chromium.org/2023/10/update-to-developers-chromium-issue.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">last year</span></a><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, Chromium is moving to a different issue tracker to provide a well-supported user experience for the long term. </span><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Migration is beginning today (February 2, 2024) at 5pm PST.</span><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> We expect migration will be completed by the end of day (PST) February 4, 2024.</span></p><br /><h1 dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #2196f3; font-family: "Google Sans", sans-serif; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">What’s happening</span></h1><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">We will migrate all Chromium issues, including issue history and stars, from Monorail to a different tool: </span><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Chromium Issue Tracker</span><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, powered by the </span><a href="https://developers.google.com/issue-tracker" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Google Issue Tracker</span></a><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. This tooling change will provide a feature-rich and well-supported issue tracker for Chromium’s ecosystem. Chromium will join other open source projects (Git, Gerrit) on this tooling. Existing transparency levels to bugs will be maintained. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #2196f3; font-family: "Google Sans", sans-serif; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Post-Migration </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">We will publish another post once the migration is complete. </span><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Once the migration completes, existing Monorail issue links will redirect to the migrated issues in the new issue tracker. We will prioritize feedback to continue to improve the issue tracker experience. Documentation on new and common workflows will be added to </span><a href="http://chromium.org" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">chromium.org</span></a><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> once the migration is complete. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #2196f3; font-family: "Google Sans", sans-serif; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Help & Feedback</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">You can reach out at any time to </span><a href="mailto:issue-tracker-support@chromium.org" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">issue-tracker-support@chromium.org</span></a><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> with questions or concerns.</span></p></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-71043534173567998422023-11-08T09:59:00.000-08:002023-11-08T09:59:07.831-08:00A new way to seamlessly browse across devices with Chrome on iOS<span id="docs-internal-guid-f4180aee-7fff-7fdc-1156-e03b40e39468"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Whether you’re browsing the web on your PC at home or on the go with your phone, we designed Chrome to be simple to use and work great on all platforms. For example, tools like Chrome sync have made it possible for you to access your bookmarks and passwords when switching between all your devices. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In the coming weeks we’re making changes to Chrome on iOS to help you get to your most important stuff right away. Instead of having to set up Chrome sync on your device, you can now simply sign in to Chrome to save new things in your Google Account and access what's already there. This may feel familiar to you, as it’s how many Google apps on iOS already work today. Once you’re signed in to Chrome, you’ll be able to save your important stuff to your account, including bookmarks, reading lists, passwords, payment info, addresses and settings. And, you can separately opt in to synchronizing your tabs and browsing history from Chrome on iOS to your Google Account, which can help you pick up browsing where you left off on another device.</span></p><div><span><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNYAg0TphT2UwYOyritbckc35lBCL21CBc-mPsCQdxoJVR3WUBijbZ5Bj7xq9TeO16qhBlQXJBsmm2gZw-agtWVN0UPGgBAYlbwTPP4SL5X71XO5FVKf0VkytaEnpz52Dwbm7oJvjWOGqRUR53qZzD87PPaHMJ8bqqfFpu-PJD4PibOpwtO79MFtMo1d-Q/s1624/SignIn%20(with%20gesture).gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1624" data-original-width="750" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNYAg0TphT2UwYOyritbckc35lBCL21CBc-mPsCQdxoJVR3WUBijbZ5Bj7xq9TeO16qhBlQXJBsmm2gZw-agtWVN0UPGgBAYlbwTPP4SL5X71XO5FVKf0VkytaEnpz52Dwbm7oJvjWOGqRUR53qZzD87PPaHMJ8bqqfFpu-PJD4PibOpwtO79MFtMo1d-Q/w296-h640/SignIn%20(with%20gesture).gif" width="296" /></a></div><br /><span><br /></span></div><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">These updates are also designed to help you manage your data. When you sign in to Chrome, the browsing data that’s already on your device will be kept separate as local data on your device. You’ll be able to easily distinguish local from account data in settings. And, if you want any local data to be available on your other devices, you can simply go to settings and save it to your account.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Signing in to Chrome on iOS remains entirely optional. If you don’t sign in, you can still save your bookmarks, passwords and more, but they will be available only on the device where you saved them. You can also continue to sign in to Google web services like Gmail without signing in to Chrome.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">We’re hoping these changes make it even easier for you to get the best of Chrome while offering you all the flexibility you need.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: xx-small;">Posted by Nico Jersch, Chrome Product Manager</span></span></p><br /></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-41125522974509549842023-11-07T09:03:00.001-08:002023-11-07T09:03:15.656-08:00How Core Web Vitals saved users 10,000 years of waiting for web pages to load<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmp1qvDcNBZtkhpYpK-Ly3iyOHgmGT9L3c8nQlJFRy6ncMfwdblt0BYX_j3zBBRqSA9wrnKdeth6rOtS325MPGr0CNesGPFa4ZS83FLR0lcxFfKkarvl2OZcOgEb4XloVsDLvr1a3h_5YBQSX4ZdLdx2cuQyUdsbcDp2FYZzjJWGnVdlvEzxxv2asH_yT8/s400/Fast%20Curious_image.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="166" data-original-width="400" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmp1qvDcNBZtkhpYpK-Ly3iyOHgmGT9L3c8nQlJFRy6ncMfwdblt0BYX_j3zBBRqSA9wrnKdeth6rOtS325MPGr0CNesGPFa4ZS83FLR0lcxFfKkarvl2OZcOgEb4XloVsDLvr1a3h_5YBQSX4ZdLdx2cuQyUdsbcDp2FYZzjJWGnVdlvEzxxv2asH_yT8/w400-h166/Fast%20Curious_image.png" width="400" /></a></div><br /><span face="Arial, sans-serif" style="font-size: 10pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span><p></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">T</span><span face="Arial, sans-serif" style="font-size: 10pt; font-style: italic; white-space-collapse: preserve;">oday’s The Fast and the Curious post explores how Core Web Vitals saved Chrome users more than 10,000 Years of waiting for web pages to load in 2023 (across Chrome desktop and Android) by quantifying the experience of sites and identifying opportunities to make improvements.</span></p><br /><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In 2020, we introduced </span><a href="https://web.dev/vitals/" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Web Vitals</span></a><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> - essential quality signals for webpages to ensure a better user experience. Since then, there has been a massive leap in web performance made possible by our work on Core Web Vitals (CWV) and its broader impact on the web. Today, over 40% of sites pass all of the CWV metrics, leading to pages that load and respond to interactions more quickly. Here’s a closer look at the journey to help improve the performance for sites and some specific work done in the browser and the ecosystem to enable this achievement. </span></p><br /><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: large;">Chrome's Quest for Speed</span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The very essence of the web lies in its ability to provide information and services efficiently and rapidly. This principle is at the heart of Google's business and drives our work on Chrome. However, we noticed an issue with sites over a long time horizon. Even if slow sites improved their performance for a while, it would often decline over time. No matter how fast Google Search might be, the user experience would be subpar if the pages found were slow to load.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">We could not help these sites improve their performance directly, but we wanted users to have a great experience when they moved from Google Search to the individual sites. To tackle the challenge of improving the user experience while simultaneously providing unified guidance to developers, teams from Search and Chrome collaborated to address the issue of slow web pages.</span></p><br /><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: large;">Defining the Fast Web </span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">We examined millions of pages to define a public standard for a fast, user-friendly web page (initially published in </span><a href="https://blog.chromium.org/2020/05/the-science-behind-web-vitals.html" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">The Science Behind Web Vitals</span></a><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">). We published our specifications and data to the open ecosystem and took note of the feedback we received. The introduction of CWV metrics such as </span><a href="https://web.dev/articles/lcp" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">LCP</span></a><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> (Largest Contentful Paint) was groundbreaking because it allowed us to measure when the user actually sees the content. The ability to measure the actual user experience at scale has been foundational to the improvements that we will discuss in this blog post.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Next, we updated Google's search ranking algorithms in August 2021 to consider, among other factors, whether a page met the speed and usability standards established as part of CWV. Today, it remains </span><a href="https://developers.google.com/search/docs/appearance/page-experience#core-web-vitals" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">highly recommended</span></a><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> for site owners to achieve good Core Web Vitals for success with Search and to ensure a great user experience generally.</span></p><br /><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: large;">Exponential Impact of Small Changes</span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The results we saw after these changes were significant. The average page load in Chrome is now 166 ms faster. That might seem like a minor improvement, but small changes can accumulate to create a substantial impact on the web. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">So far in 2023, this project saved users over 10,000 years of waiting for web pages to load and over 1,200 years of waiting for web pages to respond to user input. And the web continues to get faster. We also tracked improvements in how many navigations meet Core Web Vitals (CWV). The current figures stand at 64.45% for mobile (up from 64%) and 68.39% for desktop (up from 67%). The Chrome Data team projects a ~69% pass rate by the end of the year.</span></p><div><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJXlVkkM1NpqQVv72HdG9lqOx0BNVa0zA8ALsBeqZI5ZRB-WQt4MDj3SMPDkwFBQt8J8Y3d6f2TaWpz_9dHjdNUNTTaNIduP5aD-y1_c_c980qRKByLSQDcZ8RVx6v3YwE__etQlQAUwTKaJJKhYQZYpyewk-QBA5apndz0w6jjdPsWhANwHhQxOYXML1r/s954/Screenshot%202023-11-06%20at%209.45.17%E2%80%AFAM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="536" data-original-width="954" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJXlVkkM1NpqQVv72HdG9lqOx0BNVa0zA8ALsBeqZI5ZRB-WQt4MDj3SMPDkwFBQt8J8Y3d6f2TaWpz_9dHjdNUNTTaNIduP5aD-y1_c_c980qRKByLSQDcZ8RVx6v3YwE__etQlQAUwTKaJJKhYQZYpyewk-QBA5apndz0w6jjdPsWhANwHhQxOYXML1r/w640-h360/Screenshot%202023-11-06%20at%209.45.17%E2%80%AFAM.png" title="Caption: Our savings for LCP translate into 8,000 years saved for users waiting for pages to load on Android and 2,000 years in 2023 so far. On INP, we have saved users 800 years on Android and 450 years on Windows so far in 2023." width="640" /></a></div><span face="Arial, sans-serif" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><span id="docs-internal-guid-d3bb3188-7fff-d2e6-9ed6-dd110b96dabe"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><i><span id="docs-internal-guid-ec2eec2f-7fff-9721-9c42-de5217fb0a87"></span></i></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><i>Caption: Our savings for LCP translate into 8,000 years saved for users waiting for pages to load on Android and 2,000 years in 2023 so far. On INP, we have saved users 800 years on Android and 450 years on Windows so far in 2023.</i></span></p><div><br /></div></span></span></div><div><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><p dir="ltr" style="font-family: Arial, sans-serif; font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; white-space-collapse: preserve;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Next, let’s look at some recent updates from both the Chrome team and the wider developer ecosystem, demonstrating how our joint efforts are speeding up the web.</span></p><span face="Arial, sans-serif" style="font-size: 10pt; white-space-collapse: preserve;"><br /><br /></span><p dir="ltr" style="font-family: Arial, sans-serif; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; white-space-collapse: preserve;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;"><span style="font-size: large;">Chrome’s Core Web Vitals Achievements</span></span></p><br /><p dir="ltr" style="font-family: Arial, sans-serif; font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; white-space-collapse: preserve;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">We’re proud to highlight numerous ways we’ve optimized performance. </span></p><span face="Arial, sans-serif" style="font-size: 10pt; white-space-collapse: preserve;"><br /></span><ul style="font-family: Arial, sans-serif; font-size: 10pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px; white-space-collapse: preserve;"><li aria-level="1" dir="ltr" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The </span><a href="https://web.dev/articles/bfcache" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Back/forward cache</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> (bfcache) is designed to improve browsing experience by enabling instant back and forward navigation. BFCache’s hit rate has improved month-over-month on both Android (3.6%) and Desktop (1.8%).</span></p></li></ul><span face="Arial, sans-serif" style="font-size: 10pt; white-space-collapse: preserve;"><br /></span><ul style="font-family: Arial, sans-serif; font-size: 10pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px; white-space-collapse: preserve;"><li aria-level="1" dir="ltr" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Another example of a particularly impactful optimization is our PreconnectOnAnchorInteraction feature which connects to origins on pointer-down rather than pointer-up. This fully launched feature led to a 6/10ms (0.4/1%) median LCP improvement on Android/Desktop, and an improvement in cross-origin LCP by ~60ms on both Android and Desktop. The launch also resulted in a 0.08% Content Ad revenue increase, underlining the significant impact of performance optimizations on user engagement and ecosystem health.</span></p></li></ul><span face="Arial, sans-serif" style="font-size: 10pt; white-space-collapse: preserve;"><br /></span><ul style="font-family: Arial, sans-serif; font-size: 10pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px; white-space-collapse: preserve;"><li aria-level="1" dir="ltr" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">We also introduced </span><a href="https://developer.chrome.com/blog/prerender-pages/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">prerendering</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, which makes pages load instantly by rendering them before the user actually visits. Page loads via typing URLs directly in the omnibox get a 500-700ms (14-25%) median LCP improvement when prerendered, depending on the platform, moving global median LCP across all navigations by 6.4ms. We're currently rolling out prerendering of omnibox-initiated searches.</span></p></li></ul><span face="Arial, sans-serif" style="font-size: 10pt; white-space-collapse: preserve;"><br /></span><ul style="font-family: Arial, sans-serif; font-size: 10pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px; white-space-collapse: preserve;"><li aria-level="1" dir="ltr" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Chrome has been working hard to keep background tabs out of your way. Implementing </span><a href="https://blog.chromium.org/2020/11/tab-throttling-and-more-performance.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">tab throttling for background tabs</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> running at EcoQOS on Windows 11 and Task Role and QoS Adjustments on macOS have led to improvements in Largest Contentful Paint (</span><a href="http://web.dev/lcp" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">LCP</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">) and Interaction to Next Paint (</span><a href="https://web.dev/articles/inp" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">INP</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">). </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"><br /><br /></span></p></li><li aria-level="1" dir="ltr" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The web’s modern ability to run all types of applications also comes with a mandate to manage the workload that this encurs. We have been optimizing Chrome under mutliple active tabs and are happy to report improvements to scheduling and contention which improve INP by 5% and LCP by 2% in the last 6 months.</span></p></li></ul><span face="Arial, sans-serif" style="font-size: 10pt; white-space-collapse: preserve;"><br /></span><ul style="font-family: Arial, sans-serif; font-size: 10pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px; white-space-collapse: preserve;"><li aria-level="1" dir="ltr" style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">We have made targeted improvements to the page loading code in Chrome in 2022. These resulted in LCP improving by 10% on Android, and CWV pass rate improving by 1.5%.</span></p></li></ul><span face="Arial, sans-serif" style="font-size: 10pt; white-space-collapse: preserve;"><br /></span><ul style="font-family: Arial, sans-serif; font-size: 10pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px; white-space-collapse: preserve;"><li aria-level="1" dir="ltr" style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Chrome's renderer has also seen some improvements. The renderer's main thread includes task queues for JavaScript, rendering, and image loading. Some changes that alter the priority of these tasks for optimal CWV include.</span></p></li><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="2" dir="ltr" style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">High priority image loading: </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Historically, image-loading had the same or lower priority than rendering. However, an experiment showed that between an image load task and a rendering task, choosing the image load task first can prevent layout shift of an intermediate frame that doesn't have the image and also improves LCP. The improvement on Android at the 75th percentile was </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">-6.66%</span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> for CLS and </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">-0.82%</span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> for LCP, improving the CWV pass rate on Android by </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">+0.24%.</span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> A similar experiment that boosted the loading priority to "medium" of the first five images parsed from the HTML (for non-icon-sized images) showed an improvement on Android at the 75th percentile of </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">-6.08%</span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> for CLS and </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">-0.53%</span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> for LCP. A combined experiment showed the effects of both changes were largely independent. </span></p></li><li aria-level="2" dir="ltr" style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Prioritize compositing after delay: </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">If it has been more than 100ms since the last </span><a href="https://developer.chrome.com/blog/inside-browser-part3/#what-is-compositing" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">compositing</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> task run, elevate the priority of any queued compositing task so that it will preempt normal-priority work. This produced an improvement of </span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">-0.27%</span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> for CLS on Android and Windows at the 95th percentile.</span></p></li><li aria-level="2" dir="ltr" style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">SVG Raster Optimizations</span><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">: Another SVG drawing optimization improved INP pass rates on desktops by -2.28% for MacOS at the 75th percentile. </span></p></li></ul></ul><div style="font-family: Arial, sans-serif; font-size: 10pt; white-space-collapse: preserve;"><span style="color: #0e101a;"><br /></span></div><div><div class="separator" style="clear: both; font-family: Arial, sans-serif; font-size: 10pt; text-align: center; white-space-collapse: preserve;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKRmZM0AQmYrx8wvUc0LqtpIwpGOgGPcPGqTeezyXUM0q1WY_TP_AN9UJno42Eutj7xBDlzFUCN0yM_MItJU_hb4fqPl2LCQVR66p6lHoGqRjiEAh1R39eFrSgwZW9uNmIsxWmtl-9SEQyQxb51x_XD1vwLi1JhI3eIa5uCMvxXbRj5WQDrIERvHwGkL-V/s816/video.gif" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="312" data-original-width="816" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKRmZM0AQmYrx8wvUc0LqtpIwpGOgGPcPGqTeezyXUM0q1WY_TP_AN9UJno42Eutj7xBDlzFUCN0yM_MItJU_hb4fqPl2LCQVR66p6lHoGqRjiEAh1R39eFrSgwZW9uNmIsxWmtl-9SEQyQxb51x_XD1vwLi1JhI3eIa5uCMvxXbRj5WQDrIERvHwGkL-V/w640-h244/video.gif" width="640" /></a></div><br /><span style="color: #0e101a;"><i><span face="Arial, sans-serif"><span style="font-size: 13.3333px; white-space-collapse: preserve;">Caption: An example of Chrome’s new prioritized loading of the first five images parsed from the HTML. This improved LCP from 3.1s to 2.5s.</span></span></i></span></div><div><br /></div><div style="font-family: Arial, sans-serif; font-size: 10pt; white-space-collapse: preserve;"><span style="color: #0e101a;"><br /></span></div><div><span face="Arial, sans-serif" id="docs-internal-guid-834c64f4-7fff-cc90-0d9c-3e0473aa2cc9" style="white-space-collapse: preserve;"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;"><span style="font-size: large;">Ecosystem Core Web Vitals Achievements</span></span></p><br /><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The broader developer ecosystem has also achieved remarkable results by focusing on Core Web Vitals. </span><span style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The most significant achievement was the performance improvement on WordPress - the Content Management System that powers over a third of the web: "</span><a href="https://make.wordpress.org/core/2023/08/07/wordpress-6-3-performance-improvements/" style="text-decoration-line: none;"><span style="color: #4a6ee0; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">WordPress 6.3</span></a><span style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> loads 27% faster for block themes and 18% faster for classic themes, compared to WordPress 6.2, based on the </span><a href="https://web.dev/articles/lcp" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">Largest Contentful Paint (LCP)</span></a><span style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> metric". </span></p><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><br /></span></p><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><span id="docs-internal-guid-16173b3d-7fff-b359-9440-045d3b2d504d"><span style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Some parts of the WordPress ecosystem are going even further. Prerendering some links via the </span><a href="https://developer.chrome.com/blog/prerender-pages/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">speculation rules API</span></a><span style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">, </span><a href="https://nitropack.io/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">NitroPack</span></a><span style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">'s prerendered page loads have seen an 80% LCP improvement and 55% INP improvement compared to those without any speculative loading.</span></span></span></p><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><span><span style="color: black; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><br /></span></span></span></p><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><span></span></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxjcDZR8KcnwqG2wWjgsZP6vE1uCcUGuNCMCjORJUjoFBe2PBclSgQfNz4S21j4H7d8snA6gQUwewxoSjJEDK76Yt1NAaXjYnvmAYa9HI-P_pn6Ue7hN321LQsiPldKNt1DUz8nwqMX6AXb1GNRlHR_xOLnwfbDjSn6w0EszDNYU0F4miZnva8h-l75z4O/s984/Screenshot%202023-11-06%20at%209.48.00%E2%80%AFAM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="620" data-original-width="984" height="404" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxjcDZR8KcnwqG2wWjgsZP6vE1uCcUGuNCMCjORJUjoFBe2PBclSgQfNz4S21j4H7d8snA6gQUwewxoSjJEDK76Yt1NAaXjYnvmAYa9HI-P_pn6Ue7hN321LQsiPldKNt1DUz8nwqMX6AXb1GNRlHR_xOLnwfbDjSn6w0EszDNYU0F4miZnva8h-l75z4O/w640-h404/Screenshot%202023-11-06%20at%209.48.00%E2%80%AFAM.png" width="640" /></a></div><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 13.3333px; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><span face="Arial, sans-serif"><i>Caption: The percentage of origins passing all three Core Web Vitals (LCP, FID, CLS) with a "good" experience (Source: <a href="https://httparchive.org/reports/chrome-ux-report#cruxPassesCWV">HTTP Archive</a>)
</i></span></span></p><div style="font-family: Arial, sans-serif; white-space-collapse: preserve;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><br /></span></div><p dir="ltr" style="font-family: Arial, sans-serif; font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; white-space-collapse: preserve;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The JavaScript framework community has also seen Core Web Vital gains. Over the past few years, </span><a href="https://developers.chrome.com/aurora" style="font-size: 10pt; text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">Chrome Aurora</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> has collaborated with Next.js, Angular, and Nuxt to release performance-focused features like the </span><a href="https://nextjs.org/docs/app/building-your-application/optimizing/scripts" style="font-size: 10pt; text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">next/script component</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">, </span><a href="https://angular.io/guide/image-directive" style="font-size: 10pt; text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">NgOptimizedImage</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">, and </span><a href="https://google-fonts.nuxtjs.org/" style="font-size: 10pt; text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">nuxt/google-fonts</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">. In 2022, Next.js pass rates increased from 20.4% to 27.3%, Angular pass rates increased from 7.6% to 13.2%, and Nuxt pass rates increased from 15.8% to 20.2%. Enterprise partners who tried our features have seen wins in LCP. For example, after switching to NgOptimizedImage, Land's End saw a 40% LCP improvement on mobile in Lighthouse lab tests and a 75% improvement in LCP on desktop. In similar tests, CareerKarma's LCP reduced 24% when switching to next/script's web worker mode. </span></p></div><div style="font-family: Arial, sans-serif; white-space-collapse: preserve;"><span id="docs-internal-guid-9f3dc149-7fff-0670-014d-856f9e066f27"><span style="font-size: 10pt;"><br /></span><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">In the business world, performance optimization has led to remarkable growth. For instance, RedBus improved INP and observed a </span><a href="https://web.dev/case-studies/redbus-inp" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">7%</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> increase in conversion rates. Economic Times improved INP and saw a </span><a href="https://web.dev/case-studies/economic-times-inp" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">42%</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> rise in page views and a 49% reduction in bounce rate. Meesho successfully brought LCP down from 6.9s to 2.5s, resulting in a 16.6% reduction in bounce rate and a 3% increase in conversions.</span></p><span style="font-size: 10pt;"><br /></span><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Major web platforms have also seen significant improvements. Amazon has leveraged the bfcache change introduced on Chrome and saw a 22.7 percentage point (pp) improvement in bfcache hit rate with Chrome's latest version (M112). Cricbuzz experienced an even higher increase, with a 31.40 pp improvement.</span></p><span style="font-size: 10pt;"><br /><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;"><span style="font-size: large;">Partnering for a Better Web </span></span></p><br /><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">These performance improvements aren't just statistics – they represent real-world improvements in user experience (and hence </span><a href="https://web.dev/case-studies/terra-prefetching-case-study" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">business metrics</span></a><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">) as well as developer experience.</span></p><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> </span></p><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Crucially, we have managed to achieve these speed boosts without impacting developer satisfaction, which remains high at 90% overall. Through our developer satisfaction studies, we also found that about half (~51%) of developers are monitoring CWV and are either already optimizing for them or planning to do so. Furthermore, a significant majority (78%) of developers optimizing for CWV report seeing notable improvements in their scores.</span></p><span style="font-size: 10pt;"><br /></span><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Our aim is always to create a better web experience for all users, so we're excited to see the web getting faster. But we also understand that maintaining developer satisfaction is crucial to sustaining these improvements. As developers continue to monitor and optimize for CWV, we are optimistic about the future of web performance.</span></p><span style="font-size: 10pt;"><br /></span><p dir="ltr" style="font-size: 10pt; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 10pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">On behalf of the Chrome team, we want to thank the developer community for their incredible work. By focusing on Core Web Vitals, we've made the web a significantly faster and more enjoyable place to be. We look forward to continuing this journey together, making the web better for everyone, everywhere.</span></p><span style="font-size: 10pt;"><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: xx-small; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Posted by Addy Osmani, Annie Sullivan and Kouhei Ueno, Software Engineers for Chrome</span></p><span style="font-size: 10pt;"><br /></span></span></div></span></div>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-63138634676280542832023-10-16T08:30:00.000-07:002024-02-01T18:45:04.547-08:00Update to Developers: Chromium Issue Tracker migration<span id="docs-internal-guid-4a78bd0c-7fff-638f-d1bd-60b1745a03ee"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;">Update: Migration is on track for early February 2024 instead of January 2024.</p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Chromium is moving to a different issue tracker to provide a well-supported user experience for the long term. The Google team is targeting </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">January 2024</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> for migration—this post explains the details. </span></p><br /><h1 dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #2196f3; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">What’s happening</span></h1><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">We will migrate all Chromium issues, including issue history and stars, from Monorail to a different tool: </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Chromium Issue Tracker</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, powered by the </span><a href="https://developers.google.com/issue-tracker" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Google Issue Tracker</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. This tooling change will provide a feature-rich and well-supported issue tracker for Chromium’s ecosystem. Chromium will join other open source projects (Git, Gerrit) on this tooling. Existing transparency levels to bugs will be maintained. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #2196f3; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Timing</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">We are targeting </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">January 2024</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> for Chromium’s migration, and will share milestones and timing updates throughout the coming months.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #2196f3; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Migration Readiness</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In due course, we will share additional resources, including a walkthrough of the new issue tracker, highlighting key features.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #2196f3; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Post-Migration </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">While there will be differences, we are working to make the migration straightforward. Once the migration completes, existing Monorail issue links will redirect to the migrated issues in the new issue tracker. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #2196f3; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Help & Feedback</span></p><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">You can reach out at any time to </span><a href="mailto:issue-tracker-support@chromium.org" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">issue-tracker-support@chromium.org</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> with questions or concerns.</span></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-90375246255017253022023-10-11T09:00:00.001-07:002024-01-02T11:09:22.929-08:00Unlocking the power of TLS certificate automation for a safer and more reliable Internet<span id="docs-internal-guid-e5801e4f-7fff-84d3-07c0-e87c5eb74209"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">TL;DR: </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Automated certificate issuance and management strengthens the underlying security assurances provided by Transport Layer Security (TLS) by increasing agility and resilience. This post describes the benefits of automation and upcoming changes to the Chrome Root Program policy that represent Chrome Security’s ongoing commitment to improving web security. </span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: x-large;">Introduction</span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">One of the most common tools for enhancing user security on the Internet is “Transport Layer Security” (TLS), formerly known as “Secure Socket Layer” (SSL). At its most basic level, TLS is a security protocol that encrypts data such that only the intended recipient can read it. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Encryption makes the Internet more secure, but only if consistently and reliably deployed. The adoption of modern practices, like automated TLS certificate issuance and management, helps achieve this goal. </span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Background: TLS - The Foundation for Encrypted Communications on the Internet</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">You’re probably more familiar with TLS than you think, as it’s the underlying technology that puts the ‘S’ (referencing “Secure”) in </span><a href="https://web.dev/why-https-matters/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">HTTPS</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. We recently </span><a href="https://blog.chromium.org/2023/05/an-update-on-lock-icon.html" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">wrote</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> about HTTPS and how it’s become the norm, with over </span><a href="https://transparencyreport.google.com/https/overview?hl=en" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">92%</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> of page loads in Chrome on Android, Chrome OS, macOS, and Windows being transmitted using HTTPS.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 10pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">TLS is the cryptographic protocol that establishes a secure channel between a web browser and the web server hosting the website a user is browsing. It provides a few core security properties:</span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #0e101a; font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Encryption: </span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Ensures data being transmitted can’t be intercepted and understood by third parties or unintended recipients.</span></p></li><li aria-level="1" dir="ltr" style="color: #0e101a; font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Authentication: </span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Ensures the web server or application a web browser is connecting to is who it claims to be.</span></p></li><li aria-level="1" dir="ltr" style="color: #0e101a; font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Integrity: </span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Ensures data has not been altered while in transit.</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">To establish a TLS connection, a web browser and server introduce themselves and agree on the rules used to secure ongoing subsequent connections. This introduction is referred to as the “TLS Handshake.” If you’d like to look closer and improve your understanding of how TLS connections are established, check out </span><a href="https://tls13.xargs.org/#wrapped-record-2" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">this</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> resource. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://en.wikipedia.org/wiki/X.509" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">X.509 certificates</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, sometimes referred to as “certificates,” “TLS certificates,” or “server authentication certificates,” are an essential part of the TLS Handshake. Certificates are issued by trusted entities called “</span><a href="https://en.wikipedia.org/wiki/Certificate_authority" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Certification Authorities</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">” (CAs) and are responsible for verifying and subsequently binding a domain name (e.g., google.com) with a corresponding </span><a href="https://en.wikipedia.org/wiki/Public_key_certificate" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">public key</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. The certificate allows the web browser to verify it’s communicating with an authorized web server (i.e., server identity verification).</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">It’s important to note that TLS isn’t a perfect solution, nor does its use guarantee a website is </span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">completely</span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> safe. Remember, using TLS ensures web traffic is encrypted while in transit to or from the corresponding web server; it does not guarantee the safety or security of that content. TLS does not prevent phishing or malicious content like malware or viruses from being served to a website’s users. Removing opportunities for confusion related to the terms “encrypted" (a security property provided by TLS) and “safe" (a subjective feeling) is one of the reasons why, beginning in Chrome 117, </span><a href="https://blog.chromium.org/2023/05/an-update-on-lock-icon.html" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Chrome replaced the lock icon</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> in the address bar with a new security-neutral “tune” icon.</span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: x-large;">The Power of Automation</span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">As outlined above, server authentication certificates underpin the encrypted connections between web browsers and web servers. Publicly trusted certificates – those trusted in products like Chrome by default – must adhere to both industry-wide and web browser-specific policies, like the CA/Browser Forum “</span><a href="https://cabforum.org/baseline-requirements-documents/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Baseline Requirements</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">” and the Chrome Root Program </span><a href="https://g.co/chrome/root-policy" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">policy</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. One such requirement is that a certificate’s maximum validity is no more than 398 days. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Certificate validity is defined in </span><a href="https://datatracker.ietf.org/doc/html/rfc5280" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">RFC 5280</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> and determines the functional lifetime a certificate may </span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">maximally</span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> be considered valid for use in establishing TLS connections. While today, the maximum certificate validity is set to 398 days, this hasn’t always been the case. In just over ten years, the ecosystem has trended from unlimited certificate lifetime to 60 months (2012), to 39 months (2015), to 825 days (2018), to 398 days (2020). With each reduction in maximum validity, the underlying goal was always the same: improving security. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Shortening certificate lifetimes protects users by reducing the impact of compromised certificate keys and by speeding up the replacement of insecure technologies and practices across the web. Key compromises (i.e., when a web server certificate’s corresponding private key is accidentally or intentionally exposed) and the discovery of internet security weaknesses (e.g., the </span><a href="https://en.wikipedia.org/wiki/Heartbleed" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Heartbleed</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> bug) are common events that can lead to real-world harm, and the web’s users should be better protected against them. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The decreasing lifetime of certificates and the increasing number of certificates that organizations rely on have created a growing need for website operators to become more agile in managing certificates and corresponding infrastructure. Automation is one of the best methods of achieving increased agility, reliability, and security.</span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">What is Certificate Automation?</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">While there isn’t a one-size-fits-all definition of certificate automation, there is one shared element: the requirement for “hands-on” input from humans during initial certificate issuance and ongoing renewal is minimized or eliminated. Certificate automation simplifies the often complex and error-prone tasks associated with managing certificates, enhancing security and operational efficiency.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In the Web </span><a href="https://en.wikipedia.org/wiki/Public_key_infrastructure" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Public Key Infrastructure</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> (“Web PKI"), there are two major categories of certificate automation solutions: open solutions relying on standards such as the Automatic Certificate Management Environment (</span><a href="https://www.rfc-editor.org/rfc/rfc8555" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">ACME</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">) protocol and solutions often relying on proprietary tools or protocols.</span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Benefits of Automation</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Automated certificate issuance and management:</span></p><br /><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">promotes agility.</span></p></li><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="2" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: circle; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Automation increases the speed at which the benefits of new security capabilities are realized.</span></p></li></ul><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">increases resilience and reliability.</span></p></li><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="2" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: circle; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Automation eliminates human error and can help scale the certificate management process across complex environments.</span></p></li><li aria-level="2" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: circle; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Automation coupled with monitoring protects against website outages due to certificate expiration that could result in a loss of traffic, reputation, or revenue. </span></p></li><li aria-level="2" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: circle; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Innovations like </span><a href="https://datatracker.ietf.org/doc/draft-aaron-acme-ari/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">ACME Renewal Information</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> (ARI) present opportunities to seamlessly protect website operators and organizations from outages related to unforeseen events. </span><span style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">ARI allows CAs to communicate to web servers that they should attempt to renew a certificate during a defined window, for example, before a certificate is revoked due to an incident.</span></p></li></ul><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">increases efficiency.</span></p></li><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="2" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: circle; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Automation reduces the time and resources required to manage certificates manually. Though there is an initial investment to automate, over time, team members have increased availability to focus on more strategic, value-adding activities.</span></p></li></ul></ul><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Why does Automation Lead to Better Security?</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Automation improves security posture and increases resilience in response to unexpected events including CA incidents, Internet security weaknesses, and cryptographic deprecations.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><i>CA Incidents</i></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The Baseline Requirements prescribe response expectations for some types of CA incidents, and many of these responses include marking affected certificates as no longer trusted (“revoked”). Four years ago, Let’s Encrypt </span><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1619047" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">self-reported</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> a bug that affected over 3 million certificates. In response to the incident, nearly 2 million certificates were </span><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1619179#:~:text=We%20revoked%201%2C711%2C396%20certificates%20by%20the%20deadline%20(56%25%20of%20the%20total%20affected)%2C%20based%20on%20our%20evaluation%20that%20they%20had%20been%20replaced%2C%20were%20not%20in%20use%2C%20or%20currently%20had%20CAA%20records%20forbidding%20issuance%20to%20Let%27s%20Encrypt" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">revoked</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, meaning website operators needed to intervene and trigger replacement to avoid a potential outage. While the scale of this incident was atypical, Web PKI incidents that necessitate certificate re-issuance are commonplace. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">There are two important conclusions from this incident. First, the ACME protocol pioneered by and relied on by Let’s Encrypt presented the opportunity for affected website operators to recover from the incident with limited manual effort. More than </span><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1619179#c7:~:text=Since%20that%20announcement,in%20the%20future." style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">1.7 million</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> affected certificates were replaced in less than 48 hours. Second, the incident resulted in Let’s Encrypt’s commitment to developing and deploying a new protocol (ARI, described above) capable of improving response to future CA incidents such that certificate replacement can occur automatically without human intervention. Let’s Encrypt <a href="https://letsencrypt.org/2023/03/23/improving-resliiency-and-reliability-with-ari.html">announced</a> a production deployment of ARI in March 2023. Other CAs have the opportunity to deploy this open protocol (e.g., Google Trust Services <a href="https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html">announced</a> their production deployment of ARI in May 2023) to improve incident response.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><i>Internet Security Weaknesses </i></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 10pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In April 2014, a </span><a href="https://heartbleed.com/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">security vulnerability</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> (“Heartbleed”) was discovered in a popular cryptographic software library used to secure the majority of servers on the Internet that broke the security properties provided by TLS. It was estimated that in response to the bug, over </span><a href="https://www.netcraft.com/blog/heartbleed-certificate-revocation-tsunami-yet-to-arrive/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">500,000</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> active publicly accessible server authentication certificates needed to be revoked and replaced. Despite a demonstrated vulnerability, remediation efforts from website operators were slow. Only </span><a href="https://www.netcraft.com/blog/keys-left-unchanged-in-many-heartbleed-replacement-certificates/#:~:text=Only%2014%25%20of,bug%20was%20disclosed." style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">14%</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> of affected websites completed the necessary remediation steps within a month of disclosure. About </span><a href="https://www.bankinfosecurity.com/blogs/nonstop-heartbleed-nearly-200k-servers-still-vulnerable-p-2381" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">33%</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> of affected devices remained vulnerable nearly three years after disclosure. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The maximum certificate validity permitted by the Baseline Requirements at the time was five years. For some website operators, this meant the need to revisit the state of their TLS configuration was incorrectly assumed to be </span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">years</span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> away - which partly explains the observed remediation inaction. Further, CAs who elected to revoke certificates faced significant costs related to hosting revocation information - </span><a href="https://blog.cloudflare.com/the-hard-costs-of-heartbleed/#:~:text=What%20you%20can%27t,costs%20are%20significant." style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">estimated for one CA</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> to be between $400,000 and $952,992.40 USD per month. The Baseline Requirements obligate CAs to host revocation information for each certificate they issue until the end of its validity period, meaning these costs may have needed to be sustained over several years - representing potentially catastrophic financial consequences to the organizations responsible for underpinning the web’s security. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Minimally, modern automation technologies like ACME and ARI would have reduced touch labor experienced by website operators to reissue affected certificates. Considering the concerns related to vulnerable private key reuse, popular ACME clients like </span><a href="https://certbot.eff.org/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Certbot</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> and </span><a href="https://go-acme.github.io/lego/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Lego</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> automatically create new key material for each certificate request. Further, if we could imagine a world where certificate validity was reduced, the maximum window of opportunity for attackers would have been significantly reduced from the 5-year window. As the degree of automation increases, so does the ease of transition to reduced certificate validity. Indeed, many sites are already using certificates with much shorter validity than today’s maximum of 398 days. For example, </span><a href="https://engineering.fb.com/2023/08/07/security/short-lived-certificates-protect-tls-secrets/#:~:text=Now%2C%20we%E2%80%99ve%20introduced,of%20the%20setup." style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Facebook</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> has implemented a highly automated certificate issuance and management workflow to protect its network edge and corresponding devices with certificates that are used for just a few days. Other CAs are defaulting to certificates </span><a href="https://www.fastly.com/blog/announcing-certainly-fastlys-own-tls-certification-authority#:~:text=Tighter%20security%20and%20lower%20risk%20at%20no%20extra%20cost%20with%20short%2C%2030%2Dday%20validity%20periods%20that%20reduce%20the%20time%20in%20which%20a%20compromised%20certificate%20is%20usable.%C2%A0" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">valid for only 30 days</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. A final point of interest is that </span><a href="https://par.nsf.gov/servlets/purl/10250152" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">peer-reviewed research</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> demonstrates that in response to the manual intervention necessitated by Heartbleed, system administrators who implemented automation were more prompt in performing certificate replacements when compared to those who did not.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 10pt; margin-top: 10pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><i>Cryptographic Deprecations</i></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Cryptographic hash functions — mathematical algorithms that produce a fixed-length output from an arbitrarily sized input — are central to the security of certificates. In 2005, researchers </span><a href="https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">demonstrated</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> the first weaknesses in the widely used </span><a href="https://en.wikipedia.org/wiki/SHA-1" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #4a6ee0; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">SHA-1</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> hash function. In response to growing security concerns, in 2014, Chrome announced a </span><a href="https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">deprecation timeline</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, with the CA/Browser Forum ultimately prohibiting the issuance of certificates that used SHA-1 after January 1, 2016. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Unfortunately, this deprecation took years. Browsers had to wait for almost all affected certificates to be renewed, many of them manually, to avoid mass breakage. Modern automation technologies like ACME and ARI would have reduced the touch labor needed to reissue affected certificates. When coupled with reduced certificate validity, the web would have been able to transition away from SHA-1 much faster. And these cryptographic weaknesses weren't theoretical: in February 2017, researchers </span><a href="https://shattered.io/static/shattered.pdf" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">demonstrated</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> a devastating vulnerability in SHA-1 — barely avoiding a crisis because Chrome had finished </span><a href="https://www.chromium.org/Home/chromium-security/education/tls/sha-1/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">removing support</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> for affected certificates just weeks before.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Cryptographic deprecations aren't as infrequent as you might think, since there is a steady stream of legacy cryptography in TLS and PKI that Chrome is working to eradicate and modernize, ideally before it becomes vulnerable.</span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">The Opportunity for and Cost of Failure</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Expired certificates bring a website down, causing loss of productivity</span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">, </span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">reputational harm</span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">, </span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">and</span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"> </span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">missed service level expectations</span><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 10pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">When considering failed TLS connections observed in Chrome versions released within the last year (i.e., Chrome 106 and greater) on all platforms, over 22% of these resulted from certificates with an invalid validity date. </span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 10pt;"><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">A 2019 </span><a href="https://dl.acm.org/doi/pdf/10.1145/3319535.3363192" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">study</span></a><span face=""Google Sans", sans-serif" style="color: #0e101a; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> found that 3.9% of all HTTPS sites have expired certificates. </span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">State of Automation in the Ecosystem </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Between December 2022 and January 2023, our team ran a survey with owners of CAs included in the Chrome Root Store. The intent of the survey was to better understand existing and planned adoption of automated certificate issuance and management solutions. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">When coupled with publicly available data from </span><a href="https://certificate.transparency.dev/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Certificate Transparency</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> logs and tools like </span><a href="https://crt.sh/cert-populations" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">crt.sh</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">, the survey data estimated 58% of the certificates issued by the Web PKI today rely on the ACME protocol. There is clearly broad website operator support for issuing and managing certificates using ACME, and by extension, a strong demand for certificate automation in the Web PKI. The survey also highlighted that </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">the set of CA owners that offer ACME support today and are included in the Chrome Root Store represent more than 95% of Web PKI’s certificate population</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. 70% of those corresponding CA owners self-reported increasing demand for ACME services, which we interpret as a strong indicator of a healthy and growing ACME user population across the ecosystem. None of the CA owners supporting ACME today indicated that ACME demand was decreasing. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">To better understand other types of automated certificate issuance and management solutions offered by CA owners included in the Chrome Root Store, we ran a separate survey between April and June 2023. When again coupled with publicly available data from Certificate Transparency logs and tools like crt.sh, the survey data indicated that </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">more than 80% of the certificates issued by the Web PKI today are issued using some form of automation</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> (which includes ACME). Organizations included in the Chrome Root Store that self-reported no automation support represented approximately .08% of the Web PKI certificate population. </span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: x-large;">Our Commitment to Automation </span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The Chrome Root Program provides governance and security review to determine the set of CAs trusted by default in Chrome. We’ve blogged about the Chrome Root Program in the past [</span><a href="https://blog.chromium.org/2022/09/announcing-launch-of-chrome-root-program.html" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">1</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> and </span><a href="https://security.googleblog.com/2023/05/how-chrome-root-program-keeps-users-safe.html" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">2</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">], but if you missed it, we keep users safe online by:</span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Administering policy and governance activities to manage the set of CAs trusted by default in Chrome,</span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">evaluating impact and corresponding security implications related to public security incident disclosures by participating CAs, and</span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">leading positive change to make the ecosystem more resilient.</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Specific to the last point, the June 2022 release (Version 1.1) of the Chrome Root Program policy introduced the Chrome Root Program’s “</span><a href="https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Moving Forward, Together</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">” (MFT) initiative that set out to share our vision of the future that includes modern, reliable, highly agile, purpose-driven PKIs with a focus on automation, simplicity, and security. </span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Moving Forward, Together</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">While “Moving Forward, Together" is non-normative and therefore not policy, it represents future initiatives on which we hope to collaborate further with members of the Web PKI ecosystem. To explore and understand the broader ecosystem impacts of the related proposals described in MFT, we:</span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Study ecosystem data from publicly available tools like </span><a href="http://crt.sh" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">crt.sh</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> and </span><a href="https://censys.com/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Censys</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">,</span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">interpret data resulting from Chrome tools, experiments, and usage data, </span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">evaluate peer-reviewed research, and, </span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">collect feedback through surveys like the ones related to automation solutions described earlier. </span></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Some of the MFT initiatives might be achieved through collaborations within the CA/Browser Forum. In other cases, it might be most appropriate for corresponding changes to land only in the Chrome Root Program policy, as not all CA owners who adhere to the CA/Browser Forum Baseline Requirements intend to serve Chrome’s focused PKI use case of server authentication - or wish to be trusted by default in Chrome. Regardless of how these proposals might eventually be implemented, we are committed to collaborating with community members to minimize adverse ecosystem impacts when appropriate and possible.</span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Upcoming Policy Changes</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">As announced last week at CA/Browser Forum Face-to-Face Meeting 60, we’ll soon be pre-releasing an updated version of the Chrome Root Program policy to collect feedback and requested clarifications from CA owners included in the Chrome Root Store.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">One of the major focal points of Version 1.5 requires that applicants seeking inclusion in the Chrome Root Store must support automated certificate issuance and management. We’ve been communicating intent to require automation over the past year, including past Face-to-Face Meeting updates in </span><a href="https://drive.google.com/file/d/1M71yS4BwWMovdiVz9cYSaDlM0gRbSR9n/view?usp=drive_link" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">February</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> and </span><a href="https://drive.google.com/file/d/1k50_2h79B7o8ln5GEc5ZbyWiRDclKWVy/view?usp=drive_link" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">June</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">It’s important to note that these new requirements do not prohibit Chrome Root Store applicants from supporting “non-automated” methods of certificate issuance and renewal, nor require website operators to only rely on the automated solution(s) for certificate issuance and renewal. The intent behind this policy update is to make automated certificate issuance an option for a CA owner’s customers.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">While we prefer ACME solutions over those that rely on proprietary protocols or tools, both forms of automation satisfy the intent of the new policy requirement. Specifically, we prefer ACME because of its widespread ecosystem support and adoption. Further, ACME is open and benefits from continued innovation and enhancements from a robust set of ecosystem participants. There is an </span><a href="https://letsencrypt.org/docs/client-options/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">extensive set</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> of </span><a href="https://certbot.eff.org/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">well-documented</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> ACME client options spanning multiple languages and supported platforms. Last but not least, ACME was designed specifically to meet the TLS certificate issuance needs of the Web PKI.</span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: x-large;">Future Opportunities Related to Automation</span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Promoting broader ubiquity of automated certificate issuance and management will establish an important foundation for the next generation of the Web PKI. Increased use of automation will also unlock future opportunities for more modern and agile infrastructures where strengthened security properties can be realized, for example, where maximum certificate validity can be reduced with minimal downsides. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Continued collaboration across members of the Web PKI ecosystem (e.g., web browsers, CAs, and website operators, and hosting providers) is necessary to make automation a viable option for all website operators. We’ve been encouraged by recent developments within the ACME ecosystem including </span><a href="https://datatracker.ietf.org/doc/draft-aaron-acme-ari/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">ACME Renewal Information</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> and </span><a href="https://datatracker.ietf.org/doc/rfc9444/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Automated Certificate Management Environment for Subdomains</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">. These initiatives aim to better protect website operators from unforeseen events that could affect certificate status and lead to outages, as well as to make it easier for popular server authentication use cases to be supported by ACME. There’s further opportunity related to improved fail-over (e.g., allowing a graceful transition to a new CA if the preferred provider is unavailable at the time of a request). We’re hopeful that as more CA owners support their customers in adopting automation, we’ll see continued developments such as these, making it even easier for website operators to securely obtain and manage server authentication certificates.</span></p><div><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: x-large;">Learn More</span></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">If you’re a website operator, we encourage you to discover the potential of automated certificate issuance and management, and you should get started today! While we’ve compiled the below list of resources to improve your understanding, we encourage you to reach out to your corresponding CA owner to learn how they support, or plan to support automation. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Resources</span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://www.acmeisuptime.com/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://www.acmeisuptime.com/</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://letsencrypt.org/how-it-works/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://letsencrypt.org/how-it-works/</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://certbot.eff.org/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://certbot.eff.org/</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://www.rfc-editor.org/rfc/rfc8555.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">RFC 8555</span></a></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">If you previously investigated implementing an automated certificate issuance and management solution and determined that it was either too difficult or that there were too many obstacles to make it a viable solution, we encourage you to reconsider. The Web PKI continues to evolve, and recent developments have made it easier than ever to adopt automation. Modern web server platform providers like </span><a href="https://caddyserver.com/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Caddy</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> help website operators configure TLS by default, as do many third-party hosting provider organizations. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">If you depend on software or a service provider that does not support automated certificate issuance and management, share this post and ask the corresponding organization to include support for automation on their future product roadmap.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Finally, if you’d like to share with us any challenges, lessons learned, or opportunities for improvement related to certificate automation, let us know at chrome-root-program [at] google [dot] com.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Note:</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> the service providers listed in this post should not be considered exhaustive or an endorsement. The references are only intended to be informational.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: xx-small;">Posted by Chrome Root Program, Chrome Security Team</span></span></p><div><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-19408548091453190982023-09-06T19:48:00.010-07:002023-09-07T06:08:00.017-07:00Unveiling the Chrome Web Store's Redesign<span id="docs-internal-guid-1ffdd709-7fff-dfb5-cb8e-b2aedbbf7044"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg60tJtdXu_3-dSau-1mnXM-w2IXnDvVn68UCGahSCAC6sF-S1XlOyIjhhZ3VUeTiVHQeo4XZicBrB8jnF7WuJTHUyEJyhHk3sji5YmGuTgzerSvVWqEvIUTjrmQ6C2ob3CY3nijW4UN9ZATpMqO2VZS-lmDHXw_3e6z4OwbGe68Wd6W_5-KPPoOTLG09un/s1930/Hero%20Image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="The new Chrome Web Store homepage shows a banner reading “Celebrate Black Artists.” The page scrolls down to show a section called “Editors Picks for you” and “Color themes by Chrome,” stopping at an “Eclipse your Screen” banner for dark mode themes. The cursor moves to click on a Honeysuckle Chrome theme." border="0" data-original-height="1083" data-original-width="1930" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg60tJtdXu_3-dSau-1mnXM-w2IXnDvVn68UCGahSCAC6sF-S1XlOyIjhhZ3VUeTiVHQeo4XZicBrB8jnF7WuJTHUyEJyhHk3sji5YmGuTgzerSvVWqEvIUTjrmQ6C2ob3CY3nijW4UN9ZATpMqO2VZS-lmDHXw_3e6z4OwbGe68Wd6W_5-KPPoOTLG09un/s16000/Hero%20Image.png" /></a></div><br /><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span><p></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">In celebration of </span><a href="https://blog.google/products/chrome/Google-chrome-new-features-redesign-2023/" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Chrome’s 15th birthday</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, we’re thrilled to introduce the redesigned Chrome Web Store. With a user-centric focus, we’ve made it easier for you to search and find fun themes and helpful extensions to stay productive at home or at work. Let's go behind the scenes and learn more about this redesign from Chrome Product Manager Hafsah Ismail and UX Designer Crystal Wang.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: large;">What influenced your decision to redesign the Chrome Web Store?</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Hafsah: Chrome and the Web have evolved in remarkable ways. We now have extensions that unlock uncharted levels of productivity for developers or harness the power of generative AI to reshape work as we know it. It only felt natural to evolve the store to continue to meet the dynamic needs of users and developers in our ecosystem. Extensions and themes lie at the heart of a personalized Chrome experience, so it was a natural progression to give the store a fresh, contemporary look to align with this transformation.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: large;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Can you share more details about the design? </span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Crystal: This project was an amazing opportunity to redesign everything from the ground up, and was a collaborative team effort with product, research, writing, and more. Our main goals were to modernize the UI and create a well-lit path for users to find high quality extensions and themes to make the web work better for them. Two key areas of the design I’m particularly proud of are the </span><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">refreshed look and feel</span><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> and </span><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">global navigation and search.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><i>Seamless, global navigation and search</i></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We updated the navigation and search experience to be seamless, universal and easily accessible, no matter where the user is in their extension discovery journey.</span></p><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQM1IVLx9G_7gvASJdMUWntItsLUKumMrrxVcmjIlI_K1p8ZULtHYtFnd4Lrbsc5FsFQbITDeKMb2n_Mnbzcr1cXkzr6wCV_tnQ6BNJs6xY9ZaIJRTYVJ922Nq1AzG8NoYYU85fAHwd5fiSfJ9LcBRcrOo2XPCsEN9PJIb1srx7_EuHR_HB70M5-j9GBNf/s1930/Search%20Suggest%20Image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="Image of search menu in Chrome Web Store with the text "shopp" with a suggested extension" border="0" data-original-height="1083" data-original-width="1930" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQM1IVLx9G_7gvASJdMUWntItsLUKumMrrxVcmjIlI_K1p8ZULtHYtFnd4Lrbsc5FsFQbITDeKMb2n_Mnbzcr1cXkzr6wCV_tnQ6BNJs6xY9ZaIJRTYVJ922Nq1AzG8NoYYU85fAHwd5fiSfJ9LcBRcrOo2XPCsEN9PJIb1srx7_EuHR_HB70M5-j9GBNf/s16000/Search%20Suggest%20Image.png" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><i>New categories based on user needs and lifestyle</i></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Extension and theme categories were revamped to be more expansive, relevant, and focused on usefulness and purpose.</span></p><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihyCx5Nx6XioKhmVgGoeiHRu2EOSfgbPURwnuoJ9z7Ba1wyoS0wXbW8AZ05PxfbdzFwTHkMSkxokk9FyMG3BCqOVXL8F1cWS74SSyxHjlZw9_tyDz4k24SgOQmzFz5K4dK7-Sy-eQVGu-T-H0m9tiY8ccwKecwuLe49KRfGgig7U6KsztjFnQZmCIoIZfN/s1930/Developer%20Tools%20Image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="Image of Chrome Web Store in Chrome browser that shows the list of extensions in the "Developer Tools" category." border="0" data-original-height="1083" data-original-width="1930" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihyCx5Nx6XioKhmVgGoeiHRu2EOSfgbPURwnuoJ9z7Ba1wyoS0wXbW8AZ05PxfbdzFwTHkMSkxokk9FyMG3BCqOVXL8F1cWS74SSyxHjlZw9_tyDz4k24SgOQmzFz5K4dK7-Sy-eQVGu-T-H0m9tiY8ccwKecwuLe49KRfGgig7U6KsztjFnQZmCIoIZfN/s16000/Developer%20Tools%20Image.png" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><i>Modern and expressive look & feel</i></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">The redesign was an exciting opportunity to modernize the UI with Google’s latest design system, Material 3, allowing for a more modern, consistent and intuitive user experience. We also created brand new illustrations to help users connect with extensions on a more meaningful level; differentiating us from any other extension store on the market. </span></p><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidza1W5CQAUvR6c2MzdsZytObA-Okh7L71d_jz7HpHt1pgPpgWbOnkczw59v6J1Adfz9yXaMevL39Gw_JmProHOab5ckQGszxlSAERBapxrYM53PlQzDs5NhLQmACLpysaAKCzQfc-9tZcyIfvV2sgz9zQXjZ1KnhJbtiAsueRrTYDCReRcjn7bCbV1jld/s1930/Banners%20Image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="Image of different options available to customize the look of Chrome browser." border="0" data-original-height="1173" data-original-width="1930" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidza1W5CQAUvR6c2MzdsZytObA-Okh7L71d_jz7HpHt1pgPpgWbOnkczw59v6J1Adfz9yXaMevL39Gw_JmProHOab5ckQGszxlSAERBapxrYM53PlQzDs5NhLQmACLpysaAKCzQfc-9tZcyIfvV2sgz9zQXjZ1KnhJbtiAsueRrTYDCReRcjn7bCbV1jld/s16000/Banners%20Image.png" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: large;">What’s new in the Chrome Web Store for developers?</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Hafsah: Amplifying our developers is a critical part of our storefront’s redesign. We’re introducing a self-nomination </span><a href="https://docs.google.com/forms/d/e/1FAIpQLSf4goBOeJDSVwp7xGCZw5vORovPOBhCv_kWM-VXWDhSA0NUQg/viewform?resourcekey=0-O0vYEnpiOPuZemhIBKUXMA" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">form</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> for developers to showcase their extensions for a spot in our Editor’s Picks collection. We’re eager to highlight extensions that:</span></p><br /><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">Have a high-quality listing including visually appealing assets</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">Provide clear value to the user, and add to their Chrome experience</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">Are from a range of developers, big and small!</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Please feel free to check out our </span><a href="https://groups.google.com/a/chromium.org/g/chromium-extensions/c/9lc7Prf9vLk/m/fmsUd2LZAQAJ" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">developer post</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> for more information and as a place for feedback from the community. </span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: large;">What are some of your favorite recent additions to store? </span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Hafsah:</span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://chromewebstore.google.com/detail/instapaper/ldjkgaaoikpmhmkelcgkgacicjfbofhh" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Instapaper</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">: I'm passionate about tech and cooking, always eager to discover the newest innovations and curate articles and recipes. Instapaper has become an essential extension for me; its power lies in letting me save anything I want to revisit later, a tool you don't realize you need until you do.</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://chromewebstore.google.com/detail/noisli/klejemegaoblahjdpcajmpcnjjmkmkkf" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Noisli</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">: As a product manager who finds herself in energizing meetings, I really value creating the perfect work environment for deep work and reflection. Extensions like Noisli are game-changers, enabling the perfect environment for focused work. With Noisli, I can curate the soundtrack to my productivity</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Crystal:</span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://chromewebstore.google.com/detail/todoist-for-chrome/jldhpllghnbhlbpcmnajkpdmadaolakh" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Todoist for Chrome</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">: I’m someone who loves being organized, and I’ve always been super big on writing physical checklists. Recently, I’ve been very into Todoist to make to-do lists in my Chrome browser, and this productivity extension has become a personal favorite.</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://chromewebstore.google.com/collection/apahm_2023" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Asian & Pacific Islander Artist Theme Series</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">: Being an Asian American, I’m also a huge fan and extra proud of the Asian & Pacific Islander Artist Themes series created by our team. I currently have </span><a href="https://chromewebstore.google.com/detail/%E6%9C%B1%E9%B9%AE-crested-ibis/fpajhaoilojidmakilnibmbbgpjlbkhj" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Crested Ibis</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"> installed on my browser and I love it!</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: xx-small;">Posted by Joshua Cruz, Communications Manager </span></span></p><div><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-12733016272248878202023-08-16T10:29:00.001-07:002023-08-16T10:29:19.396-07:00Towards HTTPS by default<span id="docs-internal-guid-5fd59408-7fff-a250-1e66-69743c050be1"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">For the past several years, </span><a href="https://transparencyreport.google.com/https/overview?hl=en" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">more than 90%</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> of Chrome users' navigations have been to HTTPS sites, across all major platforms. Thankfully, that means that most traffic is encrypted and authenticated, and thus safe from network attackers. However, a stubborn 5-10% of traffic has remained on HTTP, allowing attackers to eavesdrop on or change that data. Chrome shows a warning in the address bar when a connection to a site is not secure, but we believe this is insufficient: not only do many people not notice that warning, but by the time someone notices the warning, the damage may already have been done.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We believe that the web should be secure by default. </span><a href="https://blog.chromium.org/2021/07/increasing-https-adoption.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">HTTPS-First Mode</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> lets Chrome deliver on exactly that promise, by getting explicit permission from you before connecting to a site insecurely. Our goal is to eventually enable this mode for everyone by default. While the web isn't quite ready to universally enable HTTPS-First Mode today, we're announcing several important stepping stones towards that goal.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Open Sans", sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Automatic upgrades</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Chrome will automatically upgrade all http:// navigations to http</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">s</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">://, even when you click on a link that explicitly declares http://. This works very similarly to </span><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">HSTS</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> upgrading, but Chrome will detect when these upgrades fail (e.g. due to a site providing an invalid certificate or returning a HTTP 404), and will automatically fallback to http://. This change ensures that Chrome only ever uses insecure HTTP when HTTPS truly isn't available, and not because you clicked on an out-of-date insecure link. We're currently experimenting with this change in Chrome version 115, working to standardize the behavior across the web, and plan to roll out the feature to everyone soon. While this change can't protect against active network attackers, it's a stepping stone towards HTTPS-First mode for everyone and protects more traffic from passive network eavesdroppers.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Open Sans", sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Warning on insecurely downloaded files</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Building and expanding on our previous work </span><a href="https://blog.chromium.org/2020/02/protecting-users-from-insecure.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">removing support for mixed downloads</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, Chrome will start showing a warning before downloading any high-risk files over an insecure connection. Downloaded files can contain malicious code that bypasses Chrome's sandbox and other protections, so a network attacker has a unique opportunity to compromise your computer when insecure downloads happen. This warning aims to inform people of the risk they're taking. You will still be able to download the file if you're comfortable with the risk. Unless HTTPS-First Mode is enabled, Chrome will not show warnings when insecurely downloading files like images, audio, or video, as these file types are relatively safe. We're expecting to roll out these warnings starting in mid September.</span></p><div><span><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil0cFrf9w3NuP__F_fospAVauXsYDZjI3DUr5S9Y9BSwabFBj1MQTA7b0HkEOp3L6t2hOeqf5YWW7X5Jyi14N5MGu71h0siCxxr1ubrrfMK4MeTDf6KJrSD9aD6FjuTK5HY2n8fcbjjVcOtNZ-UT5PeOAvmDblEuIYiQv2cHonubCKIMX6BXE_N-tF79zm/s712/Chrome%20will%20inform%20you%20if%20a%20file%20was%20downloaded%20insecurely.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Chrome will inform you if a file was downloaded insecurely." border="0" data-original-height="376" data-original-width="712" height="169" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil0cFrf9w3NuP__F_fospAVauXsYDZjI3DUr5S9Y9BSwabFBj1MQTA7b0HkEOp3L6t2hOeqf5YWW7X5Jyi14N5MGu71h0siCxxr1ubrrfMK4MeTDf6KJrSD9aD6FjuTK5HY2n8fcbjjVcOtNZ-UT5PeOAvmDblEuIYiQv2cHonubCKIMX6BXE_N-tF79zm/w320-h169/Chrome%20will%20inform%20you%20if%20a%20file%20was%20downloaded%20insecurely.png" width="320" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Open Sans", sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Expanding HTTPS-First Mode protections for more people</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Our ultimate goal is to enable HTTPS-First Mode for everyone. To that end, we're expanding HTTPS-First Mode protections to several new areas:</span></p><ul style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">We've enabled HTTPS-First Mode for users enrolled in Google's </span><a href="https://landing.google.com/advancedprotection/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Advanced Protection Program</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"> who are also signed-in to Chrome. These users have asked Google for the strongest protection available, and HTTPS-First Mode helps avoid the very real threats of insecure connections these users face.</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">We're planning to enable HTTPS-First Mode by default in Incognito Mode for a more secure browsing experience soon. </span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">We're currently experimenting with automatically enabling HTTPS-First-Mode protections on sites that Chrome knows you typically access over HTTPS.</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">Finally, we're exploring automatically enabling HTTPS-First Mode for users that only very rarely use HTTP.</span></p></li></ul><div><span style="font-family: Arial, sans-serif;"><span style="font-size: 14.6667px; white-space-collapse: preserve;"><br /></span></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Open Sans", sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Try it out</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">If you'd like to try out HTTPS upgrading or warning on insecure downloads before they roll out to everyone, you can do so in Chrome today by enabling the "HTTPS Upgrades" and "Insecure download warnings" flags at </span><span style="color: #188038; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">chrome://flags</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">. And if you want stronger protections, you can also turn on HTTPS-First Mode by enabling "Always use secure connections" in Chrome security settings (chrome://settings/security)!</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Open Sans", sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Information for Developers and Enterprise</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">If you're a developer, you can ensure your users don't see warnings or encounter failed upgrades on your sites by using HTTPS and ensuring that your site doesn't host content only accessible over HTTP. We encourage you to fully adopt HTTPS and redirect all HTTP URLs to their HTTPS equivalents. Even if you believe that your site does not host personal information, using HTTP puts your users at increased risk of network attackers injecting malicious content into their browsers. Malicious network attackers rely on insecure sites to get a foothold towards your users. We're exploring additional ways we can reduce the risk users experience by visiting insecure websites by, for instance, reducing the lifetime of cookies accessible over HTTP -- switching to HTTPS ensures that your users' experience will not be impacted by these future changes. If you can't support HTTPS yet, you can ensure that users can access your site by making sure that your server either does not respond to requests on port 443 at all, or uses HTTPS to redirect users back to HTTP.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We know that enterprises and education networks have unique needs. These features can be turned on early, customized, or turned off entirely via the </span><a href="https://chromeenterprise.google/policies/#HttpsOnlyMode" style="text-decoration-line: none;"><span style="color: #188038; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">HttpsOnlyMode</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, </span><a href="https://chromeenterprise.google/policies/#HttpsUpgradesEnabled" style="text-decoration-line: none;"><span style="color: #188038; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">HttpsUpgradesEnabled</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, </span><a href="https://chromeenterprise.google/policies/#HttpAllowlist" style="text-decoration-line: none;"><span style="color: #188038; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">HttpAllowlist</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, and </span><a href="https://chromeenterprise.google/policies/#InsecureContentAllowedForUrls" style="text-decoration-line: none;"><span style="color: #188038; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">InsecureContentAllowedForUrls</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> policies. </span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: "Open Sans", sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Part of our ongoing commitment</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Chrome has a </span><a href="https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">long</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">history</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://blog.chromium.org/2020/02/protecting-users-from-insecure.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">of</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">working</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">towards</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://blog.chromium.org/2021/07/increasing-https-adoption.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">a</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://blog.chromium.org/2023/05/an-update-on-lock-icon.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">secure-by-default</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> web, and we're not stopping here. We're so close to the finish line, and we're excited to help the web get to HTTPS by default.</span></p><br /><span style="font-size: xx-small;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Post by</span><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"> </span><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Joe DeBlasio, Chrome Security team</span></span></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-42967236790957900972023-08-10T09:00:00.002-07:002023-08-14T07:18:12.369-07:00Protecting Chrome Traffic with Hybrid Kyber KEM<span id="docs-internal-guid-904f810a-7fff-392b-ccbb-7c60624753fc"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography. Continuing with our </span><a href="https://cloud.google.com/blog/products/identity-security/how-google-is-preparing-for-a-post-quantum-world" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">strategy</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> for handling this major transition, we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">As a step down this path, Chrome will begin supporting </span><a href="https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.html" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">X25519Kyber768</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115. This hybrid mechanism combines the output of two cryptographic algorithms to create the session key used to encrypt the bulk of the TLS connection:</span></p><br /><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://www.rfc-editor.org/rfc/rfc7748" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">X25519</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"> – an elliptic curve algorithm widely used for key agreement in TLS today</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://pq-crystals.org/kyber/index.shtml" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Kyber-768</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"> – a quantum-resistant </span><a href="https://en.wikipedia.org/wiki/Key_encapsulation_mechanism" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">Key Encapsulation Method</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">, and </span><a href="https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">NIST’s PQC winner</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;"> for general encryption</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">In order to identify ecosystem incompatibilities with this change, we are rolling this out to Chrome and to Google servers, over both TCP and QUIC and monitoring for possible compatibility issues. Chrome may also use this updated key agreement when connecting to third-party server operators, such as </span><a href="https://blog.cloudflare.com/post-quantum-for-all/" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Cloudflare</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, as they add support. If you are a developer or administrator experiencing an issue that you believe is caused by this change, please </span><a href="https://bugs.chromium.org/p/chromium/issues/entry?components=Internals%3ENetwork%3ESSL" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">file a bug</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">. The remainder of this post provides important background information to help understand this change as well as the motivations behind it.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">The Post-Quantum Motivation</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Modern networking protocols like TLS use cryptography for a variety of purposes including protecting information (confidentiality) and validating the identity of websites (authentication). The strength of this cryptography is expressed in terms of how hard it would be for an attacker to violate one or more of these properties. There’s a common mantra in cryptography that attacks only get better, not worse, which highlights the importance of moving to stronger algorithms as attacks advance and improve over time.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">One such advancement is the development of quantum computers, which will be capable of efficiently performing certain computations that are out of reach of existing computing methods. Many types of asymmetric cryptography used today are considered strong against attacks using existing technology but do not protect against attackers with a sufficiently-capable quantum computer. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Quantum-resistant cryptography must also be secure against both quantum and classical cryptanalytic techniques. This is not theoretical: in 2022 and 2023, several </span><a href="https://eprint.iacr.org/2022/214.pdf" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">leading</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://eprint.iacr.org/2022/975" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">candidates</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> for quantum-resistant cryptographic algorithms have been broken on inexpensive and commercially available hardware. Hybrid mechanisms such as X25519Kyber768 provide the flexibility to deploy and test new quantum-resistant algorithms while ensuring that connections are still protected by an existing secure algorithm. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">On top of all these considerations, these algorithms must also be performant on commercially available hardware, providing yet another layer of challenge to this already complex problem.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Why Protecting Data in Transit is Important Now</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">It’s believed that quantum computers that can break modern classical cryptography won’t arrive for 5, 10, possibly even 50 years from now, so why is it important to start protecting traffic today? The answer is that certain uses of cryptography are vulnerable to a type of attack called </span><a href="https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Harvest Now, Decrypt Later</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, in which data is collected and stored today and later decrypted once cryptanalysis improves. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">In TLS, even though the symmetric encryption algorithms that protect the data in transit are considered safe against quantum cryptanalysis, the way that the symmetric keys are created is not. This means that in Chrome, the sooner we can update TLS to use quantum-resistant session keys, the sooner we can protect user network traffic against future quantum cryptanalysis.</span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Deployment Considerations</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Using X25519Kyber768 adds over a kilobyte of extra data to the TLS ClientHello message due to the addition of the Kyber-encapsulated key material. Our earlier </span><a href="https://www.chromium.org/cecpq2/" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">experiments with CECPQ2</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> demonstrated that the vast majority of TLS implementations are compatible with this size increase; however, in certain limited cases, TLS middleboxes failed due to improperly hardcoded restrictions on message size.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">To assist with enterprises dealing with network appliance incompatibility while these new algorithms get rolled out, administrators can disable X25519Kyber768 in Chrome using the </span><a href="https://chromeenterprise.google/policies/#PostQuantumKeyAgreementEnabled" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">PostQuantumKeyAgreementEnabled</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> enterprise policy, available starting in Chrome 116. This policy will only be offered as a temporary measure; administrators are strongly encouraged to work with the vendors of the affected products to ensure that bugs causing incompatibilities get fixed as soon as possible.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">As a final deployment consideration, both the X25519Kyber768 and the Kyber specifications are drafts and may change before they are finalized, which may result in Chrome’s implementation changing as well.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: xx-small;">Posted by: Devon O'Brien, Technical Program Manager, Chrome security </span></span></p><div><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-14390098180368237612023-08-08T09:56:00.015-07:002023-08-22T04:23:27.270-07:00Smoothing out the scrolling experience in Chrome on Android<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpoMaNCAyCY0wVpANeUERPRp6miTiafH8k4S4AagpE-y8noUhB-GdcmfAlpDxwZBdzjEXQOBAdPiuBAwNbUmVDTj9B9EMQ6Ty_8UI1zv1BpEgdM2BT8JX-Im1KGOE4QgtP9wVV-muo5aPVDWNzpd3RZjoecWQ_VA0Ty3WsEDbFChvDdkhBa-_JJmGpJrco/s400/Fast%20Curious_image.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="166" data-original-width="400" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpoMaNCAyCY0wVpANeUERPRp6miTiafH8k4S4AagpE-y8noUhB-GdcmfAlpDxwZBdzjEXQOBAdPiuBAwNbUmVDTj9B9EMQ6Ty_8UI1zv1BpEgdM2BT8JX-Im1KGOE4QgtP9wVV-muo5aPVDWNzpd3RZjoecWQ_VA0Ty3WsEDbFChvDdkhBa-_JJmGpJrco/w400-h166/Fast%20Curious_image.png" width="400" /></a></div><br /><div><br /></div><br /><div><span id="docs-internal-guid-9457062a-7fff-5168-fb93-4991e2387095"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="color: #424242; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Big performance wins can be found by taking a step back and tweaking what you already have. Today’s</span><a href="https://blog.chromium.org/search/label/the%20fast%20and%20the%20curious" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #424242; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">The Fast and the Curious</span></a><span face="Arial, sans-serif" style="color: #424242; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> post explores how we improved the scrolling experience of Chrome on Android, ultimately reducing slow scrolling jank by 2x. Read on to see </span><span face="Arial, sans-serif" style="font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">how we discovered and evaluated the problem, and how that has helped us design a better browser experience going forward.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">When measuring the performance of a browser, one might typically think of page load speed or </span><a href="https://web.dev/vitals/" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Web Vitals</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">. On mobile where touch interactions are common we also prioritize your interaction with Chrome to ensure it is always smooth and responsive including on new form factors like foldables. A significant focus of late has been on reducing jank while you scroll.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We recently improved the scrolling experience of Chrome on Android by 2x by filtering noise and reducing visual jumps in the content presented on screen. To get this result, we had to take a step back and figure out the problem of why Chrome on Android was lagging behind Chrome on iOS. </span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">As we compared Chrome across platforms, we were hit with a particular observation. iOS Chrome scrolling was smooth and consistent whereas on Android, Chrome’s scrolling didn't follow your finger as closely. However, our metrics were telling us that while janks occurred occasionally, they weren’t as common as our perception when comparing with Chrome on iOS. Thus we had ourselves a mystery which needed some investigation.</span></p><br /><h1 dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Investigating input to output rate</span></span></h1><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Our metrics flagged that we often received input at an inconsistent rate; but since the input rate was greater than the display’s frame rate, we usually had at least one input event to trigger the production of a frame to display. However, this frame might have consumed fewer or more input events, which could result in inconsistent shifting of content on screen even while scrolling at a fixed speed.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">This problem of different input rate vs frame rate is a problem that Chrome has had to address before. Internally, we resample input to predict/extrapolate where the finger was at a consistent point relative to the frame we want to produce. This should result in each frame representing a consistent amount of time and should mean smooth scrolling regardless of noise in the input events. The ideal scenario is illustrated in the following diagram where blue dots are real input events, green are resampled input events, and the displayed scroll deltas would fluctuate if you were to use the real input events rather than resampling.</span></p><div><span><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioehuGvCdB4KM2GHsyak1760cuz8pnEtpNFCF4UMVGg-BOpO0gvzJ6e7zwnBFymB1b5pfgsPTRXyMGZFYw9YDCItmyX5cW_ZyoQqc6O7a-gOT1LgbKh-nGYnPdUh7i4xaUmUv8mgVPQj63erls0RVE2qa-BygRtPx-jJuVuIBrTdfYPve8wnxGWqvdrPNY/s871/input_sampling_rate.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="376" data-original-width="871" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioehuGvCdB4KM2GHsyak1760cuz8pnEtpNFCF4UMVGg-BOpO0gvzJ6e7zwnBFymB1b5pfgsPTRXyMGZFYw9YDCItmyX5cW_ZyoQqc6O7a-gOT1LgbKh-nGYnPdUh7i4xaUmUv8mgVPQj63erls0RVE2qa-BygRtPx-jJuVuIBrTdfYPve8wnxGWqvdrPNY/s16000/input_sampling_rate.png" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Okay so we already do resampling so what's the problem?</span></p><br /><h1 dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">A tale of woe and reimplementation</span></span></h1><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Input resampling inside of Chrome (and Android) were added back in 2019 as 90hz devices emerged and the problem above became more apparent (oscillating between 2 vs 1 input events per frame rather than consistently 2 input events per frame we usually see on 60hz devices). Android implemented multiple resampling algorithms (kalman, linear, etc.) and arrived at the conclusion that linear resampling (drawing a line between two points to figure out velocity and then extrapolate to the given timestamp) was good enough for their use cases. This fixed the problem for most Android apps, but didn't address Chrome.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Due to historical reasons and web spec requirements for raw input, Chrome uses unbuffered input and thus as devices started to appear with sampling rates that didn’t fit with input, Chrome had to implement some version of resampling. Below we see that each frame (measuring the time from input to it being displayed) consumes a different amount of input events (2 for the first, 3 for the second, and 1 for the third), if we assume input is consistently arriving and each is exactly 30 pixels of displacement then ideally we should smooth it out to 60 pixels per frame as seen below:</span></p><div><span><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9UMsfJShkzjJlqDxDl0Fr7pFOI0zIWkhD49X-DT8m-Uca8PB6JhA5TiR6Wz_SuAzaANgo9X9D4gHCTbm8UdXtwcLLmnVmLsBRZwI6yezCEie6bD-kW4_nGBi277ZFoVqeF3Orzj7Ks_--vpAj4RqtTxon_EAhBIaOk-nXIkyH_4NP4AeXuF_W-lO-a2-N/s659/frame_predictor_timeline.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="383" data-original-width="659" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9UMsfJShkzjJlqDxDl0Fr7pFOI0zIWkhD49X-DT8m-Uca8PB6JhA5TiR6Wz_SuAzaANgo9X9D4gHCTbm8UdXtwcLLmnVmLsBRZwI6yezCEie6bD-kW4_nGBi277ZFoVqeF3Orzj7Ks_--vpAj4RqtTxon_EAhBIaOk-nXIkyH_4NP4AeXuF_W-lO-a2-N/s16000/frame_predictor_timeline.png" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">However, while we were investigating the original mystery we discovered that reality was very different from the ideal situation pictured above. We found that the actual input movement of the screen was quite spiky and inconsistent (more than we expected) and that our predictor was improving things but not as much as desired. On the left is real finger displacement on a screen (each point is an input event) and on the right the result of our predictor of actual content offset after smoothing out (each point is a frame)</span></p><div><span><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3sPk_SBDZbule8elIeQmsz5HIGd21jo6gDBwDKu_YlVp4xR2AUnEqhIM8Mr4zU4jVPTR114kX134l6i2szyuX9fFwMeMincKw7uLiicXeuCankKQjsT8TWx7Wwb0m7O5zHz6RTKqSQ4PrfkGGFtSoxX4Y-jtSuzG3kSefQQ2VZpFddopNE-VoeTgs_1uw/s1528/Screenshot%202023-08-07%20at%2010.22.51%20PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="496" data-original-width="1528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3sPk_SBDZbule8elIeQmsz5HIGd21jo6gDBwDKu_YlVp4xR2AUnEqhIM8Mr4zU4jVPTR114kX134l6i2szyuX9fFwMeMincKw7uLiicXeuCankKQjsT8TWx7Wwb0m7O5zHz6RTKqSQ4PrfkGGFtSoxX4Y-jtSuzG3kSefQQ2VZpFddopNE-VoeTgs_1uw/s16000/Screenshot%202023-08-07%20at%2010.22.51%20PM.png" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Frames are being presented consistently on the right, but the rate of displacement spikes between one to another isn’t consistent (-50 to -40 followed by another -52 being especially drastic). Human fingers don’t move this discretely (at frame level precision). Rather they should slide and flex in a gradient, speeding up or slowing down gradually. So we knew we had a problem here. We dug deeper into Chrome’s implementation and found there were some fundamental differences in Chrome’s implementation (which was supposedly a copy of Android’s).</span></p><br /></span></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><div><span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">1. Android uses the native C++ MotionEvent timestamp (with nanosecond precision), but Chrome uses Java </span><a href="https://developer.android.com/reference/android/view/MotionEvent#getEventTime()" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">MotionEvent.getEventTime</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> & </span><a href="https://developer.android.com/reference/android/view/MotionEvent#getHistoricalEventTime(int)" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">MotionEvent.getHistoricalEventTime</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> (milliseconds precision). Unfortunately, nanosecond precision was not part of the public API. However, rounding of milliseconds can introduce error into our predictor when it computes velocity between event timestamps.</span></p></span></div><div><span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">2. Android’s implementation takes care when selecting the two input events so resampling is using the most relevant events. Chrome however uses a simple FIFO queue of input events, which can result in weird cases of using future events to predict velocity in the past in rare cases on high refresh rate devices.</span></p></span></div></blockquote><div><span><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We prototyped using Android’s resampling in Chrome, but found it was still not perfect for Chrome’s architecture resulting in some jank. To improve on it, we experimented with different algorithms, using automation to replay the same input over and over again and evaluating the screen displacement curves. After tuning, this landed at the </span><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;"><a href="https://gery.casiez.net/1euro/">1€ filter</a></span><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> implementation that visibly and drastically improved the scrolling experience. With this filter, the screen tracks closely to your finger and websites smoothly scroll, preventing jank caused by inconsistent input events. The improvement is visible in our manual validation, on both top-end and low-end devices (<a href="https://drive.google.com/file/d/1KqcWNybFP7kCqBz4mx0vlVzQOqU3IJyb/view?usp=sharing">Here's a redmi 9A video example</a>).</span></p><br /><h1 dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">Going forward!</span></span></h1><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">In Android 14, the </span><a href="https://developer.android.com/reference/android/view/MotionEvent#getEventTimeNanos()" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">nanosecond</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><a href="https://developer.android.com/reference/android/view/MotionEvent#getHistoricalEventTimeNanos(int)" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">API</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> for java MotionEvents will be publicly exposed in the SDK so Chrome (and other apps with unbuffered input) will be able to call it. We also developed new metrics that track the quality of the scroll predictors frame, by creating a test app which introduced pixel level differences between frames (and no other form of jank) and running experiments to see what people would notice. These analysis can be read about </span><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;"><a href="https://docs.google.com/document/d/1Y0u0Tq5eUZff75nYUzQVw6JxmbZAW9m64pJidmnGWsY/edit">here</a></span><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> and will be used going forward for more exciting performance wins and to make this a visible area for tracking against regressions. In the end, after tuning and enabling the </span><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;"><a href="https://gery.casiez.net/1euro/">1€ filter</a></span><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, our metrics show a 2x reduction in visible jank while scrolling slowly! This improvement is going live in </span><a href="https://chromium-review.googlesource.com/c/chromium/src/+/4518271" style="text-decoration-line: none;"><span face="Arial, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">M116</span></a><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> as the default, but will be launched all the way back to M110 and brings Chrome on Android on par with Chrome on iOS!</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">The moral of the story is: Sometimes metrics don’t cover all the cases and taking a step back and investigating from the top down and getting the lay of the land can end with a superior scrolling experience for users.</span></p><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: x-small;">Post by: Stephen Nusko, Chrome Software Engineer</span></span></p><div><span face="Arial, sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span></div>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-65682588348809195662023-08-03T09:00:00.160-07:002023-08-03T09:43:01.776-07:00Redesigning Chrome downloads, to keep you productive and safe online<span id="docs-internal-guid-453fe15c-7fff-d80b-37f0-2346cfe722f4"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_Wk6hUyNuwt82auTtHqsRHsnhylPD_2MDzrPZAsUiZdrBPVnVKmJuOXgiUJU-qWB0sTXV8ViI7A7pX4nl8fu4JDsQbWGUWoLQFOrWyh_-eWpvMrvJLrEn_LeDI8bmHAdQSzPAuHgeNzjZ3UHv_QBBcLXnJme9ctfO-szOUh_sxGZFrzkPfnEqo9-fw6st/s6001/DownloadsUI_Header.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Main image of blog post that showcases the new download experience for Chrome on the right side of the Chrome Address bar." border="0" data-original-height="2501" data-original-width="6001" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_Wk6hUyNuwt82auTtHqsRHsnhylPD_2MDzrPZAsUiZdrBPVnVKmJuOXgiUJU-qWB0sTXV8ViI7A7pX4nl8fu4JDsQbWGUWoLQFOrWyh_-eWpvMrvJLrEn_LeDI8bmHAdQSzPAuHgeNzjZ3UHv_QBBcLXnJme9ctfO-szOUh_sxGZFrzkPfnEqo9-fw6st/s16000/DownloadsUI_Header.png" /></a></div><br /><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span><p></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">With the latest release of Chrome for desktop we are introducing a redesign of the Chrome downloads experience to make it easier for you to interact with your recent downloads. Let's go behind the scenes and learn more about this redesign from Chrome Senior Product Manager Jasika Bawa.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">What influenced your decision to redesign Chrome downloads?</span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Downloads are a core part of day to day web browsing, from getting the perfect cat themed background for your PC to saving a copy of your tax return. Over the years, we have listened to your feedback about the legacy Chrome downloads experience. We learned that while there was a lot about it that worked well for you, like strong support for core download journeys and built-in protection from potentially harmful files, it had its problems too. For example, it – </span></p><br /><ul style="margin-bottom: 0; margin-top: 0; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">Occupied precious pixels at the bottom of the screen which squeezed the web content area, and was limited by screen width in how many files it could show at once</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">Didn't go away automatically, and only offered actions such as pause/resume and open in folder from a fixed overflow menu</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-wrap: wrap; vertical-align: baseline;">Was no longer modern, interactive, and consistent with the look and feel of other browser UI or the browser ecosystem at large</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">All this made it clear that there was room for improvement for us to create a more intuitive experience for downloading in Chrome.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">What does the redesign have to offer?</span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">The new download tray is available to the right of the Chrome address bar and replaces the legacy downloads experience at the bottom of your screen. When a download is in progress, an animated ring helps you monitor it with a quick glance. The tray opens when you've finished downloading a file and automatically dismisses itself, making it easy to access quickly and allowing you to continue browsing uninterrupted.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbJmzVloE8K113g3HXvVR5m0deTAdu9ojWOh4-HcgtdFdFE8uu2NCIHr0BAfQLyot8VtOk6qrNt51xjk0howX9ufqNicGw53OLikufsJrAJxuFSeMbdWBB-bCw8VoywDYQmM16_Zz56bPk2nbIBooBHDbDSVvypVvv-t9NQgT5EjXBKn6flb6WI3Uw0P3k/s1080/03_Downloads_Typical_Workflow.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="GIF of the Chrome browser with the cursor clicking the “save” option of a web file. The download in progress icon appears with a progress ring around it. Once the file has finished downloading, the download tray opens automatically." border="0" data-original-height="1080" data-original-width="1080" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbJmzVloE8K113g3HXvVR5m0deTAdu9ojWOh4-HcgtdFdFE8uu2NCIHr0BAfQLyot8VtOk6qrNt51xjk0howX9ufqNicGw53OLikufsJrAJxuFSeMbdWBB-bCw8VoywDYQmM16_Zz56bPk2nbIBooBHDbDSVvypVvv-t9NQgT5EjXBKn6flb6WI3Uw0P3k/s16000/03_Downloads_Typical_Workflow.gif" /></a></div><br /><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span><p></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">With the download tray, you can see a list of all your downloads from the past 24 hours in any browser window, not just the one in which you originally downloaded a file. The tray also offers in-line options to open the folder a download is in, cancel a download, retry a download should it fail for any reason, and pause/resume downloads.</span></p><div><span><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVxwPqeNXRP5BuOktf_i-hO_BsAqiNPI0IKBJVfSUJ15wkd1cIpzB3zL-P6_GVU8OfJ5-aCCgu37-iZ0eBXPgeKdETiNxYt4e_rjPghPc7C2B03HpZloUjsELm7-wZuC9BSNq-6_q_-Ot03u_7QQM7rtOZOjcNBEcsVQU91l1BePBs4fusB0NFtxdSdpgf/s1080/02_Downloads_Pause_Resume.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="GIF of the Chrome browser with the cursor opening the download tray to the right of the Chrome address bar. The download tray shows a file download in progress, and offers an in-line option to pause the download. The cursor clicks on the pause button, which turns into a play button. The cursor clicks on the play button to resume the download progress." border="0" data-original-height="1080" data-original-width="1080" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVxwPqeNXRP5BuOktf_i-hO_BsAqiNPI0IKBJVfSUJ15wkd1cIpzB3zL-P6_GVU8OfJ5-aCCgu37-iZ0eBXPgeKdETiNxYt4e_rjPghPc7C2B03HpZloUjsELm7-wZuC9BSNq-6_q_-Ot03u_7QQM7rtOZOjcNBEcsVQU91l1BePBs4fusB0NFtxdSdpgf/s16000/02_Downloads_Pause_Resume.gif" /></a></div><br /><span><br /></span></div><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">How will the new downloads experience help keep people safe online? </span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We always want to make sure you are safe when downloading files, so Chrome will continue to provide clear warning signs of potential malware or viruses to protect your device and accounts. In fact, the additional space and more flexible UI of the new Chrome downloads experience will give us the opportunity to provide even more context when Chrome </span><a href="https://support.google.com/chrome/answer/6261569" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">protects you from a potentially malicious file</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">, and enable us to build advanced </span><a href="https://security.googleblog.com/2022/12/enhanced-protection-strongest-level-of.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">deep scan</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> options that we couldn't before. Be sure to watch the </span><a href="https://security.googleblog.com/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Google Security Blog</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> for more details on these coming soon.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">In addition to download warnings, the download tray being anchored next to the Chrome address bar helps create a clearer separation of trusted browser UI from web content, which was something we wanted to ensure with the redesign.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTIT3vfufB0MF9eg6j7R63Pnzb3WUEkFmCb5ZifLGjdBoLUt7SNZNM4o86VGq84QsN4k03XFLFhqLZcJIXEoKScOcY8bFgHFJa9Sa7WYD1fbcZjnYdF00BKfKLMGKHe7_mTTQu8YrN5utgTtNfS66K_28U8juA5qP-h3-g9yHL82446t6C4_cNyN73DZbt/s2251/01_Warning.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Image asset of Chrome browser with zoom in of download tray showing a notification that a dangerous file was blocked from being downloaded." border="0" data-original-height="2251" data-original-width="2251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTIT3vfufB0MF9eg6j7R63Pnzb3WUEkFmCb5ZifLGjdBoLUt7SNZNM4o86VGq84QsN4k03XFLFhqLZcJIXEoKScOcY8bFgHFJa9Sa7WYD1fbcZjnYdF00BKfKLMGKHe7_mTTQu8YrN5utgTtNfS66K_28U8juA5qP-h3-g9yHL82446t6C4_cNyN73DZbt/s16000/01_Warning.png" /></a></div><br /><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span><p></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: medium;">How did you think about making the transition to the new downloads experience easier?</span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">It was important to us that all the functionality of the legacy Chrome downloads experience be made available in the new one. For example, you can still drag a downloaded file to another folder, program, or website, and perform actions like "Always open" from the new download tray. If you want a more detailed view of your downloads, you can continue to access this by selecting the "Show all downloads" option in the download tray, by clicking "Downloads" from the Chrome three dot menu, or by typing chrome://downloads in the Chrome address bar.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We also took feedback from our early experiments seriously, and used it to make changes like adjusting the frequency with which the download tray opens. You can even choose to have the tray not open automatically at all, in Chrome settings.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9rQCF4Q6wS6Fd3eRFNKBFDlW4PTEfKB66TcZpNqUCo-k-wuDttbt4Y2YST0OX6FVIbDglglvRLyrd6ACsYhiT9fAXdBcA4oxMo6KAZ9_mp-sOWK4VR4O6Y1bFTW2skTGLZFP0eiGaPKhevDG6t3_6PfX5xRC7WDHH43nKg0_IvH9fkchTMneMFoDLrsoS/s4168/05_NewSetting.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Image of the Downloads settings menu in Chrome browser when you can select the option to disable showing downloads when they're done." border="0" data-original-height="2251" data-original-width="4168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9rQCF4Q6wS6Fd3eRFNKBFDlW4PTEfKB66TcZpNqUCo-k-wuDttbt4Y2YST0OX6FVIbDglglvRLyrd6ACsYhiT9fAXdBcA4oxMo6KAZ9_mp-sOWK4VR4O6Y1bFTW2skTGLZFP0eiGaPKhevDG6t3_6PfX5xRC7WDHH43nKg0_IvH9fkchTMneMFoDLrsoS/s16000/05_NewSetting.png" /></a></div><br /><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span><p></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-size: large;">Are there any steps developers need to take? </span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">For developers, we'd like to highlight the opportunity to update any guidance or visuals you may have built to help guide users through their download journey. You may want to consider referencing the </span><a href="https://support.google.com/chrome/answer/95759" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Download a file</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> topic in the Google Chrome Help Center as a starting point.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">For extension developers, it is worth noting changes to </span><a href="https://developer.chrome.com/docs/extensions/reference/downloads/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">chrome.downloads</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> extensions APIs in case you need to update your extensions – specifically, </span><a href="https://developer.chrome.com/docs/extensions/reference/downloads/#method-setShelfEnabled" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">setShelfEnabled</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> has been replaced by </span><a href="https://developer.chrome.com/docs/extensions/reference/downloads/#method-setUiOptions" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">setUiOptions</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> which lets you show or hide the new downloads experience.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">We hope you'll enjoy this fresh coat of paint! We'll continue to build upon it in future releases to help you stay productive in Chrome while keeping you safe when downloading files from the web.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><span style="font-family: Arial, sans-serif; font-size: xx-small;">Posted by Joshua Cruz, Communications Manager </span></span></p><div><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-87794720852284299732023-06-02T14:55:00.005-07:002023-06-02T15:31:04.715-07:00How Chrome achieved high scores on three browser benchmarks<span id="docs-internal-guid-ef093241-7fff-c218-a59d-9f019c745a67"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhq3y37d11y5YKBRI73KZlrz4Re-7pwYAP9H_AzqWxw6N0wLBDMtrSl9RyyTizR4mztTWrLrspPrWEah6t-kXOJ0_7em9C5PxJc25kVPp-ihOvkQMSXVP279nfppZtuNVDcZlCVJIdPHXhvwemJIkopRpxO2aTACieA6XKzOW1EC2kiBBi-JbhDLGENhA" style="margin-left: 1em; margin-right: 1em;"><img alt="Hero image for The Fast and the Curios series" data-original-height="166" data-original-width="400" height="166" src="https://blogger.googleusercontent.com/img/a/AVvXsEhq3y37d11y5YKBRI73KZlrz4Re-7pwYAP9H_AzqWxw6N0wLBDMtrSl9RyyTizR4mztTWrLrspPrWEah6t-kXOJ0_7em9C5PxJc25kVPp-ihOvkQMSXVP279nfppZtuNVDcZlCVJIdPHXhvwemJIkopRpxO2aTACieA6XKzOW1EC2kiBBi-JbhDLGENhA=w438-h182" width="438" /></a></div><br /></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Since the beginning of Chrome, benchmarks have been a key way by which we drive performance optimizations that benefit users. The most relevant web benchmarks today are </span><a href="https://browserbench.org/Speedometer2.0/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Speedometer</span></a><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, </span><a href="https://browserbench.org/MotionMark1.2/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">MotionMark</span></a><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, and </span><a href="https://browserbench.org/JetStream/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Jetstream</span></a><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. Over the last year Chrome has invested in optimizing against these specific benchmarks and has just achieved our highest scores across all three. These gains were achieved through a combination of large projects and small improvements. In today’s </span><a href="https://blog.chromium.org/search/label/the%20fast%20and%20the%20curious" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">The Fast and the Curious</span></a><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> post, we want to share just some of the ways we drove these improvements in Chrome. </span></p><h2 dir="ltr" style="line-height: 1.2; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Announcing our brand new mid-tier compiler: Maglev </span></h2><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span id="docs-internal-guid-ff79c3eb-7fff-0dfb-b6e6-e38ce5b08f26"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We’re bringing a new mid-tier compiler to Chrome. Maglev is a just-in-time compiler that can quickly generate performant machine code for all relevant functions within the first one-hundredth of a second. It reduces overall CPU time to compile code while also saving battery life. Our measurements show Maglev has provided a 7.5 percent improvement on Jetstream and a 5 percent improvement in Speedometer. Maglev will start rolling out in Chrome version 114, which begins release on June 5.</span></span></p><h2 dir="ltr" style="line-height: 1.2; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Speedometer </span></h2><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline;">Speedometer measures the responsiveness of websites by putting various JavaScript UI frameworks through their paces. Just over a year ago we shared details about </span><a href="https://blog.chromium.org/2022/03/how-chrome-became-highest-scoring.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">how we increased our score</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline;"> from 100 to over 300 from Chrome version 40 to version 101. Since then, across 13 Chrome releases, we’ve achieved our new highest Speedometer score of 491. In addition to Maglev, the V8 team has achieved this score through both small adjustments, such as optimized function calls, and major, multi-quarter projects.</span> </span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><div class="separator" style="clear: both; text-align: center;"><img alt="A speedometer visual shows a 491 score for the Speedometer browser benchmark, which measures the responsiveness of websites. This is up from a score of 330 in the past year for Chrome." border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7YEw5HVXlz6ingSSXlMHTA81Qr1Gn9h5GhQulRDB_bhAAX3iNvXFMG3tQjfEazGLcNbmZFhfjWgr7LbVEve_7ZDoFEFA6_gWn3bBzKLwu_04-uyInWdxxYx1y8vfZGO8StNiHMjoZwchUEXAXSB_bcg0YnCvMB7wziT7VB4a8-2A-izVSqtjijFzw6w/w318-h320/Screenshot%202023-06-02%20at%203.09.07%20PM.png" width="318" /></div><span style="font-size: x-small;"><div style="text-align: center;">Chrome 116.0.5803.2 running on an M2 Macbook Air with Maglev enabled</div></span><p></p><br /><h2 dir="ltr" style="line-height: 1.2; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">MotionMark</span></h2><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span id="docs-internal-guid-bf8cbe97-7fff-1d81-1174-c10693bb1451"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">MotionMark is designed to test how much browser graphics systems can render at high frame rates. Chrome’s graphics and rendering teams have tracked over 20 optimizations since the start of the year, and more than half are available today. Together, these optimizations have almost tripled performance. Some highlights include improvements to Canvas performance, profile-guided optimization, GPU task scheduling, and layer compositing. We also created a novel algorithm for dynamic multisample anti-aliasing and out-of-process 2D canvas rasterization for improved parallelism.</span></span></p><div class="separator" style="clear: both; text-align: center;"><img alt="A speedometer visual shows a 4821.30 score for the MotionMark browser benchmark, which tests browser graphics systems. This marks a nearly 3X improvement in the last year for Chrome." border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfZGLpzRBjS94EVacu6g0-3vUD1M0ZelJBCzHuSkycdka39rckFmI2SXeQVgSrCUqInXwSF5mdgLHVv8wMcVa0pUF71ivHu6uIi7FaASm3PKVrODZbVo4F9fF2pzP9UnxELqXIPIKykx7ZeyX68mdenkoX77LwVpuvCG_pfOryHOjqSg-WWZe2p_TStw/w311-h320/Screenshot%202023-06-02%20at%203.13.54%20PM.png" width="311" /></div><span style="font-size: x-small;"><div style="text-align: center;">Chrome M115.0.5773.4 running on a 13” M2 Macbook Pro</div></span><span id="docs-internal-guid-dad7c35e-7fff-2d61-169d-3cfc9aa16c71"><div><span face=""Google Sans", sans-serif" style="font-size: 9pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div></span><h2 dir="ltr" style="line-height: 1.2; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Jetstream </span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span id="docs-internal-guid-7bf4462e-7fff-6dbb-e9b9-6c9e90ceb591"></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span id="docs-internal-guid-b9198dd8-7fff-70ce-2ef2-f0bcb968189d"><span style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">JetStream is a JavaScript and WebAssembly benchmark suite focused on advanced web applications. Many of the updates that we made for Speedometer also drove significant improvements on Jetstream as we optimized the V8 engine. In addition to these enhancements, Maglev drove the biggest gains in this benchmark. </span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"></p><div class="separator" style="clear: both; text-align: center;"><img alt="A speedometer visual shows a 330.939 score for the Jetstream2 browser benchmark, which focuses on advanced web applications. This improvement is largely driven by Maglev, a new just-in-time compiler in Chrome." border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii2MYIQ0Btj3SvA7mokzi746Nys8O3Fynw-jMO8C3UG8xa184hzAL4CVTF9Z9Z3Qqxm8M4SpbH24087haPJH6F57lqOy-8FSVsg96gAO7ICB5A7fpJWYI673KUQ7CYDjQRJs7pItbrcdC5jL0uFQoK_HlKaH6_YREynyJB3ir4srCVyiaQNNOZ-Ycisg/w320-h320/Screenshot%202023-06-02%20at%203.11.36%20PM.png" width="320" /></div><span style="font-size: x-small;"><div style="text-align: center;">Chrome 116.0.5803.2 running on an M2 Macbook Air with Maglev enabled</div></span><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><b><br /></b></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><b>Looking ahead</b></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span id="docs-internal-guid-5a54b724-7fff-a79b-bc06-d49c709bcb20"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Because we’re optimizing against these benchmarks, it’s essential that these improvements translate to real user benefits, which is why we’re investing, along with other browsers, in creating </span><a href="https://twitter.com/webkit/status/1603435731375992833?lang=en" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">the next generation of benchmarks</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. This has been an ongoing collaboration, and we’re excited to turn our efforts toward this new target in the coming year.</span></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span id="docs-internal-guid-1b35edb8-7fff-8c15-370f-5be2c1a7374c"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;">We hope you all enjoy a faster Chrome! </span></p><br /><div><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Posted by Thomas Nattestad, Product Manager</span></div>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-79976932110261793242023-05-02T08:58:00.008-07:002023-05-02T12:59:20.716-07:00An Update on the Lock Icon<span id="docs-internal-guid-62701415-7fff-6cc3-c624-dbb2bfa22997"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Editor’s note: based on industry research (from Chrome and others), and the ubiquity of HTTPS, we will be replacing the lock icon in Chrome’s address bar with a new “tune” icon – both to emphasize that security should be the default state, and to make site settings more accessible. Read on to learn about this multi-year journey.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Browsers have shown a lock icon when a site loads over HTTPS since the early versions of Netscape in the 1990s. For the last decade, Chrome participated in a major initiative to </span><a href="https://www.usenix.org/conference/enigma2017/conference-program/presentation/schechter" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">increase HTTPS adoption</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> on the web, and to help make the web secure by default. As late as 2013, only </span><a href="https://jhalderm.com/pub/papers/https-imc13.pdf" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">14%</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> of the Alexa Top 1M sites supported HTTPS. Today, however, HTTPS has become the norm and </span><a href="https://transparencyreport.google.com/https/overview?hl=en" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">over 95% of page loads in Chrome on Windows are over a secure channel using HTTPS</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. This is great news for the ecosystem; it also creates an opportunity to re-evaluate how we signal security protections in the browser. In particular, the lock icon.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The lock icon is meant to indicate that the network connection is a secure channel between the browser and site and that the network connection cannot be tampered with or eavesdropped on by third parties, but it’s a remnant of an era where HTTPS was uncommon. HTTPS was originally so rare that at one point, Internet Explorer popped up an alert to users to notify them that the connection was secured by HTTPS, reminiscent of the </span><a href="https://simpsons.fandom.com/wiki/Everything%27s_Okay_Alarm" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">“Everything’s Okay” alarm</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> from </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The Simpsons</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. When HTTPS was rare, the lock icon drew attention to the additional protections provided by HTTPS. Today, this is no longer true, and HTTPS is the norm, not the exception, and we've been evolving Chrome accordingly.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">For example: we know that the lock icon does not indicate website </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">trustworthiness</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. We redesigned the lock icon in 2016 after our research showed that many users misunderstood what the icon conveyed. Despite our best efforts, </span><a href="https://research.google/pubs/pub51481/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">our research in 2021</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> showed that </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">only 11% of study participants correctly understood the precise meaning of the lock icon</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon. Misunderstandings are so pervasive that many organizations, including the </span><a href="https://www.ic3.gov/Media/Y2019/PSA190610" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">FBI</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, publish explicit guidance that the lock icon is not an indicator of website safety.</span></p><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBq_FRtvQmEwYveEh-SJ5K9ocrgYOLbU97Z5oT3xiS9m4gUUddYzGJ00pxKJ8TvMQZ13I3h_MGDOw3TdaJeGditVMPO-8I950E1i7cexj1x3GBtf3bPcm92YWqsfwS0C51743MEQpSWNbnUBgWEEpy7S-edVk1DTvakNQkLvBSFsxAgDAEQps1bx23Ww/s1314/heatmap.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="674" data-original-width="1314" height="321" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBq_FRtvQmEwYveEh-SJ5K9ocrgYOLbU97Z5oT3xiS9m4gUUddYzGJ00pxKJ8TvMQZ13I3h_MGDOw3TdaJeGditVMPO-8I950E1i7cexj1x3GBtf3bPcm92YWqsfwS0C51743MEQpSWNbnUBgWEEpy7S-edVk1DTvakNQkLvBSFsxAgDAEQps1bx23Ww/s1314/heatmap.png" style="max-height:321px max-width: 627px" /></a></div><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><br /></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span face=""Google Sans", sans-serif" style="font-size: 9pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">When shown Chrome UI in research studies, users would look at the padlock to evaluate the trustworthiness of a hypothetical ecommerce site. We showed the site controls to experiment participants. The overlaid heat-maps represent the click patterns of respondents who were asked to indicate any information which was perceived helpful in the scenario.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span face=""Google Sans", sans-serif" style="font-size: 9pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: inherit;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The lock icon is currently a helpful entry point into site controls in Chrome. In 2021, </span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">we shared</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> that we were experimenting with </span><a href="https://blog.chromium.org/2021/07/increasing-https-adoption.html" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">replacing the lock icon</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> in Chrome with a more security-neutral entry point to site controls. We continued to mark </span><a href="https://blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">HTTP as insecure</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> in the URL bar. Users in the experiment opened the site controls more, and they didn't express any confusion that can follow major UI changes.</span></span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRlMaXduiXZSOPgMTX6_aNrz8Lv-JoriuiHaiK__ZhRN5iSfy0QGKndAwXe3jRPvpaWmPRDhWJP_Eujn0AsWPEqO-RSNQfpxcU7AZlKzS4yiv-c1tGnhH_94ddjG37iLua0rCvtO7aJFR9bl61rOwIuWlwu1hlMXjrM064ZTF_31xD681Su0VcGGYA3Q/s860/site-controls.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="860" data-original-width="694" height="349" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRlMaXduiXZSOPgMTX6_aNrz8Lv-JoriuiHaiK__ZhRN5iSfy0QGKndAwXe3jRPvpaWmPRDhWJP_Eujn0AsWPEqO-RSNQfpxcU7AZlKzS4yiv-c1tGnhH_94ddjG37iLua0rCvtO7aJFR9bl61rOwIuWlwu1hlMXjrM064ZTF_31xD681Su0VcGGYA3Q/s860/site-controls.png" style="max-height: 349px; max-width: 282px;" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9xAuoobZuThsUwFML3p9WT-BFW_0GRfbUlqoJuBuVt2lFymZaSmPzb0rqZ4ybodEErBHewbAPV6RD6ap3yTBAlcokOVFszspAiNaDt6W7DpvHvujPehuHraQNAZZwxwd3AhfZu3XSBJVNDkrw1EuwdK3khtFQ0hEJAXa8UZGCpmjbjFvW3xqRRFittg/s692/site-controls-small.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="542" data-original-width="692" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9xAuoobZuThsUwFML3p9WT-BFW_0GRfbUlqoJuBuVt2lFymZaSmPzb0rqZ4ybodEErBHewbAPV6RD6ap3yTBAlcokOVFszspAiNaDt6W7DpvHvujPehuHraQNAZZwxwd3AhfZu3XSBJVNDkrw1EuwdK3khtFQ0hEJAXa8UZGCpmjbjFvW3xqRRFittg/s692/site-controls-small.png" style="height: 246px; width: 313px;" width="313" /></a><br /></div><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><div style="text-align: center;"><span style="font-size: 9pt;">Site controls currently accessible from the lock icon.</span></div></span><p></p><div style="text-align: left;"><span style="font-family: inherit;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-align: left; vertical-align: baseline; white-space: pre-wrap;">Based on these research results from ourselves and </span><a href="https://ieeexplore.ieee.org/document/4223213" style="text-align: left; text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">others</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-align: left; vertical-align: baseline; white-space: pre-wrap;">, and the broader shift towards HTTPS, we will be replacing the lock icon in Chrome with a variant of the tune icon. We think the tune icon:</span></span></div><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px; text-align: left;"><li aria-level="1" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: inherit; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Does not imply "trustworthy"</span></p></li><li aria-level="1" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: inherit; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Is more obviously clickable</span></p></li><li aria-level="1" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: inherit; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Is commonly associated with settings or other controls </span></p></li></ul><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgugOcJZQTuZzMo-ker60pSIzOIfBPPIV7Gq_7nmOU9lVqJWZ-qyurLC-Pj3lrPrrh-pemoJC6Ix27Dam2LmNasddSS21m37_7YV8qbC2MPE8j1gEIcBqcMqSAvhq5WnAJ34OV3IZYoqhivJo0oN3C2A4NWA0csosSV4jFIbqhOopCrXwKPFu96oW6_Yg/s288/tune.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="288" data-original-width="288" height="288" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgugOcJZQTuZzMo-ker60pSIzOIfBPPIV7Gq_7nmOU9lVqJWZ-qyurLC-Pj3lrPrrh-pemoJC6Ix27Dam2LmNasddSS21m37_7YV8qbC2MPE8j1gEIcBqcMqSAvhq5WnAJ34OV3IZYoqhivJo0oN3C2A4NWA0csosSV4jFIbqhOopCrXwKPFu96oW6_Yg/s1600/tune.png" width="288" /></a></div><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="font-size: 9pt; white-space: pre-wrap;">We plan to replace the lock icon with a variant of the tune icon, which is commonly used to indicate controls and settings.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="font-size: 9pt; white-space: pre-wrap;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Replacing the lock icon with a neutral indicator prevents the misunderstanding that the lock icon is associated with the trustworthiness of a page, and emphasizes that security should be the default state in Chrome. Our research has also shown that many users never understood that clicking the lock icon showed important information and controls. We think the new icon helps make permission controls and additional security information more accessible, while avoiding the misunderstandings that plague the lock icon.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The new icon is scheduled to launch in Chrome 117, which releases in early September 2023, as part of a general design refresh for desktop platforms. Chrome will continue to alert users when their connection is not secure. You can see the new tune icon now in Chrome Canary if you enable Chrome Refresh 2023 at </span><span style="color: #188038; font-family: "Roboto Mono", monospace; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">chrome://flags#chrome-refresh-2023</span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, but keep in mind this flag enables work that is still actively in-progress and under development, and does not represent a final product.</span></p><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh42uF3vHKMYdRxs7Pn3IWFieNo15A49lukAYJ_WzOOgfN1frqfnkh45T-pUdZdIW-caFj1tA8IGBRRjgra_jd2JQ6igjESnX2xYieuWgA3aP4E7QU4mif8OrA7XAPwyURpVQ5azwDXe8NnuxjmV_4nnVEvc-YPBq76tcCOzBAS8pjQDNt-rKM88M3q6A/s1040/new-site-controls.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1040" data-original-width="788" height="607" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh42uF3vHKMYdRxs7Pn3IWFieNo15A49lukAYJ_WzOOgfN1frqfnkh45T-pUdZdIW-caFj1tA8IGBRRjgra_jd2JQ6igjESnX2xYieuWgA3aP4E7QU4mif8OrA7XAPwyURpVQ5azwDXe8NnuxjmV_4nnVEvc-YPBq76tcCOzBAS8pjQDNt-rKM88M3q6A/s1040/new-site-controls.png" style="height: 500px; width=292px;" /></a></div><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><br /></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span face=""Google Sans", sans-serif" style="font-size: 9pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Same page controls, new icon. The lock continues to exist as a precisely scoped entry point to connection security information, but with a new top-level access point.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span face=""Google Sans", sans-serif" style="font-size: 9pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We’ll be replacing the lock icon on Android at the same time as the broader desktop change. On iOS, the lock icon is not tappable, so we will be removing it entirely. On all platforms, we will continue to mark plaintext HTTP as insecure.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">As HTTPS has become the norm, replacing the lock icon has long been a goal both of Chrome and the broader security community. We’re excited that HTTPS adoption has grown so much over the years, and that we’re finally able to safely take this step, and continue to move towards a web that is secure-by-default.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">- By David Adrian, Serena Chen, Joe DeBlasio, Emily Stark, and Emanuel von Zezschwitz, and the rest of Chrome Trusty Transport from the Chrome Security team</span></p><div><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-38523615784130157092023-04-13T10:29:00.000-07:002023-04-13T10:29:41.993-07:00More ways we’re making Chrome faster <br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiED83PUD3mCG2ea-hkNQas9v8urhqtDIM4VDrMKN7P7wIF4TJOtD3cdiJNwZsyKX119C3EVq9FXaFo025FTFiMAEo45g-yaRMIE-CcjvNCOl8a81lAnOLA3_tGrdhAaiLLzyS71XpUFP6A1OKsKBRzC13Jyna7SGR9NqKstpVu-RYa3msMxpVwesrrcA/s4501/The%20Fast%20+%20The%20Curious%20Logo_Revised_Header.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1867" data-original-width="4501" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiED83PUD3mCG2ea-hkNQas9v8urhqtDIM4VDrMKN7P7wIF4TJOtD3cdiJNwZsyKX119C3EVq9FXaFo025FTFiMAEo45g-yaRMIE-CcjvNCOl8a81lAnOLA3_tGrdhAaiLLzyS71XpUFP6A1OKsKBRzC13Jyna7SGR9NqKstpVu-RYa3msMxpVwesrrcA/w400-h166/The%20Fast%20+%20The%20Curious%20Logo_Revised_Header.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: left;"><span id="docs-internal-guid-d47358e4-7fff-ccdf-f079-003f16782621"><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">From the beginning of Chrome, one of our </span><a href="https://www.chromium.org/developers/core-principles/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">4 founding principles</span></a><span style="font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> has been speed, and it remains a core principle that guides our work. </span><span style="color: #424242; font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Today’s</span><a href="https://blog.chromium.org/search/label/the%20fast%20and%20the%20curious" style="text-decoration-line: none;"><span style="color: #424242; font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> </span><span style="color: #1155cc; font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">The Fast and the Curious</span></a><span style="color: #424242; font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> post</span><span style="font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> shares how recent technical improvements to Chrome have helped us reach a new performance milestone on the Speedometer browser benchmark across platforms. </span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span id="docs-internal-guid-75659322-7fff-f071-802f-fc799c6011fc"></span></span></p><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><br /></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span style="font-family: arial;">Speed is a critical factor in determining your experience while browsing the Web. The faster the browser, the more enjoyable your browsing experience will be. With the latest release of Chrome, we went deep under the hood of Chrome’s engine to look for every opportunity to increase the speed and efficiency, from improved caching to better memory management.</span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap; white-space: pre;"><br /></span></p><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: #434343; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: x-large;">Improved HTML Parsing & optimizing specific features <br /></span></span><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: Arial; white-space: pre-wrap;">We discovered some targeted optimizations for the highly used JS `Object.prototype.toString` and `Array.prototype.join`functions. We also implemented targeted improvements in CSS’s InterpolableColor. </span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: Arial; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><b id="docs-internal-guid-3a4e6d59-7fff-897a-b31b-6a6e288fdc37" style="font-weight: normal;"><br /></b></span><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">`innerHTML` is a very common way of updating the DOM via JavaScript so we added specialized fast paths for parsing. To our happy surprise, it seems some of this work will also be benefitting WebKit, which will </span><a href="https://github.com/WebKit/WebKit/pull/9926" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">include it in their engine</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> as well. Our goal is always to create a better web experience for all web users so we’re happy to see this work having expanded impact! </span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: Arial; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><b style="font-weight: normal;"><br /></b></span><span style="background-color: transparent; color: #434343; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: x-large;">More efficient pointer compression & allocations in V8 & Oilpan <br /></span></span><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: Arial; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Pointer compression is used to save memory in both </span><a href="https://v8.dev/blog/pointer-compression" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">V8</span></a><span style="font-family: Arial; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> and </span><a href="https://v8.dev/blog/oilpan-pointer-compression" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Oilpan</span></a><span style="font-family: Arial; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> (the garbage collector for DOM objects). We made optimizations to how we compress and decompress pointers, and we avoid compressing high-traffic fields. Given how frequently these operations are done, it has a wide spread impact on performance. We also moved frequently accessed objects like JavaScript’s `undefined` to the beginning of the memory bases, allowing them to be accessed using faster machine code. </span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The improved features and efficient pointer compression collectively gave us a </span><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">10% increase in Apple’s </span><a href="https://browserbench.org/Speedometer2.1/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-style: normal; font-variant: normal; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Speedometer 2.1 browser benchmark</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> over the course of three months</span><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">.</span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWNiHdyHhg-PihZ28UdVJ9k-f65mOJrN4-btXOftf-Y9JpAQwqxQhsp4IGjYq4wgU-4CUcTQB5iTHixrBsNHbxN2sG-BJIm6JyugUL_U42NyxVJyFpy0GHaqNOWlqeZfKoRzTK5urVMz1SxFexPpPFBDKon619A2arHK3dUsa2nLP_BrfKAiPTdf9_Ww/s2804/Chrome_Fast%20_%20Curious%20Speedometer%20Improvements_Graphic_3_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1380" data-original-width="2804" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWNiHdyHhg-PihZ28UdVJ9k-f65mOJrN4-btXOftf-Y9JpAQwqxQhsp4IGjYq4wgU-4CUcTQB5iTHixrBsNHbxN2sG-BJIm6JyugUL_U42NyxVJyFpy0GHaqNOWlqeZfKoRzTK5urVMz1SxFexPpPFBDKon619A2arHK3dUsa2nLP_BrfKAiPTdf9_Ww/w640-h314/Chrome_Fast%20_%20Curious%20Speedometer%20Improvements_Graphic_3_1.png" width="640" /></a></div><br /></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><br /></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline;"><span id="docs-internal-guid-3dbe463d-7fff-0479-6562-8a5c168cab87"><h3 dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;"><span style="color: #434343; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline;"><span style="font-size: x-large;">Getting the Most out of High-End Mobile Devices</span></span></h3><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline;"><br /></span></p><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;">Chrome on Android has always been optimized for a small footprint, but the Android ecosystem is diverse and contains devices with varying levels of capabilities. To maximize the performance of Chrome on high-end devices, we are now targeting them with a version of Chrome that uses compiler flags tuned for speed rather than binary size. </p><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;"><br /></p><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;">For capable devices, these versions of Chrome run the Speedometer 2.1 benchmark 30% faster.</p><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;"><br /></p><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;"><br /></p><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: x-small;"><span style="font-family: Arial;"><span style="white-space: pre-wrap;">Posted by Thomas Nattestad, Senior Product Manager, and </span></span><span style="font-family: Arial; white-space: pre-wrap;">Andrew Grieve, Software Engineer</span></span></p><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;"><br /></p><p dir="ltr" style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-decoration-line: none; white-space: pre-wrap;"><br /></p><div style="color: black; font-family: Arial; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; text-decoration-line: none; white-space: pre-wrap;"><span style="font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline;"><br /></span></div></span></span></div><p style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="background-color: transparent; color: black; font-family: Arial; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><div style="text-align: left;"><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div></span></div><br />Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-82954547689125161112023-04-03T08:34:00.004-07:002023-04-03T08:40:06.727-07:00How WebAssembly is accelerating new web functionality<span id="docs-internal-guid-f411f2f6-7fff-d31c-feae-7a6e02d58093"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">WebAssembly is fundamentally changing how new developer capabilities and functionality can be created on the web. In order to maintain browser interoperability, new web capabilities need to go through a rigorous standardization process and cross browser implementations. Decades of major investment has pushed the browser functionality to astonishing heights, but this process can take time and the web doesn’t need to have every capability built in. After years of investing in lower level capabilities that act as building blocks for higher level functionality, we are seeing a new dawn of expanded functionality at a dramatically expanded pace.</span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">WebAssembly </span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://webassembly.org/" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">WebAssembly</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> is a portable bytecode format compiled from other languages to offer maximized performance. By leveraging WebAssembly, developers can take libraries and functionality from other platforms and performantly bring them to the web, without requiring any reimplementation. WebAssembly also offers advanced computation primitives like parallelizable </span><a href="https://chromestatus.com/feature/5724132452859904" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">threads</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> and Single Instruction Multiple Data (</span><a href="https://chromestatus.com/feature/6533147810332672" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">SIMD</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">) that enable it to maximize the performance from the CPU. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">With WebAssembly offering portability plus performant access to the CPU the web now has the necessary low level building blocks for a huge variety of new functionality to be built. All of this, of course, rests on the incredible foundation that is the full web platform—full of powerful capabilities, rendering methods, and much more. </span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Real world examples </span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We’ve dedicated </span><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://web.dev/wasm-libraries/">a whole blog post to showcasing just a small proportion of the new functionality being made available thanks to WebAssembly</a></span><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Some of these examples are functionality that tried to go through the standard process but didn’t make it for a variety of reasons. Other examples are being actively standardized and implemented across browsers. </span></p><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://github.com/ffmpegwasm/ffmpeg.wasm" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">FFMPEG on Wasm</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> is enabling web apps to work effectively with videos. </span><a href="https://developer.mozilla.org/en-US/docs/Web/API/WebCodecs_API" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">WebCodecs</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> is a standardized alternative that offers similar encoding and decoding support, but it hasn’t been shipped across browsers yet. </span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">WebAssembly powers background blurring for VC calls in Google Meet and there is now </span><a href="https://github.com/riju/backgroundBlur/blob/main/explainer.md" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">a dedicated standards proposal</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> for this functionality</span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Web SQL was standardized and even shipped in Chrome for many years but never adopted sufficiently across browsers. </span><a href="https://developer.chrome.com/blog/sqlite-wasm-in-the-browser-backed-by-the-origin-private-file-system/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">SQLite on Wasm</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> will replace Web SQL which will </span><a href="https://developer.chrome.com/blog/deprecating-web-sql/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">eventually be removed from Chrome</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. </span></p></li><li aria-level="1" dir="ltr" style="font-family: "Google Sans", sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://webkit.org/blog/8421/viewing-augmented-reality-assets-in-safari-for-ios/" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Universal Scene Descriptor (USD) is shipping in Safari</span></a><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> but isn’t available in other browsers. </span></p></li></ul><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Advantages of this new development paradigm</span></h2><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span face=""Google Sans", sans-serif" style="color: #434343; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Faster iteration speed</span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Because functionality doesn’t have to go through standards and get approval before shipping, iteration cycles go from taking years down to days or even hours. Approaches like Origin Trials help enable more experimentation but still require weeks or months for iterations. When you change the iteration rate of something, you fundamentally change the thing itself. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Some fields like machine learning are advancing so fast that it is incredibly hard for standards-based approaches to keep up. By the time one design has gone through standardization and cross browser implementation, the field has moved on to something new which would have to go through the whole process again. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">That being said, standardization is still essential for many things (see disadvantages section below) and when feasible, standardizing should absolutely be attempted. </span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span face=""Google Sans", sans-serif" style="color: #434343; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Immediate support across browsers </span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Because wasm is supported across browsers, the functionality built on top of it will work across all browsers immediately as well. Interop and cross browser implementation of features is </span><a href="https://insights.developer.mozilla.org/reports/mdn-web-developer-needs-assessment-2020.html#needs-assessment-ranking-of-all-needs" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">the biggest pain point for developers</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> and by moving functionality to these lower level primitives, we’ll remove much of this concern. </span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span face=""Google Sans", sans-serif" style="color: #434343; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Improved security </span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Because this functionality is built on top of incredibly hardened security sandboxes, there is substantially improved security compared to natively implemented APIs. Flash for example was removed from the web in large part because it was just too difficult to harden the complex plugin sufficiently, but now it can be </span><a href="https://medium.com/leaningtech/preserving-flash-content-with-webassembly-done-right-eb6838b7e36f" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">run in WebAssembly</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, eliminating almost all security concerns. </span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Disadvantages and limitations </span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">As with any new solution to complex problems, WebAssembly is not without disadvantages and limitations. Some of these are inherent and some have some promising solutions. </span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span face=""Google Sans", sans-serif" style="color: #434343; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">This won’t replace JavaScript for most web development </span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">WebAssembly won’t replace JavaScript or make it obsolete, but rather extend its capabilities. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">WebAssembly in the browser is still entirely dependent on JavaScript and needs to interface through JavaScript to access other web functionality. Libraries and new functionality enabled by WebAssembly will be utilized through JavaScript APIs. While there are some proposals that could enable wasm to wasm module communication and direct interfacing with Web APIs, this is still in the early stages of development. </span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span face=""Google Sans", sans-serif" style="color: #434343; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Bundle size of pages</span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">By moving more logic and functionality into userland, the size of pages will increase as well. This is a large problem as lower bundle size is </span><a href="https://v8.dev/blog/cost-of-javascript-2019" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">the most important thing for a good user experience</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. As a result, developers should think carefully before ballooning their bundle size with this functionality, and it may be more relevant for larger web apps than smaller ecommerce or blog sites. This has long been an issue for JavaScript-heavy frameworks and is something where more solutions could be possible to improve the situation. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Another potential mitigation here is to look at the popular functionality being shipped in userland and use that as an input about what functionality should be standardized to ship with the browser itself. By being battle-hardened in userland, browsers will have higher confidence and validation on what they should ship, dramatically simplifying the standards and implementation work. WebCodecs replacing wasm compiled FFMPEG or </span><a href="https://github.com/WICG/handwriting-recognition/blob/main/explainer.md" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">the handwriting recognition API</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> to replace </span><a href="https://github.com/gugray/hanzi_lookup" style="text-decoration-line: none;"><span face=""Google Sans", sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">the wasm compiled option</span></a><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> are perfect examples of this. </span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span face=""Google Sans", sans-serif" style="color: #434343; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Device capability access </span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">WebAssembly and other primitives are largely computation mechanisms and don't give any kind of root system access to the OS or device itself. Functionality like hardware access (USB or Bluetooth), screen or window management, input controls, file system, clipboard, and much more still require platform level APIs to access. Chromium’s Fugu project is specifically aiming to enable all of these cases for Chromium-based browsers, but implementations across other browsers would still be needed here. </span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span face=""Google Sans", sans-serif" style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Conclusion </span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">WebAssembly is already enabling new functionality in the browser, but more than that it represents a fundamentally new approach to how functionality gets developed. The best way to improve a thing is to improve how you improve it and then basking in second order growth. As with any new paradigm there are advantages and disadvantages, but overall this is a powerful new approach for browsers and developers everywhere. I can’t wait to see what we all build together with it. </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face=""Google Sans", sans-serif" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">By Thomas Nattestad, Product Manager - WebAssembly</span></p></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-55908497684718832392023-02-28T08:59:00.004-08:002023-04-13T08:02:16.932-07:00Do more with Chrome on a single charge on MacBooks<span id="docs-internal-guid-70112b7c-7fff-e63f-9e6d-29a10885584a"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1scoAQql2pxtQ4ec-UX4DT1dNsy4v0H1rvtTboGWGaEOfMu3LwiJPK2eXS0qcEFrVTKgn2CmXMQr8oNBBCJkTHx90HJrMyJ2IzKZYBqipjIsn596-NerQyJGuFoqjV59cc4ZaWF5h9e_H6Q1W57hA6QAA_mEtKrRBVFppBm-ygv3RbKldvGxEg0XY1Q/s561/Fast%20Curious%20logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="233" data-original-width="561" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1scoAQql2pxtQ4ec-UX4DT1dNsy4v0H1rvtTboGWGaEOfMu3LwiJPK2eXS0qcEFrVTKgn2CmXMQr8oNBBCJkTHx90HJrMyJ2IzKZYBqipjIsn596-NerQyJGuFoqjV59cc4ZaWF5h9e_H6Q1W57hA6QAA_mEtKrRBVFppBm-ygv3RbKldvGxEg0XY1Q/w400-h166/Fast%20Curious%20logo.png" width="400" /></a></div><br /><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><br /></p><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial;"><span style="font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">From the beginning, we designed Chrome to be efficient. Being efficient is not just about loading pages as fast as possible, it’s also about doing it with the least amount of resources possible. </span><span style="color: #424242; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Today’s</span><a href="https://blog.chromium.org/search/label/the%20fast%20and%20the%20curious" style="text-decoration-line: none;"><span style="color: #424242; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> </span><span style="color: #1155cc; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">The Fast and the Curious</span></a><span style="color: #424242; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> post explores how we improved Chrome to maximize battery life on Mac, so you can enjoy browsing and watching videos longer than ever before. </span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">With the latest release of Chrome, we’ve made it possible to do more on your MacBook on a single charge thanks to a ton of optimizations under the hood. In our testing, we found that you can </span><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">browse for 17 hours</span><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> or </span><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">watch YouTube for 18 hours</span><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> on a MacBook Pro (13", M2, 2022). And with Chrome’s </span><a href="https://blog.google/products/chrome/new-chrome-features-to-save-battery-and-make-browsing-smoother/" style="font-family: arial; text-decoration-line: none;"><span style="color: #1155cc; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Energy Saver</span></a><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> mode enabled, you can browse an additional 30 minutes on battery<span style="font-size: xx-small;">(1)</span>.</span><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> Of course, we care deeply about </span><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">all</span><span style="font-family: arial; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> </span><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">our users, not just those with the latest hardware. That’s why you’ll also see performance gains on older models as well. </span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; white-space: pre-wrap;">Here’s a closer look at some of the changes we made:</span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; white-space: pre-wrap;"> </span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-size: x-large; font-weight: 700; white-space: pre-wrap;">Fine tuning iframes</span></div></span><span style="font-family: arial;"><span><span><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><div><span style="white-space: pre-wrap;"><br /></span></div><div><span style="white-space: pre-wrap;">We realized that many iframes live just a few seconds. As a result, we fine-tuned the garbage collection and memory compression heuristics for recently created iframes. This results in less energy consumed to reduce short-term memory usage (without impact on long-term memory usage).</span></div><div><span style="white-space: pre-wrap;"><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaYJDCNGWEhoYNvgzyqaeDfz_Y587deJ_xw9WJYmm6kRl3_5IXg3SkYbIwq2zknvDGltfPjY3khuodiBZWHCOJQbH3LiHM0Yk_5twgRwpGz02GRrJ8hGJ6NRULde45CkPZ1xxPZ3X0A_gtfv4GzvXFCoVk6ehL89LOGoOVykkf9drGXT9O4xkKd-Xw4g/s5771/Fast%20&%20Curious_Battery%20Life%20Blog%20Assets_V2_3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2798" data-original-width="5771" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaYJDCNGWEhoYNvgzyqaeDfz_Y587deJ_xw9WJYmm6kRl3_5IXg3SkYbIwq2zknvDGltfPjY3khuodiBZWHCOJQbH3LiHM0Yk_5twgRwpGz02GRrJ8hGJ6NRULde45CkPZ1xxPZ3X0A_gtfv4GzvXFCoVk6ehL89LOGoOVykkf9drGXT9O4xkKd-Xw4g/w640-h310/Fast%20&%20Curious_Battery%20Life%20Blog%20Assets_V2_3.png" width="640" /></a></div><br /><span style="white-space: pre-wrap;"><br /></span></div></div></span></span><span><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-size: x-large; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Tweaking timers </span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;">Javascript timers were introduced at the beginning of the Web’s history. Since then, Web developers have access to more efficient APIs to achieve the same (or better!) results. But Javascript timers still drive a large proportion of a Web page’s power consumption. As a result, we tweaked the way they fire in Chrome to let the CPU wake up less often.</span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8wQI11UDCm3gCILBibO9P2X9652WkLbEWCxYXlQtGpYx0ATH_ScprIGbOl4QM55jfUgUrcfjla9TieV6OwLMbX1gRu82N2qHEjYV33PMxOMYaxH7xEOdNlTsOcgeXbIGvYx3tSye9GncgyGzuVdqCfEEPcHuqn0qPl5wO01a7nQ3XD3NRhFK0oDUYTQ/s5771/Fast%20&%20Curious_Battery%20Life%20Blog%20Assets_V2_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2798" data-original-width="5771" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8wQI11UDCm3gCILBibO9P2X9652WkLbEWCxYXlQtGpYx0ATH_ScprIGbOl4QM55jfUgUrcfjla9TieV6OwLMbX1gRu82N2qHEjYV33PMxOMYaxH7xEOdNlTsOcgeXbIGvYx3tSye9GncgyGzuVdqCfEEPcHuqn0qPl5wO01a7nQ3XD3NRhFK0oDUYTQ/w640-h310/Fast%20&%20Curious_Battery%20Life%20Blog%20Assets_V2_1.png" width="640" /></a></div><span style="white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Similarly, we identified opportunities to cancel internal timers when they’re no longer needed, reducing the number of times that the CPU is woken up. </span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-weight: 700; white-space: pre-wrap;"><span style="font-size: x-large;">Streamlining data structures</span></span></div></span></span><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We identified data structures in which there were frequent accesses with the same key and optimized their access pattern.</span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtRHz8G4vD-oJWZBkUMKGpXiGvOi4rtC_9FL2zM_FHz-E-ACg44WJCl3IRMsaML-77kUPeGDPfrcPaVDr1zaQXhDi1gCYYlE19786pCIMjMd35inQZMTgQYZqR_QCdBPPoTA62D5z4ClJWaneDR-MwHxtUArrKNDRfz1JuhShptQU-ThQG7lZqQ93GqA/s5771/Fast%20&%20Curious_Battery%20Life%20Blog%20Assets_V2_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3314" data-original-width="5771" height="368" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtRHz8G4vD-oJWZBkUMKGpXiGvOi4rtC_9FL2zM_FHz-E-ACg44WJCl3IRMsaML-77kUPeGDPfrcPaVDr1zaQXhDi1gCYYlE19786pCIMjMd35inQZMTgQYZqR_QCdBPPoTA62D5z4ClJWaneDR-MwHxtUArrKNDRfz1JuhShptQU-ThQG7lZqQ93GqA/w640-h368/Fast%20&%20Curious_Battery%20Life%20Blog%20Assets_V2_2.png" width="640" /></a></div><br /><span style="font-family: arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><span><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial; font-size: x-large; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Eliminating unnecessary redraws</span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><span style="font-family: arial;"><br /></span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><span style="font-family: arial;">We navigated on real-world sites with a bot and identified Document Object Model (DOM) change patterns that don’t affect pixels on the screen. We modified Chrome to detect those early and bypass the unnecessary style, layout, paint, raster and gpu steps. We implemented similar optimizations for changes to the Chrome UI.</span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><span style="font-family: arial;"><br /></span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><span style="font-family: arial;">There’s always more work to be done. With the <a href="https://source.chromium.org/chromium/chromium/src/+/main:tools/mac/power">open-source benchmark suite</a>, we’ll be able to tap the broader community of devs to help us to improve Chrome’s power consumption in 2023 and beyond.</span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><span style="font-family: arial;"><br /></span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><span style="font-family: arial;"><br /></span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="white-space: pre-wrap;"><span style="font-family: arial;">Posted by François Doray, Software Developer, Chrome</span></span></div><div style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-family: arial;"><span style="white-space: pre-wrap;"><br /></span></span><span style="font-family: arial;"><span style="white-space: pre-wrap;">___<br /></span></span><span style="font-family: arial; font-size: xx-small;"><span style="white-space: pre-wrap;">1 </span><span style="white-space: pre-wrap;">Testing conducted in February 2023 using Chrome 110.0.5481.100 on a MacBook Pro (13”, M2, 2022 with 8 GB RAM running MacOS Ventura 13.2.1) and measured using our <a href="https://source.chromium.org/chromium/chromium/src/+/main:tools/mac/power">open-source benchmark suite</a>.</span></span></div><p dir="ltr" style="line-height: 1.2; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: arial;"><span style="font-size: xx-small; white-space: pre-wrap;"></span></span></p><div><br /></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-52039786882800834922022-12-08T10:14:00.003-08:002022-12-09T11:08:21.061-08:00Introducing passkeys in Chrome<span id="docs-internal-guid-83cb825d-7fff-c4e6-21ec-29c2536d80a1"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We </span><a href="https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">announced in October</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> that passkey support was available in Chrome Canary. Today, we are pleased to announce that passkey support is now available in Chrome Stable M108. </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 16pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">What are passkeys?</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Passwords are typically the first line of defense in our digital lives. However, they are at risk of being phished, leaked in data breaches, and even suffering poor password hygiene. Google has long recognized these issues, which is why we have created defenses like </span><a href="https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome?pli=1" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">2-Step Verification</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> and </span><a href="http://passwords.google" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Google Password Manager</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">To address these security threats in a simpler and more convenient way, we need to move towards passwordless authentication. This is where passkeys come in. Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don't leak in server breaches, and protect users from phishing attacks. Passkeys are built on </span><a href="https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">industry standards</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, can work across different operating systems and browser ecosystems, and can be used with both websites and apps.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 16pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Using passkeys</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">You can use passkeys to sign into sites and apps that support them. Signing in with a passkey will require you to authenticate yourself in the same way that you unlock a device.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">With the latest version of Chrome, we're </span><a href="https://developers.google.com/identity/passkeys/supported-environments" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">enabling</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> passkeys on Windows 11, macOS, and Android. </span><span style="font-family: Arial;"><span style="white-space: pre-wrap;">On Android your passkeys will be </span></span><a href="https://security.googleblog.com/2022/10/SecurityofPasskeysintheGooglePasswordManager.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">securely synced</span></a> <span style="font-family: Arial;"><span style="white-space: pre-wrap;">through Google Password Manager or, in future versions of Android, any other password manager that supports passkeys.</span></span></p><div><br /></div><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 426px; overflow: hidden; width: 202px;"><img height="426" src="https://lh4.googleusercontent.com/KGfodMN78yPsLSyHSIhaifkR1aouHVJZUGIf8kmLktRhdBPmd7Ick1LBe7NelX1NmF6rCdyNDvzE2i6mB8qRf4CbYVY3zjX84L4_xu1aUdBzIn1Kzg8OruT7rM4flcu3Rg1BJI3poPVt_AAKDvBzXpcvalXPpDEYbwv_8_6l-S96-p5CD4WLkbYfi_Uf0pU" style="margin-left: 0px; margin-top: 0px;" width="202" /></span></span></p><br /><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Once you have a passkey saved on your device it can show up in autofill when you're signing in to help you be more secure. </span></p><br /><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 425px; overflow: hidden; width: 201px;"><img height="425" src="https://lh4.googleusercontent.com/gvQpTTci8pH7T6U24y3FFu8QCyEyLiVcAfsSQTAggRfxPgLTVJgMagkDBK9XuBnHg1dmuTXhEfCvdpR8oNKFVWrG2xbryBzir5_omQSa4JKoVcZ39O4AMxBfh8h7h8eibVnHQCfHrJuK7mow7ZrNcfLnKN7nhkzPjxdtj0-pFsZed9gU0dlvCCQyEipF2TA" style="margin-left: 0px; margin-top: 0px;" width="201" /></span></span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">On a desktop device you can also choose to use a passkey from your nearby mobile device and, since passkeys are built on industry standards, you can use either an Android or iOS device.</span></p><br /><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 351px; overflow: hidden; width: 624px;"><img height="351" src="https://lh4.googleusercontent.com/B8WvaZF5QApI926gpV-sSemO8y3k3OKU1McZjtBZ7A_O2PlQ9tfozPEy5sk8tH5_2sblKwXo3HTPq9gD3oy6mfvyc_Ixx5jwQ-PsB4tOAfGt1zkJ9ywg1kbQdSP5uk1BXZlBVK7CzFaa6BV6WeoJJCa8Sthmv210Y8HKEdrZSovjwXwfvcs0eLYvFKI2PMY" style="margin-left: 0px; margin-top: 0px;" width="624" /></span></span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">A passkey doesn't leave your mobile device when signing in like this. Only a securely generated code is exchanged with the site so, unlike a password, there's nothing that could be leaked.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">To give you control over your passkeys, from Chrome M108 you will be able to manage your passkeys from within Chrome on Windows and macOS.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 477px; overflow: hidden; width: 624px;"><img height="488.07299122730444" src="https://lh3.googleusercontent.com/X4ewdKmOzo3_f9sGv07wYVJtmE4hQB5qLvwOEdmprioAhgTGJYsDDNM0XtXZ0vaagv8ka0UQSYyIXEGiboHG8QIoln-vXA_dgqrDPGCV6v3JwMEvx6eHkOqZp38h7w1Hmj1I-joMk_4VgU9CjUVcqvSkg5Xo540BkB4_Xj7yX08BJZ9amWwHQb6sRroBVFI" style="margin-left: 0px; margin-top: -5.5365px;" width="624" /></span></span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 16pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Enabling passkeys</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">For passkeys to work, developers need to </span><a href="https://web.dev/passkey-registration/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">build passkey support</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> on their sites using the WebAuthn API. We’ve been working with others in the industry, especially Apple and Microsoft, members within the </span><a href="https://fidoalliance.org/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">FIDO Alliance</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> and the </span><a href="https://www.w3.org/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">W3C</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> to drive secure authentication standards </span><a href="https://blog.google/technology/safety-security/one-step-closer-to-a-passwordless-future/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">for years</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Our goal is to keep you as safe as possible on the web and we’re excited for what the passkeys future holds. Enabling passkeys to be used in Chrome is a major milestone, but our work is not done. It will take time for this technology to be widely adopted across sites and we are working on enabling passkeys on iOS and Chrome OS. Passwords will continue to be part of our lives as we make this transition, so we’ll remain dedicated to making conventional sign-ins safer and easier through Google Password Manager.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Posted by Ali Sarraf, Product Manager, Chrome</span></p><div><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-65378967172703932092022-09-29T11:27:00.001-07:002022-09-29T11:27:45.374-07:00Chrome 107 Beta <span class="post-author">The Chrome beta post will now be posted to the <a href="https://developer.chrome.com/blog/">Chrome Developers</a> site. <a href="https://developer.chrome.com/blog/chrome-107-beta/">Find the release notes for Chrome Beta 107 here</a>.</span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-69623096398683194522022-09-19T10:14:00.007-07:002022-09-19T10:14:38.584-07:00Announcing the Launch of the Chrome Root Program<span id="docs-internal-guid-81a7f250-7fff-569d-8afc-fa4598faee4b"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">In 2020, we </span><a href="https://groups.google.com/g/mozilla.dev.security.policy/c/3Q36J4flnQs/m/VyWFiVwrBQAJ" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">announced</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> we were in the early phases of establishing the Chrome Root Program and launching the Chrome Root Store. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The Chrome Root Program ultimately determines which website certificates are trusted by default in Chrome, and enables more consistent and reliable website certificate validation across platforms. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">This post shares an update on our progress and how these changes help us better protect Chrome’s users.</span></p><br /><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></h2><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">What’s a root store or root program, anyway?</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Chrome uses </span><a href="https://en.wikipedia.org/wiki/Public_key_certificate" style="text-decoration-line: none;"><span style="color: #4a6ee0; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">digital certificates</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> (often referred to as “certificates,” “HTTPS certificates,” or “server authentication certificates”) to ensure the connections it makes on behalf of its users are secure and private. Certificates are responsible for binding a domain name to a public key, which Chrome uses to encrypt data sent to and from the corresponding website. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">As part of establishing a secure connection to a website, Chrome verifies that a recognized entity known as a “Certification Authority” (CA) issued its certificate. Certificates issued by a CA not recognized by Chrome or a user’s local settings can cause users to see warnings and error pages.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Root stores, sometimes called “trust stores”, tell operating systems and applications what certification authorities to trust. The </span><a href="https://g.co/chrome/root-store" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Chrome Root Store</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> contains the set of </span><a href="https://en.wikipedia.org/wiki/Root_certificate" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">root CA</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> certificates Chrome trusts by default. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">A root program is a governance structure that establishes the requirements and security review functions needed to manage the corresponding root store. Members of the Chrome Security Team are responsible for the Chrome Root Program. Our program policy, which establishes the minimum requirements for CAs to be included in the Chrome Root Store, is publicly available </span><a href="https://g.co/chrome/root-policy" style="text-decoration-line: none;"><span style="color: #4a6ee0; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">here</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">. </span></p><br /><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></h2><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Why is Chrome making these changes?</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Historically, Chrome integrated with the root store and certificate verification process provided by the platform on which it was running. Standardizing the set of CAs trusted by Chrome across platforms through the transition to the Chrome Root Store, coupled with a consistent certificate verification experience through the use of the Chrome Certificate Verifier, will result in more consistent user and developer experiences. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Launching the Chrome Root Program also represents our ongoing commitment to participating in and improving the Web PKI ecosystem. Innovations like </span><a href="https://www.rfc-editor.org/rfc/rfc8555.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">ACME</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> have made it easier than ever for website owners to obtain HTTPS certificates. Technologies like </span><a href="https://certificate.transparency.dev/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Certificate Transparency</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> promote increased accountability and transparency, further improving security for Chrome’s users. These enhancements, only made possible through community collaboration, make the web a safer place. However, there’s still more work to be done. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We want to work alongside CA owners to define and operationalize the next generation of the Web PKI. Our vision for the future includes modern, reliable, highly agile, purpose-driven PKIs that promote automation, simplicity, and security - and we formed the Chrome Root Program and corresponding </span><a href="https://g.co/chrome/root-policy" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">policy</span></a><span style="color: #0e101a; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> to achieve these goals.</span></p><br /><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></h2><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">When are these changes taking place?</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">A “rollout” is a gradual launch of a new feature. Sometimes, to ensure it goes smoothly, we don’t enable a new feature for all of our users at once. Instead, we start with a small percentage of users and increase that percentage over time to ensure we minimize unanticipated compatibility issues. The Chrome Root Store and Certificate Verifier began rolling out on Windows and macOS in Chrome 105, with other platforms to follow.</span></p><br /><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Testing ahead of the rollout described above is possible on Windows and macOS using </span><a href="https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/testing.md" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">these</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;"> instructions.</span></h2><br /><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></h2><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Will these changes impact me?</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We expect the transition to the Chrome Root Store and Certificate Verifier to be seamless for most users, enterprises, and CA owners. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The Chrome Certificate Verifier considers locally-managed certificates during the certificate verification process. This means if an enterprise distributes a root CA certificate as trusted to its users (for example, by a Windows Group Policy Object), it will be considered trusted in Chrome.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Troubleshooting procedures and other frequently asked questions are available </span><a href="https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/faq.md" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">here</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">.</span></p><br /><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></h2><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #009bff; font-family: Arial; font-size: 13pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">What’s next?</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">While we don’t know exactly what the future of the Web PKI will look like, we remain focused on promoting changes that increase speed, security, stability, and simplicity throughout the ecosystem.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">With that in mind, the Chrome team continues to explore introducing future root program </span><a href="https://g.co/chrome/root-policy" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">policy</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> requirements related to the following initiatives:</span></p><br /><ul style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Encouraging modern infrastructures and agility</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Focusing on simplicity</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Promoting automation</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Reducing mis-issuance</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Increasing accountability and ecosystem integrity</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Streamlining and improving domain validation practices</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: disc; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Preparing for a “</span><a href="https://csrc.nist.gov/projects/post-quantum-cryptography" style="text-decoration-line: none;"><span style="color: #1155cc; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">post-quantum</span></a><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">” world</span></p></li></ul><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We look forward to continuing our collaboration with members of the CA/Browser Forum and other Web PKI ecosystem participants to make the Internet a safer place.</span></p><div><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div><div><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Posted by </span><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">Ryan Dickson, Chris Clements, Emily Stark from Chrome Security</span></div></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-35198475472556156442022-09-15T09:05:00.001-07:002022-09-15T09:05:43.879-07:00Speeding up Chrome on Android Startup with Freeze Dried Tabs<span id="docs-internal-guid-b1b57db0-7fff-b544-78d9-74fe359e23f5"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span id="docs-internal-guid-9eee7abc-7fff-3cab-de48-0d2d5fdaf13c"><span style="color: black; font-size: 12pt; font-style: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline;"><span style="border: none; display: inline-block; height: 208px; overflow: hidden; width: 502px;"><img height="208" src="https://lh6.googleusercontent.com/AfryV8_rRENiOVvLdJn_UVDx6Wbl69sHOtVzGZKtusjJIa5l2E90aYS5ZwPSYryQk_nyAWGQp-9eTPOg0Z8GbxzWrFtA1DfxAbSQlu0dugtggsnPxhPEoK4M7CUpIjqpz5b_w0ZhKsjzbZ2GGDkQLmjNemKhNRkMTgG07VnzZh3_jPn-rJXnGv2QUeykGQDiFOhbEozL-k131A42sDeJI8YbDAF10SF4Bg" style="margin-left: 0px; margin-top: 0px;" width="502" /></span></span></span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We believe that "good enough" is never enough when it comes to pushing the performance of Chrome. Today’s </span><a href="https://blog.chromium.org/search/label/the%20fast%20and%20the%20curious" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">The Fast and the Curious</span></a><span style="color: #424242; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> post explores how we sped up the startup times of Chrome on Android by more than 20% by providing an interactive freeze-dried preview of a tab on startup. Read on to see </span><span style="font-family: Arial; font-size: 11pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">how the screenshot falls short, and freeze-drying your tabs makes for a better browser.</span></p><br /><h1 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: x-large;">Background and Motivation</span></span></h1><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Rendering web content can be computationally intensive and can feel slow at times compared to a native application. A lot of work needs to be done to dynamically load resources over the network, run JavaScript, render CSS, fonts, etc. On mobile devices this is particularly challenging and Chrome can often only keep a handful of web pages loaded at a time due to the memory constraints of the device.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">This leads to the question of whether there is a lighter-weight way to represent web content when the situation calls for it—for example, in transitional UI like the tab switcher or during startup when a lot of warm-up work is occurring. The de-facto option for this is a screenshot which is visually accurate and allows a user to see at a glance what they are opening. However, a screenshot is also more limited than a web page as it is constrained to whatever was last visible and is entirely static.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">What if we could make these transitional glimpses of web content more useful, interactable and engaging while waiting for the real page to be ready?</span></p><br /><h1 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: x-large;">Case Study: Showing Web Content faster at Cold Start</span></span></h1><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Chrome App cold startup on Android is expensive. To start drawing a web page at the median takes 3.4s from launch (</span><a href="https://web.dev/fcp/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">First Contentful Paint /FCP</span></a><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">). This can feel slow compared to other apps and is due to all the work needed to process a page’s HTML, CSS, JS and Fonts. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">What if, instead, we showed an interactive snapshot of the page at startup?</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">We call this snapshot a Freeze Dried Tab as it removes a number of features from a live web page, but provides enough content and interactivity to be more helpful than a static screenshot. The key elements we felt that a screenshot lacked were the ability to navigate through links and scroll through a page’s content beyond what is shown in the viewport (including iframes).</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">A Freeze Dried Tab provides all these capabilities and more. It is faster to start than a live web page and provides enough capabilities to get started with the content until the full page is ready. Once the page is loaded, we then transition to it automatically and seamlessly!</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Testing has shown that by using a Freeze Dried Tab we can speed up the median time taken to draw </span><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">all </span><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">the content of the page to just 2.8s from launch (~20% faster compared to starting to draw normally). Since all the content is there and there’s often no </span><a href="https://web.dev/cls/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">layout shift</span></a><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, it feels even faster!</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 10pt; margin-top: 0pt; text-align: center;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 375px; overflow: hidden; width: 509px;"><img height="375.00000000000006" src="https://lh5.googleusercontent.com/QbxKeKZXZ4NhN9zRNp6VUz3akuLcLpxqXN0njrWmhaRMugktDiMSAot6_MckdyCuz5wccWxSJX7wKzlA0Feow1-fryPWIE758oUolGfvkiKzaMUf-EkPCpVQdBQueIdbpu8b3ydS-BM0c61tMKeO5a7fHUs-LnlLv-o8vA3yP5uthaFfnf1tiYnSspp2yfBGDvo0gJUk4hq0sLDcShbE2ve86DWSMsHfww" style="margin-left: 0px; margin-top: 4.54957e-13px;" width="509" /></span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: center;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The distribution shift in startup time caused by Freeze Dried Tabs.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: white; color: #3c4043; font-family: Arial; font-size: 11pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Data source for all statistics: Real-world data anonymously aggregated from Chrome clients </span><a href="https://www.google.com/chrome/privacy/whitepaper.html#usagestats" style="text-decoration-line: none;"><span style="background-color: white; color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">[1]</span></a></p><br /><h1 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: x-large;">Freeze Dried Tabs - More Details</span></span></h1><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">To Freeze Dry a web page we capture the visual state of the page as a set of vector graphics along with any hyperlinks. We can then</span><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> “reconstitute” (play back) these vector graphics in a lighter-weight fashion by simply rastering the vector graphics. This reduces the rendering cost of showing a full web page (including the content outside the viewport) and still supports hyperlinks.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">This format provides a number of benefits over a screenshot, but is still not as fully featured as a web page. This is why we believe they are an ideal candidate for transitional views where loading the live page might take some time, but we want to have a more interactive view than a screenshot.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 311px; overflow: hidden; width: 624px;"><img height="311" src="https://lh6.googleusercontent.com/5KeJlD-AdYw8lcc89Glf-ZuEQgF64fz_nMdxg8q6Bu4YjjK1yFv8606CYE7Tt0QHVXtlsqCxd6bcjn61M_wZ1ZHqCzRiS_9m80Q4OPB7E7LraWGF2LxFwg-Picn_Rpv9DGU2HUxmQsFzWttOCNEtMPYCJfHJ5XXmBjYFtBzuG0N2n2vYJEoNwXg2aK3kjoj6-ekW9K6soQtC021mcg6C-Vj9EzSo014m8w" style="margin-left: 0px; margin-top: 0px;" width="624" /></span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">*Values are estimates from an emulated Pixel 2 XL running Android P.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: 0.6em; vertical-align: super;">1</span></span><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Utility process is 30 MB overhead with on average ~10 MB of content and 20 MB of bitmaps</span></p><br /><h1 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: x-large;">Key Challenges in Developing the Technology</span></span></h1><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Building this technology was an interesting and challenging experience. In particular, aggregating content from iframes, supporting subframe scrolling, and handling all the geometry is a complicated process.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">However, the most interesting challenges came from performance!</span></p><br /><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Capture</span></h3><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">During capture of the page, saving the content is mostly straightforward; geometry from the DOM with CSS styling is easily converted into vector graphics which are small and easy to store.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Storing images from the page in this format is also straightforward, although high-resolution images are both large (0.1-10 MB) and slow to compress O(100 ms) + MBs of memory overhead. For this reason, images are usually stored without modification in their default encoding; however, sometimes particularly large images might get dropped.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Fonts are files describing how to draw each glyph they contain. These files are particularly large for fonts from languages with a large number of characters such as Chinese or which are composed of images such as emoji. A single English-language font is often around 100 kB in size, and fonts for emoji can easily be several MB. Pages often embed multiple fonts and these fonts are not saved on the local system, so we need to save them as part of the captured data. In early testing, we tried to store every font used in the page to ensure visual fidelity. However, some pages were as large as 100 MB when stored in this manner. This was simply unacceptable from a performance and storage point of view.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">To overcome this challenge we turned to font subsetting. Subsetting strips every unused glyph from a font file. This reduces the data in a font to only what is required by the page. As such, that 100 MB page was reduced to just 400 kB, < 1% of the original size!</span></p><br /><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Playback</span></h3><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Keeping p</span><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">layback performance within a reasonable bound was also a challenge. The vector graphics are rasterized into a bitmap for display; however, at 32-bits per pixel, on a modern phone screen just a single viewport of content is easily larger than 10 MB. To mitigate the memory overhead of these bitmaps, we generate them dynamically as a user scrolls. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">More details: the page’s contents are divided into tiles which are smaller than a single viewport. We generate bitmaps for all tiles currently in the viewport and those for a region around the viewport are prefetched to keep scrolling smooth. Experimentation with compressing the out-of-viewport bitmaps until they were in view showed potential memory savings from 10 MB down to just 100 kB. However, after gathering more performance data it was determined that the compression resulted in a significant increase in browser jankiness and for example [</span><a href="https://web.dev/fid/" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">FID</span></a><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">] due to the additional CPU overhead. Consequently, this behavior was removed in favor of smaller tiles and more proactive discarding of out-of-viewport bitmaps. </span></p><br /><h1 dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="font-size: x-large;">Conclusion</span></span></h1><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Freeze Dried Tabs are a compelling alternative to screenshots particularly for transitional views or places where web content might not be immediately available and waiting for it to become available would be slow. They pro</span><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">vide additional fidelity over a screenshot and allow some useful user behavior such as links and scrolling to behave similarly to how they would in a web page. </span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Currently, Freeze Dried Tabs are being used in Chrome to provide a 20% perceptible speedup in cold startup on Android. We are exploring additional places where this technology might be used.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="color: #424242; font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Posted by Calder Kitagawa, Chrome Software Engineer</span></p><br /></span>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-62422910957648531702022-09-01T14:34:00.000-07:002022-09-01T14:34:18.299-07:00Chrome 106 Beta: New CSS Features, WebCodecs and WebXR Improvements, and More
<p>
Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, ChromeOS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on <a href="https://www.chromestatus.com/features#milestone%3D76">ChromeStatus.com</a>. Chrome 106 is beta as of September 1, 2022. You can <a href="https://www.google.com/chrome/beta/">download the latest on Google.com</a> for desktop or on Google Play Store on Android.
</p>
<h1 id="origin-trials">Origin Trials</h1>
<p>
This version of Chrome supports the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the <a href="https://developers.chrome.com/origintrials/#/trials/active">Chrome Origin Trials dashboard</a>. To learn more about origin trials in Chrome, visit the <a href="https://web.dev/origin-trials/">Origin Trials Guide for Web Developers</a>. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the <a href="https://developer.microsoft.com/en-us/microsoft-edge/origin-trials/">Microsoft Edge Origin Trials Developer Console</a>.
</p>
<h2 id="anonymous-iframes">Anonymous iframes</h2>
<p>
Anonymous iframes give developers a way to load documents in third-party iframes using new and ephemeral contexts. Anonymous iframes are a generalization of COEP, i.e. Cross-Origin-Embedder-Policy: credentialless to support third-party iframes that may not deploy COEP. As with COEP: credentialless, it replaces the opt-in of cross-origin subresources with avoiding loading of non-public resources. This removes the constraint that third party iframes must support COEP in order to be embedded in a COEP page and unblocks developers looking to adopt cross-origin-isolation.
</p>
<p>
The origin trial is expected to last through Chrome 108. To sign up for the origin trial, visit <a href="https://developer.chrome.com/origintrials/#/view_trial/2518638091606949889">its sign up page</a>.
</p>
<h2 id="pop-up-api">Pop-Up API</h2>
<p>
The <a href="https://www.chromestatus.com/feature/5463833265045504">Pop-Up API</a> lets developers build transient user interface elements to display on top of other web app interface elements. This API is useful for creating interactive elements such as action menus, form element suggestions, content pickers, and teaching user interfaces.
</p>
<p>
This API uses a new <code>popup</code> content attribute to enable any element to be displayed in the <a href="https://developer.chrome.com/blog/what-is-the-top-layer/">top layer</a>. This attribute's effect on the pop-up is similar to that of the <code><dialog></code> element, but has several important differences, including light-dismiss behavior, pop-up interaction management, animation, event support, and non-modal mode.
</p>
<p>
The origin trial is expected to last through Chrome 110. To sign up for the origin trial, visit <a href="https://developer.chrome.com/origintrials/#/view_trial/4500221927649968129">its sign up page</a>.
</p>
<h1 id="other-features-in-this-release">Other Features in this Release</h1>
<h2 id="client-hints-persistency-in-android-webview">Client Hints persistency in Android WebView</h2>
<p>
Client Hints are <a href="https://www.chromestatus.com/feature/4936247663919104">now persisted on Android WebView</a>, creating parity with the rest of the web platform. Previously, WebView did not persist the list of Client Hints a page requests, so the initial load of a website would never include Client Hints. Only subresources on a given page would receive them. This undermined the use of the Client Hints system, which is to empower websites to adapt content to the user agent. For more information on Client Hints, see <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Client_hints">HTTP Client hints</a>.
</p>
<h2 id="css">CSS</h2>
<h3 id="grid-template-properties-interpolation">grid-template properties interpolation</h3>
<p>
In CSS Grid, the <code>'grid-template-columns'</code> and <code>'grid-template-rows'</code> properties allow developers to define line names and track sizing of grid columns and rows respectively. <a href="https://www.chromestatus.com/feature/6037871692611584">Supporting interpolation</a> for these properties allows grid layouts to smoothly transition between states, instead of snapping at the halfway point of an animation or transition.
</p>
<h3 id="'ic'-length-unit">'ic' length unit</h3>
<p>
The <code><a href="https://www.chromestatus.com/feature/5193188445257728">'ic' length unit</a></code> expresses CSS lengths relative to the advanced measure of the water ideograph used in some Asian fonts such as Chinese and Japanese. This allows authors to size elements to fit a given number of full width glyphs for such fonts. Gecko and WebKit already support this unit. Adding this to Chrome is part of <a href="https://web.dev/interop-2022/">Interop 2022</a>.
</p><h3 id="‘preserve-parent-color'-value-for-the-‘forced-color-adjust'-css-property">‘preserve-parent-color' value for the ‘forced-color-adjust' CSS property.</h3>
<p>
The <code><a href="https://chromestatus.com/feature/4887620095049728">'preserve-parent-color' value has been added</a></code> to the <code>'forced-color-adjust'</code> CSS property. Previously, when the forced colors mode was enabled, the <code>'color'</code> property was inherited. Now, when the <code>'preserve-parent-color'</code> value is used, the <code>'color'</code> property will use the value of its parent. Otherwise, the <code>'forced-color-adjust: preserve-parent-color'</code> value behaves the same as <code>'forced-color-adjust: none'</code>.
</p><h3 id="unprefix-webkit-hyphenate-character-property">Unprefix -webkit-hyphenate-character property</h3>
<p>
Chrome now supports <a href="https://www.chromestatus.com/feature/5169156928831488">the unprefixed hyphenate-character property</a> in addition to the <code>-webkit-hyphenate-character</code> property. The <code>-webkit-hyphenate-character</code> property will be deprecated at a later date.
</p>
<h2 id="javascript-intl-numberformat-v3-api">JavaScript: Intl.NumberFormat v3 API</h2>
<p>
<code>Intl.NumberFormat</code> has the following <a href="https://www.chromestatus.com/feature/5707621009981440">new features</a>:
</p><ul>
<li>Three new functions to format a range of numbers: <code>formatRange()</code>, <code>formatRangeToParts()</code>, and <code>selectRange()</code>
</li><li>A grouping enum
</li><li>New rounding and precision options
</li><li>Rounding priority
</li><li>Interpretation of strings as decimals
</li><li>Rounding modes
</li><li>Sign display negative (zero shown without a negative sign)</li></ul>
<p>
For more information, see the <a href="https://github.com/tc39/proposal-intl-numberformat-v3/blob/master/README.md">original proposal's README</a>.
</p>
<h2 id="serialport-byob-reader-support">SerialPort BYOB reader support</h2>
<p>
The underlying data source for a <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/ReadableStream">ReadableStream</a></code> provided by a <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/SerialPort">SerialPort</a></code> <a href="https://www.chromestatus.com/feature/6716022686482432">is now a readable byte stream</a>. SerialPort "bring your own buffer" (BYOB) is backwards-compatible with existing code that calls <code>port.readable.getReader()</code> with no parameters. To detect support for this feature, pass <code>'byob'</code> as the mode parameter when calling <code>getReader()</code>. For example:
</p><pre class="prettyprint">port.readable.getReader({ mode: 'byob' });
</pre>
<p>
Older implementations will throw a <code>TypeError</code> when the new parameter is passed.<br /><br />BYOB readers allow developers to specify the buffer into which data is read instead of the stream allocating a new buffer for each chunk. In addition to potentially reducing memory pressure, this allows the developer to control how much data is received because the stream cannot return more than there is space for in the provided buffer. For more information, see <a href="https://web.dev/serial/#:~:text=Bring%20Your%20Own%20Buffer">Read from and write to a serial port</a>.
</p>
<h2 id="webcodecs-dequeue-event">WebCodecs dequeue event</h2>
<p>
A <code>dequeue</code> event and associated callback <a href="https://www.chromestatus.com/feature/5195706034290688">have been added to the audio and video interfaces</a>, specifically: <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/AudioDecoder">AudioDecoder</a></code>, <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/AudioEncoder">AudioEncoder</a></code>, <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/VideoDecoder">VideoDecoder</a></code>, and <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/VideoEncoder">VideoEncoder</a></code>.
</p><p>
<br />Developers may initially queue encoding or decoding work by calling <code>encode()</code> or <code>decode()</code> respectively. The new <code>dequeue</code> event is fired to indicate when the underlying codec has ingested some or all of the queued work. The decrease in the queue size is already reflected by a lower value of <code>encoder.encodeQueueSize</code> and <code>decoder.decodeQueueSize</code> attributes. The new event eliminates the need to call <code>setTimeout()</code> to determine when the queue has decreased (in other words, when they should queue more work).
</p>
<h2 id="webxr-raw-camera-access">WebXR Raw Camera Access</h2>
<p>
Applications using the WebXR Device API can <a href="https://chromestatus.com/feature/5759984304390144">now access pose-synchronized camera image textures</a> in the contexts that also allow interacting with other AR features provided by WebXR.
</p>
<h1 id="deprecations-and-removals">Deprecations, and Removals</h1>
<p>
This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of <a href="https://www.chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22">current deprecations</a> and <a href="https://www.chromestatus.com/features#browsers.chrome.status:%22Removed%22">previous removals</a>.
</p>
<h2 id="remove-non-ascii-characters-in-cookie-domain-attributes">Remove non-ASCII characters in cookie domain attributes</h2>
<p>
To align with the latest spec (<a href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis/#section-5.5">RFC 6265bis</a>), <a href="https://www.chromestatus.com/feature/5534966262792192">Chromium now rejects</a> cookies with a <code>Domain</code> attribute that contains non-ASCII characters (for example, <code>éxample.com</code>).
</p>
<p>
Support for IDN domain attributes in cookies has been long unspecified, with Chromium, Safari, and Firefox all behaving differently. This change standardizes Firefox's behavior of rejecting cookies with non-ASCII domain attributes.<br /><br />Since Chromium has previously accepted non-ASCII characters and tried to convert them to normalized punycode for storage, we will now apply stricter rules and require valid ASCII (punycode if applicable) domain attributes.
</p>
<h2 id="remove-http-2-push">Remove HTTP/2 push</h2>
<p>
Chrome has <a href="https://www.chromestatus.com/feature/6302414934114304">removed the ability</a> to receive, keep in memory, and use HTTP/2 push streams sent by the server. See <a href="https://developer.chrome.com/blog/removing-push/">Removing HTTP/2 Server Push from Chrome</a> for details and suggested alternative APIs.
</p><p></p><p></p><p></p><p></p>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-79767129429446745852022-08-05T13:33:00.002-07:002022-08-09T09:44:57.174-07:00Chrome 105 Beta: Custom Highlighting, Fetch Upload Streaming, and More<p>Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on <a href="https://www.chromestatus.com/features#milestone%3D76">ChromeStatus.com</a>. Chrome 105 is beta as of August 5th, 2022. You can <a href="https://www.google.com/chrome/beta/">download the latest on Google.com</a> for desktop or on Google Play Store on Android. </p>
<h1>Custom Highlight API</h1>
<p>The <a href="https://www.chromestatus.com/feature/5436441440026624">Custom Highlight API</a> extends the concept of highlighting pseudo-elements by providing a way to style the text of arbitrary ranges, rather than being limited to the user agent-defined <code>::selection</code>, <code>::inactive-selection</code>, <code>::spelling-error</code>, and <code>::grammar-error</code>. This is useful in a variety of scenarios, including editing frameworks that wish to implement their own selection, find-in-page over virtualized documents, multiple selection to represent online collaboration, or spell checking frameworks.<br />
<br />
Without this feature, web developers and framework authors are forced to modify the underlying structure of the DOM tree to achieve the rendering they desire. This is complicated in cases where the desired highlight spans across multiple subtrees, and it also requires DOM updates to adjust highlights as they change. The custom highlight API provides a programmatic way of adding and removing highlights that does not affect the underlying DOM structure, but instead applies styles to text based on range objects.</p>
<p>In 105, only the color and background-color pseudo elements are supported. Support for other items will be added later.</p>
<h1>Container Queries</h1>
<p>Container queries allow authors to style elements according to the size of a container element. This capability means that a component owns its responsive styling logic. This makes the component much more resilient, as the styling logic is attached to it, no matter where it appears on the page. </p>
<p>Container queries are similar to media queries, but evaluate against the size of a container rather than the size of the viewport. A known issue is that container queries do not work when an author combines it with table layout in a multicolumn layout. We expect to fix this in 106. For more information, see <a href="https://developer.chrome.com/blog/has-with-cq-m105">@container and :has(): two powerful new responsive APIs</a>. For other CSS features in this release, see below.</p>
<h1>:has() Pseudo Class</h1>
<p>The <code>:has()</code> pseudo class specifies an element having at least one element that matches the relative selector passed as an argument. Unlike other selectors, the <code>:has()</code> pseudo class applies, for a specified element, a style rule to preceding elements, specifically, siblings, ancestors, and preceding siblings of ancestors. For example, the following rule matches only anchor tags that have an image tag as a child. </p>
<pre>a:has(> img)
</pre>
<p>For more information, see <a href="https://developer.chrome.com/blog/has-with-cq-m105">@container and :has(): two powerful new responsive APIs</a>. For other CSS features in this release, see below.</p>
<h1>Fetch Upload Streaming </h1>
<p>Fetch upload streaming lets web developers make a fetch with a <code><a href="https://developer.mozilla.org/en-US/docs/Web/API/ReadableStream">ReadableStream</a></code> body. Previously, you could only start a request once you had the whole body ready to go. But now, you can start sending data while you're still generating the content, improving performance and memory usage.</p>
<p>For example, an online form could initiate a fetch as soon as a user focuses a text input field. By the time the user clicks enter, <code>fetch()</code> headers would already have been sent. This feature also allows you to send content as it's generated on the client, such as audio and video. For more information, see <a href="https://web.dev/fetch-upload-streaming">Streaming requests with the fetch API</a>.</p>
<h1>Window Controls Overlay for Installed Desktop Web Apps</h1>
<p>Window controls overlay extends an app's client area to cover the entire window, including the title bar, and the window control buttons (close, maximize/restore, minimize). The web app developer is responsible for drawing and input handling for the entire window except for the window controls overlay. Developers can use this feature to make their installed desktop web apps look like operating system apps. For more information, see <a href="https://web.dev/window-controls-overlay/">Customize the window controls overlay of your PWA's title bar</a>.</p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgw6Cad1Wg5uzl7KrXRcLlMBnVW1U4Fwu1JJO_qza-IJifORk_yq3884EYYONblMHAi-Mc6-l-_CLmDBe_xuuKCQYj6JYoHmfGuFHh_EYkcz02A_ETOpW-laBFcnQeBdF_JyAbzk3Q-bUlmgfHsWyIdRhX27bHwfmMg_zEp8cFtC5RZJfd9gt1G-aczKQ/s1600/overlay.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="364" data-original-width="1600" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgw6Cad1Wg5uzl7KrXRcLlMBnVW1U4Fwu1JJO_qza-IJifORk_yq3884EYYONblMHAi-Mc6-l-_CLmDBe_xuuKCQYj6JYoHmfGuFHh_EYkcz02A_ETOpW-laBFcnQeBdF_JyAbzk3Q-bUlmgfHsWyIdRhX27bHwfmMg_zEp8cFtC5RZJfd9gt1G-aczKQ/w651-h148/overlay.png" width="651" /></a></div>
<h1>Origin Trials</h1>
<p>No origin trials are beginning in this version of Chrome. However there are a number of ongoing origin trials which you can find on the <a href="https://developers.chrome.com/origintrials/#/trials/active">Chrome Origin Trials dashboard</a>. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To learn more about origin trials in Chrome, visit the <a href="https://web.dev/origin-trials/">Origin Trials Guide for Web Developers</a>. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the <a href="https://developer.microsoft.com/en-us/microsoft-edge/origin-trials/">Microsoft Edge Origin Trials Developer Console</a>. </p>
<h2>Completed Origin Trials</h2>
<p>The following features, previously in a Chrome origin trial, are now enabled by default.</p>
<h2>Media Source Extensions in Workers</h2>
<p>The Media Source Extensions (MSE) API is <a href="https://www.chromestatus.com/feature/5177263249162240">now available from <code>DedicatedWorker</code> contexts</a> to enable improved performance of buffering media for playback by an <code>HTMLMediaElement</code> on the main Window context. By creating a <code>MediaSource</code> object in a <code>DedicatedWorker</code>, an application may then obtain a <code>MediaSourceHandle</code> from it and call <code>postMessage()</code> to transfer it to the main thread for attaching to an <code>HTMLMediaElement</code>. The context that created the <code>MediaSource</code> object may then use it to buffer media.</p>
<h2>Viewport-height Client Hint</h2>
<p>Chrome supports the new <a href="https://www.chromestatus.com/feature/5646861215989760"><code>Sec-CH-Viewport-Height</code> client hint</a>. This is a counterpart to the <code>Sec-CH-Viewport-Width</code> previously introduced in Chrome. Together they provide information about a viewport's size to an origin. To use these hints, pass <code>Sec-CH-Viewport-Height</code> or <code>Sec-CH-Viewport-Width</code> to the <code>Accept-CH</code> header. </p>
<h1>Other Features in this Release</h1>
<h2>Accurate Screen Labels for Multi-Screen Window Placement</h2>
<p>This release enhances the screen label strings provided by the <a href="https://web.dev/multi-screen-window-placement/">Multi-Screen Window Placement API</a>. Specifically, it refines <code>ScreenDetailed.label</code> property by replacing the previous placeholders with information from the device's Extended Display Identification Data (EDID) or from a higher-level operating system API. For example, instead of returning "External Display 1", the label property will now return something like "HP z27n" or "Built-in Retina Display". These more accurate labels match those shown by operating systems in display settings dialog boxes. The labels are only exposed to sites that have been granted the <code>"window-placement"</code> permission by the user.</p>
<h2>CSS: Preventing Overscroll Effects for Fixed Elements</h2>
<p>Setting an element's <code>position</code> CSS property to <code>fixed</code> (unless the element's <a href="https://developer.mozilla.org/en-US/docs/Web/CSS/Containing_block">containing block</a> is not the root) will now prevent it from performing the effects specified by overscroll-behavior. In particular, <code>fixed-position</code> elements will not move during overscroll effects.</p>
<h2>DisplayMediaStreamConstraints.systemAudio</h2>
<p>A <a href="https://www.chromestatus.com/feature/4649448880734208">new constraint is being added</a> to <code>MediaDevices.getDisplayMedia()</code> to indicate whether system audio should be offered to the user. User agents sometimes offer audio for capturing alongside video. But not all audio is created alike. Consider video-conferencing applications. Tab audio is often useful, and can be shared with remote participants. But system audio includes participants' own audio, and may not be appropriate to share back. To use the new constraint, pass <code>systemAudio</code> as a constraint. For example:</p>
<pre>const stream = await navigator.mediaDevices.getDisplayMedia({
video: true,
audio: true,
systemAudio: "exclude" // or "include"
});</pre>
<p>This feature is only supported on desktop.</p>
<h2>Expose TransformStreamDefaultController</h2>
<p>To conform with spec the <code>TransformStreamDefaultController</code> class is <a href="https://www.chromestatus.com/feature/5130793182035968">now available on the global scope</a>. This class already exists and can be accessed using code such as<br />
<br />
<code>let TransformStreamDefaultController;<br />
new TransformStream({ start(c) { TransformStreamDefaultController = c.constructor; } });</code><br />
<br />
This change makes such code unnecessary since <code>TransformStreamDefaultController</code> is now on the global scope. Possible uses for this class include monkey patching properties onto <code>TransformStreamDefaultController.prototype</code>, or feature-testing existing properties of it more easily. Note that the class is not constructible. In other words, this throws an error:</p>
<p><code>new TransformStreamDefaultController()</code> </p>
<h2>HTML Sanitizer API </h2>
<p>The HTML Sanitizer API is an easy to use and safe way to remove executable code from arbitrary, user-supplied content. The goal of the API is to make it easier to build web applications that are free of cross-site scripting vulnerabilities and ship part of the maintenance burden for such apps to the platform. </p>
<p>In this release, only basic functionality is supported, specifically <a href="https://developer.mozilla.org/en-US/docs/Web/API/Element/setHTML"><code>Element.setHTML()</code></a>. The Sanitize interface will be added at a later stage. Namespaced content (SVG + MathML) is not yet supported, only HTML. For more information on the API, see <a href="https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API">HTML Sanitizer API - Web APIs</a>.</p>
<h2>import.meta.resolve()</h2>
<p>The <a href="https://www.chromestatus.com/feature/5086507990777856"><code>import.meta.resolve()</code> method</a> returns the URL to which the passed specifier would resolve in the context of the current script. That is, it returns the URL that would be imported if you called <code>import()</code>. A specifier is a URL beginning with a valid scheme or one of <code>/</code>, <code>./</code>, or <code>../</code>. See the HTML spec for <a href="https://html.spec.whatwg.org/#resolve-a-module-specifier">examples</a>.</p>
<p>This method makes it easier to write scripts which are not sensitive to their exact location, or to the web application's module setup. Some of its capabilities are doable today, in a longer form, by combining <code>new URL()</code> and the existing <code>import.meta.url()</code> method. But the integration with import maps allows resolving URLs that are affected by import maps.</p>
<h2>Improvements to the Navigation API</h2>
<p>Chrome 105 introduces two new methods on the NavigateEvent of the <a href="https://developer.chrome.com/docs/web-platform/navigation-api/">Navigation API</a> (introduced in 102) to improve on methods that have proved problematic in practice. <code>intercept()</code>, which let's developers control the state following the navigation, replaces <code>transitionWhile()</code>, which proved difficult to use. The <code>scroll()</code> method, which scrolls to an anchor specified in the URL, replaces <code>restoreScroll()</code> which does not work for all types of navigation. For explanations of the problems with the existing methods and examples of using the new, see <a href="https://developer.chrome.com/blog/navigateevent-intercept/">Changes to NavigateEvent</a>.</p>
<p>The <code>transitionWhile()</code> and <code>restoreScroll()</code> methods are also deprecated in this release. We expect to remove them in 108. See below for <a href="#Deprecations-and-Removals">other deprecations and removals</a> in this release.</p>
<h2>onbeforeinput Global Event Handler Content Attribute</h2>
<p>The <a href="https://www.chromestatus.com/feature/6627326972919808"><code>nbeforeinput</code> global content attribute is now supported</a> in Chrome. The <code>beforeinput</code> form was already available via <code>addEventListener()</code>. Chrome now also allows feature detection by testing against d<code>ocument.documentElement.onbeforeinput</code></p>
<h2>Opaque Response Blocking v0.1</h2>
<p><a href="https://chromestatus.com/feature/4933785622675456">Opaque Response Blocking (ORB)</a> is a replacement for Cross-Origin Read Blocking (CORB). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of "no-cors" subresources. </p>
<h2>Picture-in-Picture API Comes to Android</h2>
<p>The Picture-in-Picture API allows websites to create a floating video window that is always on top of other windows so that users may continue consuming media while they interact with other sites or applications on their device. This feature has been available on desktop since Chrome 70. It's now available for Chrome running on Android 11 or later. This change only applies to <code><video></code> elements. For information on using the Picture-in-Picture API, see <a href="https://developer.chrome.com/blog/watch-video-using-picture-in-picture/">Watch video using Picture-in-Picture</a>.</p>
<h2>Response.json()</h2>
<p>The <code>Response()</code> constructor allows for creating the body of the response from many types; however the existing <code>response.json()</code> instance method does not let you directly create a JSON object. The <a href="https://www.chromestatus.com/feature/5197912798658560"><code>Response.json()</code> static method</a> fills this gap. </p>
<p>Response.json() returns a new Response object and takes two arguments. The first argument takes a string to convert to JSON. The second is an optional initialization object.</p>
<h2>Syntax Changes to Markup Based Client Hints Delegation</h2>
<p>The <a href="https://www.chromestatus.com/feature/6308751530262528">syntax for the delegation of client hints to third-party content</a> that requires client information lost by user agent reduction, which shipped in Chrome 100, is changing.</p>
<p><strong>Previous syntax:</strong><br />
<code><meta name="accept-ch" value="sec-ch-dpr=(https://foo.bar https://baz.qux), sec-ch-width=(https://foo.bar)"></code><br />
<br />
<strong>New syntax:</strong><br />
<code><meta http-equiv="delegate-ch" value="sec-ch-dpr https://foo.bar https://baz.qux; sec-ch-width https://foo.bar"></code></p>
<h2>Writable Directory Prompts for the File System Access API</h2>
<p>Chromium now allows <a href="https://chromestatus.com/feature/6383970247770112">returning a directory with both read and write permissions</a> in a single prompt for the <a href="https://developer.mozilla.org/en-US/docs/Web/API/File_System_Access_API">File System Access API</a>. Previously, <code>Window.showDirectoryPicker()</code> returned a read-only directory (after showing a read access prompt), requiring a second prompt to get write access. This double prompt is a poor user experience and contributes to confusion and permission fatigue among users.</p>
<h1>Deprecations, and Removals</h1>
<p>This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of planned deprecations, <a href="https://www.chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22">current deprecations</a> and <a href="https://www.chromestatus.com/features#browsers.chrome.status:%22Removed%22">previous removals</a>.</p>
<h2>Remove WebSQL in Non-secure Contexts</h2>
<p>WebSQL in non-secure contexts <a href="https://www.chromestatus.com/feature/5175124599767040">is now removed</a>. The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated it in 2019. The W3C encourages Web Storage and Indexed Database for those needing alternatives.</p>
<p>Developers should expect that WebSQL itself will be deprecated and removed when usage is low enough.</p>
<h2>CSS Default Keyword is Disallowed in Custom Identifiers</h2>
<p>The CSS keyword <a href="https://chromestatus.com/feature/5096490737860608"><code>'default'</code> is no longer allowed</a> within CSS custom identifiers, which are used for many types of user-defined names in CSS (for example, names created by <code>@keyframes</code> rules, counters, <code>@container</code> names, custom layout or paint names). This adds <code>'default'</code> to the list of names that are restricted from use in custom identifiers, specifically <code>'inherit'</code>, <code>'initial'</code>, <code>'unset'</code>, <code>'revert'</code>, and <code>'revert-layer'</code>.</p>
<h2>Deprecations in the Navigation API</h2>
<p>The <code>transitionWhile()</code> and <code>restoreScroll()</code> methods are also deprecated in this release, and we expect to remove them in 108. Developers who need this functionality should use the new <code>intercept()</code> and <code>scroll()</code> methods. For explanations of the problems with the existing methods and examples of using the new, see <a href="https://developer.chrome.com/blog/navigateevent-intercept/">Changes to NavigateEvent</a> .</p>
<h2>Deprecate Non-ASCII Characters in Cookie Domain Attributes</h2>
<p>To align with the latest spec (<a href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis/#section-5.5">RFC 6265bis</a>), <a href="https://www.chromestatus.com/feature/5534966262792192">Chromium will soon reject</a> cookies with a <code>Domain</code> attribute that contains a non-ASCII character (for example, <code>Domain=éxample.com</code>).<br />
Support for IDN domain attributes in cookies has been long unspecified, with Chromium, Safari, and Firefox all behaving differently. This change standardizes Firefox's behavior of rejecting cookies with non-ASCII domain attributes.<br />
<br />
Since Chromium has previously accepted non-ASCII characters and tried to convert them to normalized punycode for storage, we will now apply stricter rules and require valid ASCII (punycode if applicable) domain attributes.</p>
<p>A warning is printed to the console starting in 105. Removal is expected in 106. </p>
<h2>Remove Gesture Scroll DOM Events</h2>
<p>The gesture scroll DOM events <a href="https://chromestatus.com/feature/5166018807726080">have been removed from Chrome</a>, specifically, <code>gesturescrollstart</code>, <code>gesturescrollupdate</code> and <code>gesturescrollend</code>. These were non-standard APIs that were added to Blink for use in plugins, but had also been exposed to the web. </p>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.comtag:blogger.com,1999:blog-2471378914199150966.post-73514593721209613542022-06-23T15:04:00.002-07:002022-07-20T09:43:34.710-07:00Chrome 104 Beta: New Media Query Syntax, Region Capture, and More<p>Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on <a href="https://www.chromestatus.com/features#milestone%3D76">ChromeStatus.com</a>. Chrome 104 is beta as of June 23, 2022. You can <a href="https://www.google.com/chrome/beta/">download the latest on Google.com</a> for desktop or on Google Play Store on Android. </p>
<h1>Region Capture</h1>
<p>Chrome on Desktop can now crop self-captured video tracks. Web apps are already able to capture video in a tab using <code>getDisplayMedia()</code>. Region capture allows web apps to crop a track and remove content from it, typically before sharing it remotely. </p>
<p>For example, consider a productivity web app with built-in video conferencing. During a video conference, a web app could use cropping to exclude the video conferencing portion of the screen (outlined in red below) avoiding a hall-of-mirrors effect. For more information, see <a href="https://developer.chrome.com/docs/web-platform/region-capture/">Better tab sharing with Region Capture</a>.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgahf8S_W0OwGCUp7HAQGJRFoi3qKbWWbcvI0mGRS95y5hjltIaPR-7uuq-R95UDaX3u8ZjAkTEqleyg-CInac2RDKiB_T31dA2gm-WrNlBhES5hrECaKCaTBdX5ZyhTH5WyUs2jovh0v1aAme3F92uZOXOTwN4PN5DYziAvWwxvYDSk2s60q4CD3YBaQ/s845/region-capture.png" style="margin-left: 1em; margin-right: 1em;"><img alt="A region capture window: broadcast content in blue, cropped content in red." border="0" data-original-height="599" data-original-width="845" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgahf8S_W0OwGCUp7HAQGJRFoi3qKbWWbcvI0mGRS95y5hjltIaPR-7uuq-R95UDaX3u8ZjAkTEqleyg-CInac2RDKiB_T31dA2gm-WrNlBhES5hrECaKCaTBdX5ZyhTH5WyUs2jovh0v1aAme3F92uZOXOTwN4PN5DYziAvWwxvYDSk2s60q4CD3YBaQ/s16000/region-capture.png" title="When broadcasting content, the red portion will be cropped." /></a></div><br /><p><br /></p>
<h1>Media Queries Level 4 Syntax and Evaluation</h1>
<p>Media Queries enable <a href="https://web.dev/learn/design/">responsive design</a>, and the range features that enable testing the minimum and maximum size of the viewport are used <a href="https://almanac.httparchive.org/en/2021/css#media-features-in-use">by around 80% of sites</a> that use media queries. </p>
<p>The Media Queries Level 4 specification includes a new syntax for these range queries. They can now be written using ordinary mathematical comparison operators. Also supported are the logical operators <code>or</code> and <code>not</code>, and nesting and evaluation of "unknown" features. For example, a media query previously written like this:</p>
<pre>@media (min-width: 400px) { … }
</pre>
<p>Can now be written like this:</p>
<pre>@media (width >= 400px) { … }
</pre>
<p>For more information, see <a href="http://developer.chrome.com/blog/media-query-range-syntax/">New syntax for range media queries in Chrome 104</a>. </p>
<h1>Origin Trials</h1>
<p>This version of Chromium supports the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chromium, including the ones described below, visit the <a href="https://developers.chrome.com/origintrials/#/trials/active">Chrome Origin Trials dashboard</a>. To learn more about origin trials in Chrome, visit the <a href="https://web.dev/origin-trials/">Origin Trials Guide for Web Developers</a>. Microsoft Edge runs its own origin trials separate from Chrome. To learn more, see the <a href="https://developer.microsoft.com/en-us/microsoft-edge/origin-trials/">Microsoft Edge Origin Trials Developer Console</a>. </p>
<h2>New Origin Trials</h2>
<h3>Focusgroup</h3>
<p>The <code>focusgroup</code> CSS property improves keyboard focus navigation using the keyboard arrow keys among a set of focusable elements. Adding this feature to browsers allows web developers to control focus navigation without custom solutions that can lead to a lack of consistency, accessibility, and interoperability. <a href="https://developer.microsoft.com/en-us/microsoft-edge/origin-trials/html-focusgroup-attribute/registration/">Sign up here</a> for the Microsoft Edge origin trial. It's scheduled to last through 107.</p>
<h3>Opt Out of Credit Card Storage</h3>
<p>Secure Payment Confirmation now supports a means for users to opt out of storing their credit card data to make later purchases easier. To use the new feature, set <code>showOptOut</code> to <code>true</code> on <code>methodData.data</code>, which is passed as the first parameter of the <code>PaymentRequest()</code> constructor. For example:</p>
<pre>const methodata = [{
…
data: {
…
showOptOut: true
…
}
}];
const request = new PaymentRequest(methodData, details);
</pre>
<p>To see an example in context <a href="https://rsolomakhin.github.io/pr/spc-opt-out/">check out the demo</a>. You can <a href="https://developer.chrome.com/origintrials/#/view_trial/3293257227514675201">sign up here</a> for the origin trial. It's scheduled to last through Chrome 106.</p>
<h3>Shared Element Transitions</h3>
<p>Shared Element Transitions enables the creation of polished transitions in single-page applications (SPAs). Minimal development effort is required by devs to make transitions look nice; they can choose to use default animation properties, or they can customize their own transition effects to achieve the desired transition experience.Transitions are set declaratively using CSS properties. For more information, see <a href="https://github.com/WICG/shared-element-transitions/blob/main/explainer.md">Shared Element Transitions</a>. Visit the dashboard to <a href="https://www.google.com/url?q=https://chromestatus.com/feature/5193009714954240&sa=D&source=docs&ust=1655396015685272&usg=AOvVaw3HhlvSDCzPW65WHM23ioHj">sign up for the origin trial</a>.</p>
<h2>Completed Origin Trials</h2>
<p>The following features, previously in a Chrome origin trial, are now enabled by default.</p>
<h3>Speculation Rules</h3>
<p>Speculation rules provide a mechanism for web content to permit <a href="https://www.chromestatus.com/feature/5740655424831488">prefetching or prerendering of certain URLs</a>. For example:</p>
<pre><script type="speculationrules">
{
"prefetch": [
{"source": "list", "urls": ["/weather/kitchener", "/weather/seattle", "/weather/tokyo"]}
]
}
</script>
</pre>
<h3>Subresource Loading with Web Bundles</h3>
<p>Subresource loading with web bundles is a way to load many resources efficiently. To use the feature a web page declares that certain resources are provided by a web bundle at a particular URL. For example:</p>
<pre><script type="webbundle">
{
"source": "https://example.com/dir/subresources.wbn",
"resources": ["https://example.com/dir/a.js", "https://example.com/dir/b.js", "https://example.com/dir/c.png"]
}
</script>
</pre>
<p>For information on creating web bundles, see <a href="https://web.dev/web-bundles/">Get started with Web Bundles</a>. For more information on subresource loading using web bundles, see <a href="https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/content/browser/web_package/subresource_loading_origin_trial.md">Origin Trial for Subresource Loading with Web Bundles</a>.</p>
<h1>Other Features in this Release</h1>
<h2>Cookie Expires/Max-Age Attribute Upper Limit</h2>
<p>When cookies are set with an explicit Expires/Max-Age attribute <a href="https://www.chromestatus.com/feature/4887741241229312">the value will now be capped</a> to no more than 400 days. Previously, there was no limit and cookies could expire as much as multiple millennia in the future. This follows a <a href="https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-expires-attribute:~:text=The%20limit%20SHOULD%20NOT%20be%20greater%20than%20400%20days%20(34560000%20seconds)%20in%20the%20future.">change in the spec</a>.<br />
<br />
400 days was chosen as a round number close to 13 months. This duration ensures that sites visited roughly once a year (for example, sites for choosing health insurance benefits) will continue to work.</p>
<h2>CSS object-view-box</h2>
<p>The <a href="https://www.chromestatus.com/feature/5213032857731072"><code>object-view-box</code> property</a> allows authors to specify a portion of an image that should draw within the content box of a target replaced element. This enables creation of images with a custom glow or shadow applied, with proper <code>ink-overflow</code> behavior such as a CSS shadow would have. For more information, see <a href="https://ishadeed.com/article/css-object-view-box/">First Look At The CSS object-view-box Property</a>.</p>
<h2>Fullscreen Capability Delegation</h2>
<p><a href="https://www.chromestatus.com/feature/6441688242323456">Fullscreen Capability Delegation</a> allows a Window to transfer the ability to call <code>requestFullscreen()</code> to another Window it trusts after relinquishing the transient user activation at the sender Window. This feature is based on the <a href="https://chromestatus.com/feature/5708770829139968">general delegation mechanism</a> that shipped in Chrome 100.</p>
<h2>Multi-Screen Window Placement: Fullscreen Companion Window</h2>
<p>Fullscreen Companion Window allows sites to place fullscreen content and a popup window on separate screens from a single user activation. There is a <a href="https://michaelwasserman.github.io/window-placement-demo/">demo available</a> with <a href="https://github.com/michaelwasserman/window-placement-demo">source code</a> on GitHub.</p>
<h2>Permissions Policy for Web Bluetooth API</h2>
<p>Web Bluetooth is <a href="https://www.chromestatus.com/feature/6439287120723968">now controllable with a Permissions Policy</a>. The token is named <code>"bluetooth"</code> and has a default allowlist of <code>'self'</code>.</p>
<h2>visual-box on overflow-clip-margin</h2>
<p>The <a href="https://www.chromestatus.com/feature/5082351989161984"><code>overflow-clip-margin</code> property</a> specifies how far an element's content is allowed to paint before being clipped. This feature allows using <code>visual-box</code> values to configure the reference box that defines the overflow clip edge the content is clipped to. </p>
<h2>Web Custom Formats for Async Clipboard API</h2>
<p><a href="https://www.chromestatus.com/feature/5649558757441536">Web Custom Formats</a> lets websites read and write arbitrary unsanitized payloads using a standardized web custom format, as well as read and write a limited subset of OS-specific formats (for supporting legacy apps).<br />
<br />
The name of the clipboard format is mangled by the browser in a standardized way to indicate that the content is from the web. This allows platform applications to opt-in to accepting the unsanitized content.</p>
<p>Some web app developers want to exchange data payloads between web and platform applications via operating system clipboards. The <a href="https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API">Clipboard API</a> supports the most popular standardized data types (text, image, rich text) across all platforms. However, this API does not scale to the long tail of specialized formats. In particular, custom formats, non-web-standard formats like TIFF (a large image format), and proprietary formats like <code>docx</code> (a document format), are not supported by the current Web Platform.</p>
<h2>WebGL Canvas Color Management</h2>
<p>As per the spec, Chromium's implementation of WebGL <a href="https://chromestatus.com/feature/4814886323355648">now allows specifying</a>:</p>
<ul>
<li>The color space of a drawing buffer.</li>
<li>The color space that content should be converted to when importing as a texture.</li>
</ul>
<p>Before this version of Chrome, both of these defaulted to sRGB. Now they can also use "display-p3".</p>
<h1>Deprecations, and Removals</h1>
<p>This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of <a href="https://www.chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22">current deprecations</a> and <a href="https://www.chromestatus.com/features#browsers.chrome.status:%22Removed%22">previous removals</a>.</p>
<h2>Block Third-Party Contexts Navigating to Filesystem URLs</h2>
<p>iframes can <a href="https://chromestatus.com/feature/5816343679991808">no longer navigate to filesystem URLs</a>. Top frame support for navigating to filesystem URLs was dropped in Chrome 68.</p>
<h2>Remove Non-Standard Client Hint Mode</h2>
<p>Four client hints (<code>dpr</code>, <code>width</code>, <code>viewport-width</code>, and <code>device-memory</code>) have a default allowlist of <code>self</code> but behave as though they have a default allowlist of <code>*</code> on Android, contrary to the spec. <a href="https://www.chromestatus.com/feature/5694492182052864">This is now fixed</a>, increasing privacy on Android by requiring explicit delegation of these hints.</p>
<h2>Remove U2F API (Cryptotoken)</h2>
<p>Chrome's legacy U2F API for interacting with security keys <a href="https://www.chromestatus.com/feature/5759004926017536">is no longer supported</a>. U2F security keys themselves are not deprecated and will continue to work.</p>
<p>Affected sites should migrate to the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API">Web Authentication API</a>. Credentials that were originally registered via the U2F API can be challenged via web authentication. USB security keys that are supported by the U2F API are also supported by the Web Authentication API.</p>
<p>U2F is Chrome's original security key API. It allows sites to register public key credentials on USB security keys and challenge them for building phishing-resistant two-factor authentication systems. U2F never became an open web standard and was subsumed by the Web Authentication API (launched in Chrome 67). Chrome never directly supported the FIDO U2F JavaScript API, but rather shipped a component extension called cryptotoken, which exposes an equivalent <code>chrome.runtime.sendMessage()</code> method. U2F and Cryptotoken are firmly in maintenance mode and have encouraged sites to migrate to the Web Authentication API for the last two years.</p>Chromium Bloghttp://www.blogger.com/profile/06394244468194711527noreply@blogger.com