Skip to main content

Posts

Latest Chrome Update Puts Privacy First with Auto HTTPS Switch

Google has just released the latest update to its Chrome browser, and it comes with a neat little feature that’s going to make your internet browsing a whole lot safer. In Chrome 115, the browser will now automatically shift to use "HTTPS" for all websites, whenever it's possible. You might have noticed that some websites in your address bar start with "http://" and some with "https://". The "s" stands for "secure" - it means that the data being sent between your browser and the website is encrypted, making it safer from people trying to snoop on your internet traffic. Previously, the Chrome browser would rely on websites to tell it whether to use this secure "HTTPS" connection or not. But there were instances where a site might support the secure "HTTPS" version, yet your browser still used the less secure "http". That's because the site didn't explicitly tell Chrome to switch to the safer vers

Chrome's Safety Check to Show Number of Reused Passwords

Chrome is working to introduce an enhanced feature to its 'Safety Check'. Chrome will display the number of reused passwords in the password check row during a safety check, Techtsp has spotted and analyzed the code of the recently merged Chromium commit. Safety Check is an integral feature of  Chrome designed to monitor and enhance password security. It analyses various factors such as compromised passwords, weak passwords, and with the forthcoming update, it will extend its reach to reused passwords. When one account's security is compromised, the reuse of its password across multiple accounts potentially allows cyber attackers to access all connected accounts. Once released, this feature is expected to provide users with a clear insight into their password usage habits. By displaying the number of reused passwords during a Safety Check, users will have an enhanced visibility of their potential security vulnerabilities. With this information at their fingertips, they can

Exclusive: Desktop PWAs to Support "Borderless Mode" Starting with Chrome 115

Chrome is set to introduce a new  Borderless Mode  feature that could revolutionize the user interface of installed desktop web apps, Techtsp is able to report on the development. This feature is currently being tested and is rolling out with  Chrome 115 . With borderless mode enabled, the client area of the app will extend to cover the entire window. This includes the title bar area and windowing control buttons such as close, maximize/restore, and minimize. It provides the ability for developers to custom-draw and handle input for the entire window, resulting in Progressive Web Applications (PWAs) that feel more akin to native apps. The borderless mode re-uses capabilities built with window-controls-overlay, like draggable regions. It also involves new web app manifest entry and changes to frame (hiding the native title bar). The changes associated with this feature will only be enabled for PWAs that opt in, ensuring minimal risks to the browser as a whole. The borderless mode featur

Borderless Mode in Progressive Web Apps (PWAs)

Are you tired of the traditional title bar in apps? Do you wish for more freedom in how you display your apps? If so, you're not alone! Many developers are looking for ways to break free from the constraints of the traditional title bar. One innovative new concept that's gaining traction is borderless mode. Borderless mode removes the title bar altogether, giving developers more flexibility in how they design their apps. This could lead to a whole new era in app aesthetics and functionality. Whether you're a developer or just curious about the future of web applications, this post is for you! Title Bars in Web Apps: A Necessary Evil? Have you ever used a web app? If so, you've probably seen the title bar—that bar at the top of the app window that has buttons and info. Until now, all web app display modes have required this title bar in one form or another. While the title bar is useful, it can sometimes restrict the creative freedom of app developers and might not prov

Chrome Plans to Introduce "requestStorageAccessFor" Feature to Enhance Cross-Site Cookie Access

The Chromium team at Google has plans to introduce a new feature called requestStorageAccessFor , Techtsp has spotted. This feature is an extension to the Storage Access API and aims to improve access to unpartitioned ("first-party") cookies on behalf of embedded sites. The feature is currently under development. The Storage Access API, supported by multiple browsers, allows websites to request access to cookies from cross-site origins. However, there have been limitations in accessing authenticated and personalized content served from cross-site origins. The new "requestStorageAccessFor" feature aims to address these limitations and unblock certain cross-site, same-First-Party Set use cases. With "requestStorageAccessFor," a top-level site can request access to unpartitioned cookies on behalf of embedded sites. Browsers will have the discretion to grant or deny access, taking into account factors such as First-Party Set membership. This feature enables to

Understanding the requestStorageAccessFor API

Privacy is a hot topic on the web, and user agents often prevent content from accessing non-same site data stored in cookies. This can break embedded content, such as iframes, scripts, or images, which rely on having access to non-same site cookies. To address this issue, the Privacy Community Group has proposed a new API called requestStorageAccessFor . This API would allow top-level sites to request access to cross-site cookies on behalf of embedded origins. This specification is still in draft status, but it is intended to be merged into the HTML Living Standard. It is not yet a part of the WHATWG Living Standard or the W3C standards track. How does requestStorageAccessFor API work The requestStorageAccessFor  API allows a document to request access to unpartitioned data, which is client-side storage available to a site if it were loaded in a first-party-site context, on behalf of another origin. In simpler terms, a document can ask another document for access to its data. Let's

Smart Card Authentication Coming to Chromium-based Browsers like Chrome, Edge

Chromium-based web browsers including Chrome and Edge are likely to introduce support for the Web Smart Card API , a browser API that enables web applications to communicate with smart cards, Techtsp has spotted a new development. The proposed API is currently in development and is expected to be released natively on Chrome and Edge in the near future. The implementation is currently in progress, and a Chromium bug report related to the implementation suggests that it is nearing completion. Although the concrete details of the implementation are still unclear and will depend on the specific web browser and operating system being used, as well as any additional security measures or protocols that are put in place to ensure the security and privacy of users' smart card data, in general, the implementation will likely involve the following steps: The web browser will provide an API that web applications can use to interact with smart cards. This API will be based on the proposed Web A

Google Chrome 98 re-adds 'only' keyword for color-scheme by default

Starting with Google Chrome 98, the 'only' keyword has been re-added to the specification for color-scheme as a way of per-element opt-out of color-scheme override like forced darkening. Meaning, this feature can essentially be used to do per element opt-out of color-scheme overrides like forced darkening. If the user has indicated an overriding preference for a particular color scheme, and the author has not disallowed this (by using the only keyword), the user agent may override the color scheme, forcing the used color scheme to the user’s preferred color scheme. If the element does not support that color scheme, the user agent must also auto-adjust other colors into this chosen color scheme, such as by inverting their brightness, while preserving any color contrast necessary for the readability of the page. In this case, UA may also auto-adjust colors within replaced elements, background images, and other external resources as appropriate. The specifics of such auto-adjustme

Google Chrome 97 to get rid of a serious ‘security problem’ after 8 years

Starting with version 97, Google Chrome has decided to deprecate and remove what it describes as ‘a security problem' from Chromium and WebRTC. The SDES key exchange mechanism for WebRTC, which was declared Historic by the Internet Engineering Task Force (IETF) in 2013, is finally being removed from the stable Chrome version 97, which is scheduled to release on Jan 4, 2022. What is SDES key exchange mechanism? Stands for Session Description Protocol Security Descriptions, SDES for Media Streams was proposed for standardization to the IETF in 2016 as a way to negotiate the key for Secure Real-time Transport Protocol. The keys transported in the Session Description Protocol (SDP) attachment of a Session Initiation Protocol (SIP) message ensure the attachment is end-to-end encrypted so that no one else can see the attachment. The problem statement The Google Chrome team says it exposes session keys to Javascript. Therefore, entities with access to the negotiation exchange, or with the

Window Controls Overlay could render Spotify's desktop app useless

A Chrome feature that makes desktop web apps look just like native desktop applications is almost here. The upcoming feature Window Controls Overlay , which will allow web developers to turn their progressive web apps (PWAs) installed on the desktop to look just like their native counterparts, is now in the final stages of development and rollout, Techtsp has learned. As a result, Google Chrome and Microsoft Edge users will not be able to differentiate between progressive web apps and native desktop applications. One of the groundbreaking features has already made its way into version 97 (canary/dev) build and will be fully functional, with a stable release scheduled for January 4, 2022. Customized Title Bar with Window Controls Overlay The main goal behind this feature is to allow web app developers to extend the customizability options to the title bar area, similar to native desktop applications. As a result, developers can maximize screen real estate to show customized options over