Chrome 81, initially planned for March 17 but delayed due to the ongoing coronavirus (COVID-19) outbreak, is finally out.
Today’s release was supposed to be a bulky update, but only two major features made the cut — such as improved support for WebXR (Chrome’s Augmented Reality feature, initially released in Chrome 79) and initial support for the Web NFC standard.
Features that were planned but later dropped from the Chrome 81 release include a UI redesign for Chrome’s web form elements and the removal of support for the TLS 1.0 and TLS 1.1 encryption protocols.
The first was dropped because Google engineers didn’t manage to put the finishing touches on the redesign in time. The new form controls are now scheduled to go live with Chrome (Chromium) 83, expected to arrive in mid-May, next month.
Plans to remove the TLS 1.0 and TLS 1.1 encryption protocols from Chrome, also initially scheduled for Chrome 81, are now delayed to Chrome 84. The decision to delay removing these two protocols is related to the current COVID-19 outbreak, as removing the two protocols might have prevented some Chrome 81 users from accessing critical government healthcare sites that were still using TLS 1.0 and 1.1 to set up their HTTPS connections. Removing support would have prevented users from accessing those sites altogether, something that Google wanted to avoid.
Today’s Chrome 81 release marks the most turbulent release in Chrome’s history. Because the browser maker had to shift features around from version to version, and because the three-week Chrome 81 delay also disrupted Google’s regular six-week release schedule, Google has now taken a first-of-its-kind step to scrap a Chrome version. Google said the next version of Chrome is v83, and that work on v82 has been permanently abandoned.
Web NFC field trials
But while Google has moved some features from Chrome 81 to other versions, this doesn’t mean this version is lacking. Of all the new features added in today’s v81 release, the most important, by far, is the new Web NFC API.
Modern smartphones already support NFC (near-field communications) but end-users usually need a special app running on their device to interact with NFC tags placed in the real-world.
The new Web NFC standard added in Chrome will allow websites to interact with NFC tags, eliminating the need for users to have a special app installed on their phones.
Google believes that the new Web NFC standard will gain a following among web devs, and anticipates a broad use, especially for Chrome for Android, where it could be used for scenarios like:
- Museums and art galleries can display additional information about a display when the user touches their smartphone or tablet running Chrome to an NFC card near the exhibit.
- Websites, corporate sites, and intranets that handle a company’s inventory will be able to read or write data to an NFC tag on a container or product, simplifying inventory management.
- Conference sites can use it to scan NFC badges during the event.
- Intranets and other corporate sites can use Web NFC to share configuration and initial secrets needed to provision new devices across an organization.
For now, this feature won’t be broadly available for all users, but instead, will be available only as a field trial. The field trial will run from Chrome 81 to Chrome 83, during which time app developers can create apps that rely on the new Web NFC standard, and see how it performs and provide feedback to Chrome developers so they can fine-tune it before a broader release.
More information about Web NFC is available here. The feature is currently scheduled to go live for all users in Chrome 84, but this might change if something comes up during the field trial.
Step 3/3 in Google’s mixed content upgrade
But while Google avoided removing TLS 1.0 and TLS 1.1, Chrome 81 does improve the security of HTTPS connections, but in another way. Chrome 81 marks the last release in Google’s three-step plan to eliminate mixed HTTPS content from the web.
Mixed HTTPS content refers to web pages where content such as images, JavaScript, or stylesheets are loaded via both HTTP and HTTPS, meaning the site doesn’t actually load entirely over HTTPS.
Google’s announced end goal is to auto-upgrade all HTTP content to their analogue HTTPS URLs. However, doing this all of a sudden is dangerous as it can cause a lot of breakage across the internet.
Instead, to prevent any major breakage, Google has chosen a three-step plan for this process, as detailed below, which ends today with the rollout of Chrome 81:
- In Chrome 79, releasing to stable channel in December 2019, we’ll introduce a new setting to unblock mixed content on specific sites. This setting will apply to mixed scripts, iframes, and other types of content that Chrome currently blocks by default. Users can toggle this setting by clicking the lock icon on any https:// page and clicking Site Settings. This will replace the shield icon that shows up at the right side of the omnibox for unblocking mixed content in previous versions of desktop Chrome.
- In Chrome 80, mixed audio and video resources will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://. Chrome 80 will be released to early release channels in January 2020. Users can unblock affected audio and video resources with the setting described above.
- Also in Chrome 80, mixed images will still be allowed to load, but they will cause Chrome to show a “Not Secure” chip in the omnibox. We anticipate that this is a clearer security UI for users and that it will motivate websites to migrate their images to HTTPS. Developers can use the upgrade-insecure-requests or block-all-mixed-content Content Security Policy directives to avoid this warning.
- In Chrome 81, mixed images will be autoupgraded to https://, and Chrome will block them by default if they fail to load over https://.
But we only touched on the major Chrome 81 additions. Users who’d like to learn more about the other features added or removed from the Chrome 81 release can check out the following links for more information:
Chrome security updates are detailed here.
Chromium open-source browser changes are detailed here.
Google engineers detail some of the most important developer-centric changes here.
Chrome developer API deprecations and feature removals are listed here.
Chrome for Android updates are detailed here.
Chrome for iOS updates are detailed here.
Changes to Chrome V8 JavaScript engine are available here.