Chrome 127 beta

Unless otherwise noted, the following changes apply to the newest Chrome beta channel release for Android, ChromeOS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 127 is beta as of June 12, 2024. You can download the latest on Google.com for desktop or on Google Play Store on Android.

CSS

This release adds three new CSS features.

CSS font-size-adjust

The font-size-adjust CSS property provides a way to modify the size of lowercase letters relative to the size of uppercase letters, which defines the overall font-size. This property is useful for situations where font fallback can occur.

Chrome 127 includes the two value syntax to pass in a font metric and a value.

Multi-argument alt text in CSS generated content

The CSS content property lets you specify alternative text for accessibility with the following syntax:

.has-before-content::before {
    content: url("cat.jpg") / "A cute cat";
  }

The syntax shown, where alt text is given by a single string, is already supported in Chrome. From Chrome 127 the alt text can be given by an arbitrary number of elements, which in addition to strings can be attr() functions or counters. For example:

.has-before-content::before {
  content: url("cat.jpg") / "A cute " attr(data-animal);
}

Note that this feature entry doesn’t include the addition of counter support.

Support for view transitions in iframes

From Chrome 127 concurrent same-document view transitions in a main frame and same-origin iframe will be available.

Previously, running a View Transition using the document.startViewTransition in a same-origin iframe wouldn't work if the main frame was running a transition at the same time. The iframe’s transition would be automatically skipped. Now, both transitions will execute.

View transitions on same-origin cross-document navigations in an iframe will also be supported.

Web APIs

Additions to Attribution Reporting

Chrome 127 includes two additional features for Attribution Reporting. Aggregate Debug reporting allows API callers to continue receiving debugging information even after 3rd party cookie deprecation. Attribution Scopes provide more control over attribution filtering.

Automatic fullscreen content setting

A new "automatic fullscreen" content setting lets enterprise admins allow sites to enter fullscreen without a user gesture. Users may also allow Isolated Web Apps to use this feature through site settings pages.

Combined with Window Management permission and unblocked popups, this unlocks valuable fullscreen capabilities:

  • Open a fullscreen popup on another display, from one gesture.
  • Show fullscreen content on multiple displays from one gesture.
  • Show fullscreen content on a new display, when it's connected.
  • Swap fullscreen windows between displays with one gesture.
  • Show fullscreen content after user gesture expiry or consumption.

This post previously included Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies. This will now ship in Chrome 128.

Document picture-in-picture: propagate user activation

This makes user activations in a document picture-in-picture window usable inside its opener window as well as the other way round. This makes it more ergonomic to use user-activation-gated APIs, since often event handlers in the document picture-in-picture window are actually run in the opener's context, so the opener's context needs access to the user gesture.

Importmap integrity

Imported ES modules can't currently have their integrity checked, and hence cannot run in environments that require Subresource Integrity or with require-sri-for CSP directives.

This feature adds an integrity section to import maps, enabling developers to map ES module URLs to their integrity metadata, and ensure they only load when they match their expected hashes.

Keyboard focusable scroll containers

This feature introduces the following changes:

Scrollers are click-focusable and programmatically-focusable by default. Scrollers without focusable children are keyboard-focusable by default.

This is an important improvement to help make scrollers and contents within scrollers more accessible to all users. You can read more about its benefits in the post Keyboard focusable scrollers. Keyboard focusable scrollers will be enabled by default starting in Chrome 127. If websites need time to adjust to this new feature, there are a few options:

No-Vary-Search support for prerender

Extends No-Vary-Search support to prerender on top of the previous prefetch support. This enables a prerender entry to match even if certain URL query parameters change. The No-Vary-Search HTTP response header declares that some or all parts of a URL's query can be ignored for cache matching purposes.

This post previously included Snap Events, however these are behind a flag in Chrome 127 and will be released to stable in a future release.

Video Chapter in MediaMetadata

You can now add individual chapter information, such as the title of the section, its timestamp, and a screenshot image to media metadata. This allows users to navigate through the content of the media.

This will only show up in ChromeOS media notifications, and not in Chrome Browser global media controls.

WebGPU: GPUAdapter info attribute

Adds a synchronous GPUAdapter info attribute to retrieve the same information about the physical adapter as with the asynchronous GPUAdapter requestAdapterInfo() method.

Origin trials in progress

In Chrome 127 you can opt into the following new origin trials.

Compression dictionary transport with Shared Brotli and Shared Zstandard

This feature adds support for using designated previous responses, as an external dictionary for Brotli (or Zstandard)-compressing HTTP responses.

Deprecate 0.0.0.0 for Private Network Access (PNA)

We propose to block access to IP address 0.0.0.0 in advance of PNA completely rolling out.

Chrome is deprecating direct access to private network endpoints from public websites as part of the PNA specification. This specification considers services listening on the localhost (127.0.0.0/8) as considered private. Chrome's PNA protection (rolled out as part of https://chromestatus.com/feature/5436853517811712) can be bypassed using the IP address 0.0.0.0 to access services listening on the localhost on macOS and Linux.

This can also be abused in DNS rebinding attacks targeting a web application listening on the localhost.

Since 0.0.0.0 is not (and shouldn't be) used in practice, we're deprecating it separately from the rest of the private network requests deprecation.

Deprecate third-party cookies

We intend to deprecate and remove default access to third-party (aka cross-site) cookies, starting with an initial 1% testing period in Q1 2024, followed by a gradual phase out planned to begin in Q1 2025, subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority.

Phasing out third-party cookies is a central effort to the Privacy Sandbox initiative, which aims to responsibly reduce cross-site tracking on the web (and beyond) while supporting key use cases through new technologies.

Partitioning Storage, Service Workers, and Communication APIs

From Chrome 115, storage, service workers, and communication APIs are partitioned in third-party contexts. From Chrome 113 to 126, sites were able to take part in a deprecation trial to temporarily unpartition and restore prior behavior of storage, service workers, and communication APIs.

From Chrome 125, non-cookie storage in the Storage Access API is supported, which should address the majority of use cases for unpartitioned storage. Where those use cases aren't met, it is now possible to request a renewal for the DisableThirdPartyStoragePartitioning deprecation trial for an additional 6 milestones, for users on Chrome 127 to 132 (inclusive).

See the Storage Partitioning deprecation trial renewal blog post for more information.

Keyboard focusable scroll containers deprecation trial

This feature introduces the following changes:

  • Scrollers are click-focusable and programmatically-focusable by default.
  • Scrollers without focusable children are keyboard-focusable by default.

We attempted to ship these changes, and found that a limited number of sites had broken expectations around some of their components. As a result, we had to unship the feature to avoid this breakage. Given the benefits, the feature will begin shipping in 127. To allow more time for the affected sites to migrate their components, we are starting a deprecation trial. When enabled, this will disable the feature.

Deprecations and removals

This version of Chrome introduces the deprecations and removals listed below. Visit ChromeStatus.com for lists of planned deprecations, current deprecations and previous removals.

This release of Chrome removes three features.

Mutation events

Mutation event support will be disabled by default starting in Chrome 127. Code should be migrated before that date to avoid site breakage. If more time is needed, there are a few options:

See the blog post Mutation events deprecation for more details.

Restrict "private network requests" for subresources from public websites to secure contexts

Requires that private network requests for subresources from public websites may only be initiated from a secure context. Examples include internet to intranet requests and internet to loopback requests.

This is a first step towards fully implementing Private Network Access.

Remove old CSS custom state syntax

The CSS custom state pseudo-class is being renamed from :--foo to :state(foo). The new syntax, :state(foo), has been enabled by default, therefore we are removing the :--foo syntax.

Firefox and Safari never implemented the old syntax and they have both shipped the new syntax.

Enterprise customers who need more time can use the CSSCustomStateDeprecatedSyntaxEnabled policy. This policy will be removed in Chrome 131.