A new default Referrer-Policy for Chrome: strict-origin-when-cross-origin
Starting in 85, Chrome plans to switch its default referrer policy from no-referrer-when-downgrade to the more privacy-preserving strict-origin-when-cross-origin.
New in Chrome 70
Chrome 70 adds support for Desktop Progressive Web Apps on Windows and Linux, support for Public Key Credentials to the Credential Management API, allows you to provide a name to dedicated workers and plenty more. Let’s dive in and see what’s new for developers in Chrome 70!
chrome70 new-in-chrome progressive-web-apps desktop credentials security workers
Site Isolation for web developers
Chrome 67 on desktop has a new feature called Site Isolation enabled by default. This article explains what Site Isolation is all about, why it’s necessary, and why web developers should be aware of it.
Meltdown/Spectre
Implications for Web Developers and Chrome’s mitigations.
Avoiding the Not Secure Warning in Chrome
Chrome will soon mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar. This document is intended to aid Web Developers in updating their sites to avoid this warning.
Capture a MediaStream From a Canvas, Video or Audio Element
The captureStream() method makes it possible to capture a MediaStream from a canvas, video or audio element.
canvas chrome53 gif media security webrtc
Muted Autoplay on Mobile: Say Goodbye to Canvas Hacks and Animated GIFs!
Muted autoplay for video is supported on Android from Chrome 53. Previously, a video element required a user gesture to initiate playback.
canvas chrome53 gif media security webrtc
ECDSA for WebRTC: Better Security, Better Privacy and Better Performance
From version 52, Chrome uses ECDSA by default — a much more efficient and secure algorithm for WebRTC certificate key generation. In addition, RTCCertificates can now be stored with IndexedDB.
chrome52 media security webrtc
Rolling out Public Key Pinning with HPKP Reporting
Chrome 46 ships with a feature called HPKP reporting, which can help you roll out a stricter form of SSL for your site.
Content Security Policy 1.0 is officially awesome.
