サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
ブラックフライデー
www.chromium.org
Updates May 11th, 2023: the Phase 6 rollout is enabled for 100% of Android clients on M110 and above via Finch. April 25th, 2023: the Phase 6 rollout is enabled for 50% of Android clients on M110 and above via Finch. April 4th, 2023: the Phase 6 rollout is enabled for 10% of Android clients on M110 and above via Finch. March 21st, 2023: the Phase 6 rollout is enabled for 5% of Android clients on M
(written August 2020) Chrome engineers are experimenting with Rust. For the foreseeable future, C++ is the reigning monarch in our codebase, and any use of Rust will need to fit in with C++ — not the other way around. This seems to present some C++/Rust interoperability challenges which nobody else has faced. We'd need to solve these before considering Rust as (nearly) a first-class citizen in our
The Chromium project finds that around 70% of our serious security bugs are memory safety problems. Our next major project is to prevent such bugs at source. The problem Around 70% of our high severity security bugs are memory unsafety problems (that is, mistakes with C/C++ pointers). Half of those are use-after-free bugs. (Analysis based on 912 high or critical severity security bugs since 2015,
Tips for testing and debugging SameSite-by-default and “SameSite=None; Secure” cookies (Last updated: Mar 18, 2021) What: An overview of steps you can take to test your site against Chrome’s new SameSite-by-default cookie behavior, and tips for debugging cookie issues that may be related. Who: You should read this if your site provides or depends upon cross-site cookies. Some of these tips will pr
Confused? Start here. Developers: Check out our testing and debugging tips. Adding `SameSite=None; Secure` to your cookies? Check the list of incompatible clients here. Check the list of Frequently Asked Questions (FAQ) for common scenarios and use cases. Launch Timeline Last updated Mar 18, 2021. Latest update: Mar 18, 2021: The flags #same-site-by-default-cookies and #cookies-without-same-site-m
Last updated: Nov 18, 2019 Some user agents are known to be incompatible with the `SameSite=None` attribute. Versions of Chrome from Chrome 51 to Chrome 66 (inclusive on both ends). These Chrome versions will reject a cookie with `SameSite=None`. This also affects older versions of Chromium-derived browsers, as well as Android WebView. This behavior was correct according to the version of the cook
Overview The Privacy Sandbox project’s mission is to “Create a thriving web ecosystem that is respectful of users and private by default.” The main challenge to overcome in that mission is the pervasive cross-site tracking that has become the norm on the web and on top of which much of the web’s ability to deliver and monetize content has been built. Our first principles for how we’re approaching
Web developers, check out the developer-facing Project Fugu 🐡 homepage! Overview Project Fugu 🐡 is an effort to close gaps in the web's capabilities enabling new classes of applications to run on the web. The developer-friendly landing page of the project is https://developer.chrome.com/docs/capabilities/status. The list of in-process APIs is available at https://goo.gle/all-fugu-features. APIs
tl;dr: To improve security, cross-origin fetches will soon be disallowed from content scripts in Chrome Extensions. Such requests can be made from extension background pages instead, and relayed to content scripts when needed. [The document has been edited on 2020-09-17 to reflect that CORS-for-content-scripts has successfully launched in Chrome 85*.]*** Overview When web pages request cross-origi
Web browsers (and other agents, such as password managers) try to make the process of filling out forms as convenient to users as possible, to save time and frustration. However good they are at interpreting web pages, however, there are always a few things you, as a web developer, can make sure to do, to ensure the best experience for your users, by making your web pages accessible. Group related
What versions of QUIC does Chromium support? In June of 2021, Chromium defaults to supporting IETF QUIC draft29 and gQUIC Q050. Are there any documents about how QUIC performs? In 2017, we published a SIGCOMM paper which detailed QUIC's performance. Are there other implementations of QUIC? Yes, there are a number of other independent implementations. See the IETF Wiki for a full list. Can I build
Cross-Origin Read Blocking (CORB) is a new web platform security feature that helps mitigate the threat of side-channel attacks (including Spectre). It is designed to prevent the browser from delivering certain cross-origin network responses to a web page, when they might contain sensitive information and are not needed for existing web features. For example, it will block a cross-origin text/html
HTTP Strict Transport Security allows a site to request that it always be contacted over HTTPS. HSTS is supported in Google Chrome, Firefox, Safari, Opera, Edge and IE (caniuse.com has a compatibility matrix). The issue that HSTS addresses is that users tend to type http:// at best, and omit the scheme entirely most of the time. In the latter case, browsers will insert http:// for them. However, H
Developer Recommendations Ultimately we recommend migrating towards HTML5 content, however for sites that still require Flash Player in the interim we recommend presenting users with a link/ image to "Enable" Flash Player that points to "https://get.adobe.com/flashplayer/." When users click on that link Chrome will present the necessary UI to enable Flash Player for the site. It will look somethin
Except as otherwise noted, the content of this page is licensed under a Creative Commons Attribution 2.5 license, and examples are licensed under the BSD License.
At the beginning of 2018, researchers from Google's Project Zero disclosed a series of new attack techniques against speculative execution optimizations used by modern CPUs. Security researchers will continue to find new variations of these and other side-channel attacks. Such techniques have implications for products and services that execute third-party code, including Chrome and other browsers
Overview Site Isolation is a security feature in Chrome that offers additional protection against some types of security bugs. It uses Chrome's sandbox to make it harder for untrustworthy websites to access or steal information from your accounts on other websites. Websites are typically not allowed to access each other's data inside the browser, thanks to code that enforces the Same Origin Policy
The Site Engagement Service provides information about how engaged a user is with a site. The primary signal is the amount of active time the user spends on the site but various other signals may be incorporated (e.g whether a site is added to the homescreen). What is a site? Site is an inexact term. For the purposes of site engagement, we’ll be treating origins as sites. What is engagement? Engag
Status: Draft as of 2010/10/14. Objective A feature in Chrome to let users see their printer output before sending it to the printer. Background Web pages are generally designed to be displayed on a computer screen and are not always optimized for printing. When a web page gets printed, the browser has to reformat the page to fit the physical constraints of the paper media. The web page printed to
Automatically Comprehensible Password Forms You can help ensure that browsers' and extensions' password management functionality can understand your site's sign-up, sign-in and change-password forms by enriching your HTML with a dash of metadata. In particular: Add an autocomplete attribute with a value of username for usernames. If you've implemented an "email first" sign-in flow that separates t
This design document covers technical information about how Site Isolation is built. For a general overview of Site Isolation, see https://www.chromium.org/Home/chromium-security/site-isolation. Motivation Chrome's multi-process architecture provides many benefits for speed, stability, and security. It allows web pages in unrelated tabs to run in parallel, and it allows users to continue using the
The policy for modifying the user data directory and other paths for Chrome to use has support for several variables, so you don't need to set a hard-coded path for all users. For example, if you want to store your profile data under the user local application data on Windows, set the UserDataDir policy to : "${local_app_data}\Chrome\Profile" Which on most Windows 7 / Vista installations would res
Overview This page describes a USB-PD sniffing dongle with Type-C connectors. The dongle can be supported by Chrome devices as part of a USB-Type C implementation. Hardware Capabilities Sniffing USB Power Delivery traffic on both Control Channel lines (CC1/CC2) Transparent interposer on a USB Type-C connection Monitoring VBUS and VCONN voltages and currents (WARNING: VBUS path designed for SPR vol
Eng: dbeam@, dpapad@, dschuyler@, hcarmona@, michaelpg@, stevenjb@, tommycli@ PM: tbuckley@ UX: bettes@ Code Location: chrome/browser/resources/settings, chrome/browser/ui/webui/settings Objective To create a new Settings experience for Chromium/Chromium OS which will implement the material design spec, using web components as a maintainable and modular implementation. Using Visit chrome://md-sett
Introduction A secure web proxy is a web proxy that the browser communicates with via SSL, as opposed to clear text. In insecure public networks, such as airports or cafes, browsing over HTTP may leave the user vulnerable to cookie stealing, session hijacking or worse. A secure web proxy can add a significant layer of defense in these cases. Using a Secure Web Proxy with Chrome To make use of a se
Shill, the connection manager for Chromium OS, attempts to detect services that are within a captive portal whenever a service transitions to the ready state. This determination of being in a captive portal or being online is done by attempting to retrieve the webpage http://clients3.google.com/generate_204. This well known URL is known to return an empty page with an HTTP status 204. If for any r
We (Chrome Security) originally sent this out to various browser development mailing lists. Here is the canonical location for the original proposal. See this link for the current public draft spec. This is a living document — as we learn more, we'll probably need to change this page. Proposal The Chrome Security team and I propose that, for new and particularly powerful web platform features, bro
次のページ
このページを最初にブックマークしてみませんか?
『The Chromium Projects』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く