Chrome Download Enterprise
Totaly Pavlina
The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.
To improve the security of cookies on Windows, the encryption key used for cookie encryption will be further secured by binding it to Chrome's application identity. This can help protect against malware running at the same privilege as Chrome that might attempt to steal cookies from the system. This does not protect against an attacker who is able to elevate privilege or inject into Chrome's processes.
App-bound Encryption strongly binds encryption keys to the local machine so customers who are using Chrome with roaming profiles may want to consider disabling this security feature otherwise cookies will not be portable between workstations.
Chrome profiles offer a user-friendly way to keep personal and work browsing data separate, simplifying the experience, preventing data breaches, and ensuring privacy and compliance. We have created three intuitive policies to help you control profile separation in your organization: ProfileSeparationSettings, ProfileSeparationDataMigrationSettings and ProfileSeparationDomainExceptionList. These policies replace ManagedAccountsSigninRestriction and EnterpriseProfileCreationKeepBrowsingData.
In Chrome 127, users who do not already have Enhanced Safe Browsing enabled see an infobar promoting Enhanced Safe Browsing on the Safe Browsing warning page. We also show a promotion for Enhanced Safe Browsing on the Chrome settings page, for users who do not already have Enhanced Safe Browsing enabled. These promos are not shown to users when the SafeBrowsingProtectionLevel enterprise policy is set to any value.
In response to sustained compliance failures, Chrome 127 changes how publicly-trusted TLS server authentication, that is, website or certificates issued by Entrust, are trusted by default. This applies to Chrome 127 and later on Windows, macOS, ChromeOS, Android, and Linux; iOS policies do not allow use of the Chrome Root Store in Chrome for iOS.
If a Chrome user or an enterprise explicitly trusts any of the affected Entrust certificates on a platform and version of Chrome relying on the Chrome Root Store, for example, when explicit trust is conveyed through a Windows Group Policy Object, the Signed Certificate Timestamp (SCT) constraints described above will be overridden and certificates will function as they do today.
In Chrome 127, this Generative AI (GenAI) feature becomes available for managed Chrome Enterprise and Education users in supported regions: Generating insights for Chrome DevTools Console warnings and errors. These insights provide a personalized description and suggested fixes for the selected errors and warnings. Admins can control this feature by using the DevToolsGenAiSettings policy.
Starting in Chrome 127, as part of Chrome's move towards HTTPS by default, HTTPS-First Mode is enabled by default in Incognito mode. Users will see a warning before they navigate to sites over insecure HTTP. This can be controlled using the existing enterprise policies HttpsOnlyMode and HttpAllowlist.
You can use the ExtensionManifestV2Availability policy to test Manifest V3 in your organization ahead of the migration. Additionally, machines on which the policy is enabled will not be subject to the disabling of Manifest V2 extensions until the following year - June 2025 - at which point the policy will be removed.
You can see which Manifest version is being used by all Chrome extensions running on your fleet using the Apps & extensions usage page in Chrome Enterprise Core. Read more on the Manifest timeline, including:
A new policy called DynamicCodeSettings is available in Chrome 127. Setting this policy to '1' switches on Arbitrary Code Guard (ACG) for the browser process. ACG prevents dynamic code being generated from within the browser process, which can help prevent potentially hostile code making unauthorized changes to the behavior of the browser process.
Chrome 127 launches a simplified and consolidated version of sign-in and sync in Chrome on Android. Chrome sync is no longer shown as a separate feature in settings or elsewhere. Instead, users can sign in to Chrome to use and save information like passwords, bookmarks and more in their Google Account, subject to the relevant enterprise policies.
As in earlier releases, the functionality previously part of Chrome sync that saves and accesses Chrome data in the Google Account can be turned off via SyncTypesListDisabled. Sign-in to Chrome can still be disabled via BrowserSignin.
When an Enhanced Safe Browsing user visits a page that triggers vibration, keyboard or pointer lock API, attributes of that page are now sent to Safe Browsing. If the telemetry is sent and the page seems to be malicious, users see a Safe Browsing warning and their keyboard or pointer is unlocked, if they were locked. If you'd like your users to avail of this feature, set MetricsReportingEnabled to true and set the SafeBrowsingProtectionLevel policy to 2.
On Chrome on Android, some users who are signed-in to Chrome but don't have Chrome sync enabled can now use and save passwords in their Google Account. Relevant policies such as BrowserSignin, SyncTypesListDisabled and PasswordManagerEnabled continue to work as before and can be used to configure whether users can use and save passwords in their Google Account.
This feature allows admins to overlay a watermark on top of a webpage if navigating to it triggers a specific Data loss Prevention (DLP) rule. It will contain a static string displayed as the watermark. Watermarking is available to Chrome Enterprise Premium customers only.
The setting is blocked by default and sites cannot prompt for permission. New UI controls are limited to Chrome's settings pages (chrome://settings/content/automaticFullScreen) and the site info bubble. Users can allow Isolated Web Apps, and admins can allow additional origins with the AutomaticFullscreenAllowedForUrls policy.
Synchronous mutation events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, negatively affect page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete mutation events must be removed or migrated to Mutation Observer. In Chrome 124, a temporary enterprise policy, MutationEventsEnabled, was introduced to re-enable deprecated or removed mutation events.
Starting in Chrome 127, mutation event support is disabled by default , from around July 30, 2024. Code should be migrated before that date to avoid site breakage. If more time is needed, there are a few options:
By making scrollers focusable by default, users who can't (or don't want to) use a mouse can now focus clipped content using keyboard tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a .
The ServiceWorker static routing API is an API used for routing the request to the network, the ServiceWorker fetch handler, or directly looking up from cache, and so on. Each route consists of a condition and a source, and the condition is used for matching the request.
For Chromium implementations, the or condition is only the supported condition. However, to write the condition more flexibly, supporting the not condition is expected, which matches the inverted condition inside.
ChromeOS 127 introduces a visual enhancement for Downloadable Content (DLC) in the video control panel. This release now adds status indicators for Noise Cancellation, Live Captions, Relighting, and Blur.
ChromeOS is launching a PDF OCR AI reader on Gallery, enabling reading for inaccessible documents, further filling the gap in accessibility for low vision and blind users that use a screen reader. ChromeOS leverages its machine learning models to extract, compartmentalize, and section PDF documents to make them more accessible on the Gallery app for ChromeVox users.
The Firmware Updates app on ChromeOS now supports updating peripherals that require user action during the update, for example, unplugging and re-plugging the peripheral. When an update is available for one of these devices, the user will be guided with clear, step-by-step instructions. For most existing peripherals, the update experience remains unchanged.
As early as ChromeOS 127, Read Aloud will bring Google's high quality voices to Chrome Reading Mode for users to leverage Text to Speech to read content on the web. The goal of Read Aloud is to help people who have difficulty reading to understand long-form text. The new Read Aloud feature in Reading Mode on Chrome desktop allows users to hear the text they are reading, which improves focus and comprehension.
Students can now quickly view and access their upcoming Classroom assignments one click away on their Chromebook home screen. Users can see this new feature if they are logged into a Chromebook with an account where they are enrolled in active courses in Google Classroom. Users can find this feature by clicking on the date chip on the shelf of their Chromebook if they are logged into an account, where they will see the new panel which can view lists of their upcoming, due, missing and completed assignments.
Today, the majority of user settings are configurable by Groups, with most of the remaining settings available in the coming months. Available settings are automatically filtered and displayed when admins select a particular group.
Admins can now add managed Chrome browsers to Google groups, thereby allowing them to specify User & browser policies and extension settings for a group of browsers. Managed browsers can be assigned to multiple groups, which allows IT administrators to have more flexibility to manage Chrome browsers using cloud management.
c80f0f1006