ul
Addison Mauldin
The enterprise release notes are available in 9 languages. You can read about Chrome's updates in English, German, French, Dutch, Spanish, Portuguese, Korean, Indonesian, and Japanese. Allow 1 to 2 weeks for translation for some languages.
Third party cookies will be restricted in a future release of Chrome. Currently, they are restricted by default for 1% of Chrome users to allow sites to preview the user experience without third-party cookies. Most enterprises are excluded from this group automatically and admins can use the BlockThirdPartyCookies and CookiesAllowedForUrls policies to re-enable third-party cookies if needed.
End users can use the eye icon in the omnibox to temporarily re-enable third-party cookies for 90 days on a given site when necessary. See this help article for more details on how to toggle these settings for the desired configuration. Bounce tracking protections are enforced when the bouncing site is not permitted to use 3P cookies, and are controllable with the same policies. Enterprise SaaS integrations used in a cross-site context for non-advertising use cases can register for the third-party deprecation trial or the first-party deprecation trial for continued access to third-party cookies for a limited period of time.
Deep scanning of downloads for Enhanced Safe Browsing users has been launched since Chrome 91. At that time, users had to consent to each file they wanted deep-scanned automatically. Starting in Chrome 125, users no longer have to do that. Deep scanning is performed automatically as part of the improved protections offered by Enhanced Safe Browsing. Admins wishing to disable this feature can ensure their users are not in Enhanced Safe Browsing mode at all with the SafeBrowsingProtectionLevel policy, or disable deep scans with SafeBrowsingDeepScanningEnabled.
Chrome rolled out support for Windows ARM64. Enterprise installers are coming soon, and the ARM64 version can be downloaded at google.com/chrome. If you encounter any issues, file a bug here. At this time, other versions of Chrome running on ARM64 devices will not be automatically upgraded. Please re-install Chrome if you're running on an ARM64 device.
We are in the process of rolling out a new version of Google Update. As part of this change, the location for GoogleUpdate.exe on Windows changes and it is renamed updater.exe. Note that the previous path continues to persist until the transition is fully completed. GoogleUpdate.exe is also modified to point to updater.exe.
If you have Chrome Enterprise Core (Chrome Browser Cloud Management) and Workspace Enterprise Standard or Workspace Enterprise Plus with assigned licenses, you can now enable Chrome Security Insights. This tool allows you to monitor insider risk and data loss for Chrome activity. For more information, see Monitoring for insider risk and data loss.
Chrome introduces a new mechanism for updating certain Chrome components, which might result in extra bandwidth used within your fleet. You can control this with the GenAILocalFoundationalModelSettings policy.
The Extensions Safety Check notifies users about extensions that might contain malware, policy violations, and extensions that have been unpublished long ago. It provides an interface for users to review these extensions and decide to keep or remove each flagged extension.
To expand the usefulness and the scope of this feature, Chrome 125 adds new triggers so that other potentially risky extensions can also be reviewed by users. There are two new extension types that we now flag for the user to review.
Chrome 125 blocks form submissions from secure pages to insecure pages on iOS. When Chrome detects an insecure form submission, it displays a warning asking the user to confirm the submission. The goal is to prevent leaking form data over plain text without user's explicit approval. A policy InsecureFormsWarningsEnabled is available to control this feature.
Legacy Browser Support for Edge is upgraded to Manifest V3. This is a major update with a possibility for bugs, so you can try the Beta version of this extension today. We encourage you to test it in your environment. If you encounter any issues, file a bug here.
In Chrome 114, we introduced NewBaseUrlInheritanceBehaviorAllowed to prevent users or Google Chrome variations from enabling NewBaseUrlInheritanceBehavior, in case compatibility issues were discovered. Chrome 125 removes the temporary NewBaseUrlInheritanceBehaviorAllowed policy.
The Client Safe Browsing Report is a telemetry report sent to Safe Browsing when a warning is shown in Chrome. Today, download reports are sent when users discard or bypass a download warning. Based on the learnings from the initial tailored warning experiment, many download warnings are not explicitly discarded or bypassed. Reports are not sent for these warnings, so Safe Browsing doesn't have visibility on the effectiveness of these warnings. This feature aims to close this telemetry gap by sending reports when the download is auto-discarded or the browser is closed.
Starting in Chrome 126, Chrome will start directly supporting accessibility client software that uses Microsoft Windows's UI Automation accessibility framework. Prior to this change, such software interoperated with Chrome by way of a compatibility shim in Microsoft Windows. This change is being made to improve the accessible user experience for many users. It provides complete support for Narrator, Magnifier, and Voice Access; and will improve third-party apps that use Windows's UI Automation accessibility framework. Users of Chrome will find reduced memory usage and processing overhead when used with accessibility tools. It will also ease development of software using assistive technologies.
Starting in Chrome 125, administrators can use the UiAutomationProviderEnabled enterprise policy to either force-enable the new provider (so that all users receive the new functionality), or disable the new provider. This policy will be supported through Chrome 136, and will be removed in Chrome 137. This one-year period is intended to give enterprises sufficient time to work with third-party vendors so that they may fix any incompatibilities resulting from the switch from Microsoft's compatibility shim to Chrome's UI Automation provider.
Users with old versions of Google Play Services might be unable to access the passwords saved to their Google accounts. These users now see warnings to update Google Play Services in the password management surface to access their account passwords again. This is part of an ongoing migration that only affects Android users of Google Password Manager.
Chrome extends the Storage Access API to allow access to unpartitioned cookie and non-cookie storage in a third-party context. The current API only provides access to cookies, which have different use-cases than non-cookie storage. The API can be used as follows (JS running in an embedded iframe):
The same flow would be used by iframes to get a storage handle when their top-level ancestor successfully called rSAFor, just that in this case the storage-access permission was already granted and thus the rSA call would not require a user gesture or show a prompt, allowing for hidden iframes accessing storage.
Canceling mousemove does not prevent text selection or drag-and-drop. Chrome allowed canceling mousemove events to prevent other APIs like text selection (and even drag-and-drop in the past). This does not match other major browsers; nor does it conform to the W3 UI Events specification.
With this feature, text selection is no longer the default action of mousemove. Text selection and drag-and-drop can still be prevented through canceling selectstart and dragstart events respectively, which are spec-compliant and fully interoperable.
Chrome 125 removes the window-placement alias for permission and permission policy descriptors. All instances of window-placement are replaced with window-management, which better describes the related API functionality. This is a follow-up to Window Management API feature enhancements and renaming from Multi-Screen Window Placement API; for more details, see Chrome Platform Status.
As part of our Digital Markets Act (DMA) compliance, Google is introducing choice screens for users to choose their default search engine within Chrome. The choice from the prompt controls the default search engine setting, currently available at chrome://settings/search.
In Chrome 125, a new Generative AI (GenAI) feature becomes available for unmanaged users: Generating insights for Chrome DevTools Console warnings and errors. These insights provide a personalized description and suggested fixes for the selected errors and warnings. Initially, this feature is only available to users (18+) in English. Admins can control this feature by using the DevToolsGenAiSettings policy.
To better support Enterprise customers who use VPN in always-on strict mode, where no user traffic can get to the internet except via the VPN, and SAML authentication, we've added a new policy AlwaysOnVpnPreConnectUrlAllowlist. This policy allows you to specify URLs users are allowed to go to before the VPN has connected, so that your SAML services are reachable to authenticate the user to the VPN via the system browser.
A network identifier was added to the secure DNS URI templates with identifiers policy. Admins can now configure a new placeholder in the DNS URI templates, which is replaced with the device local IP addresses when the users are connected to managed networks.
ChromeOS 125 expands support for live captions from 1 to 6 languages and dictation from 1 to 18 locales. We now use a new voice recognition model that provides additional battery savings. Live captions on ChromeOS can be used on videos played with the Gallery player app, in YouTube, in Google Meet, in Zoom, or social media sites. To see or change your current live captions language, select Settings > Audio and captions > Live Caption > Manage languages. For more information on live captions, see this Help Center article.
795a8134c1