Chrome M107 rollout: Impact analysis

Chrome M107 is already rolling out. ChromeOS is listed as rolled out, but so far none of the devices yet have M107. This is normal and I expect the OS rollout to start over the next few days.

Mac and Windows however are at 10% rollout already. This means that one in every 10 update request will get the update. This slow rollout is intentional with the goal of making sure there are no new issues introduced with these releases.

M107 comes with a lot of new features which can be read in great detail in this PDF file here.

Most interesting M107 changes

  • Support for Encrypted Client hello (ECH) – allows the hostname for SNI based certificates to not go in clear text. This feature is behind a flag and you need to turn on #encrypted-client-hello feature to see this in action. Note that certain proxies and firewalls rely on hostname being visible in clear text to make critical routing/security decisions and that may not be available after this is enabled. I recommend testing this in your network if you rely on this.
  • User-agent reduction Phase 5 – For those who are not watching this space, the user agent for Chrome is getting increasingly simpler with a lot of details being stripped out of it. The goal of this exercise is to make it harder to do browser finger printing. There still are good ways of getting most of this data, but the webserver needs to be setup in a particular way to get this data. If your apps relies on User-Agent for critical decisions, consider reviewing this change in detail
  • Automatic revocation of disruptive notifications – Lot of websites are now sending background notifications to browsers, including this blog itself. While there are good reasons why these exist, there are some websites which are misusing it. Unfortunately these notifications are not easy to turn off, so Chrome is doing the next best thing. Its going to start disabling noisy notifications on behalf of the user. Enterprises can reduce impact of this feature on URLs it whitelists using policies.
  • Camera framing – While Google meet has been able to do this in limited basis, “Camera framing” now provides OS level support to automatically identify and center on the user’s face.
  • Lock device on lid close – This new feature allows device to lock without suspend and allow background jobs run. An example of background process could be SSH service running in the background.

A more detailed list of changes can be found at this Chrome features list as well.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *