Google has launched Chrome 84 with improvements including the Web OTP API, Web Animations API, and changes to SameSite cookies, along with the removal of older versions of Transport Layer Security (TLS).

The removal of support for older versions of TLS began with Chrome 81 in April, when support for TLS 1.0 and TLS 1.1 was deprecated. This has now been completely removed with Chrome 84. The TLS cryptographic protocol handles the encryption of HTTPS connections along with communications between web servers and browsers, but older versions of TLS have security flaws, hence the removal of support.

The second developer-related improvement to Chrome is the introduction of the Web OTP API. This was present in earlier versions as the SMS Receiver API, but the new version has significant differences. The Web OTP API helps users enter a one-time password (OTP) on a webpage based on an SMS message that is delivered to their Android phone. An OTP can be used to verify that a phone number entered onto a webpage belongs to the person entering the data on the page. The OTP is sent to the phone number using SMS, and this has to be copied and pasted back into the form on the website, or manually entered by the user. The Web OTP API lets developers help users enter the code with one tap.

Another API improvement is support for the Web Animations API. This is a tool that developers can use to write imperative animations with JavaScript. The API was written to help with both CSS animation and transition implementations, and to "enable future effects to be developed, as well as existing effects to be composed and timed". The API was previously available, but the latest release is more compliant and supports compositing operations, These define and control the way you can combine effects. Java Promises are supported in this version, giving developers more control over the sequencing of animations, as well as the way they interact with other parts of your app.

The final major improvement for developers is to the handling of SameSite cookies. The SameSite attribute was introduced in Chrome 51 and provides a way to  declare that cookies should be restricted to avoid cross-site request forgeries (CSRF).Chrome uses a SameSite attribute on a cookie with three settings - not set, strict or lax. If you set SameSite to Strict, cookies will only be sent if the site for the cookie matches the site currently shown in the browser's URL bar.

Google says that not many developers bother using SameSite, leaving users vulnerable to CSRF and unintentional information leakage.To overcome this, Chrome now implements the secure-by-default system for cookie classification, treating cookies that have no declared SameSite value as SameSite=Lax cookies.

• Ian Elliot is the author of  JavaScript Bitmap Graphics with Canvas,  Just JavaScript: An Idiomatic Approach; JavaScript Async; Just jQuery: The Core UI and Just jQuery: Events, Async & AJAX which are part of the I Programmer Library published by I/O Press.

More Information

Download Chrome

Related Articles

Chrome Takes Over Web - Blocks Edge

Chrome 10 Years Old - And It Seems A Lot Older

Firefox 78 - New Extended Support Release

Developer Tool Improvements In Firefox 77

Edge - Can A New Logo Change Its Fortunes

Firefox 69 - New Features But Still Not Caught Up?

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info

<ASIN:1871962625>

<ASIN:1871962579>

<ASIN:1871962560>

<ASIN:1871962501>

<ASIN:1871962528>