Chrome 77 has pretty much finished its rollout across desktop and mobile platforms, so v78 has moved up to the beta channel. This update is jam-packed with new capabilities for web sites, so let’s dive right in!
Native File System
Web pages have never been able to directly access your computer’s (or phone’s) file system, unless there was a plugin like Java or ActiveX involved somewhere. The new Native File System API, now available as an Origin Trial in Chrome 78, changes this.
Here’s how the API works: A web page can bring up a file picker dialog, just like you would see when clicking an Upload button on any web site. One file, a group of files, or an entire folder can be selected (it’s up to the web page). The page can later save changes to those files, if it wants.
Before you start freaking out that web sites can now alter your files, there are a lot of security precautions built into this already, and the Chrome team will likely add more before the feature is ready for widespread use. Sites can only see the files you specifically select, they can only save changes back to those files if granted permission, an indicator is added to the address bar if a site has file permissions (on the desktop, anyway), and right now the permission only stays granted until the site is closed.
I can’t wait to see what gets done with this functionality. We could get online code editors that can actually work with several local files at once, or maybe Google Docs could edit Word files directly on your PC without uploading/converting them first. I’m definitely going to look into adding this API to my PhotoStack web app.
SMS Receiver API
Many apps and services ask you to verify your phone number by sending a code via SMS. In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code. Google just added an API for Android apps that can automate this process, and now a similar feature is in the works for Chrome.
I wasn’t able to get the demo working, but the idea is that when a site sends an SMS verification code, Chrome can wait for the text and then paste in the code when it arrives. The site never actually gets access to your text messages, only the single text sent by the site. There are also security measures put in place to prevent verification texts from being read by the wrong site.
As always, Chrome 78 includes changes for both users and developers. Here are some smaller features bundled with this update:
- Emoji in placeholder text (in text boxes, text entry fields, etc) is now grey, just like regular text.
- Behind a flag: Synchronous XHR during page dismissal is deprecated. This prevents sites from doing anything with a network connection while you’re closing a tab.
- Web pages can no longer create a popup window while they are being closed. This doesn’t affect the ‘Are you sure you want to close this tab?’ that many pages show when you have entered information that could be lost.
- Behind a flag: The new Screen Enumeration API gives sites information about your computer displays.
- A new seeking option is being added to the Media Session API. This could allow, for example, the Spotify web app to have the same timeline bar as the Android app on Android 10.
- The XSS Auditor has been removed from Chrome.
The APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and was not tampered with in any way. Rather than wait for Google to push this download to your devices, which can take days, download and install it just like any other APK.
Note: Most versions of the Chrome APK use app bundles, which APKMirror doesn’t support yet. As a result, only a few variants are available for download.