Chromium Summaries

2026-04-01

Chromium Digest: 2026-04-01

Overview

A busy day with 684 total commits, of which 554 were deemed relevant to developers. The day was marked by an unusually high number of breaking changes across the JNI bridge, Blink layout, Autofill, and Mojo permission APIs, requiring significant attention from embedders. Notable feature work includes enabling SharedWorker on all platforms and continued development of AI-powered features. The first commit was (9648d93) and the last was (c6fdf14).

Breaking Changes

⚠️ BREAKING The permission.mojom interface was significantly changed. RequestPermissions, RevokePermission, and OnPermissionStatusChange now use a PermissionStatusWithDetails struct instead of a simple PermissionStatus enum, breaking all clients of the permission service. (36e8c6e) (7052b70) (4e04747)
⚠️ BREAKING Major changes to the JNI bridge (jni_zero). The C++ definition of JArray<T> is no longer a type alias but a distinct class, and the generator tool was updated to handle Java generics. These changes can break embedder C++ code and custom build tooling. (e7c38aa) (8674601)
⚠️ BREAKING The Android SDK was rolled to version 37.0 and build-tools to 37.0.0. This is a major dependency update that requires embedders to update their build environments. (77027a5)
⚠️ BREAKING In Blink's LayoutBoxModelObject, the public virtual methods OffsetLeft() and OffsetTop() were removed and replaced with a single OffsetPoint() method. Subclasses overriding the removed methods will have build failures. (276436f)
⚠️ BREAKING The public Blink header v8_string_resource.h and the V8StringResource class have been removed. Embedders must migrate to ToBlinkString() or NativeValueTraits for V8-to-Blink string conversions. (ebf66e5)
⚠️ BREAKING The public Blink enum HTMLElementType was renamed to ElementType and its scope was expanded. Code directly referencing the old enum name will break. (8d83154)
⚠️ BREAKING The signature of the public virtual method BrowserAutofillManager::FillOrPreviewForm() was changed, adding a blocked_fields parameter. Subclasses that override this method must be updated. (6d25e4a)
⚠️ BREAKING The media::DataSource interface signature was changed, making the IsStreaming() and WouldTaintOrigin() virtual methods const. Implementations of this interface must be updated to include the const qualifier. (b156700)
⚠️ BREAKING The Presentation API behavior was changed to restrict http:// presentation URLs to localhost only. This may break applications that connect to non-localhost devices on a local network via HTTP. (52c5e88)
⚠️ BREAKING The force_system_menu_for_frameless parameter was removed from the public views::Widget::InitParams struct. Embedders on Windows using this parameter will have a build failure. (7c5af3a)
⚠️ BREAKING Multiple other public API signatures and names were changed, including blink::WebString::ContainsOnlyASCII, AutofillClient::GetDeviceAuthenticator, BottomSheetControllerFactory::createBottomSheetController, AccessibilityAnnotationService, and audio::OutputStream::SendLogMessage. (e798b84) (109dc40) (22cba8f) (d133671) (2148e9e)
⚠️ BREAKING The third-party androidx.window.extensions library was updated, which includes breaking API changes such as the removal of WindowAreaComponent.addRearDisplayStatusListener. (56d4a84)

Blink, Web Platform, and V8

SharedWorker is now enabled by default on all platforms, including Android where it was previously in an Origin Trial. This makes the feature universally available. (6f4c113)
A new feature, DisconnectWebSocketOnBFCache, was introduced behind a flag. When enabled, open WebSocket connections will be closed instead of preventing a page from entering the Back-Forward Cache. (4796198)
The customizable <select> element is now stable and the CustomizableSelectListbox feature flag has been removed. Follow-up fixes for inertness and click behavior were also landed. (5338ebd) (990f8de) (9c6562f)
Support was added for the @navigation(preview) CSS state, allowing developers to style the outgoing page during a View Transition when it's in the 'preview' phase. (9b54f97)
Blink's AtomicString::FromUtf8 method was made more robust; it will now return a null string for invalid UTF-8 input instead of crashing. (b774601)

Android

An Entra SSO provider was implemented, allowing Chrome on Android to use platform-level Microsoft credentials for single sign-on. (acb8674) (23368d6)
Fixed an issue with Bluetooth SCO state management to ensure the SCO state is enabled *before* an explicitly requested input stream starts, preventing recording failures. (9b09a44)
TalkBack swipe gestures on ARIA sliders are now correctly mapped to increment/decrement actions, fixing accessibility for custom sliders. (cc4e767)
Significant refactoring occurred in the SnackbarManager to better handle different UI contexts, such as displaying snackbars within bottom sheets. (c9daf03) (3ac03f1) (22cba8f)

Security

Fixed a vulnerability where inactive frames (e.g., in BFCache) could be used to establish an opener relationship across different BrowsingInstances, breaking site isolation guarantees. (2b5169f)
Patched a file access bypass vulnerability in DevTools that could be triggered via drag-and-drop. (59d7444)
A large number of DCHECK assertions were upgraded to CHECK in core navigation and Service Worker code to harden release builds against potential logic errors and security exploits. (62e24bf) (3130d85) (cf25df2) (17d5f5c)
The ExtensionContentVerificationUsesExtensionRoot feature was enabled by default, improving security by strengthening content verification for extensions. (2aa5824)

UI and Shell

On macOS, mouse movement event coalescing is now disabled by default. This increases the polling rate for mouse movements, which is beneficial for gaming but changes the default input behavior on the platform. (80792e0)
The Bedrock project continued its work decoupling UI from the Browser class by migrating more callers to use the BrowserWindowInterface. (524e16b) (765e765)
On iOS, image resizing for image search was moved to a background thread to improve UI responsiveness. (e3d699d)
Fixed a deadlock that could occur during tab dragging, and resolved a regression where URLs from external apps would not open in the browser on the current workspace. (0cdc11e) (0dfe151)

Autofill and Payments

The feature to reintroduce passkeys in the Autofill dropdown was enabled by default. (9a66d80)
Autofill was disabled on password fields to prevent it from interfering with password managers. (bee792b)

Media and GPU

For Graphite on Windows, a new raster command was added to allow the command submission phase to execute earlier and in parallel with compositor work, reducing frame latency. (2cb88d7)
Fixed a use-after-free bug in the MediaFoundationVideoEncodeAccelerator on Windows by introducing a proper COM proxy for thread safety. (70f35b0)
Fixed an issue with AAC tail trimming in AudioFileReader that could corrupt output from MP4 files that had been remuxed by OBS. (10bf288)

Build System and Infrastructure

⚠️ BREAKING The low-level Rust Mojo FFI crate was moved from mojo/public/rust/system/ffi to mojo/public/rust/c_mojo_api. This is a build-breaking change for projects that directly depend on the old path. (84d3aff)
The codebase continues to be modularized to improve build times and dependency hygiene. The //chrome/browser/offline_pages, //chrome/browser/plugins, //chrome/browser/printing, and //chrome/browser/spellchecker components were among those moved into their own source sets. (b87be23) (dc7f841) (0790c8f) (0234876)
Multiple extension APIs, including downloads, documentScan, and developerPrivate, were converted from the legacy JSON schema format to modern WebIDL as part of a larger modernization effort. (da23820) (e2f1994) (d6fb2ac)

2026-03-31

Open Standalone Page

Chromium Digest: 2026-03-31

Overview

This digest covers 710 commits on the main branch from March 31, 2026, of which 549 were identified as relevant to developers. The first relevant commit was (39c2ad8) and the last was (bb2ee6a).

Breaking Changes

⚠️ BREAKING Core Browser & UI APIs: Several public C++ APIs in core browser components were changed. In content/, the virtual method ContentBrowserClient::UpdateEnabledBlinkRuntimeFeaturesInIsolatedWorker was removed. In views/, core drag-and-drop methods like views::Widget::RunShellDrag were renamed (e.g., to RunDragDropLoop). The BrowserWindow::UserChangedTheme() virtual method was also removed as part of a theme system refactor. (b01d62a) (e246bab) (a863957)
⚠️ BREAKING Mojo Interfaces: Multiple stable Mojo interfaces were modified. The blink::mojom::PermissionService methods no longer accept a user_gesture parameter. The browser_controls_api::mojom::BrowserControlsService methods were changed to use result-based callbacks instead of being fire-and-forget. The ToolbarUIService::ShowContentSettingsBubble method now takes a ContentSettingImageType instead of ContentSettingsType. (5168b89) (41af281) (023a4ca)
⚠️ BREAKING Component & Feature APIs: The public APIs of several components were altered. QueryContextualizer::Contextualize has a new signature. The CreditCardSuggestionGenerator constructor now requires different manager pointers. The printing::PrintedDocument::GetMetafile() method was removed. The AccountSettingService was refactored to a generic base::Value-based API. (a95f201) (82e8f9f) (3ac886f) (19e350b)
⚠️ BREAKING Blink & Mojo Internals: Support for the legacy EnumTraits::FromMojom(..., T* out) signature was removed from Mojo, requiring all custom enum traits to be migrated. In Blink, blink::WebString::FromASCII was renamed to FromAscii, and the deprecated WTF::String::FromUTF8() methods were removed. (a1c3e63) (e296ed2) (b4e81f9)
⚠️ BREAKING Android APIs: The public API surface for Android was modified. The virtual method RenderWidgetHostViewAndroid::OnUnfoldStarted was removed. For WebView, several JNI methods in AwPrefetchManager were renamed, such as getTtlInSecForTesting to getTtlInSec. (05f0893) (1b42d6c)
⚠️ BREAKING Build System & Feature Flags: The build_with_tflite_lib GN argument was removed from optimization_guide, making TFLite a required dependency. The kTpcdHeuristicsGrants feature was removed, which also removed the AllowMechanism::kAllowBy3PCDHeuristics value from the public CookieSettingsBase enum. (09a3c27) (8214edf)
⚠️ BREAKING Behavioral Change: The ServiceWorkerAutoPreload feature is now enabled by default. This is a significant behavioral change that alters network loading patterns for websites with service workers, which may impact performance and resource fetching logic in embedder applications. (f434667)

Web Platform & Blink

Name-only @container queries are now enabled by default, allowing developers to query a container by its name without specifying other query features (e.g., @container my-container (...)). (b147722)
A new Inline Script Cache feature has been added behind the kInlineScriptCache flag. This feature allows for the persistent caching of inline scripts using a hash of their source text, aiming to improve performance on subsequent page loads. (514b324) (6e5c441) (2816c99)
View Transitions have been refactored to use a new CSS-driven approach with @view-transition { navigation: preview }, removing the old heuristic-based two-phase transition model. This is a major behavioral change for this evolving feature. (e91545c)
The <usermedia> element now has a readonly error attribute to provide developers with insight into media stream request failures. (a75ca4f)
The contentType property for ResourceTiming is now enabled by default, exposing the Content-Type header of fetched resources. (709cdf8)
Fixed a bug where srcset images using x-descriptors would not update when the page zoom level was changed. (7e432b4)

UI & UX

A mute button has been added to the Video Picture-in-Picture window, available behind the kVideoPipMuteButton feature flag. (911883a)
The TabStrip API was enhanced to support closing entire tab groups, in addition to individual tabs. (7cd1de4)
Hover cards have been added to tab group headers in the horizontal tab strip, improving discoverability and management. (e8ce621)
The logic for hiding tab close buttons has been changed to be based on tab width rather than the total number of tabs. (327d95d)
The UI for the credit card save prompt was updated to replace the expiration date with a GPay icon. (2187fdd)

Android & iOS

Android: A new off-main-thread prefetch flow (OMTPrefetch) has been introduced for WebView to improve performance. (64eed47)
Android: The build system was updated to use the new ENABLE_EXTENSIONS_CORE flag, enabling consistent behavior for extensions on desktop Android across various subsystems. (09d25e4) (cafefd8) (3d6458b)
Android: The ability to pin the extensions menu icon to the toolbar has been added, with the setting stored locally. (3a0fbca)
iOS: A file read operation in NetExportCoordinator was moved off the main thread to prevent UI freezes when exporting network logs. (56320b2)

Security

The renderer process will now be terminated if it provides an incorrect site_for_cookies or top_frame_origin to the RestrictedCookieManager, hardening cross-origin security. (225000a)
File access restrictions are now correctly enforced for view-source:file:// URLs within DevTools protocol handlers, closing a potential local file access loophole. (1f5d394)
An integer overflow in ElementsUploadDataStream was mitigated to prevent potential HTTP Request Smuggling attacks. (4c99d24)
The remoting SignalStrategy now rejects XML containing a Document Type Definition (DTD) to prevent XML parser vulnerabilities like XXE. (a1262e4)
An IPC validation check was added to AI Page Content extraction to prevent a potential Site Isolation bypass. (06aeef1)

Infrastructure & Services

Support was added to the audio channel mixer to correctly downmix 5.1.4 and 7.1.4 audio layouts to stereo. (74f53f9) (8c86ae3)
The build system was updated to better integrate Rust panics with Chromium's LOG(FATAL) mechanism, improving crash reporting and debugging for Rust code. (89012c0)
The internal DNS task resolver (HostResolverDnsTask) was refactored to use an enum for its security mode instead of a boolean, allowing it to support more states like kPlatform in addition to secure/insecure DNS. (7c5f91c)
The "Bedrock" project continues its large-scale refactoring to decouple //chrome from //content, with BrowserWindow theme observation and ChromeProcessManagerDelegate being notable areas of progress. (a863957) (c41e000)

2026-03-30

Open Standalone Page

Chromium Digest: 2026-03-30

Overview

This digest covers 631 commits to Chromium's main branch on March 30, 2026, from commit (db61443) to (e14b493). Of these, 472 were identified as relevant to developers. The day was marked by an unusually high number of breaking changes to core public APIs, extensions, and networking components, requiring significant attention from embedders and extension developers. Key improvements include new CSS features like image-rendering: crisp-edges and experimental support for background-clip: border-area.

Breaking Changes

⚠️ BREAKING Public API Removal: The virtual function GrantCookieAccessDueToHeuristic was removed from the public content::ContentBrowserClient interface. Embedder implementations overriding this obsolete function will fail to compile. (ac62164)
⚠️ BREAKING Public API Signature Change: Methods like WasShown on RenderWidgetHostImpl and RenderWidgetHostViewBase now use a native C++ struct (std::optional<blink::RecordContentToVisibleTimeRequest>) instead of a mojo pointer. Embedders calling these methods must update to the new type. (ff88160)
⚠️ BREAKING Public API Removal: The content/browser/tpcd_heuristics/ directory and its CONTENT_EXPORTed classes (e.g., OpenerHeuristicTabHelper) have been deleted. Any code relying on these obsolete third-party cookie deprecation APIs will break. (037fbcc)
⚠️ BREAKING Behavioral Change (Extensions): The chrome.tabs.create API on Android now aligns with desktop behavior, opening new tabs in the main tabbed browser instead of the current window (e.g., a PWA). This may break extensions that relied on the previous Android-specific behavior. (7214a10)
⚠️ BREAKING Behavioral Change (Extensions): The chrome.tabs.move API on Android now disallows moving tabs within PWA or CCT windows and only permits moving the active tab out of such a window. Extensions using this API on Android will encounter new errors and require updates. (307d27c)
⚠️ BREAKING Behavioral Change (Extensions): WebAuthn Relying Party (RP) ID validation for extensions is now stricter, requiring explicit host permissions for the claimed RP ID's origin. This may break extensions that claimed RP IDs for subdomains without top-level origin permission. (ecf43dd)
⚠️ BREAKING Behavioral Change (UI Toolkit): views::Widget will now CHECK-fail and deterministically crash if destroyed from within its own callbacks (e.g., OnWidgetClosing). This turns a potential use-after-free bug into a hard crash, requiring developers to fix incorrect widget lifetime management. (6b98320)
⚠️ BREAKING Behavioral Change (Core): The invocation timing of the OnRenderProcessHostCreated observer method is now conditional on IPC channel pausing. This can break embedders who rely on its previous, consistent timing for process initialization logic. (d162ee0)
⚠️ BREAKING Public API Removal: The StartTabOrganizationRequest function and kTabOrganization enum value in signin_metrics::AccessPoint have been removed as part of the feature's deprecation. Embedders using these APIs will have build failures. (725cd43)
⚠️ BREAKING Public API Removal (Platform-Specific): The GetOmniboxAutofillDelegate() function has been removed from the PaymentsAutofillClient interface on Android and iOS, causing a build break for embedders on those platforms. (21d209f)
⚠️ BREAKING Public API Signature Change (Networking): The public Cronet API method ICronetEngineBuilder.setProxyOptions has been renamed to setProxyOptionsV2. Embedders must update to the new method name. (aacecf5)
⚠️ BREAKING Public API Signature Change (Networking): The public class net::SSLClientSessionCache has migrated from base::MemoryPressureListener to base::MemoryConsumer. This removes the OnMemoryPressure method, replacing it with OnUpdateMemoryLimit and OnReleaseMemory. (f140d6d)
⚠️ BREAKING Public API Removal (Blink): The public methods Characters8() and Characters16() have been removed from Blink's core String and StringImpl classes. Code must be updated to use the Span8() and Span16() methods instead. (b354742)
⚠️ BREAKING Web Preferences Name Change: The public web preference allow_window_focus_without_user_gesture has been renamed to allow_unrestricted_window_focus. Embedders overriding web preferences must update to the new name. (1d4ce65)

Blink & Web Platform

Support has been added for the CSS property image-rendering: crisp-edges, aligning Chromium with Firefox and Safari for explicit control over image scaling algorithms. (b45f801)
An experimental CSS feature, background-clip: border-area, was implemented behind a flag. This allows the background to extend to the outer edge of the border, enabling effects like gradient borders. (a6021f0)
As part of the "Declarative Web Permissions" feature, the <usermedia> element has been integrated to make a MediaStream directly available in markup. (3cceac4)
A bug in serializing the ::highlight() pseudo-element's argument was fixed, ensuring special characters are correctly escaped. (d4c0554)

Core & Public API

A new getter for BeforeUnloadExecutionMode has been exposed on the public NavigationHandle interface, allowing developers to observe how a beforeunload handler was executed. (32ef21e)
The signature for the exported accessibility function FindAccessibleTextBoundary was updated to use base::span instead of std::vector, improving type safety and flexibility. (139617f)
The public static method WebContentsImpl::GetAllWebContents() now returns a std::vector<raw_ptr<WebContentsImpl>> as part of a security hardening effort. This may require minor type adjustments for callers. (5524fe7)

Security & Stability

A Time-of-Check Time-of-Use (TOCTOU) race condition in speech recognition was fixed, preventing a compromised renderer from bypassing microphone permission prompts. (714840a)
Validation was added in the browser process to prevent a compromised renderer from hijacking mouse events by improperly calling SetMouseCapture. (b885cb0)
The destruction logic for PrerenderNewTabHandle was refactored to be asynchronous, preventing a potential use-after-free crash when browsing data is cleared while a prerender is active. (8c1ead5)
Several use-after-free vulnerabilities were addressed across the codebase by ensuring objects remain alive during observer loops or by preventing re-entrant destruction. (95fc202) (d819b46) (e11da14)

Platform-Specific

Android: The Android SDK was rolled to version 37. (65569e7) (0a12d5a)
Android: The BottomSheetObserver interface gained a new onContainerSizeChanged default method as part of work to allow the bottom sheet to dynamically adjust its height. (162ea7d)
Android: The cursor is now rendered during tab sharing, improving the user experience for viewers. (ec66c01)
Android: Software decoding for 10-bit VP9 streams (Profile 2) was enabled for Android Desktop on arm64. (201aca0)
macOS: To prevent duplicate prompts on macOS 26.4+, Chrome will no longer register itself as a handler for the UTTypeHTML content type, relying on URL scheme registration to become the default browser. (b616b00)

UI & UX

A keyboard shortcut (e.g., Alt+Shift+R on Windows/Linux) was added to open and close Reading Mode. (bd8ce1f)
Fixes were landed for Vertical Tabs to address a crash with multi-selected tabs and to correct close button visibility. (28845c4) (8452c6a)
The What's New page has fully migrated to its "refresh" URLs, and the corresponding feature flag has been removed. (d0bd5f3)

Infrastructure & Reverts

Several commits were reverted due to causing test failures or bugs, including the rollout of FreeWithSize in PartitionAlloc and a change that disconnected a WebView's accessibility tree in Immersive Reading Mode. (2339495) (d0b5432) (f61b5ef)
The auditor.py script was optimized to skip compile_commands.json generation if build files are unchanged, saving significant time for developers. (c3d7db0)
The obsolete SafeBrowsing.PakIntegrity.* histograms and their associated code were removed. (a7f5d81)

2026-03-29

Open Standalone Page

Chromium Digest: 2026-03-29

Overview

This digest covers 12 analyzed commits, highlighting a significant breaking change in core browser interfaces as part of the ongoing 'Bedrock' refactoring. Other changes include UI behavior fixes, internal memory safety improvements, and updates to testing infrastructure.

Core & Internals

⚠️ BREAKING As part of the 'Bedrock' project, numerous public functions in chrome/browser/ui/browser_commands.h and other helpers have changed their signatures to accept a BrowserWindowInterface* instead of a Browser*. This is a major breaking change for embedders who directly call these commands, as affected code must be updated to use the new interface. (6fdf39d)
A large-scale refactoring continued in the media stack to replace file-level #pragma allow_unsafe_buffers with granular UNSAFE_TODO() markers to improve memory safety checks. (e0733f4)
A memory leak in CrossDeviceSettingImporter on Android was resolved by ensuring an observer is properly removed. (05187f4)
Internal properties for the 'Compose' feature were renamed, such as showModelPicker to usePecApi. (158dd16)

UI & Features

The Vertical Tab Strip now supports quickly closing consecutive tabs by triggering a synthetic mouse move event, restoring functionality previously available in the horizontal tab strip. (4d470ec)
The glic TaskOptions API was updated with a new task_duration enum, allowing UI to adapt based on the expected speed of a task. (619d2d3)

Testing & Infrastructure

The test helper chrome::FindAnyBrowser() has been moved and refactored into ui_test_utils::FindAnyBrowser(), now returning a BrowserWindowInterface*. (2174233)
Various tests were updated, including a new test for Android WebView's navigate method state restoration, a rewrite of a settings search test, and updates to TestExpectations following a large Web Platform Tests (WPT) import. (d603680) (261807f) (4bd518d) (10b5c4b)

Localization

Translation files (.xtb) were updated for multiple languages, including Catalan, Estonian, Hindi, and Vietnamese, based on the latest source strings. (fa4c04c)

2026-03-28

Open Standalone Page

Chromium Digest: 2026-03-28

Overview

This digest covers 50 commits from (13f64e8) to (531c249). Four major breaking changes were identified, impacting WebRTC interfaces, the Variations component, Blink's PagePopupClient, and the Safe Browsing build configuration. Other notable changes include spec alignment for CSS box-shadow, security hardening against spoofed unload ACKs, and modernization of base::EnumSet.

API & Build System

⚠️ BREAKING The build_with_tflite_lib build flag has been removed from Safe Browsing. This flag was effectively always on and unmaintained. Builds that explicitly set this flag will now fail, requiring its removal from embedder configurations. (531c249)
The Rust crate itertools is no longer marked as testonly, making it available for general first-party use in production code. (de7fa91)

WebRTC

⚠️ BREAKING webrtc::ArrayView has been replaced with std::span across several WebRTC interface implementations, including webrtc::RtpTransceiverInterface and webrtc::DatagramConnection::Observer. Embedders directly implementing these interfaces must update their method signatures to use std::span. (ad28c74)

Blink & Rendering

⚠️ BREAKING The public method PagePopupClient::AddString in Blink now accepts a StringView instead of const String&. This is a signature change to a public interface that may require updates for embedders who implement or call this client. (956d471)
The rendering of box-shadow for elements with border-shape has been updated to align with the latest CSS Borders 4 specification. This corrects spread expansion and blur handling, leading to more spec-compliant visual output. (776a2c5)
To improve performance, RasterSource updates for PictureLayerImpl are now split into a main-thread staging phase and a compositor-thread incorporation phase. (2a28a87)

Services & Components

⚠️ BREAKING The LimitedLayerEntropyCostTracker API in the Variations component has been refactored. The AddEntropyUsedByStudy method's behavior has changed to no longer check the entropy limit, and embedders must now call the new IsEntropyLimitExceeded() method to perform this check. (80bc68e)
The Send-Tab-To-Self feature has been updated to support sending a tab's full back/forward navigation history, introducing a new NavigationHistory struct to the sync model. (19645de)
The association between WebContents and InterceptNavigationDelegate on Android has been moved from a C++ base::SupportsUserData mechanism to a Java-side map, simplifying the JNI boundary. (e9086b4)
The Optimization Guide's page content annotation service now supports the concatenation of passage embeddings and adds a shopping classifier. (1dcaa2a)

Core & Internals

base::EnumSet has been modernized for C++23. Most methods are now constexpr, and the 64-element limit for constexpr construction of large sets has been removed, improving compile-time capabilities. (b518534)
Reentrancy is now explicitly allowed for ObserverList in BrowserCollection and FileSystemAccess to prevent potential crashes during observer notifications. (5c04081) (29a72db)

Security

A check has been added to disallow spoofed OnUnloadACK messages during the attachment of an inner WebContents (e.g., for MimeHandlerView), hardening against a potential exploit where a misbehaving renderer could incorrectly trigger frame deletion. (1ccd3de)
The client_id is now validated when registering a bundle for an embedded frame sink, ensuring the bundle is associated with the correct renderer process. (57596dc)

UI & Features

A feature flag (#glic-toolbar-button-horizontal-tab-strip) and initial implementation have been added to enable a Gemini button on the desktop toolbar. (00caeeb) (20e8cdc) (262b31e)
On Android, the Side Panel infrastructure is updated to populate the native view into the Java SidePanelContainer. (b2a1485)

Testing & Tooling

New gmock_matchers have been added for UKM (URL-Keyed Metrics) entries to provide more descriptive and powerful assertions in tests, such as EXPECT_THAT(entry, HasMetricWithValue(...));. (5d91e91)
The WebUI ESlint plugin tools are being migrated to TypeScript to improve type safety and maintainability. (dba0f84)
A large number of Web Platform Tests (WPT) have been imported and expectations updated. (0c6f453) (46870b1)

2026-03-27

Open Standalone Page

Chromium Digest: 2026-03-27

Overview

This digest covers 691 commits on the main branch from March 27, 2026, with 500 identified as relevant to developers. Today's changes are particularly impactful, featuring an unusually high number of breaking changes to core C++ and Java APIs, public Mojo interfaces, and build system configurations. Developers should pay close attention to the 'Breaking Changes' section. First commit: (891da1c). Last commit: (8c4ca14).

Breaking Changes

⚠️ BREAKING A new pure virtual method, IsFullscreenAllowedForUnfocusedWebContents, has been added to the public content::ContentBrowserClient interface. All embedders must implement this method in their subclass to compile. (395a125)
⚠️ BREAKING The public Android Java interface TabModel has been refactored to extend TabGroupModelFilter. This is a major signature change that will break any custom implementation or usage of TabModel. (401697a)
⚠️ BREAKING The harfbuzz-ng third-party directory has been renamed to harfbuzz. This file path change will break any downstream build systems or tools that directly reference the old path. (2f9f433)
⚠️ BREAKING Multiple changes were made to core base library APIs. The behavior of base::Thread::IsRunning() has been altered to be similar to std::thread::joinable(), a legacy overload of base::HexEncode() has been removed, and base::CurrentThread::SetTaskRunner() has been removed. (440b72b) (da12fb5) (031d58e)
⚠️ BREAKING The public blink::mojom::PermissionService interface has been updated. Callbacks for HasPermission and RequestPermission now use a new PermissionStatusWithDetails struct instead of the PermissionStatus enum, requiring updates to all callers and implementers. (eee991e) (63142b9) (3c88b7a)
⚠️ BREAKING The ProfileManager and related files have been moved from //chrome/browser to a new, smaller build target //chrome/browser/profiles:profile_manager. Downstream projects must update their build dependencies to include the new target. (fa00b2f)
⚠️ BREAKING The pdf.mojom.PdfHost.SaveUrlAs() Mojo interface was renamed to SavePdf() and its parameters were removed. The browser now uses its existing knowledge of the document's URL. (97d9dd9)
⚠️ BREAKING The public Java JNI bridge TabScopedSidePanelRegistryBridge on Android has been removed. The functionality is now handled natively within TabFeatures. (8bb96ba)
⚠️ BREAKING Core sign-in APIs, including AccountsMutator and ProfileOAuth2TokenService, were updated to use a new signin::TokenBindingInfo struct, breaking the signatures of several public methods. (72fba35)
⚠️ BREAKING The Left() and Right() convenience methods have been removed from the public blink::String class. Code must be updated to use substr() instead. (f72257b)
⚠️ BREAKING The supports_color_picker_dialog property was removed from OzonePlatform::PlatformProperties in the public Ozone API, breaking platform feature detection for embedders. (23eded4)
⚠️ BREAKING The DidChangeThemeColor and DidChangeBackgroundColor IPCs were moved from the blink::mojom::LocalFrameHost interface to blink::mojom::LocalMainFrameHost, preventing subframes from sending these messages. (c4e43fe)
⚠️ BREAKING The public virtual method AimEligibilityService::GetLocale() was changed to a non-virtual method. Subclasses must now implement the new protected virtual std::string GetLocaleInternal() const. (1b9a035)

Web Platform & Rendering

Cookie parsing has been hardened to reject cookies with an empty name and an ambiguous value (e.g., a cookie line of =Foo=Bar). This fundamental change to web platform behavior may break sites relying on the old parsing logic. (6e5ceda)
The behavior of getPropertyValue('all') and setProperty('all', ...) in the CSSOM has been changed to align with the specification. Web content that relied on the previous, incorrect implementation may break. (e101190)
Support has been added for ::view-transition* pseudo-elements to the Element.pseudo() API, allowing script interaction with View Transitions. (1ce2af4)
A bug in CSS animations has been fixed to ensure @keyframes rules are correctly looked up across shadow DOM boundaries, improving behavior for ::part() and ::slotted() pseudo-elements. (8607d18)
The ui::Layer class now supports a background_inverted property, which allows applying an invert filter to the layer's backdrop. (5fd90ca)

Core Internals & Infrastructure

The compositor's cc::TreeSynchronizer has been refactored to use OwnedLayerImplList as the primary mechanism for tree synchronization between the main and impl threads. (bbda441)
⚠️ BREAKING The LoginSessionReporter process and its associated public Mojo interface (login_session.mojom) have been removed on Linux. This was used to gather session environment variables on older versions of GNOME. (f2eec32)
The StreamContainer class has been decoupled from the GuestView infrastructure, allowing it to be shared by both OOPIF PDF and GuestView paths. (8afd2e6)
A deadlock during tab dragging on Wayland/X11 was resolved by allowing the UI thread to yield while waiting for a new window to become visible. (95c487d)
⚠️ BREAKING The public API LayerTreeHost::CreateSharedMemoryForDroppedFramesUkm() has been deleted as part of a removal of the shared memory mechanism for reporting DroppedFrames UKM. (6c46868)

Security

The JavaScript code cache is now disabled for PDF renderers and origin-restricted sandboxed iframes to mitigate potential code tampering vulnerabilities. (6fa3337)
A security vulnerability was fixed where a compromised extension renderer could bypass the webRequestBlocking permission check. (2619b94)
Speculation rules, LCP predictions, and link previews are now restricted to active main frames, preventing inactive or sub-frames from triggering them. (b028f9f)

Android & WebView

⚠️ BREAKING The public Java API for the "Send Tab to Self" feature has been broken. The PageContext parameter and associated JNI methods have been removed, with form-field extraction now handled entirely in C++. (9282607)
The chrome://management page is now a WebUI, replacing the previous native view. This change was made to support displaying extensions on Android. (bed3443)
Input events are now blocked in CompositorViewHolder when the tab content is obscured by a modal dialog or scrim, preventing unintended interactions. (8b551f6)
A new feature flag, AndroidDesktopStyleScrollbars, has been added to enable desktop-style scrollbars on devices with fine-pointer input (e.g., a mouse). (c9454db)

iOS

An input accessory view, similar to Safari's, has been added to improve keyboard navigation and control on web forms. (e8b1feb)
A crash in DownloadListMediator was fixed by ensuring the observer bridge is safely cleaned up, even when notifications are active. (bd2d204)

2026-03-26

Open Standalone Page

Chromium Digest: 2026-03-26

Overview

This daily summary covers 684 commits on the main branch, with 513 identified as relevant to developers. Today's changes include a remarkable number of breaking API and behavior modifications across components like Bluetooth, Omnibox, Networking, and WebGL. Key improvements were also made to the web platform, including new parameters for the Web Speech API and better font variation support. This summary covers commits from (b07f2ee) to (2738560).

API & Behavior Changes (Breaking)

⚠️ BREAKING BREAKING: Bluetooth-related methods such as AllowWebBluetooth have been removed from the public content::ContentBrowserClient interface. Embedders must now implement the new content::BluetoothDelegate to provide this functionality. (3cb4ab6)
⚠️ BREAKING BREAKING: The chrome.test.runTests() extension API is now promise-based instead of synchronous. This is a signature and behavioral change to a stable testing API that will break test suites relying on its previous synchronous nature. (d0c2f20)
⚠️ BREAKING BREAKING: The public virtual method IsAuthenticatedForDriveSuggestions() has been removed from the components/omnibox/browser/autocomplete_provider_client.h interface. Embedders must remove their override of this method. (f8a90a5)
⚠️ BREAKING BREAKING: On Android, the behavior for handling downloaded PDF files has changed. Completed PDF downloads will now open in Chrome's native viewer by default, instead of triggering an intent for an external application. (483eccb)
⚠️ BREAKING BREAKING: In org.chromium.chrome.browser.multiwindow.MultiWindowUtils, the public Java method getInstanceCountWithFallback() was renamed to getInstanceCount(), and getIncognitoInstanceCount() was removed. Downstream Android projects using this class will break. (a8ce63d)
⚠️ BREAKING BREAKING: The public words attribute has been removed from the SpellCheckCustomDictionary web API. Web developers must now use the addWords() and removeWords() methods to manage custom dictionaries. (e2b0340)
⚠️ BREAKING BREAKING: WebGL's texImage2D and texSubImage2D will now generate a GL_INVALID_VALUE error for SVG images that lack an intrinsic size. Previously, this case would fall back to a default 300x150 size, and web content relying on this behavior may break. (213ac82)
⚠️ BREAKING BREAKING: The public enum value CookieSourceType::kUnknown has been removed from net/cookies/cookie_constants.h, and several deprecated CreateForTesting overloads were removed from net/cookies/canonical_cookie.h. (4cc14f6)
⚠️ BREAKING BREAKING: The public struct media::DecoderBufferSideData no longer contains the itu_t35_data byte array. It has been replaced with a parsed gfx::HDRMetadata object, requiring code updates for direct data access. (1fe79fa)
⚠️ BREAKING BREAKING: The public function webauthn::OriginIsAllowedToClaimRelyingPartyId now returns false if the origin is not a secure context (e.g., not HTTPS). This is a behavioral change to enforce security, which may affect callers not pre-validating the origin. (9302cf7)
⚠️ BREAKING BREAKING: The constructor for BrowserSwitcherPrefs in the enterprise BrowserSwitcher component has changed. It now takes PrefService* and policy::PolicyService* instead of a Profile*, requiring updates for embedders using this feature. (de22de2)
⚠️ BREAKING BREAKING: Public static methods addEntry and addScrollPositionToPageContext have been removed from the SendTabToSelfAndroidBridge Java class, breaking any Android embedders using these methods. (9869306)
⚠️ BREAKING BREAKING: The constructor for AccessibilityQueryService now takes a std::vector of data providers instead of a single one, breaking any embedder code that constructs this service directly. (1e10530)

Web Platform & Blink

The Web Speech API now supports a quality parameter, allowing web developers to request specific on-device speech recognition models. (2e7e4fd)
New APIs were added to WebFormControlElement to extract detailed text layout information from <textarea> elements, in preparation for PDF Ink Signatures. (54204b7)
Blink can now parse and process the AVAR2 font table, enabling support for more advanced font variations. (0fa7607)
Support has been added for parsing spatial dimensions (xywh) in SVG Media Fragment URIs, improving alignment with the W3C specification. (b1df873)
The experimental WebMCP (Web Model-Calling Protocol) API was updated to use an AbortSignal for managing tool registration lifetime, and support was added for describing multi-input parameters. (71866d8) (636a840)
The PaintOffsetTranslationForComposited feature has been enabled by default, changing how paint offsets are handled for composited layers to improve performance and correctness. (3a7c263)

Android & WebView

For WebView, a new getMaxPrerenders API was added to the Profile interface, allowing developers to query the configured prerender limit. (1cafa5a)
WebView now exposes the IgnoreDuplicateNavs feature via AwSettings, allowing embedders to opt-in to discarding redundant navigations for performance. (a20495e)
The Cronet build process was improved by moving to a shared library location and shipping fine-grained base targets, which helps reduce package size and improve dependency management. (174f3d8) (abdc916) (17404f4)
The JNI system now hooks env->FindClass to be aware of split APKs, enabling JNI calls into code that resides within Chrome feature splits. (d93249a)
The New Tab Page continues to be refactored, with NewTabPageCoordinator now using a PropertyModel and ViewBinder pattern for better architecture. (e2db56f) (505ab04)

iOS

A new public API, SetUserAgent, was added to web::WebState to allow embedders to override the user agent on a per-WebState basis. (f521739)
Siri Shortcut support has been added for opening bookmarks. (c83ce48)
The internal mapping between WKWebView and web::WebState was simplified by moving from a custom linked list to an Objective-C associated object, improving performance and code simplicity. (7984b8d)
The downloads list has been updated with a new search bar. (19a830b)

Media & Graphics

A new media::mp4::HdrMetadataTrack class was introduced to parse and attach HDR metadata from MP4 files to the corresponding video frames. (830194a)
On Windows, the D3D12 video encoder was updated to report more specific DirectX error codes instead of a generic failure, improving telemetry and debugging. (2d9364b)
A VSync stall during fling gestures on Android was fixed by correctly registering the fling scheduler as a BeginFrameObserver. (5efefdf)

Extensions

Test coverage for extensions on desktop Android continues to expand, with API tests for tabs, i18n, permissions, search, and clipboard being enabled or added. (1fa9861) (d198c46) (d93fb5b) (3103734)
Several internal extension APIs, including certificateProvider and brailleDisplayPrivate, were converted from the legacy JSON format to WebIDL for better type safety and maintainability. (757e799) (01733fc) (b22d5a4)

Infrastructure & Code Health

The -Wexit-time-destructors compiler warning is now enabled by default for Chromium builds to help find and prevent shutdown issues caused by global objects with non-trivial destructors. (0d25486)
The legacy Send-Tab-To-Self UI, which relied on system notifications, has been removed entirely in favor of the modern bubble UI. (577a926)
A new presubmit check was added to ensure that flag-metadata.json entries are synchronized with about_flags files, preventing stale metadata. (812687d)
Numerous obsolete or fully launched feature flags were removed from the codebase, including FEED_HEADER_REMOVAL, omnibox-drive-suggestions-no-sync-requirement, and kEnableSideGesturePassThrough. (faa4e0f) (f8a90a5) (b1b7029)

2026-03-25

Open Standalone Page

Chromium Digest: 2026-03-25

Overview

This daily summary covers 705 commits on the main branch, with 511 identified as relevant to developers. The changes span from commit (60f1c8a)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((60f1c8a)) to (c704012)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((c704012)). Today's changes include an unusually high number of breaking API and build system changes affecting core utilities, Blink, Autofill, and platform-specific code on Android and ChromeOS. Embedders are strongly advised to review these changes for required updates.

Core & Build System

⚠️ BREAKING BREAKING: The //base:base_java build target has been split into smaller, more granular targets (//base:java_exception_reporter, //base:jni_callback, //base:token). Embedders must update their BUILD.gn files to depend on the new, specific targets. (1397b82)
⚠️ BREAKING BREAKING: The free function swap for base::ScopedGeneric has been changed to take non-const references instead of const references. This signature change will break any code attempting to swap const ScopedGeneric objects. (d507cd7)
⚠️ BREAKING BREAKING: The behavior of the public API base::ReplaceFile on Windows has changed. It will no longer return an error if it fails to create a backup file, instead proceeding with the replacement. Embedders relying on the previous failure condition will experience a behavioral break. (36a258f)
⚠️ BREAKING BREAKING: The contract for the public observer interface ui::gfx::x::EventObserver::OnEvent has been changed to allow reentrant calls. Implementations that were not designed to be reentrant may now fail or exhibit incorrect behavior. (65c7091)
The kMojoUseEventFd feature has been enabled by default on Android to improve input delay and INP metrics. (04ae8a0)
Checks were added to HistoryService to prevent observers from being registered or unregistered after shutdown, fixing a potential crash. (38032d9)

Blink & Web Platform

⚠️ BREAKING BREAKING: A new virtual function, GetHTMLElementType(), has been added to the core blink::Node class. This is an ABI-breaking change that will affect embedders who subclass blink::Node or other core DOM classes, as they will now need to provide an implementation for this new function. (f252b9b)
BREAKING: The public API method WebInputElement::IsLastInputElementInForm() has been removed from third_party/blink/public/web/web_input_element.h. Any code calling this function will no longer compile. (1f62108)
The CSS property text-decoration-skip-ink: all is now enabled by default, moving it from an experimental to a stable feature. (1e520da)
The WebInstall API (<install> element and navigator.install()) is now disabled in sandboxed contexts to prevent misuse. (92178a8)
An integer overflow that could crash the renderer when receiving a WebSocket message larger than 4GB has been fixed. (60b543e)
The JXL image decoder is updated to use frame scanning and seeking for better animation and progressive rendering performance. (d94c83c)
The kLocalNetworkAccessPromptDirectSockets feature is now enabled by default, changing the permission workflow for Direct Sockets. (d96e669)

UI & Features

⚠️ BREAKING BREAKING: The virtual method OnKeywordModeChanged has been removed from the public OmniboxClient interface. Embedders who override this now no-op method must remove their implementations to avoid build failures. (f22d35c)
⚠️ BREAKING BREAKING: The CancelScan method was removed from the crosapi::mojom::DocumentScan interface as part of a service refactor. ChromeOS clients relying on this mojom method will break. (dcaab7d)
On Linux, middle-click functionality on the new tab button has been restored. (c1ff01c)
The Certificate Manager UI (chrome://settings/certificates) has been migrated from WebUI Polymer to Lit. (56347d7)
Work continues on the "Let Chrome browse for you" (Glic) feature, with context menu improvements and the removal of the side-panel feature flag as it is now fully launched. (11fd237) (88eb0ba)

Android & iOS

⚠️ BREAKING BREAKING: The public Java method openUrlInOtherWindow() was moved from the MultiInstanceManager class to the MultiInstanceOrchestrator class. Embedders on Android calling this method for multi-window management must update their call sites. (8d0821c)
⚠️ BREAKING BREAKING: Support for file-based video capture (via the --use-file-for-fake-video-capture switch) has been removed on the Android platform. Embedders using this for testing will find the feature no longer works. (1cabf78)
On Android, Side Panel registries are now supported at both the tab and window scope, allowing for more flexible UI integrations. (58130a8)
On iOS, a startup hang has been fixed by deferring the registration of background refresh tasks until later in the application lifecycle. (efff262)

Media & Graphics

⚠️ BREAKING BREAKING: The public gfx::HDRMetadata struct has been refactored to use internal Skia types. Direct member access (e.g., .smpte_st_2086) has been removed in favor of new getter/setter methods like .SetMDCV() and .GetCLLI(). Embedders must update their video and graphics integration code. (8cb7cd0)
A bug in the D3D12 video decoder that could cause visual corruption by reading stale bitstream data has been fixed. (5b73734)
Bounds checking was added to the VP8 hardware accelerator to prevent a potential unsigned integer underflow. (42ff1bc)

Autofill & Payments

⚠️ BREAKING BREAKING: The signature of the public callback AutofillClient::EntityImportPromptResultCallback has been changed. It now requires a second parameter, const EntityImportUIContext&, to pass UI consent details. Embedders implementing AutofillClient must update their function signatures. (d130440)
The Autofill CVC storage feature flag and related code have been cleaned up following its launch on all platforms. (22e3267)

Extensions

⚠️ BREAKING BREAKING: The public utility function download_crx_util::IsExtensionDownload has been removed from chrome/browser/download/download_crx_util.h. Embedders should use extensions::util::IsExtensionDownload instead. (76c1222)
A potential popup blocker bypass was fixed by adding browser-side validation to ensure only legitimate extension contexts can open popups without user interaction. (3b4c638)
The feature allowing users to toggle user script injection on a per-extension basis is now enabled by default, and old preference migration logic has been removed. (9ffa658)

Security & Privacy

Renderer-provided user gesture signals are no longer trusted for permission requests. The browser process now checks the true transient activation state, hardening the permission prompt mechanism. (89632d8) (8dda06b)
A potential directory traversal vulnerability in the UI DevTools GetSourceCode function has been patched. (26c7490)
A null-dereference crash in the Digital Identity Credential API was fixed. The crash occurred if an iframe was destroyed while a request was being processed. (b48a021)

Code Health & Infrastructure

The DelayRfhDestructionsOnUnloadAndDetach feature flag and its associated code paths have been removed, simplifying the lifecycle management of RenderFrameHost. (aa54fb5)
Several services, including those for Dedicated and Shared Workers, were updated to use the strongly-typed content::ChildProcessId instead of raw integers, improving type safety. (2a26522) (12222ff) (57d5b4f)
Numerous launched or obsolete feature flags were removed, including kTabGridDragAndDrop (iOS), kNtpSafeBrowsingModule, MagicStackAndroid, and AutofillCvcStorageEnabled. (6a5f9a3) (8be876b) (637ab3d) (22e3267)
A significant number of reverts occurred for changes causing build or test failures, including for audio channel layouts, a Graphite GPU backend change, and an experimental sign-in flow on Android. (ce520a1) (d1ffb68) (937ee64)

2026-03-24

Open Standalone Page

Chromium Digest: 2026-03-24

Overview

A busy day with 687 total commits, of which 519 were deemed relevant to developers. The day saw an unusually high number of breaking changes across the codebase, affecting core APIs, Blink, UI, extensions, and platform-specific code. Major refactors were landed in the sessions, sync, and extensions components, requiring embedders to update their code. Work also continued on multinetworking support and general code cleanup.

API, Core, and Compositor

⚠️ BREAKING BREAKING: The public syncer::DeviceInfo class has been refactored to use native C++ types for its members instead of sync protocol buffer types, breaking clients that construct or inspect DeviceInfo objects. (165bf33)
⚠️ BREAKING BREAKING: The public API for components/sessions::SessionCommand has been changed. The size() method was removed and PayloadAsPickle() was renamed to ContentsAsPickle(), breaking embedders using this interface. (364c522)
⚠️ BREAKING BREAKING: The core compositor method cc::LayerImpl::PushPropertiesTo has been renamed to CopyPropertiesTo and its functionality split. Custom LayerImpl subclasses overriding the original virtual method must be updated. (b3d21ec)
⚠️ BREAKING BREAKING: The behavior of StringBuilder::operator<< has been changed for char and UChar types to serialize them as characters instead of their integer values. This can break code relying on the previous numeric output for logging or serialization. (b97df4a)
base::PostTaskAndReplyWithResult has been improved to support reply functions that take multiple arguments by having the task function return a std::tuple. (b791274)
The base::Feature API and its macros were moved to a new, self-contained header (base/feature.h) to resolve circular dependencies and improve modularity. (5063835)

Blink and Web Platform

⚠️ BREAKING BREAKING: The IDL definitions for DOM manipulation methods like beforeHTML() and setHTML() have been altered, changing the accepted types for the options parameter. This is a breaking change to the public web-facing API. (368d532)
⚠️ BREAKING BREAKING: The public Blink class PauseMicrotasksHandle in event_loop.h has been made non-copyable and non-assignable, which will break any code that was previously copying instances. (8222b27)
⚠️ BREAKING BREAKING: The public Blink string utility String::FromUTF8 has been renamed to String::FromUtf8 and an overload has been removed. (1401a72)
⚠️ BREAKING BREAKING: The public API AtomicString::FromUtf8(const char*) has been removed from Blink. Code should be updated to use the AtomicString::FromUtf8(std::string_view) overload. (a045d0d)
⚠️ BREAKING BREAKING: The signature of RasterInterface::ReadbackYUVPixelsAsync, a core public interface for GPU operations, has been modified. The source_size and paste_location parameters were changed. (85d21e9)
Support for the stopped value in the image-animation CSS property has been implemented, allowing animated images to be stopped and reset to their first frame. (4fa3a3f)
On Android, Document Picture-in-Picture now reparents the video's frame sink to the PiP window's compositor to prevent video stutter when the originating tab is minimized. (01dadfb)
The experimental HighlightPointerEvents feature and its associated HighlightPointerEvent interface have been removed, as they were superseded by the shipped HighlightsFromPoint feature. (894087f)

Networking and Services

⚠️ BREAKING BREAKING: The constructor for the core public class net::ClientSocketPool::GroupId has been changed to support multinetworking. Callers must now pass a new target_network parameter. (52a2dea)
⚠️ BREAKING BREAKING: The InitializeRequest method in the public base class ContentAnalysisInfoBase is now a pure virtual function. Embedders with custom subclasses must implement this method. (2d6e854)
⚠️ BREAKING BREAKING: The public virtual methods GetSamplingParamsConfig and GetFeatureMetadata have been removed from OnDeviceCapability and OptimizationGuideKeyedService, breaking embedders who used them for on-device model configuration. (fb071c6)
As part of the multinetworking effort, URLRequest and HttpRequestInfo classes were updated to include a target_network member. (ba4fdb3) (87a4047) (337a3df)
The kSkipTpcdMitigationsForAds feature and related ad-heuristic logic for third-party cookie deprecation have been removed, simplifying the codebase. (5414c90)
A browser-side check for the fullscreen Permissions Policy has been added in RenderFrameHostImpl::EnterFullscreen() to enforce the policy even if the renderer is compromised. (23da98a)

UI, WebUI, and DevTools

⚠️ BREAKING BREAKING: The core WebUI utility sendWithPromise in ui/webui/resources/js/cr.ts now requires a mandatory generic type parameter specifying the promise's payload type. Calls without this will no longer compile. (7c7425f) (2035199)
⚠️ BREAKING BREAKING: The public class views::UserResizeDetector has been renamed to views::UserResizeMoveDetector. Embedders using this ui/views class will need to update their code. (18b13c6)
⚠️ BREAKING BREAKING: The TabAlert and TabNetworkState enums have been moved from chrome/browser/ui/tabs to the public component components/tabs/public, changing their include paths and namespaces. (a9634cc) (6b531e1)
BREAKING: Enum values related to the deprecated Tab Organization feature have been removed from the stable chrome/browser/ui/webui/tab_search/tab_search.mojom interface, breaking clients of this mojom API. (d479cf0)
New observer notifications, OnNativeWidgetUserDragStarted and OnNativeWidgetUserDragEnded, have been added to views::Widget to allow clients to distinguish between a window being moved versus resized. (b4fe7f8)
A new CrashReportContext domain has been added to the Chrome DevTools Protocol (CDP) to allow inspection of key-value pairs stored for crash reporting. (ea739c3)
Touchpad history navigation is now enabled by default on Linux, aligning its behavior with Windows and ChromeOS. (9cf0141)

Extensions

⚠️ BREAKING BREAKING: As part of moving WebstoreInstaller from //chrome to //extensions, new pure virtual methods have been added to the ExtensionsBrowserClient interface. This forces all embedders to implement the new methods, causing a compilation break. (cb457f6)
The browser namespace for extensions (kExtensionBrowserNamespaceAndPolyfillSupport) is now enabled by default, shipping the feature. (6f12cd1)

Autofill and Payments

⚠️ BREAKING BREAKING: The core Autofill utility function ToSafeFieldType in field_types.h has been refactored to return a std::optional<FieldType> instead of a FieldType, breaking code that uses the old signature. (31cce64)
⚠️ BREAKING BREAKING: The AutofillSharedStorageHandler class has been removed. Embedders using this class or instantiating PersonalDataManager directly will have build failures. (d7b4885)
UI text for saving payment cards and confirmation messages has been updated to reflect "Google Wallet" branding. (b6184b2) (2363e4c) (afdc3d9)

Platform-Specific

⚠️ BREAKING BREAKING (iOS): The WebStateObserver list has been marked as re-entrant to prevent crashes. This is a significant behavioral change to a core public API for iOS embedders who may have relied on the previous non-re-entrant notification behavior. (5034d37)
⚠️ BREAKING BREAKING (Android): A deprecated, default-implemented onAddedToTask() method has been removed from the public Java interface ChromeAndroidTaskFeature. Classes implementing this interface must now implement onAddedToTask(long nativeBrowserWindowPtr). (456ce60)
⚠️ BREAKING BREAKING (ChromeOS): The signature of the public mojo interface PinFactorEditor::CheckPinComplexity has been changed. The return type is now a result<> union, and the PinComplexity enum has been simplified. (86f795d)
(Android) JniZero has been patched to override the default FindClass behavior with a version that is aware of APK splits. This is a compatibility fix for third-party libraries like Cardboard that make direct JNI calls. (3312e8f)
(iOS) Drag-and-drop is now enabled by default. (34fefe1)

Build and Infrastructure

The build_with_tflite_lib build option has been removed from numerous components (Omnibox, Permissions, Autofill, Media, etc.) as it is now universally enabled, simplifying build configurations. (4f546f2) (bc399d2) (c7500c1) (711d2fc) (c907c62) (16a600b) (16777dd)
The DirectReceiver mojom attribute has been removed. It was a no-op and is no longer enforced or recognized by the mojom toolchain. (d7bb901) (239b3c8) (24d3982)
Rust code for C++ sequence integration has been moved from //mojo to //base as part of establishing new guidelines for Rust code within the core base library. (e70725a)

2026-03-23

Open Standalone Page

Chromium Digest: 2026-03-23

Overview

This digest covers 578 commits from March 23, 2026, with 438 deemed relevant to developers. This was a day of significant API refactoring, with numerous breaking changes across core, UI, and ChromeOS components. The first relevant commit was (12284ce) and the last was (db815f5).

Breaking Changes

⚠️ BREAKING The crosapi::mojom::cros_display_config interface was removed entirely. The public C++ API ash::CrosDisplayConfig was also changed to use int64_t for display identifiers instead of std::string, breaking all clients of the display configuration API on ChromeOS. (13cedb9) (f8e02af)
⚠️ BREAKING The core ui::Clipboard API has been changed. Methods WriteBookmark and ReadBookmark have been renamed to WriteURL and ReadURL respectively, and their signatures now use the ClipboardUrlInfo struct. (624e217)
⚠️ BREAKING The 2-parameter overload of content::WebContents::IgnoreInputEvents has been removed. Callers must update to the single-argument version. (05268bd)
⚠️ BREAKING Account settings logic has been moved from components/autofill to a new components/account_settings component. This changes header paths and namespaces from autofill:: to account_settings:: for classes like AccountSettingService. (a1b05c5)
⚠️ BREAKING The network::mojom::NetworkContext::CreateWebSocket mojo method signature has changed, adding a network_restrictions_id parameter. Implementations of this service must be updated. (0f1662a)
⚠️ BREAKING The public TabStripApiObserver::OnTabsClosed method and OnTabsClosedEvent have been renamed to OnNodesClosed and OnNodesClosedEvent. (73c9765)
⚠️ BREAKING The blink::mojom::Frame::BeforeUnload mojom interface signature has changed, adding a force_to_proceed boolean parameter to support asynchronous execution. (2cb8be8)
⚠️ BREAKING The core Blink utility method AtomicString::FromUTF8() has been renamed to FromUtf8() to conform to style guides. (bd3411c)
⚠️ BREAKING The public virtual method GetOnDeviceCapabilities() has been removed from the OnDeviceCapability interface as part of a refactor. Callers should use ModelBrokerClient instead. (6e00555)
⚠️ BREAKING Several public methods (e.g., GetIssuerCommonName, GetTimes) have been removed from X509CertificateModel as part of its refactoring into the new components/certificate_model component. (35ed0b5)
⚠️ BREAKING On Android, the public method addDestructionObserver has been removed from the SuggestionsUiDelegate Java interface. (5a70b48)
⚠️ BREAKING The TrackedElementRects struct has been moved from the cc namespace to the viz namespace. Embedders accessing this via RenderFrameMetadata must update include paths and type names. (2242c67)
⚠️ BREAKING The exported C++ switch blink::switches::kEnableWebGLImageChromium has been renamed to kEnableOverlaysAndLowLatencyUsageForWebGL. (1d5f025)
⚠️ BREAKING The public API for CrosAppsApiRegistry on ChromeOS now uses content::BrowserContext* instead of Profile*, requiring updates for embedders using this registry. (18b7586)

API & Architecture

Several feature flags for launched features were removed, making their behavior permanent. This includes kQueueNavigationsWhileWaitingForCommit, kContentVerifyJobUseJobVersionForHashing, and kFilesConflictDialog (ChromeOS). (369b2d9) (d49106f) (ae18657)
As part of Project Bedrock, profile_manager.cc was migrated away from using BrowserListObserver to reduce dependencies on the Browser object. (7427fd2)
A new LocationIconInterface was extracted to decouple the location bar icon's logic from the native Views framework, paving the way for a WebUI implementation. (8222d0b)
The JSONParser class references were removed following its replacement by a Rust-based implementation. (7e81108)

Blink & Web Platform

WebTransport connections will now be closed when a page enters the BackForwardCache, rather than blocking the page from being cached. (3b1c1a8)
An experimental implementation of ML-DSA (a post-quantum signature algorithm) is being added to the WebCrypto API, gated by the WebCryptoPQC feature flag. (2da14fd)
A new method, WebFormControlElement::GetTextInfo(), was added to retrieve font and glyph information from form elements, intended for use by PDF text annotations. (67421ea)
The experimental marker attribute, related to declarative shadow DOM, has been completely removed from Element and ShadowRoot. (f2a2c34)

UI & UX

Android: A reusable TabBottomSheet JNI bridge was introduced to simplify native integrations with the Android bottom sheet. (c2d14de)
Android: WebView behavior was aligned with the Android ecosystem by removing a custom select_action_menu_paste resource ID in favor of the standard android.R.id.paste. (0bceff6)
macOS: A crash in the tabstrip that occurred when switching to vertical tabs has been fixed. (703c279)
iOS: Logic was added to correctly handle the tab count button in the app bar when there are zero tabs. (6fb8703)

Networking & Security

Android: Initial support was added to check for network connections blocked by the new Local Network Protection (LNP) permission, introducing a new ERR_LOCAL_NETWORK_PERMISSION_MISSING error code. (7c1ae43) (19434ee)
The Brotli library was updated to fix a decoding hang on certain inputs. (224140d)
To defend against a potential clickjacking vector, logic was added to traverse local parent frames when checking for SVG filters applied to cross-origin content. (032145b)

Performance & Media

The performance of generating stack traces with line numbers on Linux was significantly improved by optimizing how the .debug_aranges section is parsed. (bd3bd31)
Support was added for parsing and attaching Dolby Vision RPU (dynamic metadata) to H.265 video, improving HDR video playback capabilities. (3e77dae)
A large number of UKM (URL-Keyed Metrics) reporters were removed from the compositor (cc/metrics), simplifying the metrics pipeline. (43be1f5)
The ui::gfx::Tween::CalculateValue method was optimized by making cubic bezier instances static, avoiding reconstruction on every call. (938e146)

Build & Infrastructure

The ENABLE_EXTENSIONS build flag was updated to ENABLE_EXTENSIONS_CORE in several places to correctly support extensions on desktop Android. (e673bb6) (da00c0f)
The siso build tool was updated to version 1.5.7. (32939b2)
Initial GEMINI.md files were added to several subdirectories to improve the effectiveness of AI-assisted coding tools. (15c8983) (a138750)

2026-03-22

Open Standalone Page

Chromium Digest: 2026-03-22

Overview

This digest covers 20 commits from the Chromium repository, with a focus on major changes impacting embedders. Key updates include significant API refactoring in the browser UI layer as part of Project Bedrock, resulting in several breaking changes. Other changes involve internal refactoring, bug fixes, and performance improvements.

Browser Core & UI

⚠️ BREAKING BREAKING: As part of the 'Bedrock' project to decouple core browser logic from the UI, several public functions have been removed or had their signatures changed. The function chrome::GetTabbedBrowserCount has been removed from chrome/browser/ui/browser_finder.h. Additionally, numerous utility functions in chrome/browser/ui/chrome_pages.h and chrome/browser/ui/singleton_tabs.h (e.g., ShowSettings, ShowSingletonTab) now require a BrowserWindowInterface* instead of a Browser*. Embedders directly calling these functions will need to update their code to use the new interfaces or find alternatives. (ebb63bf) (7f61ab9)
The 'Bedrock' project continues with the introduction of BrowserCollection::GetLastActiveBrowser() as a modern replacement for older APIs and the migration of macOS-specific handoff_observer away from BrowserListObserver. (27f213d) (ed4f7e5)
Several UI bug fixes were landed, including visual corrections for pinned split tabs in the Vertical Tabs experiment and ensuring back/forward buttons update correctly in the WebUI Browser. (c3f3459) (ff4276f) (6f46759)

Extensions

⚠️ BREAKING BREAKING: The public static method extensions::ExtensionPrefs::RegisterBrowserPrefs has been renamed to extensions::ExtensionPrefs::RegisterLocalStatePrefs to more accurately reflect its function. Embedders using this method to register preferences will need to update the function call. (8a737a5)

Services & Components

In WebAuthn, a more detailed metric WebAuthentication.Enclave.PinRenewalActionOutcome has been added to record PIN renewal outcomes, obsoleting the previous WebAuthentication.PinRenewalFailureCause metric. (8771676)
A security mitigation (ADVANCED_MEMORY_SAFETY_CHECKS) has been added to TabModalDialogManager to help prevent use-after-free vulnerabilities. (8460673)
The Optimization Guide component received code cleanup, migrating several functions to use std::string_view for improved performance. (bd057d6)

Android

A recent change to open existing Payments and Addresses settings pages from the Autofill and Passwords screen on Android was reverted due to build failures. (6948ed9)

Internals & Infrastructure

To improve performance, TLS getters have been exempted from Checked Span bounds checks, which were showing up as hot on Speedometer profiles. (d5c3cbd)
New unit tests were added for the Checked Span container and the TabSearchPageHandler to verify behavior and prevent future regressions. (346b40a) (dd1e9b6)
Routine updates include translation file updates, minor comment fixes, and ownership changes. (8b0323b) (8c65b3e) (cadc4dd)

2026-03-21

Open Standalone Page

Chromium Digest: 2026-03-21

Overview

This digest covers 46 commits from the Chromium repository, spanning from commit (3e3bf49) to (9ba674e). The analysis identifies three major breaking changes in Core APIs, Compositor, and Media, affecting embedders and web applications relying on specific EME behaviors. Other notable changes include advancements in experimental features like Contextual Tasks and WebNN, security enhancements in navigation handling, and various internal refactorings and dependency updates.

Core APIs & Embedders

⚠️ BREAKING BREAKING: The ServiceWorker framework has been migrated to use content::ChildProcessId instead of primitive int types for process IDs. This affects public content/ APIs, including the constructor for ServiceWorkerClient and the return type of ServiceWorkerClient::GetProcessId(). Embedders interacting with these APIs will need to update their code to use the new ChildProcessId type. (0e161e8)
⚠️ BREAKING BREAKING: The cc::LayerContext interface has been modified. The target_local_surface_id parameter was removed from the UpdateDisplayTreeFrom method. Its functionality is now handled by a new virtual method, SetTargetLocalSurfaceId. Embedders who provide custom implementations of LayerContext must update their code to match the new interface signature. (f0fa73e)
A crash in ActorKeyedService has been fixed. The crash occurred when getActiveTasks was called from a callback that was triggered by a task's completion. The fix ensures the completed task is removed from the active list before callbacks are run. (24300df)

Media

⚠️ BREAKING BREAKING: For PlayReady EME on Windows, queries for HDCP 2.3 support will now correctly report as 'not supported' (OUTPUT_RESTRICTED). Previously, this query may have incorrectly indicated support. This change aligns behavior with the underlying OS capabilities but may break applications that were relying on the previous incorrect behavior. (87eee40)
The Video Capture Device on Android will now send color space information to the client. (3e4c084)
Hardware-accelerated video decoding via VA-API is now enabled for arm64/aarch64 Linux builds. (f7b4e79)
A thread affinity conflict in CrasAudioHandler has been resolved by decoupling it from VideoCaptureObserver using a proxy. This fixes a shutdown crash on ChromeOS where the observer was registered on the IO thread but destroyed on the UI thread. (47862bf)

Rendering & Compositing

A bug in the html-in-canvas feature that caused incorrect compositing for inline elements has been fixed. This prevents the creation of unnecessary composited layers for canvas descendants. (9ba674e)
Internal methods Document::ImplicitClose() and LocalDOMWindow::DocumentWasClosed() have been renamed to Document::DispatchLoadEventandFinalize() and LocalDOMWindow::DispatchLoadAndPageshowEvents() respectively to more accurately reflect their function. This is a code clarity improvement with no functional change. (3e3bf49)

Extensions

A performance optimization for WebRequest proxying in WebViews has been introduced behind the kOptimizeWebRequestProxy feature flag. When enabled, it avoids global proxying for all renderers when a webview extension is present, instead applying proxying on a more granular, frame-aware basis. This also fixes a bug where WebSocket and WebTransport requests from WebViews in WebUI were not being intercepted. (95c9427)
A histogram has been added to track the length of text set on extension action badges. This data will be used to determine if a length limit should be imposed in the future to prevent memory issues from buggy extensions. (73e8489)

Experimental Features

Several validation checks have been added to the experimental WebNN API to prevent buffer overflows and handle invalid padding values in conv2d and pooling operations within the TFLite backend. (41c622e) (63c8325) (8859cdd)
The experimental 'Contextual Tasks' feature is now enabled on Android. Additional changes include adding a debugging interface and fixing UI behaviors like element jumping and keyboard navigation. (6ebc299) (2505a80) (0dbe100) (f0a4abc)
A context menu entry has been added for the experimental 'Glic' (Gemini in Chrome) feature, which will be controlled via an experiment. (8df2c9f)

Security

Logging for unexpected Origin headers on navigation requests has been refined to only trigger on renderer-initiated navigations. This avoids firing on legitimate browser-initiated cases, such as going back to a POST that redirected to a GET. (bbbb03f)
The order of checks in the RequireCTDelegate has been refactored for efficiency. The delegate will no longer check if a Certificate Transparency requirement can be overridden if it's already known that the SCTs comply with the policy. (5ade5a4)

Infrastructure & Internals

Third-party dependencies have been updated, including rolls for libaom, WebGL conformance tests, and patches for mediapipe. (e021654) (5863585) (7d11d4e)
A new feature flag, kUseStrongRefToSharedImageInterface, has been added to allow ClientSharedImage to hold a strong reference to SharedImageInterface, preventing it from becoming invalid during use. (2951d29)

2026-03-20

Open Standalone Page

Chromium Digest: 2026-03-20

Overview

This summary covers 583 commits on the main branch from March 20, 2026, with 431 deemed relevant to developers. The day saw an unusually high number of breaking changes across core internals, JNI, platform APIs, and extensions. The first commit of the day was (0939042) and the last was (f08dfd5).

Build System & Core Internals

⚠️ BREAKING The bundled xdg-mime and xdg-settings utilities have been removed. Production Linux builds must now ensure the host system has a sufficiently modern version of xdg-utils installed, changing a long-standing dependency assumption. (4258ce4)
⚠️ BREAKING The Windows message pump observer API in base has been significantly altered. MessagePumpForUI::Observer is renamed to NativeEventObserver, the registration model now only supports a single observer, and method signatures have changed (e.g., from const MSG& to uintptr_t). (6be9b03) (fe915f0)
⚠️ BREAKING The core blink::Platform::InitializeBlink() method signature has changed to accept an optional cppgc::StackStartMarker. Embedders that implement or call this platform initialization function directly must update their code. (3a44bcf)
⚠️ BREAKING The public static methods Time::ResetHighResolutionTimerUsage() and Time::GetHighResolutionTimerUsage() have been removed from base/time/time.h. (2cf132b)
Several browser components have been modularized into their own build targets to improve build times and dependency hygiene, including //chrome/browser/taskbar, //chrome/browser/readaloud, and //chrome/browser/guest_view. (ee6b0f0) (ed17521) (59597bd)

JNI (Java Native Interface)

⚠️ BREAKING The JNI generator's naming convention for calling static Java methods from C++ has changed. The J prefix on the JNI struct is removed, so calls like JMyClassJni::foo() must be updated to MyClassJni::foo(). (fa5d1a7)
⚠️ BREAKING JNI-generated constants and field accessors have been moved into their respective mirror types. Native code must be updated to access them via the new pattern, e.g., JMotionEventJni::CONSTANT instead of JNI_MotionEvent::CONSTANT. (62719ab)

Web Platform & Rendering

⚠️ BREAKING The compositor API cc::TrackedElementFeature has been converted from a standard enum to an enum class. Client code must be updated to use scoped enumerators (e.g., cc::TrackedElementFeature::kAIHighlight) and can no longer treat it as an integer. (faaa9c8) (28294a2)
⚠️ BREAKING Following the removal of the kSynchronizedScrolling feature, the public method cc::Scheduler::SetTreePrioritiesAndScrollState has changed its signature. The ScrollHandlerState enum and its corresponding parameter have been removed. (65b5613)
A new experimental feature, 'Platform-provided behaviors' for Custom Elements, was introduced. It allows elements to opt into platform capabilities like form association via attachInternals(). (458af53)
The CSS Color 5 alpha() function has been implemented, available behind the CSSAlphaColorFunction runtime feature flag. (38994fc)
To align with spec updates, user action pseudo-classes like :hover and :active now stop propagating at the top layer boundary. This behavior is controlled by the UserActionPseudosStopAtTopLayer flag. (9a341b9)
The Rust-based JPEG parser is now enabled by default. In Web Audio, support was added for 5.1.4 and 7.1.4 channel layouts, while the experimental kWebAudioAllowDenormalInProcessing feature was removed. (5c98c56) (6587cd7) (e8aacdb)

Security & Networking

⚠️ BREAKING The public interface method SecurityPrincipal::IsWebUI() now returns true for chrome-search:// URLs. Embedders relying on this method for security or UI logic may need to update their code to account for this behavioral change. (2ba6492)
⚠️ BREAKING The recently added public API google_apis::GetCdmCertificate() has been removed via a revert. (2172bc8)
Chrome's Certificate Transparency (CT) policy evaluation will now ignore Signed Certificate Timestamps (SCTs) delivered via OCSP-stapled responses. This change is enabled by default. (4d1a2f7)
DoH (DNS-over-HTTPS) requests now use an empty IsolationInfo to allow Alt-Svc information to be cached across network changes, enabling faster QUIC connections on startup. (6ca275c)

Extensions

⚠️ BREAKING Nine methods have been removed from the chrome.passwordsPrivate extension API as part of a migration to Mojo. Extensions using methods like isAccountStorageActive(), showAddShortcutDialog(), or deleteAllPasswordManagerData() will break. (17f18ce)
On Android, a site permissions button and toggle have been added to the extensions menu, giving users a direct entry point to manage site access for an extension. (4221f3c) (9510ca7)

Autofill & Payments

⚠️ BREAKING IbanManager has been refactored from a per-profile KeyedService to a per-tab object. The associated IbanManagerFactory has been deleted, breaking the previous public API for accessing the manager. (9ef7381)
The kAutofillFewerTrivialRefills and AutofillAndPasswordsInSameSurface feature flags and related code have been removed, as the features are now stable and enabled by default. (8fb02ab) (5ef709d) (9ec10ed)

Platform-Specific Changes

⚠️ BREAKING In the public iOS OmniboxFocusDelegate protocol, the omniboxDidResignFirstResponder delegate method has been renamed to omniboxDidEndEditing. Implementors of this delegate must update their method name. (178f648)
The READ_MEDIA_VIDEO and READ_MEDIA_IMAGES permissions were removed from the Android Manifest, as the code paths requiring them were found to be unreachable on modern Android versions. (0939042)
The extensions downloads danger prompt has been enabled on desktop Android, unifying the user experience with other desktop platforms. (f08dfd5)

UI & Feature Removals

The 'Recent Tab Chip' feature has been removed from the New Tab Page Realbox. (c32c00e)
The deprecated AddressBubblesIconView and related migration code have been cleaned up and removed. (d1b607f)

2026-03-19

Open Standalone Page

Chromium Digest: 2026-03-19

Overview

This summary covers 699 commits on the main branch from (37f1b6e)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((37f1b6e)) to (1d4c146)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((1d4c146)), with 520 commits identified as relevant to developers. The day was marked by an unusually high number of breaking changes across core APIs, including content::WebContents, Autofill, GPU interfaces, and the DevTools protocol. A major update to the ICU library also introduces significant behavioral changes to stable web APIs.

Breaking Changes

⚠️ BREAKING A new pure virtual method, GetTextSelectionBounds, was added to the public content::WebContents interface. All classes inheriting from WebContents must now implement this method to compile. (8020df7)
⚠️ BREAKING The ICU library was rolled to version 78.2 (Unicode 17/CLDR 48), causing behavioral changes to stable web APIs. This affects timezone formatting (e.g., 'GMT' becomes 'GMT+0'), IDNA processing, and date formats in multiple locales, which may impact web content relying on specific Intl API outputs. (f72d48e)
⚠️ BREAKING The public views::WidgetObserver interface was modified. OnWidgetUserResizeStarted and OnWidgetUserResizeEnded now require a Widget* parameter, which will cause compilation failures for all existing implementations. (6ba9721)
⚠️ BREAKING The TabOrganizationService and its factory have been removed. Any code that previously accessed this ProfileKeyedService will fail to compile. (4a44e72) (ae844ac)
⚠️ BREAKING The signature for the AutofillManager::Observer::OnSuggestionsHidden method was changed to include a SuggestionHidingReason parameter, breaking existing observer implementations. (95237ac) (33c01b8)
⚠️ BREAKING Several public APIs in the GPU command buffer client interface were removed. The virtual methods CanCopySharedImageToGLTextureViaSkia and CanCopySharedImageToGLTextureViaTextureCopy were removed from GLES2Interface, and set_low_latency_enabled was removed from DrawingBuffer. (eeb6937) (5a7ae68) (ea62d18)
⚠️ BREAKING The DevTools protocol was changed: the isAdRelated boolean field on DOM.Node is replaced with a more detailed adProvenance object. Clients of the protocol relying on the old field will break. (f9c4f88)
⚠️ BREAKING The ChromeOS display configuration API was refactored. Several crosapi::mojom types were replaced with new C++ types in the ash:: namespace, changing the public API signature of ash::CrosDisplayConfig::GetDisplayUnitInfoList. (a957de3)
⚠️ BREAKING On Android, the public Java interface ChromeAndroidTaskFeature was changed. The onAddedToTask() method is deprecated and a new onAddedToTask(long nativeBrowserWindowPtr) method was added, representing a behavioral break for embedders. (5648537)
⚠️ BREAKING Method signatures in public security interstitial classes (e.g., SSLBlockingPage, SSLErrorHandler) were changed to use net::Error instead of int, breaking embedders who subclass or directly call these methods. (9c67a87)
⚠️ BREAKING Multiple public utility functions in wtf/text/ascii_ctype.h were renamed (e.g., IsASCIIUpper to IsAsciiUpper). The old function names were removed, breaking any code that relied on them. (7d97071)
⚠️ BREAKING The public mojom interface on_device_translation::mojom::Translator was renamed to OnDeviceTranslator, breaking any client code that uses this interface. (db9cfd4)

Web Platform & Blink

The UnencodedDigest runtime feature flag was removed, making validation of the Unencoded-Digest header for subresource integrity mandatory. This could break sites that were sending incorrect digests. (402e0ab)
The light-dark() CSS function now supports image values, allowing developers to specify different images for light and dark modes. This is gated behind the CSSLightDarkImage experimental flag. (d4665c3)
Foundational code for the WebXR Mesh API was added, including IDL definitions and Mojo interfaces. The feature is behind a flag. (919794c)
A behavioral change was implemented for image-animation: paused to freeze the animation on the current frame instead of resetting to the first frame, aligning with the CSS specification. (2cdcd5c)
The ::expand-icon pseudo-element was implemented for <menuitem> elements that have submenus, allowing developers to style the submenu indicator. (259db83)
A thread-safety issue with WordBreakIterator and SentenceBreakIterator was fixed by making them thread-local. This prevents crashes when these are used in Workers via the Proofreader API. (d72e069)
For the Digital Credentials API, the error returned when a user cancels the flow was changed from NotSupportedError to the more specific NotAllowedError. (f6d8d2e)

UI & UX

On macOS, the First Run Dialog has been migrated from the native Cocoa UI to the cross-platform Views UI. (5ce0c2b)
The public API BrowserUserEducationInterface::CanShowFeaturePromo() was removed and replaced with an internally-restricted method, breaking external callers. (48c0c42)
The method signature for ShowContextMenu in the public toolbar_ui_api.mojom interface was changed. It now requires a gfx.mojom.Rect instead of a gfx.mojom.Point, breaking WebUI implementations that use this API. (4c3a21b)
On Android, the public Java method MultiWindowModeStateDispatcher#canEnterMultiWindowMode() was removed. Embedders must update their code for multi-window state management. (dc47bc9)
The chrome://updater page is now enabled by default, with its feature flag removed. (b84c089)
A new TabStripServiceAggregator was introduced to allow clients like Tab Search to observe tabs across multiple browser windows. (b76328c)

Autofill & Passwords

Several unused FieldType enums related to flight reservations and orders were removed from the public Autofill API (components/autofill/core/browser/field_types.h and autofill_private.idl). (73deb77)
The DenseSet::max_size() method was changed from a member function to a static function. Code calling this method on an instance (e.g., my_set.max_size()) will no longer compile. (fd760d0)

Security & Networking

A DNS rebinding vulnerability in the DevTools WebSocket handler was fixed. The handler now validates the Host header, which is critical when using --remote-allow-origins=*. (7bdbd07)
Local Network Access (LNA) checks are now enabled by default for WebTransport and WebSockets, enhancing security for local devices by requiring explicit permission for public websites to access them. (53bd4f6)
The signature for the content-layer API StoragePartitionImpl::RevokeNetworkForNoncesInNetworkContext was changed, breaking callers. (996bdae)
WebUSB control transfer protections were strengthened to block requests targeting protected interface classes like HID or Mass Storage. (89b42d2)
The WebSocket deflate stream chunk size was increased from 4KB to 32KB, which should improve throughput and reduce CPU usage for large compressed messages. (e0f9987)
A new enterprise policy, SharedWorkerExtendedLifetimeEnabled, was introduced to allow administrators to control the lifetime of SharedWorkers. (d53e73e)

GPU & Media

Function signatures in the public media/base/vector_math.h header were changed to use base::span instead of raw pointers and sizes. This modernizes the API but will break any code that calls these functions directly. (83d50c7)
To reduce video stuttering in WebRTC, a new SharedMediaContextProvider bound to the Media Thread (instead of the main thread) is now used for video scaling. (d1b8e21)
Support was added for parsing IT35 timed metadata tracks in MP4 streams. (f42c791)
The experimental Symphonia media backend enabled support for PCM and Vorbis codecs. (d190491)

Code Health & Infrastructure

A large, multi-part refactoring removed CookieSourceType::kUnknown from test APIs, forcing tests to explicitly declare the cookie source type and improving code safety. (174b8af) (0dd9df5) (866fce1) (35d8544) (d3467fe)
The ongoing effort to modularize chrome/browser continued, with chrome/browser/renderer_host/ being further componentized. (f5c22f4) (0011b0c)
Gperf is now sourced from CIPD on Linux to ensure hermetic builds. (d3a8e1e)
Numerous obsolete feature flags were removed, including kTabOrganization, kDevToolsPrivacyUI, kTPCDAdHeuristicSubframeRequestTagging, and game-dashboard-gamepad-support. (4a44e72) (fb48516) (4cc4079) (acf3be6)

2026-03-18

Open Standalone Page

Chromium Digest: 2026-03-18

Overview

This summary covers 577 relevant commits out of 752 total, from (d723889)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((d723889)) to (8758f77)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((8758f77)). The day saw numerous breaking changes to public APIs in core systems, ChromeOS, and graphics, alongside significant behavioral changes to web platform features like URL parsing and pointer events.

Public API & Core Systems

⚠️ BREAKING BREAKING: The base::span two-argument constructor now performs bounds checking by default. This can cause runtime CHECK failures in existing code. To retain the old behavior, callers must be updated to explicitly pass base::unchecked as the first argument. (4aa6967)
⚠️ BREAKING BREAKING: The public virtual method RequestPermissions has been removed from the content::PermissionControllerDelegate interface. Embedders must remove their overrides and use RequestPermissionsFromCurrentDocument instead. (4035ccf)
⚠️ BREAKING BREAKING: The initiator_origin_trial_features argument has been removed from the public API methods ThrottlingURLLoader::CreateLoaderAndStart and ThrottlingURLLoader::Start. Embedders calling these methods will have build failures. (f37f0b8)
⚠️ BREAKING BREAKING: The public virtual method GetHandleId() has been removed from the content::PrerenderHandle interface. Embedders must migrate to using GetPrerenderHostId(). (df805b8)
⚠️ BREAKING BREAKING: The public method pin_infobar_controller() has been removed from the BrowserWindowFeatures class. Client code must now use the static PinInfoBarController::From() method. (6d4a020)
⚠️ BREAKING BREAKING: Several obsolete feature flags, including kShortcutsNotApps, kPushMessagingBackgroundMode, and kRemoveSupervisedUsersOnStartup, have been removed from chrome/common/chrome_features.h. Code referencing these will fail to build. (3151653)
The base::ScopedObservation utility has been updated with a new template parameter to help track and fix dangling pointer issues at compile time. (940f2c7) (adc3bcf)

Web Platform & Blink

⚠️ BREAKING BREAKING: IDNA 2008 ContextJ rules are now enabled by default, significantly changing how internationalized domain names (IDNs) are parsed. URLs that were previously valid may now be considered invalid, and vice-versa, potentially impacting security and routing. (3ae9984)
⚠️ BREAKING BREAKING: The SuppressPointerStreamAfterDrag feature is now enabled by default. This alters the standard behavior of pointer events after a drag-and-drop operation, which can break web applications that rely on the previous event stream. (58ccecd)
⚠️ BREAKING BREAKING: The error handling for the stable Web-based Payment Handler API has changed. Promise rejections with an "OperationError" DOMException from PaymentRequestEvent.respondWith are now treated as an internal error, not a user cancellation. This may break existing payment handlers. (c02af0a)
The CSS line-clamp property behavior has been changed so that floats no longer increase the container's height, aligning with a new CSSWG resolution. (c7d7b3d)
The @revert CSS at-rule is now enabled for stable release, allowing authors to revert cascaded properties to the user-agent stylesheet level. (2263d72)
On Android, aria-valuetext for range controls will no longer be mapped to the accessibility node's primary text, correcting a semantic inaccuracy in the accessibility tree. (6bd98e6)
The element count for WebNN operands is now limited to INT_MAX to align with implicit backend limits. (0d0cb58)

ChromeOS & Ash

⚠️ BREAKING BREAKING: Numerous ChromeOS-specific preference keys related to End-of-Life (EoL) and device enrollment have been moved from the common header chrome/common/pref_names.h to the Ash-specific ash/constants/ash_pref_names.h. Embedders referencing these from the old location will have their builds broken. (0da2b70) (82aedde)
⚠️ BREAKING BREAKING: The public CROSAPI cros_display_config.mojom interface has been modified. The crosapi::mojom::TouchCalibration type was removed and replaced with an internal type, breaking clients of this stable interface between Ash and Lacros. (69dad59)
The dismantling of the cros_display_config.mojom interface continues, with types like DisplayLayoutInfo and DisplayConfigProperties being migrated to internal C++ structs in ash. (72935c2) (7f94944) (bf35cd6)

Graphics & GPU

⚠️ BREAKING BREAKING: Bindings for the ANGLE-specific OpenGL functions glCompressedTexImageRobustANGLE and glDisableExtensionANGLE have been removed from the public ui/gl API. Embedders calling these functions directly will experience build failures. (958237a)
⚠️ BREAKING BREAKING: The recently added SharedGpuContext::CreateAsync method has been removed from the public Blink platform header shared_gpu_context.h. Any code that adopted this asynchronous creation path will be broken. (d73e9cd)
To improve performance, checks for multiplanar texture sampling capabilities are now performed lazily in the SharedImageManager. (4326118)

Android

⚠️ BREAKING BREAKING: The Screenshot Monitor feature has been completely removed from Android. This includes the deletion of its public Java interfaces (ScreenshotMonitor.java, ScreenshotMonitorDelegate.java) and all associated implementation. Any code depending on this feature will be broken. (4144a97)
The InputConnection thread priority has been increased to THREAD_PRIORITY_URGENT_DISPLAY to improve responsiveness to input events. (2be407e)
The ViewAndroidDelegate was updated to use Java WeakRef maps instead of C++ WeakRefs to avoid exhausting the finite pool of global JNI references. (fe77f31)
A series of commits moving WebView Navigation APIs out of an experimental state were reverted, restoring the previous API state, including the SupportLibWebViewNavigationClientAdapter. (3e4f021)

Networking

⚠️ BREAKING BREAKING: The public constant kDefaultMaxSocketsPerProxyChain has been removed from the net/socket/client_socket_pool_manager.h header. Any code referencing this constant will now fail to compile. (db73207)
The experimental WebTransportSendGroup interface has been added behind a feature flag, allowing for sending a group of streams with a single call. (03ebdaf)
A bug in data URL parsing was fixed to correctly preserve base64 decoding even when the URL contains an invalid MIME type. (148ff94)

Security & Privacy

A 15-minute throttling window has been introduced for approximate geolocation updates. This mitigates the risk of a site reconstructing a user's precise location from multiple frequent samples. (7d99a69)
The dialog shown when an extension overrides the default search provider will now display the search engine's URL instead of its name for non-prepopulated engines, making it harder for malicious extensions to spoof reputable providers. (5a827af)
Atomic cookie deletion via the Chrome DevTools Protocol (CDP) has been restored for trusted clients like DevTools and Playwright, while retaining stricter filtering for less trusted clients like extensions. (8c3121e)

Performance & Memory

A new feature, kDiscardOnCommitLimit, has been added for Windows. When enabled, it allows proactive tab discarding when the system's available commit memory falls below a threshold, aiming to prevent memory-related crashes. (d0cc6f3)
A performance optimization was added to the style recalculation path for pseudo-elements, showing significant gains on several benchmarks. (b629b7f)

Build System & Dependencies

The //third_party/lighttpd dependency has been completely removed from the build system. (8fe0e97)
The sqlite library was updated to version 3.51.3, which includes fixes for buffer overruns and other issues. (016a5e5)
The expat library was rolled forward, incorporating numerous bug fixes and minor feature updates. (703b76e)

2026-03-17

Open Standalone Page

Chromium Digest: 2026-03-17

Overview

This summary covers 683 commits to the Chromium main branch on March 17, 2026, from (3233143)... to (e202271).... Of these, 526 were identified as relevant to developers. The day was marked by an unusually high number of breaking changes across core C++, Java, and Mojom APIs, impacting crypto, media, networking, and sync. Significant behavioral changes were also made to stable web APIs like Element.scrollParent and location.ancestorOrigins, requiring web developers to verify their code.

Web Platform & Blink

⚠️ BREAKING Support for creating several non-standard event types with document.createEvent() has been removed. Calls for types like AnimationEvent, CloseEvent, and WheelEvent will now throw a NotSupportedError. This aligns with web standards but will break sites relying on the old behavior. (a112e48)
⚠️ BREAKING The behavior of Element.scrollParent on the <body> element has been changed to align with CSSWG specifications. It now returns the document's scrolling element instead of null, which could break scripts or layouts that relied on the previous behavior. (90bd81c)
⚠️ BREAKING The location.ancestorOrigins property now returns a cached DOMStringList object instead of creating a new one on each access. This aligns with spec updates but may break code that expected a new, distinct object on each call. (8ab1ce0)
⚠️ BREAKING The public blink::mojom::StorageArea interface was updated. Methods like Put and Delete now take a StorageAreaSourcePtr struct instead of a std::string for the source parameter, requiring embedders using this mojom to update their calls. (e431bee)
⚠️ BREAKING The serialization of font-family in the CSSOM has been reverted to its older behavior by moving the CSSFontFamilySerialization feature flag back to experimental. This means names with spaces will be quoted again (e.g., "Times New Roman"), which can break JavaScript that performs string comparisons on this property. (ba9bc2c) (f099307)
⚠️ BREAKING The public method WebURLRequest::SetHttpOriginIfNeeded has been removed from the blink::public::platform::WebURLRequest class, which will cause compilation failures for any embedder code that was using it. (4852d79)
A bug was fixed where setting video.disablePictureInPicture = true failed to correctly exit an active Picture-in-Picture session. (b6c732e)
New overscroll events are now dispatched with timing similar to scroll snap changes, providing more synchronized feedback for gesture-based navigation. (d8fbafb)

Services, Networking & Security

⚠️ BREAKING The public syncer::DataTypeSyncBridge class now has a new pure virtual method, TrimAllSupportedFieldsFromRemoteSpecifics. Embedders with custom sync bridge implementations will fail to compile until this method is implemented. (a531d36)
⚠️ BREAKING The public crypto/kdf.h API has been renamed. DeriveKeyPbkdf2HmacSha1 is now Pbkdf2HmacSha1, and DeriveKeyScrypt is now Scrypt. Embedders using these key derivation functions will have build failures. (640d483)
⚠️ BREAKING The public API for Device-Bound Session Cookies (DBSC) was changed. The method set_allows_device_bound_session_registration was renamed to set_allows_device_bound_sessions in net::URLRequest and services::network::ResourceRequest. (3e700ff)
⚠️ BREAKING The public PrivacySandboxService interface was simplified by removing the GetRequiredPromptType and PromptActionOccurred methods. Embedders calling these methods will have build failures. (a7c87e2)
⚠️ BREAKING The process_id member in the public content::ServiceWorkerVersionBaseInfo struct was changed from int to the strongly-typed content::ChildProcessId, breaking consumers of this struct. (6e9eb7a)
A new static method HttpNoVarySearchData::ParseFromHeaderValue() has been added, allowing more efficient parsing of the No-Vary-Search header without constructing a full HttpResponseHeaders object. (cecaa7e)
A race condition that could cause crashes when a profile was rapidly closed and reopened has been fixed by adding a new synchronization mechanism to ProfileManager. (052f564)
The kSCTAuditing feature is now permanently enabled on non-Android desktop builds, and its associated feature flag has been removed. (24258bf)
Support for the X25519 key exchange algorithm has been added to the core crypto library. (e5ebc0b)

Core & Public APIs

⚠️ BREAKING The public content::FrameConnector interface was refactored, removing the virtual methods SetIsInert, OnSetInheritedEffectiveTouchAction, UpdateRenderThrottlingStatus, and UpdateViewportIntersection. Custom implementations must be updated. (9040a39)
⚠️ BREAKING Deprecated int-based overloads for Add and Remove methods in ChildProcessSecurityPolicyImpl have been removed. Callers must now use the strongly-typed ChildProcessId. (62ce02f)
⚠️ BREAKING Several command-line switches have been removed from the public header chrome/common/chrome_switches.h, including kCrashOnHangThreads, kEnableCloudPrintProxy, and kNoServiceAutorun. (08ad5f9)

GPU, Media & Audio

⚠️ BREAKING Legacy methods have been removed from the public media::AudioDecoderConfig class, including a constructor, an Initialize method, and SetChannelsForDiscrete. Code must be updated to use modern constructors that accept a ChannelLayoutConfig. (c9acbb5)
⚠️ BREAKING The signature for the public gpu::GLES2Interface::CopySharedImageToGLTextureViaTextureCopy method has changed, removing the redundant src_size parameter. All call sites must be updated. (d713cdd)
⚠️ BREAKING The shared_image_swap_chain field has been removed from the public gpu::SharedImageCapabilities struct on all non-Windows platforms. Code on macOS, Linux, etc. that references this field will no longer compile. (b800237)
The media-internals page (chrome://media-internals) was improved, adding the ability to search for media players by their URL. (ebcf225) (40664a5)

Android & WebView

⚠️ BREAKING The public Java method signature for DeviceInput.supportsKeyboard() has been changed to DeviceInput.supportsKeyboard(Context context), breaking any code calling the method without the new Context parameter. (077ee52)
⚠️ BREAKING In Android WebView, the PrefetchOperationCallback interface has been changed. The onSuccess() method is deprecated and replaced with onResult(int resultCode). The old method now throws an UnsupportedOperationException. (6505742)
A new virtual method, CanResize(), was added to the public ui::BaseWindow interface on Android, allowing callers to check if a window is resizable. (6f8a29a)
A warning snackbar will now appear if command-line flags are loaded from a file, alerting users to potential instability or malicious configurations. (0092142)
A race condition in the Tab Bottom Sheet was fixed by ensuring any previously open sheet is closed before a new one is shown. (3599ae6)

iOS

A new public ScreenshotProtectionAPI was introduced, allowing developers to mark specific UIViews for obfuscation during screen captures. (7c86673)
The passkey implementation now supports AbortSignal, allowing navigator.credentials.get() requests to be cancelled from JavaScript. (b8f3208) (c1096f1)
The chrome://safe-browsing WebUI page is now implemented for iOS. (16b41bd)

UI & UX

Multiple improvements were made to Vertical Tabs, including touch dragging, immersive fullscreen hit-testing corrections, and ensuring the active tab is scrolled into view on session restore. (1bf24c8) (4168494) (733ee18) (fbb38bf)
Logic for handling featured search matches (e.g., @history) was centralized in OmniboxEditModel to ensure consistent behavior across all UIs. (c15da50)
A regression was fixed where the bookmark bar was not being correctly displayed on custom New Tab Pages. (1c9353d)
A new untrusted WebUI has been added for an AI Overlay Dialog at chrome-untrusted://ai-overlay-dialog. (ae7feab)

Extensions

A significant performance bottleneck during browser shutdown has been fixed. The process for removing filtered event listeners was optimized to avoid O(N^2) complexity, which could delay shutdown by tens of seconds for extensions with many listeners. (dec6118)
A new ExtensionInstallTimePermissionProvider was added to allow the Site Settings page to correctly reflect permissions (like geolocation) granted to extensions via their manifest. (7307848)
The TabStrip API's event handling for tab removals was made more reliable, particularly for tabs inside groups. (16a8f4c)

Performance & Optimization

The usb_ids database was optimized by replacing raw character pointers with an IndexPointer. This reduces binary size by ~743KiB and lowers copy-on-write memory usage by eliminating over 560KiB of dynamic relocations. (0475bb4)
The PictureLayerImpl was optimized to perform checkerboarding computations in layer space, avoiding unnecessary and potentially expensive scaling operations. (6c977d6)
Text rendering performance was improved by allowing the shape cache to be used for non-initial font-feature-settings and for text nodes that start or end with open/close tags. (f15b91f) (e01b3c6)

Build, Infrastructure & Code Health

The LIFETIME_BOUND compiler annotation was added to several base/strings utility functions to help catch use-after-free bugs by ensuring returned string views do not outlive their source string. (95bfd23)
A new Python script (tools/git/worktree.py) was added to simplify the process of creating and managing Git worktrees for Chromium development. (ebcffad)
Ongoing modularization efforts continued, breaking down large //chrome components into smaller, more focused targets like //chrome/browser/wallet, //chrome/browser/tab_contents, and //chrome/browser/external_protocol to improve dependency hygiene. (bb75a48) (1982bfe) (2542f99) (7f8a972)
The third-party Rust zip crate was rolled from version 7.2.0 to 8.2.0. (ea07cca)

2026-03-16

Open Standalone Page

Chromium Digest: 2026-03-16

Overview

A day with a high volume of breaking changes across core APIs. Out of 548 total commits, 405 were flagged as relevant to developers. The changes span UI, content, media, extensions, and core utilities, requiring significant updates for many embedders. Major refactoring efforts continue in the UI layer with the "Bedrock" project, and several features on Android and iOS have been either removed or fully launched. The day's activity started with commit (4e4b30e) and ended with (44f0d80).

UI & UX

⚠️ BREAKING BREAKING CHANGE: The public method views::WebView::SetCrashedOverlayView has been removed. Embedders must now use TakeCrashedOverlayView to provide a custom view for a crashed web contents. (cbbb542)
⚠️ BREAKING BREAKING CHANGE: The public ui::PlatformClipboard::IsSelectionOwner method has been changed from a synchronous boolean return to an asynchronous callback-based signature. This affects all platform clipboard implementations and requires callers to adapt. (f56f565)
⚠️ BREAKING BREAKING CHANGE: The TabStrip mojom API's OnDataChangedEvent is now a union containing a field mask. This allows clients to identify which tab properties have changed but is a non-backwards-compatible change requiring client updates. (e2acfde)
The "Search Resumption Module" feature has been completely removed from Android, including its feature flag, Java classes, and C++ bridge. (4830d98)
On Android, middle-click support was added to the home button to open the homepage in a new background tab, aligning behavior with desktop. (b9ac297)
Fixes were implemented for vertical tabs to correct width calculations during pinning/unpinning animations and to ensure activated tabs are scrolled fully into view. (f50be19) (47a5730)
The "Bedrock" project continues, with numerous call sites updated to use the BrowserWindowInterface abstraction instead of the concrete Browser class. (ba815fd) (4a045d1) (98777b3)

Web Platform, Content & Blink

⚠️ BREAKING BREAKING CHANGE: Public content::ServiceWorkerContext interfaces now use the strongly-typed content::ChildProcessId instead of int process_id. Embedders must update method signatures in ServiceWorkerContextObserverSynchronous and ServiceWorkerContextCoreObserver. (1f8433c) (491060e)
⚠️ BREAKING BREAKING CHANGE: The SetStorageAccessApiStatus method was removed from the public blink::mojom::LocalFrameHost mojo interface to fix a race condition. Clients using this IPC will break. (3fe82e5)
⚠️ BREAKING BREAKING CHANGE: The public method String::Truncate() has been removed from Blink's core wtf_string.h. Code must be updated to use substr() instead. (adeb097)
The non-standard -webkit-search-results-decoration pseudo-element styling was removed from the user-agent stylesheet as it has no effect. (a4ce098)
On Android, cursor tracking is now enabled for contenteditable elements, improving the user experience with on-screen keyboards. (e36b350)

Media & GPU

⚠️ BREAKING BREAKING CHANGE: The signature of media::AudioDecoderConfig::Initialize was changed to use ChannelLayoutConfig. The corresponding AudioDecoderConfig mojom struct was also modified, breaking both C++ calls and wire compatibility. (62da318)
The core gpu::command_buffer::client::GLES2Interface was updated with new virtual methods CanCopySharedImageDirectlyToGLTexture() and CanCopySharedImageToGLTextureViaSkia(). While they have default implementations, this modifies a key interface for GPU embedders. (fe5ea1e) (2a7f0ca)

Extensions

⚠️ BREAKING BREAKING CHANGE: The signature of extensions::ServiceWorkerState::Observer::OnWorkerStop was changed to include the blink::ServiceWorkerToken. Observers of this state must be updated. (2cc7179)
⚠️ BREAKING BREAKING CHANGE: The extensions::DisplayInfoProvider API was changed from asynchronous to synchronous. SetDisplayLayout and GetDisplayLayout now return their results directly instead of using callbacks. (a2e1c0b) (7b0fc8f)

ChromeOS & Ash

⚠️ BREAKING BREAKING CHANGE: Several methods on the public CrosDisplayConfig interface were changed from asynchronous (callback-based) to synchronous (direct return). This affects GetDisplayUnitInfoList, SetDisplayProperties, and OverscanCalibration. (911fc29) (d9a28cd) (cb973d0)

Autofill & Wallet

⚠️ BREAKING BREAKING CHANGE: The public method FormFieldData::selected_option() has been removed from components/autofill. Code must be migrated to use selected_option_text(). (2348edd)
⚠️ BREAKING BREAKING CHANGE: Several data model structs (Passport, DriverLicense, NationalIdentityCard, etc.) have been removed from the public header components/wallet/core/browser/data_models/wallet_pass.h. (e96642c)

Features & Services

⚠️ BREAKING BREAKING CHANGE: The PrivacySandboxQueueManager class and its accessor GetPrivacySandboxNoticeQueueManager() have been removed from the public PrivacySandboxService interface as part of a notice UI cleanup. (55c649e)
⚠️ BREAKING BREAKING CHANGE: The pdf_infobar_controller() accessor was removed from BrowserWindowFeatures. Consumers must now use the pdf::infobar::PdfInfoBarController::From(browser) pattern to access the controller. (c12f6fa)
The Device-Bound Session Credentials (DBSC) feature has graduated from its origin trial and is now enabled by default. (ebf37aa)
Several features are now enabled by default and have had their feature flags removed, including StaticStorageQuota, SetDefaultDropEffect, and the iOS "Close Other Tabs" feature. (5ea1a81) (3da57f8) (4059dc3)
The Android-specific "TinkerTank" feature has been deleted from the codebase. (4783f6f)

Core & Infrastructure

⚠️ BREAKING BREAKING CHANGE: The public method base::PickleIterator::ReadStringPiece16 has been removed from the fundamental base::Pickle utility due to memory alignment issues. Code should be updated to use ReadString16. (9ba8054)
Security was hardened by adding validation in the browser process to verify that WindowOpenDisposition values sent from the renderer via IPC are legitimate. (4ccc2d9)
A CHECK failure in TransportClientSocketPool was fixed. The code no longer assumes that Init() on an idle socket will not return ERR_IO_PENDING. (9205cf1)
The Public Suffix List was updated to the latest version. (a4dd319)

2026-03-15

Open Standalone Page

Chromium Digest: 2026-03-15

Overview

This digest covers 8 commits, identifying one major breaking change. The changes include updates to macOS integration, UI enhancements for Vertical Tabs, additions to iOS enterprise features, and various internal test and infrastructure fixes. The breaking change affects embedders on macOS who use the system settings utility functions.

macOS Integration

⚠️ BREAKING Updates system settings wrappers in base/mac/mac_util.h to support upcoming macOS versions. BREAKING: This change renames and removes several values in the public base::mac::SystemSettingsPane enum. For example, kDateTime is now kGeneral_DateTime, and kPrivacySecurity_Pasteboard is replaced by kPrivacySecurity_PasteFromOtherApps. Embedders on macOS using OpenSystemSettingsPane() must update their code to use the new enum values to avoid compilation errors. (6c38bdc)

UI & UX

Improves animations and scrolling behavior for the Vertical Tabs feature. These changes address edge cases when adding, removing, or activating tabs to ensure a smoother user experience and prevent visual artifacts. (f303bc0) (471bde2)

iOS

Introduces a new factory class, IOSCloudBinaryUploadServiceFactory, as part of the enterprise cloud content scanning feature set on iOS. (d7a5387)

Experimental Features

Enhances the experimental Prompt API to reject calls with invalid constraints or prefix conflicts, improving error handling for the underlying AI language model services. (648dcfa)

Infrastructure & Testing

Includes internal fixes for unit tests, resolving a dangling pointer in OptOutBlocklistTest and refining the teardown behavior in TabSearchPageHandler tests to prevent spurious notifications during cleanup. (b75ca23) (60e4de8)

Localization

A routine update synchronizes translation files (.xtb) with the latest strings from the main branch. (524df74)

2026-03-14

Open Standalone Page

Chromium Digest: 2026-03-14

Overview

This digest covers 69 commits from the Chromium repository, focusing on major breaking changes, new features, and significant bug fixes. Key updates include breaking API changes in the Search Engines and Android UI components, advancements in CSS rendering for Grid and transitions, and continued development of AI-related features in the Omnibox and Page Content Annotation services. Internal refactoring efforts have also improved the modularity of the webapps and Glic build targets.

API Changes & Refactoring

⚠️ BREAKING BREAKING: Renames public methods in the TemplateURL class within the components/search_engines component. RequiresDeletionConfirmation is now RequiresRemovalConfirmation in both C++ and Java, and ShouldConfirmDeletion is now ShouldConfirmRemoval in C++. Embedders using these methods must update their code. (ea9f934)
⚠️ BREAKING BREAKING: The ActionConfirmationDialog.show() method on Android has been refactored to use a builder pattern. Instead of accepting a long list of parameters, it now takes a single ConfirmationDialogParams object. This is a signature change to a public UI component that will break existing callers. (1e426a2)
The internal API for Device-Bound Session Credentials (DBSC) has been simplified. The priority parameter was removed from SessionStore::RestoreSessionBindingKey as part of a larger refactor moving garbage collection logic into the SessionStore. (01c58d5)
The chrome::CanSavePage() function has been updated to operate over the BrowserWindowInterface instead of directly using browser_finder.h APIs. This is part of an ongoing effort to reduce dependencies from //chrome/browser/sharing_hub to //chrome/browser/ui. (3e8881c)
The WebUIBubbleDialogView no longer observes widget closing events directly, simplifying its lifecycle management. This is an internal UI refactoring with no impact on embedders. (d18477d)

Features & Services

The Page Content Annotations API has been extended to allow consumers to observe results from the on-device category classifier. This is accompanied by a change to validate that the classifier model is only used with the correct embedding model version. (adbe66e) (faa0230)
On Android, the extensions menu has been updated with native C++ and JNI plumbing to support optional sections, such as reload prompts or host access requests. This lays the groundwork for future UI changes. (7169aed)
A logical implementation of Document Isolation Policy (DIP) has been added for environments without default SiteInstanceGroups, such as Android WebView. This enables cross-origin isolated capabilities as a short-term solution until SiteInstanceGroups are fully available. (1175447)
FedCM navigation interception is now permitted for embedder login requests, even if the broader interception feature flag is not enabled. Additionally, the ambient FedCM UI will now use the IdP-claimed login state for accounts. (e1dfa92) (222fae6)
Client-side code has been added to support a new Optimization Guide feature, MODEL_EXECUTION_FEATURE_ANNOTATION_REDUCER_QUERY_CLASSIFIER. (243bb0b)

UI & UX

A confirmation dialog is now shown on Android before removing a search engine. (b7ada3f) (0694ab8)
The Android Omnibox (AIM) continues to see development, with changes to build the AIM URL from input state, control new tool/model buttons, and show the current model selection. (d4aa1f2) (cef8547) (f49ad1c) (4cb3667) (44dda5e)
In Vertical Tabs, the close button is now hidden on inactive tabs until hovered. Additionally, keyboard shortcuts (Cmd/Ctrl+Shift+Arrow) to move tabs to the start/end of the list have been re-enabled. (d8e69d7) (0492460)
On the New Tab Page, a toast notification has been added to allow users to undo the disabling of action chips. (773ba66) (6409484)

Blink & Rendering

A behavioral change has been made to CSS Grid layout to align with a CSSWG resolution. Row gaps will now be suppressed across fragmentation breaks, even if a spanning item is present. (bdeb9e7)
Bugs in discrete CSS transitions (CSSTransitionDiscrete) have been fixed, improving behavior for unregistered custom properties and transitions starting from an unset state. (95f88e4)
Selection handle visibility checks have been improved by using the full selection edge for calculations in both Blink and the compositor, which should lead to more reliable handle rendering. (ceeb95d)

Build & Infrastructure

Significant refactoring of the chrome/browser/webapps build targets has been completed to create more modular, platform-specific targets and clearer dependency boundaries. (c26595f) (f68a6c0)
A new ESLint check has been added to the WebUI build process to disallow the use of the legacy chrome.send API in new Desktop WebUI, enforcing the move to Mojo. (d9c984b)
The GlicNudge classes have been moved to //chrome/browser/glic/browser_ui to better separate nudge logic from tab strip UI, and their build targets have been refactored. (ee1115b)
The extensions schema compiler now supports the nodoc attribute on enum values, allowing specific values to be excluded from generated documentation. (f698dba)

Bug Fixes

Fixed a memory leak and a potential use-after-free in the Glic HostManager by ensuring tab-only hosts are correctly removed when their WebUI handler is destroyed. (811ffd3)
Corrected a bad_variant_access crash in the PDF Ink signature feature's undo/redo model caused by an incorrect variable reference. (54539cd)
Fixed context lost checks for WebGL query and sync objects. (f7d4fef)
Disabled the Enhanced Safe Browsing (ESB) migration prompt when Safe Browsing preferences are managed by enterprise policy. (bfa6fc4)

2026-03-13

Open Standalone Page

Chromium Digest: 2026-03-13

Overview

This digest covers 606 commits on the main branch for March 13th, 2026, with 437 commits identified as relevant to developers. The day was marked by a significant number of breaking changes, most notably a large-scale, multi-part refactoring of the ui::Clipboard API to be fully asynchronous. Other major breaking changes affected Blink string types, ChromeOS crosapi interfaces, and core service constructors. First commit: (1c93014), Last commit: (9bf8133).

Breaking Changes

⚠️ BREAKING The ui::Clipboard and its platform backends (Ozone, X11) have been refactored to be fully asynchronous. This includes replacing the synchronous IsFormatAvailable with an async GetAllAvailableFormats, changing the PlatformClipboard::OfferClipboardData signature, and removing blocking calls from the X11 backend. These changes will break most embedder and platform implementations. (54777b8) (9dc355d) (e316366)
⚠️ BREAKING In a reversal, a previous change to make ui::PlatformClipboard::IsSelectionOwner asynchronous was reverted. The method is now synchronous again, breaking any platform implementations that had already updated to the async version. (f80ba53)
⚠️ BREAKING Core Blink string APIs have been modified. blink::String::Remove() is replaced by erase(), and LowerASCII() is replaced by ToAsciiLower(). Additionally, several public ASCII utility functions in wtf/text/ascii_ctype.h were renamed (e.g., IsASCIIHexDigit to IsAsciiHexDigit). (f2bc5fe) (fcbc3d1) (2d6b0d5)
⚠️ BREAKING Several public service and mojom interfaces have new signatures. This includes the network::mojom::CookieManager (removal of 3PCD methods), content::ServiceWorkerContextObserverSynchronous (new token parameter), federated_auth_request.mojom (parameter refactor), and sessions classes (new OSCryptAsync* constructor parameter). (9bf8133) (aa8f4cd) (1be409c) (ac940ff)
⚠️ BREAKING The mojo-based crosapi for display configuration (CrosDisplayConfigController and CrosDisplayConfigObserver) has been removed in favor of a pure C++ interface. Additionally, the public BrowserProcessPlatformPart::GetAccountManagerFactory() method has been removed. (774ba09) (d98a49d) (0563a98)
⚠️ BREAKING Signatures for public virtual methods in the rendering stack have changed. GLES2Interface::CanCopySharedImageToGLTextureViaTextureCopy now takes a ClientSharedImage*, and SchedulerStateMachine::SendBeginMainFrame no longer has a default parameter. This will break custom implementations. (62ecbea) (c182a8f)
⚠️ BREAKING Other major breaking changes include the removal of observer management methods from the public TabStripModelAdapter interface and the removal of set/getWebViewNavigationClient from the public Android WebView API (though later re-added as deprecated). (c9b4d76) (085da41)

Web Platform

The CSS @supports at-rule() feature is now enabled by default, allowing developers to query for support of specific at-rules directly in their CSS. (8480cfa)
Scaffolding for ML-KEM support has been added to the WebCrypto API. The encapsulateKey, encapsulateBits, decapsulateKey, and decapsulateBits methods are now present on the SubtleCrypto interface, though not yet fully implemented. (4e0b148)
Runtime feature flags for several stable CSS Anchor Positioning features have been removed now that the features are stable. (eb959bb) (81b2618) (bfa5e4c)
The experimental DelayStopForMediaElementSourceNode feature was completely removed from WebAudio to fix a heap-use-after-free bug, restoring stricter lifecycle invariants in the audio pipeline. (7020a2c)

Platforms (Android, Ash, Linux)

Support for SysV init systems has been removed from Chrome Remote Desktop on Linux. The service now relies exclusively on systemd. (cd7f371)
On Android, support for Entra SSO was enabled by initializing the necessary platform authentication infrastructure. (a389a49)
A large number of ChromeOS-exclusive feature flags and switches were migrated from chrome/common and chrome/browser into ash/constants to improve code separation between Chrome and Ash. (c9c745f) (4502e56) (182b610)

Features & Services

The kAutofillEnableLoyaltyCardsFilling feature was launched and its flag removed, making loyalty card filling functionality enabled by default. (9d45f2f)
The public PrerenderHandle and NavigationHandle interfaces were updated to expose PrerenderHostId, allowing throttles to more easily identify specific prewarm navigations. (dc14e7f) (f09a40e)
The legacy PriceTrackingPageActionController and its related UI entry points have been completely removed from the codebase. (e34e396)

Build & Code Health

The GRIT tool was updated to use multiprocessing during its output phase, which can significantly speed up builds for projects with large .grd resource files. (d4c945b)
The ongoing effort to modularize //chrome/browser continues, with sharing_hub, update_client, memory, unified_consent, and rlz being moved into their own component build targets to improve dependency hygiene. (563c9a0) (624946b) (15e29f9) (ae443f5) (f68b476)
A new Critical User Journey (CUJ) framework service and its underlying primitives were added to the codebase to track critical user interaction sequences for metrics and analysis. (8ea46c8) (f6ed313) (74c0235)
The build system was updated to support the -fsanitize=return Clang flag to detect functions that exit without returning a value. (99ba1f5) (9357bfb)

2026-03-12

Open Standalone Page

Chromium Digest: 2026-03-12

Overview

This daily summary for March 12, 2026, covers 692 commits, with 489 identified as relevant to developers. The day was marked by a significant number of breaking API changes across Android, Networking, and core Blink components, requiring embedder attention. Key improvements include performance gains in CSS Grid layout, enhanced security for sandboxed frames, and the stabilization of several features. The first relevant commit was (156499f) and the last was (115d9a2).

Android

⚠️ BREAKING The build configuration default_target_sdk_version is no longer a settable GN argument and has been converted to an internal variable. Build scripts overriding this value will break. (c285b9c)
⚠️ BREAKING The public Java classes SyncPromoController and SignInPromo have been removed as part of a feature cleanup. Code using these UI components must be updated. (0db58b8)
⚠️ BREAKING The public Java class MetricsRecorder in the Send Tab to Self feature has been renamed to SendTabToSelfMetricsRecorder, requiring import updates. (be5ed24)
⚠️ BREAKING The public Java class SigninManagerImpl has been moved to the org.chromium.chrome.browser.signin.services package. Embedders will need to update their import paths. (737d3e3)
⚠️ BREAKING The public Java interface ClickWithMetaStateCallback has been changed. The method onClickWithMeta now requires an additional buttonState parameter. (1f83783)
A new setting, SetEmbedderSuppliedCacheForwardEntriesAllowed, has been exposed to Android WebView, allowing embedders to disable caching of forward navigation entries to save memory. (e48fb38)
Guest view WebContents will now correctly inherit the color scheme from their host WebContents, improving support for OS-level dark and light modes. (a2c0314)

iOS

⚠️ BREAKING In the iOS fullscreen controller, the public enum FullscreenExitReason has been removed and FullscreenModeTransitionReason has been renamed to FullscreenModeTransitionTrigger. (7cfecc2)
The DownloadTask interface now includes a GetWeakPtr() method to help consumers prevent use-after-free errors. (4b39016)

Networking

⚠️ BREAKING The public HttpStream interface has been changed. Methods GetTotalReceivedBytes() and GetTotalSentBytes() now return base::ByteSize instead of int64_t, requiring embedders to update their implementations. (5895f46)
⚠️ BREAKING The net::ClientSocketPool::PreconnectCompletionCallback signature has changed. It now receives a std::unique_ptr<ClientSocketHandle> upon successful preconnection. (88f44d9)
A MIME type mapping for Markdown files (.md to text/markdown) has been added. (ade6ca0)
The ServiceWorkerAutoPreload feature has been enabled by default after a successful experiment. (d500868)

Blink & Rendering

⚠️ BREAKING Core string manipulation methods in Blink's string classes were renamed for consistency (e.g., StringView::CodepointAt is now CodePointAt, and String::CharacterStartingAt is now CodePointAtOrZero). Low-level string manipulation code will break. (42dbfc5)
Performance of CSS Grid layout has been significantly improved by migrating key data structures (GridTrackCollection, GridLayoutData) to Oilpan, reducing data copying during layout. (a1db64d)
The rendering pipeline is now more robust, as invalid browser controls height values sent to Viz are clamped to a valid range instead of causing an error. (d22dd57)
Web App Manifest localization is now enabled by default. (0c74d0b)
A bug where input and change events were not fired for declarative Web Model-View-Controller (WebMCP) tool executions has been fixed. (246e55f)

Services & Components

⚠️ BREAKING The public FormFieldData struct and its corresponding autofill_types.mojom interface were modified to include selected_option_text. This breaks consumers of this data structure. (95b08b3)
⚠️ BREAKING Media playback error handling has changed. A hardware context reset that fails to recover will now surface a PIPELINE_ERROR_HARDWARE_CONTEXT_RESET error, which may require updates to application-level error handling. (bbfb0b5)
⚠️ BREAKING In the tab restore service, the public member sessions::tab_restore::Window::type has been renamed to window_type to resolve a name shadowing issue. (4b2975c)
⚠️ BREAKING The virtual method IsPossiblySkippableAdEntryForTesting() has been removed from the public content::NavigationEntry interface as part of a history intervention refactor. (61ed18a)
⚠️ BREAKING The static method bookmarks::BookmarkNodeData::GetBookmarkFormatType() has been removed. The format type should now be accessed via ui::ClipboardFormatType::BookmarkEntriesType(). (dfec277)
The google_apis component now provides new factory methods (CreateAccountNotFound, CreateRequestCanceled) on GoogleServiceAuthError for improved error creation. (1286fb1)

Security & Permissions

A browser-side validation check has been added to RunJavaScriptDialog() to enforce the allow-modals sandbox attribute. This prevents a compromised renderer from showing alert, confirm, or prompt dialogs without permission. (7e25766)
The kWebPermissionAPI feature flag has been removed, as the Web Permissions API (navigator.permissions.query()) is now a stable, long-enabled feature. (b62aea4)

Extensions

Extension messaging will now correctly throw an error when a script attempts to send a SharedArrayBuffer, which is unsupported, instead of silently failing or resolving to null. (7c8c8fb)
A large number of internal API tests (e.g., for nativeMessaging, omnibox, printerProvider) have been migrated from Manifest V2 to Manifest V3. (b2f7a35) (868a121) (4e191e7) (70ea9fa) (c1fb238)

Build System & Infrastructure

A large number of JNI bindings have been updated to use the @JniType annotation, improving type safety and enabling build-time checks between Java and C++. (59c8330) (7555add)
Code modularization continues with many components being moved into their own BUILD.gn targets to improve dependency management and build structure. (9c845fc) (c132b3d) (3401c7c)
Local debugging on macOS using the native Apple linker is now easier, as certain linker warnings are suppressed when use_lld=false. (970efbd)

2026-03-11

Open Standalone Page

Chromium Digest: 2026-03-11

Overview

This daily summary for March 11, 2026, covers 668 commits, with 511 identified as relevant to developers. Highlights include numerous breaking API removals across core systems, UI, and platform-specific code. Other major changes include the removal of several web-facing APIs, significant security hardening like enabling the network service sandbox on Windows by default, and continued migration of extensions to Manifest V3. The first relevant commit was (878f494) and the last was (1dd3629).

Breaking Changes

⚠️ BREAKING BREAKING: The signature of the public virtual method ClientSocketPool::RequestSockets has changed. The callback parameter is now a PreconnectCompletionCallback (base::OnceCallback<void(bool)>) instead of a CompletionOnceCallback (base::OnceCallback<void(int)>). Embedders implementing or calling this core networking API must update. (ad97a90)
⚠️ BREAKING BREAKING: The method signature for ScrollEnd in core input handling interfaces (InputHandler, CompositorDelegateForInput, LayerTreeHostImpl) was changed to pass compensated scroll delta. This is an API break for embedders. (9ec5ed7)
⚠️ BREAKING BREAKING: The underlying type of the core ui::KeyboardCode enum has been changed, resulting in an ABI-breaking change that will affect embedders linking against Chromium. (e9e9cf3)
⚠️ BREAKING BREAKING: The (const char* data, int size) overload for base::File::WriteAtCurrentPos has been made private. Embedders must migrate to the base::span overload. (42d167b)
⚠️ BREAKING BREAKING: The signature of the public static method AutofillSuggestionController::GetOrCreate was changed to include a new AutofillSuggestionTriggerSource parameter. (a29ad42)
⚠️ BREAKING BREAKING (macOS): The CHILD_PLUGIN helper process type has been removed. Embedders on macOS relying on this legacy child process type for less strict library validation must migrate to other process types. (12d359c)
⚠️ BREAKING BREAKING (ChromeOS): The public function chrome::ShowAppManagementPage() has been removed from the general-purpose chrome_pages.h header and migrated into the Ash-specific ash::SettingsAppManager. Embedders must update their code to use the new manager. (ae02e83)
⚠️ BREAKING BREAKING (Android): The public Java class org.chromium.chrome.browser.sync.TrustedVaultClient was removed. Downstream code must migrate to org.chromium.components.trusted_vault.TrustedVaultClient. (1ae80bc)
⚠️ BREAKING BREAKING (Android): The deprecated, two-argument createScreenCaptureIntent method was removed from the public MediaCapturePickerDelegate Java interface. Implementations must now use the three-argument variant. (2d0f192)
⚠️ BREAKING BREAKING: Several public APIs have been removed or refactored, including EnableVideoCaptureServiceSafeMode(), PrivacySandboxActivityTypesService, AccessibilityAnnotationService observers, and the TabSearchContainer and Click to Call UI components. Several App Mode command-line switches were also moved to an internal header. (a252ae8) (44dc583) (77cb6c6) (d43a49d) (47aad4d) (06d9ced)

Web Platform & Blink

The <command> element is now treated as an invalid element during HTML parsing, aligning with the WHATWG specification. It was previously parsed as a special void element in the <head>. (baff9bb)
The fireOnEveryPaint option has been removed from the ResizeObserver API. This non-standard and little-used option is no longer supported. (e0ce255)
The GeolocationSensor API has been removed from the codebase, as the specification was discontinued. (f2a0ff6)
A new alwaysNegotiateDataChannels option was added to the WebRTC RTCConfiguration dictionary, implementing a W3C extension to force SCTP negotiation even if no data channels are created initially. (1fcfe41)
The behavior of navigator.storage.estimate() in Incognito mode has been altered to prevent privacy leaks. It will now return values that do not reveal discrepancies in storage capacity, which could have been used to detect Incognito mode. (c48f71d)
Reader Mode's underlying Readability.js library was updated to improve content extraction on recipe websites. (5a78e07)
The focusgroup controller will no longer consume Alt+Arrow key events, preventing interference with standard back/forward navigation shortcuts. (2aed26a)

UI & UX

The TabSearchContainer and "auto tab groups" nudge button have been removed from the tab strip, simplifying the UI. (d43a49d)
The "Click to Call" page action icon and its associated feature code have been completely removed from the browser. (47aad4d)
⚠️ BREAKING On Android, the "Following" feed feature and its associated UI (FeedManagementActivity, FollowManagementActivity) have been removed to simplify the Feed experience. (1f1fda2)
A new HitTestCallback was added to views::FrameView, providing a uniform hook for subclasses to customize hit-testing behavior in the non-client area. (7c1ec2a)
Support for multi-promo "SetupList" cards on the New Tab Page has been removed in favor of a simpler single-promo design. (b233318)
On iOS, support for Dynamic Type was added to the new toolbar and app bar for improved accessibility. (1d48f04)

Security & Privacy

The network service sandbox is now enabled by default on Windows, a significant security hardening measure that restricts the privileges of the network process. (a0ad012)
The Authorization header is now correctly stripped from fetch() keepalive requests during cross-origin redirects to align with web specifications and prevent credential leakage. (5fb6646)
The ChildMemoryConsumerRegistryHost was hardened with resource limits and validation to improve security against compromised child processes. (13fc6d1)
Permissions policies for the Digital Identity Request API are now enforced in the browser process, not just the renderer, for improved security. (0f622d1)

Autofill & Passwords

New methods were exposed on HTMLOptionElement and HTMLSelectElement to allow Autofill to select options by index, which is more robust for fields with duplicate display values. (118baa7)
Logic for the built-in password store backend was updated to return more actionable errors and notify observers of those errors, improving diagnostics. (242d7c0)

Extensions

A large number of extension API tests (for history, management, context_menus, metricsPrivate, etc.) have been updated from Manifest V2 to Manifest V3, continuing the deprecation effort. (36f2f4c) (c4f4143) (bdbefc8) (35e7b66) (0b8b89d)
A crash in ServiceWorkerTaskQueue was fixed, which could occur when a stale context initialization IPC arrived after an extension was reloaded. (d12bcc8)

Build & Infrastructure

The effort to modularize the browser continues, with source code for page_info, data_sharing, engagement, and performance_monitor being moved into their own GN targets. (f7272c2) (b49f647) (1703de6) (5e70d3b)
The abseil dependency was rolled, bringing in new utilities like absl::SourceLocation. (c34a655)
Numerous expired feature flags were removed from the codebase, including enable-service-workers-for-chrome-untrusted, EnableNtpEnterpriseShortcuts, and flags related to Autofill and Password Manager features that have now launched. (2ceeca1) (b2574b0) (e484c32) (b937d39)

2026-03-10

Open Standalone Page

Chromium Digest: 2026-03-10

Overview

This digest covers 707 commits to the Chromium main branch, with 509 deemed relevant to developers. The changes span from a first commit of (d31051c) to a last commit of (39de2dc). The day was marked by numerous breaking changes to public C++, Java, and Mojo APIs, alongside new web platform features and significant internal refactoring.

Breaking Changes

⚠️ BREAKING The ANGLE D3D9 backend has been removed as a fallback option. If D3D11 initialization fails, Chromium will now fall back to software rasterization (D3D11 WARP). This may affect rendering performance on systems that previously relied on the D3D9 fallback. (282348e)
⚠️ BREAKING The public AutofillClient interface has changed. ShowAutofillAiFailureNotification was removed and replaced by ShowAutofillAiSaveToWalletFailureNotification and ShowAutofillAiFetchFromWalletFailureNotification. Embedders must update their implementations. (b1627f2)
⚠️ BREAKING On Android, the public Java method setKeyboardCaptureEnabled() has been removed from AconfigFlaggedApiDelegate, which will cause build failures for embedders using it. (4dc7411)
⚠️ BREAKING The Android MediaDrmBridge JNI method onSessionClosed and its C++ counterpart now require a reason parameter, breaking the previous API signature for EME implementations. (a2ece5c)
⚠️ BREAKING The public AppBannerManager::Observer interface was modified by renaming OnComplete() to OnBannerShown(). Observers of the app banner manager must be updated. (241d09a)
⚠️ BREAKING The signature for BrowsingDataQuotaHelper::FetchResultCallback has changed. It now takes its QuotaInfoArray parameter by value instead of by const reference, requiring updates for code that queries storage quota. (0f27d66)
⚠️ BREAKING The should_show_inactive boolean field was removed from the public tabs::TabDialogManager::Params struct. The behavior is now determined automatically based on window state. (ddc789c)
⚠️ BREAKING On iOS, the virtual method infobars::InfoBarManager::OpenURL now includes a text_fragment parameter. Embedders who subclass InfoBarManager must update their method signatures. (36d70fc)
⚠️ BREAKING On ChromeOS, several methods (GetPrinters, GetCapability, GetStatus) were removed from the crosapi::mojom::LocalPrinter interface, breaking the public API between Ash and Lacros. (ee69dea)
⚠️ BREAKING The structured_metrics_service.mojom interface has been removed from crosapi on ChromeOS, representing a removal from the public API surface between Ash and Lacros. (0a8a8c8)

Blink & Web Platform

Support was added for the new CSS attr() function grammar (attr(<declaration-value>, <declaration-value>?)), enabling more dynamic styling based on element attributes. (e33187e)
The Direct Sockets API now supports Source-Specific Multicast (SSM), enabling more advanced networking capabilities for isolated web apps. (0302377)
The Clipboard API's clipboard.read() performance has been improved by deferring the reading of clipboard data until getType() is called, avoiding expensive upfront data fetching. (216f733)
The Event Timing API was updated to report the web-exposed event.target() instead of an internal raw target, providing more reliable performance data to developers. (8fe4d91)
Several fixes were made to the Popover API, improving focus navigation when an invoker is inert and preventing focus restoration from incorrectly re-opening a popover. (de66fea) (685c58b)
A bug in canvas measureText() was fixed to improve bounding box precision for small font sizes by using float-precision bounds from glyph outlines. (3f9f2e3)
The experimental CanvasDrawElementInSubtree feature was removed, as it was incompatible with a new rendering approach for canvas children. (638a2d9)

ChromeOS

⚠️ BREAKING The crosapi interface between Ash and Lacros was changed by removing methods from crosapi::mojom::LocalPrinter and removing the structured_metrics_service.mojom interface entirely. Callers must be updated. (ee69dea) (0a8a8c8)
The launcher_search.mojom interface was removed from crosapi, and its data structures were replaced with native C++ structs to streamline omnibox search result handling. (a8ba571)
The kEnableWebGLImageChromium command-line switch is now restricted to ChromeOS only, as its correctness is not guaranteed on other platforms. (9fccafe)

Android

⚠️ BREAKING Multiple breaking changes were made to public Android APIs. The setKeyboardCaptureEnabled() method was removed from AconfigFlaggedApiDelegate, and the MediaDrmBridge JNI method onSessionClosed now requires a reason parameter. (4dc7411) (a2ece5c)
Navigation logic was updated to support creating new tabs with a pre-existing WebContents instance, a change now used by the Chrome Extension Host Delegate. (a4c5f24)
For Send-Tab-To-Self, functionality was added to propagate scroll-to-text fragments from a received entry to the page load request, enabling automatic scrolling upon navigation. (3829c79)
A new observer method, OnHighlightedTabsChanged(), was added to the TabListInterfaceObserver to notify of changes to highlighted tabs. (17d005d)

Services & Components

⚠️ BREAKING The public AutofillClient interface was updated to use more specific failure notifications for AI-based Wallet features, replacing ShowAutofillAiFailureNotification with two new methods. (b1627f2)
⚠️ BREAKING The BrowsingDataQuotaHelper::FetchResultCallback signature was changed to take its QuotaInfoArray parameter by value, breaking existing implementations. (0f27d66)
The browser process layer for the Prompt API's 'Tool use' feature was implemented, bridging Blink with the On-Device Model Service. (baf5997)
To support the upcoming "Buy Now, Pay Later" (BNPL) feature, the Autofill Suggestion object was updated to include a TabIndex for organizing suggestions into tabbed panes. (c4b4f1a)
A series of commits were made to respect the two-step shutdown of KeyedService, ensuring services like ShoppingService and HistoryClustersService unregister their observers from HistoryService correctly to prevent shutdown crashes. (d2a4301) (f91b877) (c7d1fe6) (b45f34f)
The Trusted Vault Android bridge was moved from chrome/ into //components to improve modularity and code sharing. (d031ef5)

UI & UX

⚠️ BREAKING The AppBannerManager::Observer interface was changed by renaming OnComplete() to OnBannerShown(), and the should_show_inactive parameter was removed from TabDialogManager::Params. (241d09a) (ddc789c)
The Side Panel infrastructure was refactored to be more platform-agnostic in preparation for its use on Android. (f1041bd) (70eca5b) (2af1630) (1ddac02)
⚠️ BREAKING On iOS, the InfoBarManager::OpenURL method signature was changed to support scrolling to a text fragment when opening a URL from an infobar. (36d70fc)
The ElementTrackerViews API was updated to allow explicit requests for non-visible views, providing more flexibility for UI automation and testing. (c00788d)

Code Health & Infrastructure

The url_param_filter directory and its remaining files were deleted, completing the removal of the feature. (6af3e35)
The grit.py build tool was optimized to skip Python's slow garbage collection on exit, speeding up large resource builds by over a second. (757fea0)
A new mechanism, behind the SQLitePersistentCookieStoreEarlyInit feature flag, allows the cookie store to initialize on a background thread upon creation to reduce latency for initial cookie access. (24ddf87)
Numerous expired feature flags were cleaned up from the codebase, including LayoutFlexNewRowAlgorithm. (32b7a9d) (e917aeb) (7d0dc59) (f6e3828)

2026-03-09

Open Standalone Page

Chromium Digest: 2026-03-09

Overview

This summary covers 373 relevant commits out of 521 total, from (704c022)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((704c022)) to (71c55fc)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((71c55fc)). The day was marked by an exceptionally high number of breaking changes across core APIs, including V8, Blink, Content, and various utility libraries, requiring significant attention from embedders.

Breaking Changes

⚠️ BREAKING V8 API: Older ...V2 suffixed functions like HolderV2(), GetPrototypeV2(), and SetPrototypeV2() have been removed from the public V8 API. Embedders must migrate to the modern, unsuffixed equivalents. (37e0529)
⚠️ BREAKING Blink WTF & Platform: The core Blink utility library wtf saw several breaking changes. wtf::Vector::AppendRange() was removed in favor of Append(), and wtf::PodRedBlackTree lost its public size() method and Visitor class. Additionally, wtf::PodIntervalSearchAdapter was removed and the signature of PodIntervalTree::AllOverlaps was changed. (4a0293f) (96feb1a) (39a7e93)
⚠️ BREAKING Blink API: The signature of blink::Path::Apply was changed to use base::FunctionRef instead of a C-style function pointer. Separately, blink::WebMenuSourceType was removed and fully replaced by ui::mojom::MenuSourceType. (2e98bc1) (75a48e0)
⚠️ BREAKING Content & Extensions API: The public method content::RenderProcessHost::IsForInitialWebUI() was removed and replaced with IsForTopChromeWebUI(). In the extensions system, the virtual method ExtensionHostDelegate::CreateTab now requires a const GURL& target_url parameter, forcing subclasses to update. (0747310) (3fc5459)
⚠️ BREAKING History Component: A broad refactoring replaced int64_t with the strongly-typed history::ClusterId for cluster IDs across the public components/history API. This is a non-transparent type change requiring migration. (9cb1107)
⚠️ BREAKING Base & Metrics API: The base::Reversed utility now has stricter template constraints which may break some existing usages. In base/metrics, the signatures for DeserializeHistogramInfo() and MergeHistogramDeltaToStatisticsRecorder() were changed to require new parameters. (52254e7) (b51c5e3)
⚠️ BREAKING Graphics (Ozone): The native_pixmap_unique_id field was removed from the public ui::OverlaySurfaceCandidate struct. Embedders with custom Ozone backends must update their implementations. (1523733)
⚠️ BREAKING Networking API: The public struct network::ConnectionAllowlist was changed, converting boolean members like redirection_allowed into a new RedirectBehavior enum. This breaks the API contract for consumers. (9d5b5cf)
⚠️ BREAKING Android & JNI: The public helper jni_zero::Cast() has been removed; code must now use the As() method on ScopedJavaLocalRef. Additionally, a revert to CaptioningController altered its public constructor signature. (64f58c3) (3b7cb50)
⚠️ BREAKING ChromeOS (Ash): The ash::VideoConferenceManagerClient interface was refactored from an asynchronous, callback-based pattern to a synchronous, direct-return pattern, breaking all existing client implementations. (8e40d72)

Blink & Rendering

The SoftNavigationContext is now created based on Event Timing interactions, aligning it more closely with the INP (Interaction to Next Paint) metric. (704c022)
A new, more efficient subview() method has been added to blink::String and blink::StringView for creating non-copying substrings. (05f5906)
SharedImages created by WebGL will now include the RASTER_READ usage flag, allowing them to be read back via the raster interface. The associated feature flag has been removed. (d01041e) (6b1cab2)
The public API for ad detection on image resources was refactored, replacing bool IsAdResource() with const std::optional<AdProvenance>& GetAdProvenance(). (f0c4f0a)
A bug was fixed to ensure that modifying @supports and @navigation rule conditions via CDP correctly triggers a style recalculation. (af87586)

Networking & Services

The CancelPendingCallbacksBeforeFetchRestart feature for ServiceWorker is now enabled by default on all platforms, improving reliability during fetch restarts. (2cdd4c4)
Redirect chains are now sanitized when committing error pages, reducing the risk of cross-site information leakage into a renderer process. (4468713)
Logic for Secure DNS canary domain probing was refactored to be more precise about when probes are initiated. (9cff51a)

Android & iOS

Android: Several features were enabled by default, including ClankDefaultSearchApi, RobustWindowManagement for multi-window handling, and touchpad overscroll gestures for back/forward navigation on phones. (1b34a92) (87f844d) (232064f)
Android WebView: The Profile.setSpeculativeLoadingConfig API has been deprecated. (495db07)
iOS: Reader Mode translation is now enabled by default. (b53956f)
iOS: A large number of components were modernized to replace the deprecated UIWindow init with initWithWindowScene. (a687976) (a0e9bf8) (80af57f)

Features & UI

Passwords: A new delegate, PasswordChangeFromCheckupDelegate, was introduced to handle password change flows initiated from the Password Checkup page. (3717b70) (0784373)
Cast: The maximum frame size limit for the Cast Receiver was increased from 512KB to 10MB to better support higher-resolution streams. (292c655)
ChromeOS: As part of a code isolation effort, file manager preferences have been migrated from common prefs to Ash-specific prefs. (c81108e)
Feature flags for several shipped features, including the Navigation API and the Android Photo Picker (READ_MEDIA_* permissions), were removed. (6a4c053) (6c34dea)

Code Health & Infrastructure

Developer Experience: The C++ style guide was updated to allow the use of std::ranges::to for more modern and concise container conversions. (df05b07)
Performance: The HttpUtil::IsTokenChar function was optimized using a static table lookup, significantly improving its performance in benchmarks. (9a33438)
Testing: A new test utility, content::CrashFrameProcess, has been added to browser_test_utils.h to simplify the process of crashing a frame's renderer process in browser tests. (efe7d29)
Third-party dependencies were updated, including libpng to v1.6.55, libaom, QUICHE, and several Rust crates. (0c8fd85) (c31a32b) (7da4cf7)
A new CDP protocol, WebMCP, was introduced for listing available tools. (18ae39a)

2026-03-08

Open Standalone Page

Chromium Digest: 2024-10-27

Overview

This digest covers 3 commits, analyzing changes from (4304525)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((4304525)) to (ede9410)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((ede9410)). The analysis focuses on identifying major breaking changes for embedders. No breaking changes were identified in this set of commits, with all modifications pertaining to internal test infrastructure.

Testing

Adjustments were made to browser tests for the Prerender2Fallback feature. These changes modify test expectations and remove prefetch matching timeouts in preparation for potentially enabling the feature by default. The modifications are confined to test code and do not affect production behavior. (4304525) (ede9410)
New unit tests have been added to validate UMA metric reporting for the Live Translate feature. A test related to profile preference registration was also removed to resolve unrelated test failures. (84f0d5f)

2026-03-07

Open Standalone Page

Chromium Digest: 2026-03-07

Overview

This digest covers 80 commits, from commit (01b8595) to (85b4f29). A significant behavioral change was made to how fullscreen mode interacts with iframe navigation. Other notable updates include the re-enabling of the WebNN Origin Trial, the introduction of a Rust-based JPEG parser, and numerous refactorings in Android sign-in, GuestView, and on-device AI APIs.

Web Platform

⚠️ BREAKING BREAKING CHANGE: The behavior of fullscreen mode has been altered. Previously, fullscreen would only exit upon navigation of the main frame. Now, it will also exit if a subframe that requested fullscreen (or contains the fullscreen element) performs a cross-document navigation. This change could affect web applications that rely on the previous behavior of iframes navigating without impacting the fullscreen state. (9f026d2)
The WebNN Origin Trial has been re-enabled for M-147 after progress on security issues. (bd34687)
The AttachShadow API now correctly uses the document's custom element registry by default, instead of the tree scope's registry, aligning its behavior with the DOM specification. (b7e068f)
The Geolocation API now supports an Approximate accuracy mode, mapping to a new GEOLOCATION_APPROXIMATE permission type. (4f11a5e)
The Direct Sockets API has been updated to allow MCAST_JOIN_SOURCE_GROUP and MCAST_LEAVE_SOURCE_GROUP socket options in the network service sandbox, and the separate feature flag for multicast (kMulticastInDirectSockets) has been removed, consolidating it under the main DirectSockets feature. (acf3861) (85b4f29)
Code related to ElementInternals.type has been deleted. This was an experimental feature behind a flag that was never enabled by default. (3ba8c47)
The :filtered pseudo-class for customizable comboboxes now uses case-insensitive matching. (43683dd)

Android

Significant refactoring continues on the Android sign-in flow to support an "activity-less" sign-in experience, reducing reliance on SigninAndHistorySyncActivity. (cdab182) (2ae4bf4) (2e1b49e)
The AutocompleteController in the omnibox has been moved to FuseboxSessionState to ensure it is always valid when an input session begins, simplifying logic for handling native initialization. (bf18672)
The unimplemented clearPrefetch method has been removed from Android WebView's internal Profile class. The public-facing API in the support library is preserved but marked as deprecated to maintain interface compatibility. (2a37e7c)
The logic for tab persistence and restoration has been updated to better handle the active tab, including using a cached active tab ID during the restore process. (cafe98d) (4f559f2) (86f7e09)
Trusted Web Activities (TWAs) will now display the origin by default. (d5b65d9)

Internals & Refactoring

A new public interface, SurfaceEmbedConnector, has been introduced to allow embedding a child WebContents within a parent without a traditional OOPIF connection, intended for WebUI scenarios. (a01932c) (70e95fb)
Gesture event handling in GuestView and its subclasses has been refactored to use SetIgnoreZoomGestures instead of overriding PreHandleGestureEvents, simplifying the implementation for disabling pinch-to-zoom. (bc8afa5)
A new Rust-based JPEG parser has been introduced behind the kUseRustJpegParser feature flag, with tests running against both the C++ and Rust implementations to ensure correctness. (7532a03)
The beforeunload logic has been made more robust by refactoring pending reply tracking to use GlobalRenderFrameHostId instead of raw pointers, reducing the risk of use-after-free bugs. (da47bac)
The AdTracker's CalculateIfAdSubresource method has been refactored to return an AdProvenance object directly, simplifying ad tracing logic and ensuring provenance is preserved across redirects. (eff3574)
The kPwaNavigationCapturingWithScopeExtensions feature flag has been removed as the feature is now enabled by default. (a3f9929)

On-Device AI

Eligibility for on-device model audio input on GPU has been changed from a performance class list to a requirement of at least 6GB of VRAM. (6f3a201)
Language support for AI APIs has been refactored. The default supported languages now include Spanish and Japanese, and a new flag, summarizer-api-for-gemini-nano, has been added. (5f7603d)

UI & UX

In-Product Help (IPH) and tutorials have been added for the Vertical Tabs feature and the tab search combo button to improve user education and feature discovery. (e05fe9e) (6415828)
An experimental feature arm that showed a PDF infobar when a PDF was loaded has been removed due to lower-than-expected user interaction. (365d98a)
A bug has been fixed in the omnibox WebUI that caused it to incorrectly exit keyword mode when a default, non-selectable match was present. (ff7cbb0)

2026-03-06

Open Standalone Page

Chromium Digest: 2026-03-06

Overview

This daily summary covers 741 commits, with 565 deemed relevant to developers. The changes span from the first commit ((2b3bc52)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((2b3bc52))) to the last ((485e8be)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((485e8be))). The day was marked by a large number of breaking changes to public C++, Mojo, and command-line APIs, requiring significant updates for embedders and implementers of various Chromium interfaces.

Breaking Changes: Core & C++ Interfaces

⚠️ BREAKING base::File I/O methods are now private and require base::span. The public, non-spanified base::File::Read and base::File::Write overloads that take a raw char* have been made private. Embedders must migrate to the public overloads that use base::span, which also feature a different return type (std::optional<size_t> instead of int). (2f6529b)
⚠️ BREAKING Multiple interfaces now require implementation of new pure virtual methods. Implementers of blink::WebMediaPlayer must add Shutdown(), NotificationSchedulerClient must add OnShowNotification(), and DomStorageDatabase must rename RewriteDB() to CleanUpStaleData(). Builds will fail without these updates. (2f6df87) (6a1607a) (6f9a1f4)
⚠️ BREAKING ui::ElementIdentifier and related types are now strongly-typed. ui::ElementIdentifier, ui::CustomElementEventType, and TypedIdentifierOld have been migrated to a new UniqueIdentifier system. Code that relied on the previous void* or alias definitions will break and must be updated to use the new strongly-typed identifiers. (3ac974d) (fe6930d) (ed4367a)
⚠️ BREAKING The public class TabRendererData has been removed. Clients are now required to use the tabs::TabData struct instead to represent a tab's visual state. This is a public API removal that will break any code depending on TabRendererData. (af1897a) (bf0fd12)
⚠️ BREAKING The remoting::SignalStrategy public interface has been refactored. FTL-specific methods have been moved out of the base class and into a new, dedicated FtlSignalStrategy class. Embedders of the remoting component using FTL methods directly from SignalStrategy must update their code. (f154eb3)
⚠️ BREAKING The DataTypeController::GetPreconditionState() method signature has changed. This pure virtual method in the sync component now requires a new context parameter, breaking all existing subclass implementations. (37a2d3f)

Breaking Changes: Web & Feature APIs

⚠️ BREAKING The caBLE v1 extension has been removed from the WebAuthn public API. This includes its removal from AuthenticationExtensionsClientInputs in Blink and the authenticator.mojom interface. Web applications or embedders using this v1-specific extension will break. (8b50d0e)
⚠️ BREAKING The PageLoadMetricsObserver::OnSoftNavigationUpdated method has been removed. It is replaced by OnSoftNavigation(), which no longer passes mojom::SoftNavigationMetrics as an argument. Observers must now retrieve this data via the PageLoadMetricsObserverDelegate, breaking existing implementations. (a431cb8)
⚠️ BREAKING The Audits.checkContrast command has been removed from the DevTools protocol. Any automation or tooling that relies on this command for programmatic accessibility contrast checks will break. (f0f700c)
⚠️ BREAKING The callback type for FederatedEmbedderLoginRequest has changed. The callback in content/public/browser/webid/federated_embedder_login_request.h is now a base::OnceCallback instead of base::RepeatingCallback, requiring updates for FedCM embedders. (2d27c87)
⚠️ BREAKING Several public utility methods and command-line switches have been removed. This includes ExtensionTabUtil::OpenOptionsPageFromAPI, the --launch-isolated switch (replaced by registry settings on Windows), and the --disable-webgl-image-chromium switch. (1567ebe) (03a70ad) (8854092)

Breaking Changes: Platform Specific

⚠️ BREAKING The media_message_center::NotificationTheme struct and SetColorTheme method have been removed from Ash. Embedders relying on this method to theme media notifications must migrate to the MediaColorTheme system. (3037e41)
⚠️ BREAKING The crosapi::mojom::SearchResultConsumer interface has been removed. This breaks the public API contract between Chrome and ChromeOS for clients that used this Mojo interface for asynchronous favicon updates in launcher search results. (6e0cbba)
⚠️ BREAKING The public contentView method has been removed from ios/web/public/web_state.h. This is a public API removal for iOS embedders, who must find an alternative way to access the web content view. (b7e91a5)
⚠️ BREAKING The Mirroring Service and cast_unittests are no longer built for Android. This is a significant change for any Android build configurations that depended on these components. Note: This change was temporarily reverted due to build failures. (f041e4f) (c2bb3f3)

Web Platform & Media

The border-shape CSS property is now enabled by default, allowing developers to create non-rectangular borders on elements. (e8744fa)
A new job type was added to allow WebSocket connections to reuse existing QUIC sessions, enabling WebSocket over HTTP/3 and improving connection performance. (9c623b4)
Support for iterationComposite: accumulate has been implemented for CSS transforms, allowing animations to build upon each other. (d72cf81)
Static <video controls> elements are now treated as replaced normal-flow stacking elements to fix painting order issues with surrounding content. (86b497d)
Logic has been added to generate origins from nonces for sandboxed iframes in both the browser and renderer processes. (8fcb4c3) (4b16c54)

UI & UX

The Vertical Tabs feature received several improvements, including better accessibility for reordering, preventing scrollbars during animations, and enabling tab activation on link drag hover. (fa9ee99) (b37372c) (22d54ca)
The cr-searchbox Polymer component was refactored to extract the input field into a new <cr-searchbox-input> LitElement, improving modularity in WebUI. (aa79bce)
The bookmarks overflow menu will now remain open after an item is deleted, improving user workflow. (a324040)
The WebUI for the deprecated Auto Tab Groups (ATG) feature has been removed. (549edd6)

Platform Specific

Android: Autoplay logic was updated to better align with desktop by supporting AutoplayAllowlist and AutoplayAllowed enterprise policies, gated by new feature flags. (1aef470)
Android: The PDF viewer toolbar received new zoom controls and other layout updates. (fe18251) (4c45a93)
Android: The SyncPromoController and SigninPromo components were removed following the UNO phase 2 launch. (d8ff434)
iOS: A significant effort was made to deprecate the use of initWithFrame in tests in favor of initWithWindowScene to align with modern iOS SDKs. (2ed8655) (a53b8e0) (39f02fa)
iOS: Network error translation was improved to correctly handle nested errors introduced in recent iOS versions. (4a62a8c)

Code Health & Infrastructure

An initial Rust implementation of ChildProcessSecurityPolicy was introduced. It will run in parallel with or replace the C++ version, controlled by a feature flag, as part of a memory safety initiative. (5440cf2)
A new embedder API was added to the Back-Forward Cache to allow disabling the caching of forward navigation entries. (e2a6aae)
The DiceResponseParams structure was refactored to support multiple accounts, in preparation for the upcoming Connected Accounts flow. (740a888) (2f4419c)
A potential out-of-memory crash in the History Embeddings component was fixed by adding a size check before decompressing gzip data. (3dcee0a)
Scaffolding and infrastructure were added for new AI-powered features, including a new AI Taxonomy API and the "Finds" project, which will use an LLM API. (4f13048) (0fb9b77)

2026-03-05

Open Standalone Page

Chromium Digest: 2026-03-05

Overview

A day marked by numerous breaking API changes and significant refactoring efforts across the codebase, particularly in the base library, networking stack, and platform-specific components. Out of 724 total commits, 544 were deemed relevant to developers. The day's changes began with commit (9fa596c) and concluded with (605a489). A high number of reverts indicates some recent instability on the main branch.

Breaking Changes

⚠️ BREAKING net::NetworkDelegate: A new pure virtual method, ShouldForceIgnoreSiteForCookies, has been added to the public net::NetworkDelegate interface. Embedders who subclass this interface must implement the new method to avoid compilation failures. (9e66171)
⚠️ BREAKING net::CertVerifyResult: The public field has_sha1 has been removed from the net::CertVerifyResult struct as part of the final removal of SHA-1 support. Code relying on this field for certificate verification logic will no longer compile. (70a730f)
⚠️ BREAKING base Library: The base library saw multiple breaking changes. base::AvailablePhysicalMemoryMonitor was renamed to base::AvailableMemoryMonitor, and the non-std::span overload of base::File::ReadAtCurrentPos was made private, requiring callers to migrate to the span-based version. (0ed195d) (3b61a3b)
⚠️ BREAKING Blink & Web Platform: The public Blink API has been modified. The Node::textContentForBinding() method signature was changed, the WebFetchClientSettingsObject struct was altered to use a nested policy container, and the DownSampler::Process method was updated to use base::span instead of raw pointers. (ccebd1f) (f0e69bf) (9e96b7c)
⚠️ BREAKING Extensions: The chrome.tabs.update() API will now throw an error when an extension attempts to un-highlight the last selected tab, a change from its previous silent failure. Additionally, the internal ExtensionWebUI class has been renamed to ExtensionUrlOverrides. (ebae198) (10f8396)
⚠️ BREAKING Android: Multiple core UI classes have had their public constructors changed, including TabModel (adds a CustomTabProfileType parameter) and ContextMenuDialog (adds a rootView parameter). The obsolete JNI bridge for History Clusters (history_clusters_bridge.h) has also been removed. (78cc547) (9ec8807) (55b5ef7)
⚠️ BREAKING iOS: The public web::WebStateDelegate interface was modified, renaming AuthCallback to HTTPAuthCallback and updating the OnAuthRequired method. Separately, the AssistantContainerDelegate method didUpdateHeight: was replaced with didUpdateExpandPercentage:. (81fa4a6) (4537527)
⚠️ BREAKING ChromeOS: A major refactoring of the print preview dialog has resulted in the removal of several public classes and interfaces, including PrintPreviewWebcontentsManager, PrintPreviewCrosClient, and PrintPreviewCrosDelegate. (1397320)
⚠️ BREAKING Enterprise: The require_metadata_verdict field has been removed from the public ContentAnalysisRequest protobuf message in connectors.proto, which will break enterprise connectors relying on this field. (0cb8117)
⚠️ BREAKING Remoting: The public SignalStrategy::Listener interface was changed by replacing the OnSignalStrategyIncomingMessage method with OnSignalStrategyIncomingFtlMessage, which has a different signature. (bbbcf8a)
⚠️ BREAKING Build System: A large-scale refactoring of the JNI generation system has changed the public dependencies of numerous core build targets. This may break embedder build configurations that rely on the previous dependency graph. (f1caee7)

Web Platform & Blink

The Web Crypto API is now more robust with the implementation of the ChaCha20-Poly1305 algorithm. Its algorithm lookup now also uses ASCII case-insensitive matching. (38ea0fe) (1e6da5e)
New CSS features have been added: the path-length property to correspond with the SVG pathLength attribute, and support for sharing random() values in custom property animations. (ddb3a52) (e02815d)
Event Timing now supports navigate, popstate, and hashchange events, exposed behind the new NavigationEventTiming feature flag. (c6a49e3)
The JS Self-Profiling API is now enabled for Dedicated Workers when allowed by the document's Permissions-Policy. (1f9a5a2)
The WebAudio API is now more resilient, gracefully handling out-of-memory conditions during audio decoding instead of crashing the renderer. (f434b48)
On macOS, the accessibility role for the <br> tag has been changed from group to statictext to prevent VoiceOver from announcing it as an empty group. (dfe2472)

Security & Enterprise

The IncognitoModeUrlBlocklist and IncognitoModeUrlAllowlist enterprise policies have been launched to stable. (de0b2fd)
To prevent administrators from accidentally blocking internal pages, an exception for the chrome:// scheme is now automatically added when a wildcard (*) is used in the URLBlocklist policy. (b7792df)
Security has been hardened by adding bounds checking in the browser process for Tar and Xz archive extraction to prevent integer overflows from malformed archives. (2f05465)
A new permission model for motion and light sensors has been introduced behind a feature flag, adding an "ask" option to the existing "allow/block" model. (008a9c7)

Core & Infrastructure

A new utility, base::reinterpret_span<T>(), has been added for safely reinterpreting byte spans. (9a040b8)
A use-after-free bug in base::OnceCallbackList has been fixed, which could occur when Notify() was called re-entrantly. (36acd49)
To reduce IPC serialization overhead, the MemoryConsumer identification mechanism was refactored to use an integer hash instead of a string. (d8eb846)
A new metric, Platform.MicrocodeVersion, has been added to track CPU microcode versions on Linux systems. (076774b)

Android

The chrome.commands.onCommand extension event now includes the tabs argument, improving parity with desktop platforms. (11f9011)
A new Picture-in-Picture (PiP) media indicator has been added to the tab UI, making it easier for users to identify which tab is in PiP mode. (fa2887a)
A new feature flag, FullscreenVideoPictureInPicture, was added to control the new PiP behavior for fullscreen videos. (2f38ce8)

iOS

Passkey support has been enhanced with new UI for incognito mode interstitials. (973a189) (d22460f)
A "Hide Toolbar" option has been added to the omnibox context menu, providing users with more control over the UI. (4014bb8)

Developer Tools

The AI assistance feature is migrating from the AIDA API to the new Gemini Code Assist (GCA) API, controlled by the kDevToolsUseGcaApi feature flag. (057018c)
On macOS, Headless mode now supports the Emulation.updateScreen() CDP command. (ab05c35)

Reverts & Stability

A breaking change to the PageLoadMetricsObserver interface, which modified the OnSoftNavigation method, was quickly reverted due to test failures. (7e5b07f) (3a124a1)
A performance improvement for TabModel lookup on Android was reverted due to crashes, though a revised version was later relanded. (9e3a430) (2e435b3)
A change to the BookmarkContextMenu was reverted due to a hang on X11. (b6c8047)

2026-03-04

Open Standalone Page

Chromium Digest: 2026-03-04

Overview

This digest covers 712 commits on the main branch from (5ce3994)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((5ce3994)) to (91ea801)" target="_blank" rel="noopener noreferrer" class="text-sky-500 hover:text-sky-300 font-mono">((91ea801)), with 527 deemed relevant to developers. The day saw a large number of breaking API changes across core UI, content, and base libraries, alongside the graduation of several features and significant refactoring in Android JNI management and Autofill.

Breaking Changes

⚠️ BREAKING The public API ui::Clipboard::GetStandardFormats was changed from a synchronous function to an asynchronous one that takes a callback. Embedders calling or overriding this method must update their implementation to the new asynchronous signature. (14c828a)
⚠️ BREAKING The virtual method CreateURLLoaderHandlerForServiceWorkerNavigationPreload on the public content::ContentBrowserClient interface was renamed. Embedders overriding this method must update to the new name: CreateURLLoaderHandlerForServiceWorkerInitiatedNavigationRequest. (66509a9)
⚠️ BREAKING The default behavior of the public API WebContents::IgnoreInputEvents has changed. It now ignores accessibility input events by default, which may break embedders relying on the previous behavior for accessibility features. (c208fa7)
⚠️ BREAKING The FedCM API has been refactored. The public class FederatedActorLoginRequest was removed and replaced by content::webid::FederatedEmbedderLoginRequest. The content::webid::IdentityCredentialSource interface was also changed. Embedders using this flow must update their code. (5c44bb8)
⚠️ BREAKING The public class chrome::IsolatedBrowser for Windows has been removed. It is replaced by a new free function, chrome::LaunchIsolatedBrowser, which returns a base::Process instead of an object. Consumers of the old class-based API must migrate. (18f98f7)
⚠️ BREAKING The deprecated Pickle::WriteBytes(const void* data, size_t length) and Pickle::WriteData methods have been removed from base/pickle.h. Code must be updated to use the span-based overloads. (18a2af4) (4fda9b2)
⚠️ BREAKING Public helper functions in jni_zero.h have been renamed. The lvalue version of Cast() is now CastDup(), and the template parameter order for the rvalue Cast() is swapped. This will break code directly using these JNI helpers. (b79b840)
⚠️ BREAKING The web-exposed pseudoTarget DOM attribute has been moved from MouseEvent, FocusEvent, etc., to their parent interface, UIEvent. This is a breaking change for web content that interacts with these event objects. (9b1025c)

Web Platform & Blink

The CSS contrast-color() function is now enabled by default and shipping. (c103765)
The CSSPseudoElement interface and the event.pseudoTarget attribute are now enabled by default, making them available to all web content. (27d3b7f)
The behavior of the CSS all shorthand property has been fixed to correctly reset all applicable properties as per the specification, affecting both setProperty() and getPropertyValue(). (dba0609)
The Cronet networking library now supports "Adaptive Bidirectional Streams", a transparent enhancement to the createBidirectionalStream method for handling adaptive network logic. (a118e80)
A bug was fixed in the on-device Web Speech API where install() would hang for Gemini Nano models due to a missing listener. (968c900)
The scroll predictor was refactored to better separate real and synthetic predictions, aiming to prevent reversals and improve smoothness. (3b36543) (7495d3a)

Services & Core Internals

Several components were modularized into their own directories to improve code structure, including //chrome/browser/history_embeddings, //chrome/browser/language_detection, and //components/enterprise/data_protection/. (96bf15c) (7a1edc2) (12ae470) (8f94e41)
The UpdateClient public interface in the Component Updater now includes a CleanupStaleDownloads method to perform best-effort cleanup of old temporary files at startup. (b095a1b)
A new enterprise policy, ExtensionDOMActivityLoggingEnabled, was added to control telemetry collection for extension DOM activity. (20089d3)
Logic was added to parse redirect and webrtc parameters from the Connection-Allowlist HTTP header, which will be used to control those features on a per-document basis. (0881a55)
Significant refactoring occurred in Autofill, including improving address normalization, implementing fixed-length obfuscation for sensitive AI data, and moving AutofillFormatString to a separate file. (4f47e99) (e284e30) (b634e65)
The foundation for Safe JNI Pointers was introduced by adding core marker interfaces like JniTypeToken and JniPtr to jni_zero. (871d151)

Android

To improve scalability and reduce JNI global reference usage, InfoBarContainer, SmartSelectionClient, and WebContentsDelegateAndroid were refactored to locate their Java peers via the associated WebContents or Tab instead of holding persistent global references. (7f1d1c0) (b8740ec) (624f025)
A new JNI method, PasteFromImageBytes, has been added to ImeAdapter to allow for more efficient pasting of images from raw byte data, bypassing URL encoding/decoding. (85c4f95)
Send Tab to Self was enhanced to propagate the user's scroll position by generating and attaching a text fragment to the shared tab entry. (04f26ef)
Nesting support was added to AnchoredPopupWindow, allowing popups to be displayed from within other popups. (7e9738a)
Several critical reverts were landed to fix crashes and stability issues in Android WebView related to AwContents context tracking and ActivityWindowAndroid constructors. (e23b4c7) (ffa30de) (1c03342)

Desktop & UI/UX

WebUI-based back and forward buttons were added behind the kWebUIBackButton feature flag. (ad1ed8f)
The vertical tab strip received visual improvements, including a higher contrast outline for pinned tabs in dark mode and opacity animations for adding/removing tabs. (bc90d82) (fc40d95)
A bug in Mac's immersive mode was fixed, preventing extra space from appearing when switching to vertical tabs. (452a371)
The PWA migration dialog will now re-appear if a user cancels the uninstall process, preventing the app from closing unexpectedly. (2f92070)

iOS

The PersistTabContext and kPageContentCache features are now enabled by default to improve performance and context retention. (ff0c5c7)
A crash in the file upload panel was fixed by preventing the selection of PDFs when a folder is the only accepted input type. (a8d0fda)

Feature Removals & Graduations

The "Tab Declutter" feature and its associated UI have been completely removed from the codebase. (5bbd8d1)
The kEnableLazyLoadImageForInvisiblePage feature was enabled by default, allowing images with loading=lazy to be deferred even when the page is not visible. The flag has been removed. (02e5ec9) (3ce18ba)
The Feed has been removed from the New Tab Page on Android desktop form factors as part of the NTP Simplification effort. (aa6fff3)
Several feature flags were removed, graduating their features to default behavior, including kSendTabToSelfIOSPushNotifications, AnimateSuggestionsListAppearance for omnibox, and GlicFreWarming. (6274346) (b153fad) (ac5f288)

Developer Tools

The DevTools Context selection agent, which allows developers to select an execution context (e.g., top frame, iframe), has been enabled by default. (ab1b459)

2026-03-03

Open Standalone Page

Chromium Digest: 2026-03-03

Overview

This summary covers 339 commits on the main branch, with 247 identified as relevant to developers. The changes span from commit (7d231e6) to (d17b81a) and include a significant number of breaking API changes across ChromeOS, media, networking, and core browser interfaces.

Breaking Changes

⚠️ BREAKING CrosDisplayConfig API: The mojo interface crosapi::mojom::CrosDisplayConfigController and its observer crosapi::mojom::CrosDisplayConfigObserver have been replaced with the pure C++ interfaces ash::CrosDisplayConfig and ash::CrosDisplayConfig::Observer. Clients like LaCrOS must update to the new C++ API. (27f97b7) (49287a5)
⚠️ BREAKING User Session Observer: The public observer method UserManager::UserSessionStateObserver::UserAddedToSession has been removed. Embedders must migrate to session_manager::SessionManagerObserver::OnSessionCreated() to listen for new users. (59bbf63)
⚠️ BREAKING Web Audio Provider: The signature of the public virtual method WebAudioSourceProvider::ProvideInput has been changed. Embedders implementing this interface must update their method to use base::span instead of std::vector. (54421a1)
⚠️ BREAKING Viz BufferQueue API: The viz::BufferQueue public API has been refactored. SwapBuffersSkipped was removed, and SwapBuffers no longer accepts a damage rect. Embedders must now call the new UpdateBufferDamage method separately before SwapBuffers. (f7de62a)
⚠️ BREAKING Media Mojo Interface: The media.mojom.SharedMemoryVideoFrameData interface has been modified. The strides field is now uint32 instead of int32, and support for the interleaved IMC4 pixel format was removed. Mojo clients using this interface require updates. (d0a80fe)
⚠️ BREAKING Certificate Verification: The VERIFY_ENABLE_SHA1_LOCAL_ANCHORS flag has been removed from the public net::CertVerifyProc::VerifyFlags enum. This enforces stricter SHA-1 validation, and code using this flag will no longer compile. (0533a59)
⚠️ BREAKING Chrome Apps API: The chrome.browser API has been removed for non-ChromeOS platforms (Windows, Mac, Linux), breaking any remaining extensions that use it as part of the ongoing deprecation. (d1392f5)
⚠️ BREAKING Browser UI Component: The public class glic::GlicLegacySidePanelCoordinator and its accessor glic_side_panel_coordinator() have been removed from the BrowserWindowFeatures interface. (402018e)
⚠️ BREAKING Web Performance API Behavior: The behavior of the web-exposed SoftNavigationEntry and InteractionContentfulPaint performance APIs has changed. The calculation for startTime and duration has been altered, which can break web performance monitoring tools that rely on the previous values. (b736e30)

API & Core Interfaces

A public build target for abseil's CRC functions is now available for use in other parts of the codebase. (8ebb498)
Several extension-related observers have been converted to CheckedObserver to improve memory safety and prevent use-after-free bugs. (95f9642) (2388bb8)

Web Platform & Blink

Animation support has been added for contrast-color() within the box-shadow property. (b365c44)
A bug has been fixed where animating a pseudo-element to display:none would incorrectly remove it from the DOM. (521bc13)
For improved code health and safety, blink::Vector::AppendSpan() and AppendVector() have been removed in favor of append_range(), and a new String::substr method with stricter bounds checking was added. (3c83e99) (8532aed) (49db258)

ChromeOS & Ash

To improve OS/browser separation, numerous ChromeOS-specific preferences (Kiosk, factory reset, essential search, etc.) have been moved from chrome/common/pref_names.h to the Ash-specific ash/constants/ash_pref_names.h. (83edd08) (d998a3b) (b7c1d9d) (eb9f998)
The PrintPreviewHandlerChromeOS was refactored to use CupsPrintersManager observers directly, simplifying its architecture. (9dc14b1)

Security

To mitigate UI spoofing vulnerabilities, a check was added to prevent background tabs from showing popups. (948f7d1)
To prevent potential heap information disclosure, video frames in the libvpx and dav1d software decoders are now zero-initialized. (c0244ca)

Networking & Storage

For Service Workers, an optimization was added to bypass the synthetic response path when a navigation is intercepted by an embedder. (3c79032)
The SQL disk cache received a fix for a double-decrement bug during entry eviction and a simplification of its pending task tracking logic. (c463655) (3691420)

UI & Features

On Android, the Safety Hub feature was migrated to an activity-less sign-in flow, and the SupervisedUserBlockInterstitialV3 UI was enabled by default. (2965a40) (3f52717)
New drop arrow indicators have been added for drag-and-drop operations in vertical tabs. (e057056)

Media & GPU

The kUseDisplaySDRMaxLuminanceNits feature, which caused undesirable brightness behavior, has now been restricted to Windows-only. (232238f)
The Vp9Parser was successfully converted to use base::span after a previous revert, improving memory safety. (e61586d)