Chromium Weekly Summaries

2026 Week 9

Chromium Weekly: 2026 Week 9

Overview

This week's summary covers 1520 relevant commits out of 2116 total across 3 days. The week was defined by an exceptionally high volume of breaking changes, most notably the complete removal of the base::VariantMap utility container. Major new features landed, including the CSS contrast-color() function, while significant refactoring continued in the Remoting and ChromeOS components.

Major Breaking Changes

⚠️ BREAKING BREAKING CHANGE The core utility container base::VariantMap and its header have been completely removed from the codebase. Downstream code must migrate to alternatives like absl::flat_hash_map or base::Value::Dict. (e3feeef)
⚠️ BREAKING BREAKING CHANGE The Remoting component's public signaling API was refactored across several commits, replacing the generic jingle_xmpp::XmlElement with strongly-typed JingleMessage structures. This requires significant updates for clients of the remoting API. (39a36d8) (8e18de6) (ada63d3) (5f24c3d)
⚠️ BREAKING BREAKING CHANGE The pure virtual method AcceptLanguages() has been removed from the core blink::ChromeClient interface, breaking embedders with custom implementations. (f8298ee)
⚠️ BREAKING BREAKING CHANGE The chrome.serial API has been removed from Windows, Mac, and Linux, restricting its availability to ChromeOS only. Extensions relying on this API on desktop platforms will no longer function. (f39e3b6)
⚠️ BREAKING BREAKING CHANGE Numerous API signatures were changed across the UI and content layers, including views::WebView::TakeCrashedOverlayView, TabListInterfaceObserver methods, and content::StoragePartition::ClearData, requiring embedders to update their implementations. (ff0a873) (8cdbdb6) (76d46af)
⚠️ BREAKING BREAKING CHANGE The promise returned by the JavaScript methods element.scroll() and element.scrollTo() now resolves at the end of a smooth scroll animation, not immediately. This may break web applications that rely on the previous immediate-resolution behavior. (52379f7)

Web Platform & Blink

The CSS contrast-color() function has been implemented, allowing developers to programmatically select a color that maintains a minimum contrast ratio against a base color. (24d3ad2)
Foundational work has begun on a new filter attribute for <input> elements, which will allow them to be connected to a <select listbox> to create advanced combobox-like controls. (f584ce2)
CSS pseudo-elements ::after, ::before, and ::marker are now hit-testable and can receive hover effects, enabling more interactive use cases without extra DOM elements. (a433dd0)
The Event Timing architecture was significantly simplified by assigning interaction IDs synchronously and removing renderer-side buffering, improving the robustness of performance metrics. (d56215f)

UI & Features

The Task Manager refresh is complete. The feature is now enabled by default, and the old native macOS implementation has been deleted in favor of the cross-platform WebUI version. (5c16bf4)
Device Bound Sessions are now enabled by default on Windows, strengthening session security by binding cookies to the device without requiring an Origin Trial. (067236d)
The chrome.sessions API has been extended to desktop Android, allowing extensions to query and restore recently closed tabs and sessions. (286bcb3)
A new preference and extensions API, autofill.other_datatypes_enabled, have been added to give users and extensions more granular control over different autofill data types. (a64e731) (0de8cdc)

Android

⚠️ BREAKING BREAKING CHANGE Support for Trusted Web Activities (TWA) and Progressive Web Apps (PWA) has been temporarily disabled in desktop mode due to crashes, representing a major behavioral change for apps relying on this functionality. (0ad6047)
⚠️ BREAKING BREAKING CHANGE The public Android WebView API getDefaultUserAgent is now asynchronous and no longer blocks on Chromium initialization, which may impact embedders relying on the previous synchronous behavior. (077ae35)
Site Isolation is now always enabled for Android Desktop mode via the new kSitePerProcessForDesktopAndroid feature, significantly improving security for that form factor. (b37ddcc)

ChromeOS & Ash

⚠️ BREAKING BREAKING CHANGE Multiple public APIs were modified as part of an ongoing migration from mojom to native C++, including ash::CaptureModeDelegate and crosapi::mojom::SearchResult, breaking custom implementations. (3cced2e) (4c90f1f)
The internal architecture for Video Conferencing was simplified by removing the VideoConferenceClientWrapper and its associated crosapi IPC layer. (2079ad0)

Core & Internals

The IndexedDB SQLite backend now uses idle time to perform maintenance tasks like checkpointing and trimming memory, improving overall performance and reliability. (5aad9e8)
As part of ongoing modularization, clipboard-related code was extracted from //chrome/browser into a new, more focused //chrome/browser/clipboard component. (150bd48)
The third-party zlib library was updated to version 1.3.2. (26c29f1)

2026 Week 7

Open Standalone Page

Chromium Weekly: 2026 Week 7

Overview

An exceptionally active week saw over 2,925 commits, with over 2,230 analyzed for developer impact. The period was marked by a wave of breaking changes across core C++, UI, and platform-specific APIs, requiring significant attention from embedders. The enabling of RenderDocument by default represents a fundamental shift in the navigation lifecycle. Other major themes include significant advancements in web platform features, ongoing security hardening, and large-scale refactoring in media and Android components.

Widespread Breaking Changes & API Churn

⚠️ BREAKING BREAKING CHANGE: The RenderDocument feature is now enabled by default for all frames, representing a major behavioral change to the navigation and rendering lifecycle. This may significantly impact embedders who relied on the previous behavior. (b4d0474)
⚠️ BREAKING BREAKING CHANGE: The synchronous ui::Clipboard API has been converted to an asynchronous, callback-based model. Methods like ExtractCustomPlatformNames and ReadAvailableStandardAndCustomFormatNames are now async, breaking all synchronous callers. (63af498) (d704671)
⚠️ BREAKING BREAKING CHANGE: Numerous fundamental C++ classes were refactored. GURL constructors and component accessors were changed (e.g., ComponentStringPiece to ComponentStringView), AccountInfo struct members were made private in favor of accessors, the base::ObserverList template signature was changed to use an enum, and many parsing methods were removed from WTF::String in favor of global functions. (a352421) (caf65ac) (c7a4f63) (79c150b) (d87b7cd) (28c4cd0) (d0e1a96)
⚠️ BREAKING BREAKING CHANGE: Core browser and content APIs saw significant churn. ContentBrowserClient requires new virtual methods for prefetch headers, BrowserList::CloseAllBrowsersWith... methods were removed, and SiteInstance::IsSandboxed() was removed in favor of the new content::SecurityPrincipal interface. (50aaada) (d29ce19) (6d9a124) (5632420)
⚠️ BREAKING BREAKING CHANGE: P2P and WebRTC functionality has been moved from the core network_cpp component into a new, optional network_cpp_p2p component. Embedders relying on P2P must now explicitly depend on the new component and enable the is_p2p_enabled build flag. (e7e9679)

Web Platform & Blink

⚠️ BREAKING BREAKING CHANGE: The stable getComputedStyle web API will now ignore pseudo-element arguments that lack a colon prefix (e.g., "before" instead of "::before"). This aligns with the CSSOM spec but may break web content that relied on the previous non-standard behavior. (360edb0)
CSS capabilities were expanded with the implementation of the :animated-image pseudo-class for styling animated images, support for text-transform: full-size-kana, and the addition of @if/@else conditionals to CSS Mixins. (37d35a3) (dc99ba3) (9085422)
Work on the Declarative Login API continued, renaming the experimental <federation> element to <credential>. Separately, a new HTML marker attribute, similar to part, is now exposed on elements and can be set on shadow roots. (ba8075d) (00719b6) (53e7113)
Several web features were enabled by default: SvgTextPathPathAttribute allows using a path() function in <textPath>, the AudioContext.playbackStats API provides audio playback metrics, and the scroll named timeline range is available for animation triggers. (7a62601) (e7b2165) (583df46)

Android & iOS

⚠️ BREAKING BREAKING CHANGE: Android APIs underwent significant changes. org.chromium.base.Promise will now throw a synchronous UnhandledRejectionException on unhandled rejections. The WebView API removed addDocumentStartJavaScript() in favor of addPersistentJavaScript(), and several public methods were removed from ChildServiceConnectionController. (8eee606) (b9e641f) (405dcdd)
On Android, Pinned Tabs, Tab Highlighting V2, and the DocumentIsolationPolicy for enhanced process isolation are now all enabled by default. (e1e6eae) (aebe25d) (57aef12)
On iOS, Tab Strip management was refactored out of BrowserViewController into a new BrowserLayoutCoordinator. Code is also being cleaned up to remove version guards for iOS 16 as the minimum deployment target is now iOS 17. (6247109) (b307cec)

Media, GPU, and Performance

⚠️ BREAKING BREAKING CHANGE: The core media API was refactored. media::AudioDecoderConfig now requires a ChannelLayoutConfig object instead of the ChannelLayout enum. The media::VideoFrame::IsMappable() method was also renamed to HasDirectCpuAccess() across the codebase. (ab38239) (8465918) (9405179)
To improve performance, memory pressure listeners are now enabled by default on Windows and macOS. For Linux builds using a sysroot, _FORTIFY_SOURCE=3 is now enabled for better buffer overflow protection. (bed11e0) (164c25c)
WebGPU is now enabled by default on Linux for modern NVIDIA drivers. The experimental WebNN API gained a new chrome://webnn-internals debugging page and now supports D3D shared images on discrete GPUs. (398364a) (03677e4) (8093382)

Security, Identity & Services

⚠️ BREAKING BREAKING CHANGE: On macOS, the legacy V1 Apple Keychain API (crypto/apple/keychain.h) has been completely removed. Embedders must migrate to the V2 API for all keychain access. (e338af7)
⚠️ BREAKING BREAKING CHANGE: The headless_shell build now disables enterprise policy support by default. Users who rely on this functionality must explicitly enable the headless_use_policy=true GN argument. (cedf821)
⚠️ BREAKING The sign-in and Autofill systems saw significant development. The PrimaryAccountMutator::SetPrimaryAccount() method now requires an explicit access_point parameter, and work began on integrating Autofill with Google Wallet under a new 'Autofill AI' feature. (70eb35f) (62b7cff) (f665bc8)

2026 Week 6

Open Standalone Page

Chromium Weekly: 2026 Week 6

Overview

This week's summary highlights an exceptionally high number of breaking changes across the Chromium codebase, requiring action from many developers and embedders. Key changes include a major rename of 'Private Network Access' to 'Local Network Access', a significant behavioral change to the Web Locks API's interaction with the back-forward cache, and numerous API breakages in core libraries, Android, and ChromeOS. This summary covers 1095 relevant commits out of 1412 total across 2 days.

Breaking Changes: API & Behavioral Shifts

⚠️ BREAKING BREAKING CHANGE The 'Private Network Access' (PNA) feature has been renamed to 'Local Network Access' (LNA) across the codebase. This breaks public mojom interfaces in services/network/public/mojom/ and related C++ classes, requiring updates from embedders. (d28a1ec)
⚠️ BREAKING BREAKING CHANGE A significant behavioral change now allows pages holding a Web Lock to enter the back-forward cache (BFCache). If a lock is requested for a cached page, the page will be evicted to release the lock, potentially breaking applications that relied on the old behavior. (91c1404)
⚠️ BREAKING BREAKING CHANGE A failure to allocate backing store during array buffer deserialization will now crash the renderer process. This replaces the previous behavior of reporting a validation error and represents a major change to a core messaging mechanism. (c174943)
⚠️ BREAKING BREAKING CHANGE Core libraries base, gin, gfx, and viz received numerous breaking changes. Notable changes include signature updates to base::PlatformThread::SetCurrentThreadType and viz::OverlayProcessorInterface::ProcessForOverlays, the removal of gfx::HasEquivalentBufferFormat, and a switch to base::span in base::UnixDomainSocket and gin::ArrayBuffer classes. (d6f9ce8) (99f35a8) (d570054) (e490adb) (0ebe3d5) (c75850d) (64a8baa)
⚠️ BREAKING BREAKING CHANGE Several C++ interfaces now require subclasses to implement new pure virtual methods. These include TabListInterfaceObserver (OnAllTabsAreClosing), LocationBar, and OverlayBaseController. (3649dd0) (7665950) (bf95337)
⚠️ BREAKING BREAKING CHANGE Several public Java APIs on Android were broken. The ui.base.ActivityResultTracker was refactored to a new ResultListener pattern, and recently added world-aware APIs in AwContents (Android WebView) were reverted and removed. (a89fef0) (eabd655)
⚠️ BREAKING BREAKING CHANGE The AutofillManager::Observer::OnFieldTypesDetermined method signature has changed, requiring implementations to be updated to include a new bool small_forms_were_parsed parameter. (524d57f)

Web Platform

⚠️ BREAKING BREAKING CHANGE The stable CSS property gap-rule-overlap has been renamed to rule-overlap. In new developments, layout support has been added for the margin-trim property on block and multicol containers, and the new :active-option pseudo-class is being introduced to style the active option in a <select> dropdown. (ba0e2f8) (8aeae6c) (6533e1a) (50f5662)
The Sanitizer API has been re-enabled by default, making it generally available to web developers for building robust cross-site scripting (XSS) defenses. (1de7ef7)

UI & UX

The Vertical Tabs feature continues to be refined, with updates this week adding up/down arrow key navigation, improving minimum size calculations, and fixing bugs related to Right-to-Left (RtL) layouts. (77abc8c) (84e78f6) (83ba73f) (b8f272c) (6224941) (833745a)
The video Picture-in-Picture (PiP) window now supports seeking forward and backward using the left and right arrow keys, improving user control over video playback. (eba95f7)
The window.setResizable(bool) API is now supported for standalone Progressive Web Apps (PWAs) that use tabs, giving developers more control over the windowing behavior of their applications. (c19b719)

ChromeOS

⚠️ BREAKING BREAKING CHANGE The stable crosapi contract has been broken with the complete removal of the VideoCaptureDeviceFactory and VideoCaptureDevice mojom interfaces. Clients using these APIs for video capture on ChromeOS must migrate. (283767e) (a2b890e)
⚠️ BREAKING BREAKING CHANGE A new allow-list now restricts the creation of custom icons in the Ash status area. Calls to StatusTray::CreatePlatformStatusIcon for unlisted icon types will now fail, breaking clients that previously added custom status icons. (88db807)

2026 Week 5

Open Standalone Page

Chromium Weekly: 2026 Week 5

Overview

This week's summary covers 30 relevant commits out of 34 total across 1 day. The period was dominated by several significant breaking changes, most notably a large-scale refactoring of fundamental data types in the base library. Other breaking changes affected the Content API and the Remoting component, requiring action from embedders.

Breaking Changes

⚠️ BREAKING BREAKING CHANGE: The fundamental base::Value::Dict and base::Value::List types were renamed to base::DictValue and base::ListValue respectively. This large-scale mechanical refactoring will require embedders to update any code directly using these common data types. (f5a673b) (9740839) (64f2461) (d08503f) (db21ab2) (5246957) (d828964) (90a977d) (4a61748) (abbf6fa) (6d30864) (bd07ec9) (e99429c) (62db526) (ec4fcef) (c01742e) (aee83ff) (6ee1d21) (8bc358e) (2b131a9) (8cc2eb9) (4256b2d) (8cdebdf) (e4991f2)
⚠️ BREAKING BREAKING CHANGE: The ContentBrowserClient::ShouldEnforceNewCanCommitUrlChecks() method and its associated feature flag have been removed. Stricter URL commit checks are now mandatory, and embedders must remove any overrides of this method. (26e2892)
⚠️ BREAKING BREAKING CHANGE: In the remoting host Mojo interface, the is_virtual_terminal parameter was renamed to is_curtained to better reflect its purpose and support for Linux. Embedders using the CreateDesktopSession method must update their calls. (b96486e)

User Interface

The entry point for the Projects panel is now located in the tab groups button when the VerticalTabsProjects feature is enabled, integrating these features more closely. (a74866a)
A new ghost loader UI has been added for side panel navigations related to Contextual Tasks, improving the user experience during loading states. (3473588)

Internals & Refactoring

The kInitialWebUI feature flag was moved from //chrome/common to //content/public, enabling its use for process optimizations within the content layer. (e4c521d) (3dec63a)

2026 Week 4

Open Standalone Page

Chromium Weekly: 2026 Week 4

Overview

This week was defined by a massive wave of breaking changes and refactorings across the Chromium codebase, aimed at modernization and cleanup. Key highlights include a codebase-wide rename of base::Value::Dict and base::Value::List, the complete removal of the legacy SigninManager, and significant behavioral changes to the Web Audio and WebCodecs APIs. This summary covers approximately 2076 relevant commits out of 2726 total across 6 days.

Core & Services

⚠️ BREAKING BREAKING CHANGE: A massive, codebase-wide refactoring removed the widely used base::Value::Dict and base::Value::List type aliases. Embedders must migrate to the new base::DictValue and base::ListValue class names. (8e25bad) (e6bceb5) (2a482c1)
⚠️ BREAKING BREAKING CHANGE: Legacy sign-in APIs, including SigninManager, SigninManagerFactory, and AccountInfoService, have been completely removed as part of the "Uno-d" cleanup. Embedders must migrate to newer identity APIs. (ef1e523) (a4da4de) (00fc3ac)
⚠️ BREAKING BREAKING CHANGE: Numerous public JNI function signatures were changed to use standard C++ types (e.g., float, int8_t) instead of JNI-specific types (e.g., jfloat, jbyte), affecting embedders using these JNI interfaces. (f59cf80) (2bb1507)
⚠️ BREAKING BREAKING CHANGE: Several base library APIs were changed. base::Contains and base::HistogramFlattener were removed, and the base::ToVector utility signature was changed, requiring embedder updates. (4e6249c) (7cf7b7d) (a2039f6)
⚠️ BREAKING BREAKING CHANGE: New pure virtual methods were added to public interfaces like content::WebContents (SetIgnoreZoomGestures), sessions::LiveTabContext (GetGroupIdForSavedGroup), and base::HistogramSnapshotManager (RecordDelta), requiring embedders to update their implementations. (c571237) (1ae9a24) (7cf7b7d)

Web Platform & Blink

⚠️ BREAKING BREAKING CHANGE: The Web Audio API's AudioContext now starts in a "suspended" state and transitions to "running" asynchronously, per the specification. This is a major behavioral change that will break web content expecting the context to be "running" synchronously after creation. (c77f876)
⚠️ BREAKING BREAKING CHANGE: The behavior of flush() and configure() in the WebCodecs API has changed. To improve performance, these calls may now stall until previously submitted frames are rendered, breaking applications that rely on the previous non-stalling behavior. (854a999)
⚠️ BREAKING BREAKING CHANGE: The browser's back button behavior has been significantly altered. CanGoBack() and GoBack() now incorporate "back-to-opener" logic, which may change navigation behavior for users and break embedder assumptions about the navigation stack. (81bc0fc)
The text-indent CSS property is now enabled for stable release, adding support for the hanging and each-line keywords. Concurrently, timeline-trigger and trigger-scope for scroll-triggered animations have been enabled by default. (5d273a0) (63f20df)
The Web Serial API has been implemented for Chrome on Android, bringing serial device communication capabilities to the platform. (3bdfeaf)

UI, Features, & Removals

The experimental Vertical Tabs feature saw significant progress, including lazy loading for performance, support for dragging multiple selected tabs, and accessibility improvements. (71c2878) (c453a74) (abf8fc3)
⚠️ BREAKING BREAKING CHANGE: The entire "Fast Checkout" feature and all its related classes, build targets, and UI components have been deleted from the codebase. (52e96c0)
The Tab Search toolbar button has been re-enabled by default. (8d5d2dd) (eeb683f)
UI surfaces for saving cards and IBANs have been updated across the product to use Google Wallet branding instead of Google Pay. (5685440) (94a6ca7) (8fec43b)

Android & ChromeOS

⚠️ BREAKING BREAKING CHANGE: The renderer process lifecycle for Android WebView has been altered. Renderers are now kept alive for a short duration after the last WebView is destroyed, a significant behavioral change that can impact embedders relying on immediate process termination. (7f786d9)
⚠️ BREAKING BREAKING CHANGE: Public Mojo Java bindings will now throw a checked BadMessageException instead of silently swallowing errors. Embedders must update their Java code to catch and handle this new exception. (c04b855)
⚠️ BREAKING BREAKING CHANGE: Several stable crosapi mojom interfaces, including KeystoreService, ClipboardHistory, and Remoting, were removed, breaking integrations between Ash and Lacros. (d5a85cc) (d052447) (9c9ac29)
On Android, the extensions action list menu was refactored to use a RecyclerView, a foundational change to support future improvements like reordering and animations. (0b09fe6) (c723042)

Security & Privacy

⚠️ BREAKING BREAKING CHANGE: The k-anonymity service client and its associated public APIs have been completely removed. The KAnonymityServiceFactory::GetForProfile factory now returns nullptr, which may cause crashes if not handled by embedders. (d46f063)
⚠️ BREAKING BREAKING CHANGE: The ContentSettingsType enum was cleaned up. TRACKING_PROTECTION was removed as part of 3PCD efforts, and DURABLE_STORAGE was renamed to PERSISTENT_STORAGE. (eb933bd) (9ca1f26)
The clipboard API now enforces IsRendererPasteAllowed() permission checks on methods like ReadUnsanitizedCustomFormat(), enhancing security by preventing potential information leaks from a compromised renderer. (67ed1f7)
A new enterprise policy, RestrictPdfSaveToGoogleDriveAccountsToPattern, was added. This allows administrators to specify a regular expression to restrict which Google accounts can be used with the 'Save to Drive' feature for PDFs. (c86d1da)

2026 Week 3

Open Standalone Page

Chromium Weekly: 2026 Week 3

Overview

An exceptionally active week saw 2322 relevant commits out of 3168 total, marked by an unprecedented number of breaking changes across the entire codebase. Major behavioral shifts were introduced for Extensions and Android, while numerous public C++ APIs were removed or refactored, requiring significant updates from embedders. Key developments include the integration of the JXL image format, the final removal of the Chrome Refresh 2023 flag, and the deletion of major components like the native Cronet implementation and VVC video codec support.

Breaking Changes

⚠️ BREAKING BREAKING CHANGE Asynchronous extension APIs now return a Promise in all contexts, including for Manifest V2 extensions. Calls that previously returned undefined without a callback will now return a Promise, potentially breaking extensions that checked for an undefined return value. (3e0fd5a)
⚠️ BREAKING BREAKING CHANGE A massive, codebase-wide change on Android replaced jboolean with bool in numerous public JNI function signatures, requiring Android embedders to update their native method calls to match the new type. (adeddc7) (88258a7)
⚠️ BREAKING BREAKING CHANGE The permissions system underwent a major refactor, altering the public APIs of permissions::PermissionRequestManager, permissions::PermissionsClient, and PermissionContextBase. Methods like Accept and Deny now require a PromptOptions parameter, breaking existing implementations. (7688ee1) (b47e74e) (5d3a4e1)
⚠️ BREAKING BREAKING CHANGE The widely used Android Java interface ObservableSupplier has been renamed to MonotonicObservableSupplier, causing widespread build failures for any embedder using this common pattern. (b8cb84d)
⚠️ BREAKING BREAKING CHANGE The utility base::Contains() will now trigger a static_assert build error when used on containers that have their own .contains() or .find() methods, forcing migration to more efficient container-specific functions. (4a17af8)
⚠️ BREAKING BREAKING CHANGE The DevTools protocol command Network.getRequestPostData now base64-encodes binary request bodies and adds a base64Encoded boolean to the response, requiring client updates to parse binary post data. (e51443c)
⚠️ BREAKING BREAKING CHANGE Numerous public C++ APIs were removed or refactored, including BrowserFrameView layout methods, content::ContentBrowserClient::IsThirdPartyStoragePartitioningAllowed, WebAppRegistrar::IsInstallState, and gpu::FeatureInfo::FeatureFlags, breaking builds for embedders. (9c5016d) (bde1f50) (e849b33) (5810d0a)

Web Platform & Blink

The JXL (JPEG XL) image decoder has been integrated into the codebase. The feature is enabled by default at build time and can be activated via the #enable-jxl-image-format flag. (8215ebd)
⚠️ BREAKING Support for the VVC (H.266) video codec has been completely removed from the codebase, including experimental parsers and public media::VideoCodecProfile enum values. (1e56231) (bdb67c3)
The DataUrlMimeTypeParameterPreservation feature is now enabled by default, which preserves MIME type parameters during data: URL parsing to better align with the Fetch Standard. (8e1a893) (20d11f7)
The View Transitions API has been enhanced with a new Element.activeViewTransition attribute, providing a direct reference to the active ViewTransition on a given scope. (8d132fe)
CSS continues to evolve with support added for the hanging keyword in the text-indent property, updates to Masonry layout properties, and a fix for position: sticky behavior with overconstrained boxes. (367f1f9) (21c9e7c) (6c24b5a)

Android

⚠️ BREAKING To reduce Chrome's binary size, XR-related code has been refactored into a Dynamic Feature Module (DFM). Access to XR classes is now brokered through the XrModule interface, a breaking change for direct instantiations. (155e63e) (d49aca5)
The chrome.tabGroups API is being ported to desktop Android, with support for onCreated, onRemoved, and onMoved events landing this week. (e572b54) (c260a71) (4dd3d0f)
WebView debugging is improved as the main thread name will no longer be overridden, providing more accurate and useful Perfetto traces. (941b582)
Branding in various Autofill and payment UIs has been updated from "Google Pay" to "Google Wallet" to reflect the new product identity. (b3f264c) (d3dc71f) (4f028fd)

UI & Features

The "Chrome Refresh 2023" UI is now the permanent and only option available, as the controlling feature flags (kChromeRefresh2023, kChromeWebuiRefresh2023) have been removed. (6d6528f)
The updated Global Media Controls UI is now enabled by default on all non-ChromeOS desktop platforms. (6153529)
The "run on OS login" functionality for PWAs is now permanently enabled on desktop platforms, and its feature flag has been removed. (fe87d68)
Significant development continues on the Vertical Tab Strip (VTS) UI, with improvements to custom corner rendering, animations, and drag-and-drop behavior between tab groups. (e331d37) (1378fb4) (9f2782b)

Code Health & Removals

⚠️ BREAKING BREAKING CHANGE The entire native implementation of Cronet (//components/cronet/native) and the associated gRPC support library have been deleted from the codebase, as the native implementation was never officially supported. (bf972e6)
⚠️ BREAKING BREAKING CHANGE The mechanism for overriding UI strings via Variations has been completely removed, including the generate_ui_string_overrider build target and related public function signatures in VariationsService. (8c51996)
The legacy TabLoader-based session restore mechanism has been fully removed, finalizing the migration to the more modern PerformanceManager-based implementation. (cf33d9c) (3f0d5d7)
As part of a large-scale modernization effort, C++ #warning preprocessor directives are now treated as build errors. (6dc257b)

2026 Week 2

Open Standalone Page

Chromium Weekly: 2026 Week 2

Overview

This week in Chromium saw an exceptional volume of API-breaking changes across nearly every major component, requiring significant action from embedders. Major architectural shifts include a complete refactor of memory pressure handling and the removal of the Android Monochrome build. Despite the churn, key features like Device Bound Session Credentials and Vertical Tabs saw significant progress, while new web platform APIs like Sanitizer and customizable comboboxes were advanced. This summary covers 2379 relevant commits out of 3211 total across 6 days.

Core Internals & API Modernization

⚠️ BREAKING BREAKING CHANGE: Memory pressure handling was overhauled. The static base::MemoryPressureListener::SetNotificationsSuppressed is replaced by a new RAII-style base::MemoryPressureSuppressionToken. Consequently, numerous classes like FrameEvictionManager, cc::ResourcePool, and HttpNetworkSession no longer inherit from base::MemoryPressureListener, removing their public OnMemoryPressure methods. (63f5b8d) (e45c8ae) (4470afa) (6cbcf51)
⚠️ BREAKING BREAKING CHANGE: Public Mojo Java bindings were refactored, removing SideEffectFreeCloseable, making Interface.Stub a top-level class, and renaming Router.setIncomingMessageReceiver. (d635aa9)
⚠️ BREAKING BREAKING CHANGE: As part of a C++23 migration, the public function base::ByteSwap has been removed from base/numerics/byte_conversions.h. Code must be updated to use the standard std::byteswap. (5869e71)
Code modernization efforts continued with a large-scale replacement of base::Contains() with the C++20 std::ranges::contains() across the codebase. (e13cb6a) (f301383) (d696b12)
Experimental Rust bindings for Mojo (rustmojo) saw significant progress, with code generation for interfaces and skeleton implementations for Remote and Receiver types. (1faffa0) (f4012f3) (bd47705)

Android

⚠️ BREAKING BREAKING CHANGE: The "Monochrome" build configuration (is_monochrome) has been completely removed from the build system, breaking any downstream projects that relied on it. (763e0f3) (10cf1c5) (5e90c29)
⚠️ BREAKING BREAKING CHANGE: For Cronet embedders, libssl.so and libpki.so are now statically linked into libhttpengine.so, and the BoringSSL library name has been stabilized, breaking builds that linked against the old libraries. (f559d5d) (e5cc378)
⚠️ BREAKING BREAKING CHANGE: A new <meta name="text-scale"> tag was introduced in WebView, which disables global text scaling and text autosizing, potentially altering the rendering of existing content. The WebMessageListener API was also made world-aware, breaking method signatures. (b29d632) (27e7c6f)
⚠️ BREAKING BREAKING CHANGE: Numerous public Java APIs were broken, including changes to TabModel::CreateTab to use std::unique_ptr, the removal of MoveTabUtils, and a major refactor of the Payments API delegate hierarchy. (a69f7fe) (d477c2d) (ac47931) (5774306)
⚠️ BREAKING BREAKING CHANGE: The horizontal mouse scroll direction has been inverted to align with Android's standard "natural scrolling" behavior, a significant user-facing change. (5d4f3a6)
Work progressed on zero-copy video capture, with support added for creating shared images from multiplanar AHardwareBuffers and passing metadata to avoid readbacks. (004ddc1) (28ac267) (2922709)

UI & Browser Features

⚠️ BREAKING BREAKING CHANGE: A series of refactors related to "Project Bedrock" and tab strip modernization removed numerous public methods from BrowserView, TabStripController, and BrowserList, such as BrowserView::tabstrip(), TabStripController::GetProfile(), and BrowserList::GetGuestBrowserCount(). (f55ce20) (c30ea98) (83633e5) (2caf7a2)
⚠️ BREAKING BREAKING CHANGE: The TabListInterface gained a new pure virtual method GetTabGroupTabIndices, and the InstanceSwitcherActionsDelegate on Android changed its closeInstance method signature, breaking embedder implementations. (cbf7c2c) (0e94cc8)
Development on Vertical Tabs continued, adding drag-and-drop support for tabs within groups and ensuring custom browser themes are correctly applied. (3c34712) (954cc48)
Reading Mode received numerous enhancements, including a consolidated appearance menu, improved resilience to renderer crashes, and fixes for UI behavior like hover menus and scrolling. (85a76f0) (9307ef5) (4b0b5f8) (089981c)
The chrome.tabGroups API was enabled for desktop Android, and the side panel extension API behavior was changed to no longer fall back to the global panel on sidePanel.close(). (515db69) (cf0517b)

Web Platform & Rendering

⚠️ BREAKING BREAKING CHANGE: The public Blink canvas API was refactored, removing methods like ProduceCanvasResource() and SupportsDirectCompositing() from CanvasResourceProvider and changing the return type of WebGLRenderingContextBase::PaintRenderingResultsToResourceProvider(). (bbf5880) (f68a61a) (fe10434) (2344244)
The Sanitizer API and Trusted Types for HTML were enabled by default, making these security features generally available to web developers. (a2adf79) (1b461ee)
Support was added for a <datalist> element to act as a popover for a customizable combobox, allowing web authors to fully style the options dropdown. (4da887d)
New CSS capabilities were introduced behind flags, including name-only @container queries (e.g., @container (my-container)) and the page-margin-safety descriptor for print contexts. (e8204da) (3cc4f62)
A new JPEG XL image decoder was added to the codebase but was quickly reverted due to an ASAN issue. (f9f7212) (abc19ec)
Several features were enabled by default to improve performance and provide better attribution, including LongAnimationFrameSourceCharPosition, ReportLayoutShiftRectsInCssPixels, and SeparateDeferModuleScriptTasks. (d514972) (0813098) (e7e02f3)

Networking & Security

⚠️ BREAKING BREAKING CHANGE: The enterprise policy DeveloperToolsAvailabilityAllowlist now implicitly blocks all URLs not on the allowlist when set, a reversal of its previous default-allow behavior. (6b0b832)
⚠️ BREAKING BREAKING CHANGE: The net::BidirectionalStream::Delegate::OnHeadersReceived signature has changed to include a const net::ProxyInfo& parameter, requiring all implementations to be updated. (4b432f4)
Significant infrastructure was added to support Device Bound Session Credentials (DBSC), including exposing lifecycle events to DevTools for easier debugging. The underlying Mojo event structure was also refactored. (62e7e23) (d11af9c) (a6fc0d9)
To enforce the hardened runtime on macOS, third-party in-process plugins are now blocked by default, with an emergency override switch added. (c54ef9c)
The CrashReportStorage API was refactored to use shared memory instead of synchronous IPCs, significantly reducing overhead for sites using the API. (8750c09)

2026 Week 13

Open Standalone Page

Chromium Weekly: 2026 Week 13

Overview

This week was marked by an exceptional volume of API refactoring, resulting in an unprecedented number of breaking changes across core libraries, Blink, networking, and platform-specific code. Across 3365 commits (2501 relevant), major architectural work continued with Project Bedrock, multinetworking support was advanced, and significant security hardening measures were landed. Embedders should prepare for substantial migration work to adapt to the numerous changes in C++, Java, and Mojo interfaces.

Unprecedented Wave of Breaking Changes

⚠️ BREAKING BREAKING CHANGE Core embedder interfaces were broken. content::ContentBrowserClient now requires implementing IsFullscreenAllowedForUnfocusedWebContents and using the new content::BluetoothDelegate. The ExtensionsBrowserClient interface also gained a new pure virtual method, forcing updates for all embedders. (395a125) (3cb4ab6) (cb457f6)
⚠️ BREAKING BREAKING CHANGE The base library saw fundamental changes: base::Thread::IsRunning() behavior was altered, base::CurrentThread::SetTaskRunner() was removed, and the //base:base_java build target was split into smaller, granular targets, requiring build file updates. (440b72b) (031d58e) (1397b82)
⚠️ BREAKING BREAKING CHANGE Core Blink APIs were heavily modified. A new virtual GetHTMLElementType() was added to blink::Node (an ABI break), and numerous string utilities like AtomicString::FromUTF8() and String::Left() were renamed or removed. (f252b9b) (bd3411c) (f72257b)
⚠️ BREAKING BREAKING CHANGE Major component relocations will break include paths and build dependencies. ProfileManager was moved to a new build target, Account settings was extracted from Autofill, and the harfbuzz-ng directory was renamed to harfbuzz. (fa00b2f) (a1b05c5) (2f9f433)
⚠️ BREAKING BREAKING CHANGE Numerous public Mojo interfaces were changed, including network::mojom::NetworkContext::CreateWebSocket, blink::mojom::PermissionService, and pdf.mojom.PdfHost. On ChromeOS, the entire crosapi::mojom::cros_display_config interface was removed. (0f1662a) (eee991e) (97d9dd9) (13cedb9)

Architecture & Core Internals

⚠️ BREAKING BREAKING CHANGE As part of Project Bedrock's goal to decouple UI from core logic, many public UI functions (e.g., ShowSettings) now require a BrowserWindowInterface* instead of a Browser*, and chrome::GetTabbedBrowserCount was removed. (7f61ab9) (ebb63bf)
⚠️ BREAKING BREAKING CHANGE Support for multinetworking was advanced, with core classes like net::ClientSocketPool::GroupId and URLRequest updated to include a target_network parameter. (52a2dea) (ba4fdb3)
The kMojoUseEventFd feature was enabled by default on Android to improve input delay and INP metrics by optimizing Mojo communication. (04ae8a0)
⚠️ BREAKING BREAKING CHANGE The compositor's cc::TreeSynchronizer was refactored to use OwnedLayerImplList for tree synchronization, and cc::LayerImpl::PushPropertiesTo was renamed to CopyPropertiesTo. (bbda441) (b3d21ec)

Web Platform & Rendering

Cookie parsing was hardened to reject cookies with an empty name and an ambiguous value (e.g., =Foo=Bar), a fundamental platform change that may affect some sites. (6e5ceda)
CSS functionality was enhanced: text-decoration-skip-ink: all is now on by default, support for image-animation: stopped was added, and @keyframes lookup across shadow DOM boundaries was fixed. (1e520da) (4fa3a3f) (8607d18)
⚠️ BREAKING BREAKING CHANGE WebGL will now generate a GL_INVALID_VALUE error for SVG images that lack an intrinsic size, whereas it previously used a default size. (213ac82)
An experimental implementation of ML-DSA, a post-quantum signature algorithm, was added to the WebCrypto API behind a feature flag. (2da14fd)
Support was added for parsing Dolby Vision RPU metadata in H.265 video and the AVAR2 font table for advanced font variations. (3e77dae) (0fa7607)

Security & Privacy

Permission prompt security was hardened by having the browser process directly validate the transient activation state, no longer trusting user gesture signals from a potentially compromised renderer. (89632d8) (8dda06b)
Several vulnerabilities were patched, including a webRequestBlocking permission bypass and a popup blocker bypass, both exploitable by a compromised extension. (2619b94) (3b4c638)
The JavaScript code cache is now disabled for PDF renderers and origin-restricted sandboxed iframes as a mitigation against potential code tampering attacks. (6fa3337)

Platform-Specific Highlights

⚠️ BREAKING BREAKING CHANGE On Android, the core TabModel Java interface was refactored to extend TabGroupModelFilter, a major change impacting any custom UI implementations. (401697a)
⚠️ BREAKING BREAKING CHANGE The default behavior for downloaded PDFs on Android has changed to open them in Chrome's native viewer instead of firing an intent for an external app. (483eccb)
Work to enable extensions on Android progressed, with the chrome://management page being converted to a WebUI and numerous extension API tests being enabled for the platform. (bed3443) (1fa9861)
On iOS, drag-and-drop is now enabled by default, and a new SetUserAgent API was added to web::WebState to allow per-tab overrides. (34fefe1) (f521739)

2026 Week 12

Open Standalone Page

Chromium Weekly: 2026 Week 12

Overview

This week was characterized by an exceptionally high number of breaking changes across the entire Chromium stack, impacting core APIs, web platform behavior, and embedder interfaces. Out of 3,273 total commits, 2,467 were identified as relevant, with major updates to ICU, fundamental C++ utilities, and numerous public interfaces requiring significant developer attention. Several features were also removed or enabled by default, marking shifts in the platform's evolution.

Core APIs & Infrastructure

⚠️ BREAKING BREAKING CHANGE: The base::span two-argument constructor now performs bounds checking by default, which can cause runtime CHECK failures in existing code. Callers must be updated to explicitly pass base::unchecked to retain the old behavior. (4aa6967)
⚠️ BREAKING BREAKING CHANGE: A new pure virtual method, GetTextSelectionBounds, was added to the public content::WebContents interface. All classes inheriting from WebContents must now implement this method to compile. (8020df7)
⚠️ BREAKING BREAKING CHANGE: The JNI generator's naming convention for calling static Java methods from C++ has changed. The J prefix on the JNI struct is removed, so calls like JMyClassJni::foo() must be updated to MyClassJni::foo(). (fa5d1a7) (62719ab)
⚠️ BREAKING BREAKING CHANGE: Numerous public interfaces were broken, including the removal of RequestPermissions from content::PermissionControllerDelegate, making ui::PlatformClipboard::IsSelectionOwner asynchronous, and changing the signature of views::WidgetObserver methods. (4035ccf) (f56f565) (6ba9721)
⚠️ BREAKING BREAKING CHANGE: The bundled xdg-mime and xdg-settings utilities have been removed. Production Linux builds must now ensure the host system has a sufficiently modern version of xdg-utils installed, changing a long-standing dependency assumption. (4258ce4)
Several features and their associated APIs were removed from the codebase, including the TabOrganizationService, the Android 'Screenshot Monitor' feature, and the Android 'Search Resumption Module'. (4a44e72) (4144a97) (4830d98)

Web Platform & Blink

⚠️ BREAKING BREAKING CHANGE: The ICU library was rolled to version 78.2. This is a major behavioral change for stable web APIs, affecting timezone formatting (e.g., 'GMT' becomes 'GMT+0'), IDNA processing, and date formats in multiple locales, which may break web content relying on specific Intl API outputs. (f72d48e) (3ae9984)
⚠️ BREAKING BREAKING CHANGE: The behavior of several stable web APIs has changed. document.createEvent() now throws for non-standard types, Element.scrollParent on <body> returns the scrolling element instead of null, and location.ancestorOrigins now returns a cached object. (a112e48) (90bd81c) (8ab1ce0)
⚠️ BREAKING BREAKING CHANGE: The SuppressPointerStreamAfterDrag feature is now enabled by default, altering the standard behavior of pointer events after a drag-and-drop operation, which can break web applications that rely on the previous event stream. (58ccecd)
The @revert CSS at-rule is now enabled for stable release. Additionally, the CSS Color 5 alpha() function and light-dark() support for images have been implemented behind experimental flags. (2263d72) (38994fc) (d4665c3)
The Rust-based JPEG parser is now enabled by default, and foundational code for the WebXR Mesh API was added behind a feature flag. (5c98c56) (919794c)

Security & Networking

A DNS rebinding vulnerability in the DevTools WebSocket handler was fixed by validating the Host header, a critical fix for users of --remote-allow-origins=*. (7bdbd07)
Local Network Access (LNA) checks are now enabled by default for WebTransport and WebSockets, enhancing security for local devices by requiring explicit permission for public websites to access them. (53bd4f6)
The Device-Bound Session Credentials (DBSC) feature has graduated from its origin trial and is now enabled by default. (ebf37aa)
A 15-minute throttling window has been introduced for approximate geolocation updates to mitigate the risk of a site reconstructing a user's precise location from frequent samples. (7d99a69)
Certificate Transparency (CT) policy will now ignore Signed Certificate Timestamps (SCTs) delivered via OCSP-stapled responses by default. (4d1a2f7)

Graphics & Media

⚠️ BREAKING BREAKING CHANGE: The public media::AudioDecoderConfig API was refactored. The Initialize method signature was changed to use ChannelLayoutConfig, and legacy constructors were removed, breaking both C++ calls and mojom wire compatibility. (62da318) (c9acbb5)
⚠️ BREAKING BREAKING CHANGE: The public gpu::GLES2Interface saw significant churn, with several methods related to SharedImage copying being added and then removed within the week, breaking embedders who adopted the new APIs. (fe5ea1e) (eeb6937) (5a7ae68)
To reduce video stuttering in WebRTC, a new SharedMediaContextProvider bound to the Media Thread is now used for video scaling, avoiding contention with the main thread. (d1b8e21)

Extensions

⚠️ BREAKING BREAKING CHANGE: Nine methods have been removed from the chrome.passwordsPrivate extension API as part of a migration to Mojo. Extensions using methods like isAccountStorageActive() or deleteAllPasswordManagerData() will break. (17f18ce)
⚠️ BREAKING BREAKING CHANGE: The extensions::DisplayInfoProvider API was changed from asynchronous to synchronous. SetDisplayLayout and GetDisplayLayout now return their results directly instead of using callbacks. (a2e1c0b) (7b0fc8f)
A significant performance bottleneck during browser shutdown was fixed by optimizing the removal of filtered event listeners, which could previously delay shutdown by tens of seconds for extensions with many listeners. (dec6118)

Platform-Specific Updates

⚠️ BREAKING BREAKING CHANGE: On macOS, the public base::mac::SystemSettingsPane enum was refactored to support upcoming OS versions, renaming and removing several values. Embedders using OpenSystemSettingsPane() must update their code. (6c38bdc)
⚠️ BREAKING BREAKING CHANGE: The ChromeOS display configuration API, cros_display_config.mojom, underwent significant refactoring. Several methods were changed from asynchronous to synchronous, and mojom types were replaced with internal C++ structs, breaking clients of this stable interface. (911fc29) (69dad59) (a957de3)
On iOS, a new public ScreenshotProtectionAPI was introduced to allow developers to mark specific UIViews for obfuscation during screen captures. Additionally, passkey navigator.credentials.get() requests now support AbortSignal for cancellation. (7c86673) (b8f3208)

2026 Week 11

Open Standalone Page

Chromium Weekly: 2026 Week 11

Overview

This week saw an exceptionally high volume of activity with 2,322 relevant commits out of 3,197 total. Development was dominated by a wave of significant breaking changes affecting core APIs, including a major asynchronous refactor of ui::Clipboard, numerous modifications to networking and Blink string APIs, and extensive cleanup of the ChromeOS crosapi interface. Key milestones include the enabling of the network service sandbox by default on Windows and the removal of several legacy web platform features and browser UI elements.

Major Breaking Changes

⚠️ BREAKING BREAKING CHANGE: The ui::Clipboard API and its platform backends were refactored to be fully asynchronous. Synchronous methods like IsFormatAvailable were replaced with asynchronous equivalents like GetAllAvailableFormats, breaking most embedder and platform implementations. (54777b8) (9dc355d) (e316366)
⚠️ BREAKING BREAKING CHANGE: Core Blink string APIs were modified for consistency across multiple commits. blink::String::Remove() was replaced by erase(), LowerASCII() by ToAsciiLower(), and several wtf:: utility functions were renamed. (f2bc5fe) (fcbc3d1) (42dbfc5) (4a0293f)
⚠️ BREAKING BREAKING CHANGE: Core networking APIs were updated, breaking embedder implementations. ClientSocketPool::RequestSockets and PreconnectCompletionCallback now use different callback signatures, and HttpStream methods now return base::ByteSize. (ad97a90) (88f44d9) (5895f46)
⚠️ BREAKING BREAKING CHANGE: The ANGLE D3D9 backend was removed. If D3D11 initialization fails, Chromium will now fall back directly to software rasterization (WARP), which may impact performance on systems that previously relied on the D3D9 fallback. (282348e)
⚠️ BREAKING BREAKING CHANGE: The underlying type of the ui::KeyboardCode enum was changed, resulting in an ABI-breaking change that will affect embedders linking against pre-built Chromium binaries. (e9e9cf3)
⚠️ BREAKING BREAKING CHANGE: Legacy ...V2 suffixed functions like HolderV2() and GetPrototypeV2() were removed from the public V8 API. Embedders must migrate to the modern, unsuffixed equivalents. (37e0529)

Web Platform & Rendering

The CSS attr() function grammar was updated to support <declaration-value>, and the @supports at-rule() feature was enabled by default, allowing developers to query for at-rule support directly in CSS. (e33187e) (8480cfa)
Several web platform APIs were removed, including the non-standard fireOnEveryPaint option from ResizeObserver, the discontinued GeolocationSensor API, and the legacy <command> element. (e0ce255) (f2a0ff6) (baff9bb)
Performance of CSS Grid layout was significantly improved by migrating key data structures to Oilpan, reducing data copying during layout calculations. (a1db64d)
Scaffolding for ML-KEM support was added to the WebCrypto API, and the Direct Sockets API now supports Source-Specific Multicast (SSM) for isolated web apps. (4e0b148) (0302377)
Several features were stabilized and their runtime flags removed, including Web App Manifest localization, the ServiceWorkerAutoPreload feature, and multiple flags for CSS Anchor Positioning. (0c74d0b) (d500868) (eb959bb)

Security & Privacy

The network service sandbox is now enabled by default on Windows, a major security milestone that significantly hardens the browser by restricting the privileges of the network process. (a0ad012)
A browser-side validation check was added to RunJavaScriptDialog() to enforce the allow-modals sandbox attribute, preventing a compromised renderer from showing dialogs without permission. (7e25766)
The Authorization header is now correctly stripped from fetch() keepalive requests during cross-origin redirects, preventing potential credential leakage and aligning with web specifications. (5fb6646)
The behavior of navigator.storage.estimate() in Incognito mode was changed to prevent privacy leaks by no longer revealing discrepancies in storage capacity that could be used to detect Incognito. (c48f71d)

Android, iOS & ChromeOS

⚠️ BREAKING BREAKING CHANGE: The ChromeOS crosapi interface between Ash and Lacros saw extensive refactoring. Methods were removed from the LocalPrinter interface, and the mojo-based CrosDisplayConfigController and launcher_search.mojom interfaces were removed in favor of C++ equivalents. (ee69dea) (774ba09) (a8ba571) (0a8a8c8)
⚠️ BREAKING BREAKING CHANGE: Numerous public Java APIs on Android were changed or removed, including the removal of SyncPromoController, the renaming of SigninManagerImpl's package, and signature changes to MediaDrmBridge and ClickWithMetaStateCallback. (0db58b8) (737d3e3) (a2ece5c) (1f83783)
Several features were enabled by default on Android, including RobustWindowManagement for multi-window handling and touchpad overscroll gestures for back/forward navigation. (87f844d) (232064f)
On iOS, Reader Mode translation is now enabled by default, and many UI components were modernized to use initWithWindowScene instead of the deprecated UIWindow initializer. (b53956f) (a687976)
On Linux, Chrome Remote Desktop has removed support for SysV init systems and now relies exclusively on systemd. (cd7f371)

Services, Extensions & UI

⚠️ BREAKING BREAKING CHANGE: The public AutofillClient interface was modified to use more specific failure notifications, and the FormFieldData struct was updated to include selected_option_text, breaking consumers of these APIs. (b1627f2) (95b08b3)
A significant effort continued to migrate extension API tests from Manifest V2 to Manifest V3, covering APIs such as nativeMessaging, omnibox, context_menus, and printerProvider. (36f2f4c) (b2f7a35) (868a121)
The browser UI was simplified with the complete removal of several features, including the Tab Search container from the tab strip, the "Click to Call" page action, and the legacy Price Tracking controller. (d43a49d) (47aad4d) (e34e396)
Autofill support for loyalty cards was launched and its feature flag removed, making the functionality available by default. (9d45f2f)

Build System & Code Health

The ongoing effort to modularize //chrome/browser continued, with components like trusted_vault, page_info, sharing_hub, and performance_monitor being moved into their own build targets to improve dependency hygiene. (d031ef5) (f7272c2) (563c9a0) (5e70d3b)
The GRIT resource compiler (grit.py) was optimized to speed up builds, gaining a multiprocessing output phase and skipping slow garbage collection on exit. (d4c945b) (757fea0)
The C++ style guide was updated to allow the use of std::ranges::to, enabling more modern and concise container conversions in the codebase. (df05b07)

2026 Week 10

Open Standalone Page

Chromium Weekly: 2026 Week 10

Overview

A week dominated by a wave of breaking API changes aimed at modernizing the codebase, impacting nearly every major component from the base library to platform-specific UIs. This summary covers 2348 relevant commits out of 3133 total across 6 days. Key themes include a broad migration to asynchronous patterns and base::span, the continued decoupling of ChromeOS code, the shipping of new CSS features like contrast-color(), and a landmark step towards memory safety with the first Rust implementation of a core security policy.

Widespread API Modernization & Breaking Changes

⚠️ BREAKING BREAKING CHANGE: A massive effort to modernize core APIs has resulted in numerous breaking changes. ui::Clipboard methods like ReadText and GetStandardFormats were converted from synchronous to asynchronous, callback-based functions, requiring significant updates for all embedders. (1d23bcd) (34bc314) (c6bd1aa) (14c828a)
⚠️ BREAKING BREAKING CHANGE: A code health initiative replaced raw pointers with base::span across many APIs, including base::File::Read/Write, base::Pickle, and WebAudioSourceProvider::ProvideInput. This breaks callers who must now migrate to the safer, span-based overloads. (2f6529b) (18a2af4) (54421a1) (3b61a3b)
⚠️ BREAKING BREAKING CHANGE: Numerous public C++ interfaces now require implementation of new pure virtual methods, breaking existing subclasses. Notable examples include net::NetworkDelegate (added ShouldForceIgnoreSiteForCookies), blink::WebMediaPlayer (added Shutdown), and DataTypeController (updated GetPreconditionState). (9e66171) (2f6df87) (37a2d3f)
⚠️ BREAKING BREAKING CHANGE: The effort to separate ChromeOS from the browser continued with major API changes. The crosapi::mojom::CrosDisplayConfigController was replaced with a pure C++ API, and many OS-specific preferences and URL constants were moved into the ash namespace, breaking non-Ash callers. (27f97b7) (49287a5) (5622ae9) (83edd08)
⚠️ BREAKING BREAKING CHANGE: Several obsolete or superseded APIs were removed entirely. This includes the WebAuthn caBLE v1 extension, SHA-1 related fields from net::CertVerifyResult, the chrome.browser API for non-ChromeOS platforms, and the TabRendererData class. (8b50d0e) (02514ec) (70a730f) (d1392f5) (af1897a)

Web Platform

The CSS contrast-color() function and border-shape property are now enabled by default, giving web developers powerful new tools for dynamic color selection and creating non-rectangular element borders. (c103765) (e8744fa)
The window.scroll() and Element.scroll() families of methods now return promises, providing a modern, standardized way to handle scroll completion and chain asynchronous actions. (9ecb942) (1d33f8f)
The Web Crypto API was strengthened with the implementation of the robust ChaCha20-Poly1305 algorithm. (38ea0fe)
The CSSPseudoElement interface and the event.pseudoTarget attribute are now enabled by default, allowing JavaScript to directly interact with and inspect pseudo-elements. (27d3b7f) (9b1025c)

UI & Features

The 'Send Tab To Self' feature was enhanced to propagate the user's scroll position, allowing the receiving device to automatically scroll to the same location when the tab is opened. (54ee74b) (04f26ef)
The Vertical Tabs feature received several visual and functional updates, including higher contrast outlines, better drag-and-drop indicators, and smoother animations for adding and removing tabs. (bc90d82) (e057056) (fa9ee99)
As part of ongoing cleanup, the "Tab Declutter" feature and the WebUI for Auto Tab Groups (ATG) were completely removed from the codebase. (5bbd8d1) (549edd6)

Security & Infrastructure

In a landmark step towards memory safety, an initial Rust implementation of ChildProcessSecurityPolicy was introduced. It will run in parallel with the C++ version, controlled by a feature flag, as part of the initiative to rewrite critical components in Rust. (5440cf2)
⚠️ BREAKING A major refactoring of Android's JNI layer continued, introducing safer pointer patterns (JniTypeToken, JniPtr) and refactoring core UI classes to reduce the use of persistent global references, improving stability and scalability. (b79b840) (871d151) (7f1d1c0) (b8740ec)
New enterprise policies IncognitoModeUrlBlocklist and IncognitoModeUrlAllowlist were launched to stable. The URLBlocklist policy was also hardened to prevent administrators from accidentally blocking internal chrome:// pages with a wildcard. (de0b2fd) (b7792df)

2026 Week 1

Open Standalone Page

Chromium Weekly: 2026 Week 1

Overview

This week saw 9 relevant commits out of 21 total across 2 days. The most significant update is a breaking change in the Bluetooth test framework. Other highlights include UI refinements for Vertical Tabs, metrics improvements for Safe Browsing, and the introduction of an experimental flag to address extension corruption.

Bluetooth

⚠️ BREAKING BREAKING CHANGE: The pure virtual method PlatformSupportsLowEnergy() has been removed from the public test base class device::BluetoothTestBase. Embedders inheriting from this class must remove their implementations to avoid build failures. (b64652f)

UI & UX

The Vertical Tabs feature received visual refinements, including an opacity gradient to indicate scrollable content and updated margins when in collapsed mode. (39012f4) (be19c99)

Safe Browsing & Security

Safe Browsing metrics have been improved by skipping preclassification checks for error documents and adding new histograms for server-side scans. Additionally, an unsafe buffer usage was fixed in usb_device_handle_win.cc. (137a3f7) (6f1b149) (d5d92a2)

Extensions

A new experimental feature flag, kContentVerifierCacheIncludesExtensionRoot, was added to test a fix for extension corruption by including the extension's root path in the content verifier's cache key. (dd0f836) (621959d)

WebGPU

A bug was fixed where an incorrect cropSize was used for the 1-copy external texture path, ensuring the video frame's natural size is correctly applied. (2ae5da1)

2025 Week 53

Open Standalone Page

Chromium Weekly: 2025 Week 53

Overview

This week saw a significant number of breaking API changes across the Chromium codebase, impacting embedders in areas like UI, Extensions, Android, and core services. A notable behavioral change removes support for a non-standard image format, while preparatory work began for the JPEG XL image format. This summary covers 56 relevant commits out of 183 total across 4 days of development.

Widespread Breaking API Changes

⚠️ BREAKING BREAKING CHANGE Core UI observer interfaces received breaking changes. TabStripModelObserver methods were renamed and their signatures changed to use tabs::TabInterface*. The RenderWidgetHost::InputEventObserver::OnInputEvent method now requires an input::InputEventSource parameter. Additionally, the legacy ui::aura::WindowEventDispatcherObserver interface has been removed entirely. (fdb26aa) (a9bd994) (ff7776c)
⚠️ BREAKING BREAKING CHANGE The public API surface for Extensions was significantly reduced. Several static methods were removed from ExtensionTabUtil, and the ExtensionFunctionDispatcher::Delegate interface lost the GetAssociatedWebContents() and GetVisibleWebContents() methods. The ExtensionWebContentsObserver class hierarchy was also modified to no longer inherit from the delegate, which may break dynamic_cast usage. (e6fa848) (f13ff20) (9885010) (dc15d34)
⚠️ BREAKING BREAKING CHANGE Android embedders face multiple breaking changes. The core TabModel::CreateTab method signature was changed to use a TabLaunchType enum instead of a boolean. In the identity component, IdentityMutator.clearPrimaryAccount() was removed and replaced. The sign-in bottom sheet delegate was also refactored, splitting the Delegate interface into two new ones. (79344d3) (b09d904) (5531b9b)
⚠️ BREAKING BREAKING CHANGE Several public APIs in core services were removed. In Safe Browsing, MaybeReportSafeBrowsingHit was deleted from the BaseUIManager. In the Privacy Sandbox component, TpcdExperimentEligibility and related methods were removed from PrivacySandboxSettings. The can_use_chrome_ip_protection() method was also removed from the AccountCapabilities class. (cbeca2e) (1ff3d48) (47c3d62)

Image Format Support

⚠️ BREAKING BREAKING CHANGE Support for decoding JPG and PNG images embedded within BMP files has been removed. This non-standard feature is now disabled by default via the kRemoveBmpExtensionForEmbeddingJpegOrPng flag, which may cause some websites to render these specific images incorrectly. (58fbc0c)
Initial infrastructure has been added to support the JPEG XL (JXL) image format. This preparatory work, controlled by the kEnableJXLImageFormat feature flag (disabled by default), adds build flags and metrics but has no runtime effect yet. (2b547e7)

Code Health & Modernization

The iOS UI continues its significant modernization effort. The legacy toolbar implementation has been moved, the experimental 'Diamond' prototype was removed, and a new AppBar was added to the TabGrid. (84556a4) (e69bfbe) (2ecc440)
Mojo's internal template metaprogramming has been modernized to use C++20 concepts, replacing older SFINAE-based implementations. This internal refactoring does not change public API signatures. (694c89f)
Code cleanup continues with the removal of numerous feature flags for fully launched features, including those related to Third-Party Cookie Deprecation (3PCD), Extension Telemetry, and the Translation API. (1feabfd) (af24040) (0365765) (8f22844) (fdaa2fc)

2025 Week 52

Open Standalone Page

Chromium Weekly: 2025 Week 52

Overview

This week saw a significant number of breaking API changes across core components, networking, and platform-specific code, impacting embedders on all platforms. Major internal modernizations included migrating from base::ByteCount to base::ByteSize and removing base::to_underlying. This summary highlights 36 relevant commits out of 850 total across 7 days.

Breaking Changes

⚠️ BREAKING BREAKING CHANGE The public ChromeAndroidTask Java interface was refactored to support multiple Activities. Methods were renamed (e.g., setActivityScopedObjects to addActivityScopedObjects) and now manage a list of activities, requiring updates from embedders. (81d2478)
⚠️ BREAKING BREAKING CHANGE The utility function base::to_underlying and its header have been removed from the codebase. All call sites must be migrated to use std::to_underlying. (271bd17)
⚠️ BREAKING BREAKING CHANGE The TrackingProtectionSettings and TrackingProtectionOnboarding classes and their factories have been removed from the Privacy Sandbox components, breaking consumers of these services. (36e492c) (18e568e)
⚠️ BREAKING BREAKING CHANGE The TaskManagerInterface API was updated to use the type-safe base::ByteSize and std::optional for memory and network reporting, changing the signatures of methods like GetMemoryFootprintUsage and GetProcessTotalNetworkUsage. (c89f2a8) (3010a9b)
⚠️ BREAKING BREAKING CHANGE On Android, the org.chromium.net.X509Util class was refactored. The ensureInitialized method was removed, and embedders must now use getVerifier() to obtain a verification object. (b580880)
⚠️ BREAKING BREAKING CHANGE For AOSP builds, the Cronet shared library was renamed from libmainlinecronet.{version}.so to libhttpengine.so, which will break build systems and dynamic loaders targeting the old name. (f836219)
⚠️ BREAKING BREAKING CHANGE Several public methods for raw cookie access, such as GrantReadRawCookies, have been removed from ChildProcessSecurityPolicyImpl. (41b3b0a)
⚠️ BREAKING BREAKING CHANGE Public members of AccountInfo (e.g., picture_url) were made private. Callers must now use accessor methods like GetAvatarUrl(). (d2acdce) (454a9ad)
⚠️ BREAKING BREAKING CHANGE On iOS, a new pure virtual method, IsUsingCustomCardIconEnabled(), was added to the PaymentsAutofillClient interface, requiring implementation by iOS embedders. (0cf318d)

Code Modernization & Refactoring

A large-scale migration from the int64_t typedef base::ByteCount to the type-safe base::ByteSize class was performed across the codebase, notably affecting byte formatting functions and the Task Manager API. (b1dfe54) (eae5d29) (c89f2a8)
Observer patterns in ChromeOS for SessionManagerClient, UserManager::Observer, and LoginState were updated to use the safer CheckedObserver and ScopedObservation classes for improved lifetime management. (949baab) (063bace) (5240e1f)

UI & Features

Significant progress was made on the experimental 'Contextual Tasks' side panel, with numerous commits landing to implement UI elements like the Lens button, fix crashes, and improve keyboard handling. (face966) (d7075c2)
Work on Vertical Tabs continued, with new support for dragging tabs to and from the vertical strip and logic for tab group collapse/expand animations. (cdbede9) (96affd4)
The Tab Search toolbar button is now enabled by default. (2b20533)

Networking

⚠️ BREAKING BREAKING CHANGE A major QUICHE library roll deprecated numerous legacy QUIC version-check methods (e.g., UsesTls()) in favor of IsIetfQuic() and added a new OnConfigNegotiated() method to the QuicSession::Visitor interface. (c5b2270)

Android

The bookmark manager gained a 'Copy link' option in its selection menu and added listeners for hover and touch events in preparation for drag-and-drop functionality. (d5213c7) (97f09a7)
To improve usability on touch-only devices, the link hover status bar (which shows a URL at the bottom of the screen) is now restricted to devices with a precision pointer like a mouse or stylus. (6018c7e)

Extensions

The sidePanel.open API now supports WINDOW_ID_CURRENT, allowing an extension to open a side panel in the current window without needing to query for its ID. (beede36)
API documentation for runtime.onMessage and other messaging APIs was updated to officially clarify that listeners can return a Promise for asynchronous responses, aligning with modern web development practices. (5309887) (0d1975a)

2025 Week 51

Open Standalone Page

Chromium Weekly: 2025 Week 51

Overview

This week in Chromium saw an exceptionally high volume of changes, with 2200 relevant commits out of 2936 total. The period was dominated by a wave of breaking API changes across core C++, Android, and the web platform, requiring significant attention from embedders. Alongside this churn, key web platform features like text-justify and elastic overscroll were enabled by default, and major internal refactoring efforts like "Project Bedrock" continued to modernize the codebase.

Widespread Breaking Changes

⚠️ BREAKING BREAKING CHANGE: A major behavioral change in ui::views::View now causes a fatal crash in production builds if a view's child list is modified during iteration, a condition that was previously a debug-only check. (4b55b0b)
⚠️ BREAKING BREAKING CHANGE: Android embedders face numerous mandatory updates. WebContentsDelegateAndroid requires a new setContentsBounds method, TabWebContentsDelegateAndroid.addNewContents needs a PictureInPictureWindowOptions parameter, and the loadTime parameter in WebView's onFirstContentfulPaint is now in milliseconds instead of microseconds. (8986073) (4528cd2) (96cb376)
⚠️ BREAKING BREAKING CHANGE: Several stable web platform behaviors were altered. The clipboardchange event will now only fire if the page has user activation or the clipboard-read permission, and the CustomizableSelectListbox feature was enabled by default, changing the behavior of <select multiple>. (2872da4) (a6eb827)
⚠️ BREAKING BREAKING CHANGE: The reporting mechanism for Soft Navigation Largest Contentful Paint (LCP) was refactored from a pull-based to a push-based model, requiring embedders to implement a new DidObserveSoftLargestContentfulPaint method on the WebLocalFrameClient interface. (4430311)
⚠️ BREAKING BREAKING CHANGE: Build system support for older hardware was removed. Support for ARMv6 has been dropped, and NEON SIMD support is now mandatory for all ARM builds, including for third-party libraries like libvpx and libaom. (e6b1ab2) (9178bee) (5d71603)
⚠️ BREAKING BREAKING CHANGE: Numerous public C++ interfaces were broken. content::ContentBrowserClient requires a new IsAndroidAdvancedProtectionEnabled method, permissions::PermissionsClient had GetTrackingProtectionSettings removed, and the deprecated crypto::HMAC class was removed entirely. (832db4a) (25d5686) (06d7910)

Web Platform & Blink

The text-justify CSS property is now enabled by default, potentially affecting text layout for justified content. On the interaction side, elastic overscroll effects are now on by default for non-root scrollers, and the AsyncTouchMovesImmediatelyAfterScroll feature was enabled on all platforms to improve scroll responsiveness. (9ef16c6) (403b52a) (ce82799)
The Navigation API was enhanced with the shipping of the navigation.transition.to property, exposing the destination entry during a transition. For security, the trusted-types-eval CSP keyword was implemented to create exemptions for eval(). Additionally, the <meta name="text-scale"> tag, previously Android-only, is now supported on desktop platforms. (3d8faaf) (a1b6be4) (2cfc493)
⚠️ BREAKING BREAKING CHANGE: The WebCodecs AudioEncoder API now imposes a fixed limit on the number of concurrent encodes, a behavioral change that may break applications that queue a large number of encoding tasks. (4448cc9)

Core Internals & Performance

⚠️ BREAKING BREAKING CHANGE: The "Project Bedrock" initiative made significant progress in decoupling core components from the global BrowserList. Numerous public static methods on BrowserList were removed, pushing consumers toward more modern patterns like BrowserCollectionObserver. (bde29c0) (64c605a) (e4aff77)
WebUI loading performance was improved by introducing a synchronous InitialWebUINavigationURLLoader, which moves resource loading into the renderer process. To improve stability, microtask execution is now suppressed via V8 APIs while a page is in the Back-Forward Cache. (6fc5621) (b448fd5) (117d86b)
A new SQLite backend for DOM Storage was introduced behind the kDomStorageUseSqlite feature flag, beginning a migration away from LevelDB. In a widespread memory safety effort, many core APIs, including those in audio and MIDI, were "spanified" to replace raw pointer usage with base::span. (72cd734) (70146e2) (dd77334)

UI, Features & Policy

⚠️ BREAKING BREAKING CHANGE: The "Tab Organization" feature and its associated services have been removed from the codebase. In enterprise policy, support for the deprecated CloudPrintProxyEnabled policy was also removed. (e1c53e2) (8dd15b8)
A new feature, controlled by kRedactPasswordFieldsInScreenshots, allows for redacting password fields from screen captures. For Picture-in-Picture, the window ID is now exposed to screen capture APIs, allowing it to be excluded from the capture of the frame that opened it. (08603f6) (6cf22fc)
On Linux, the XDG Print Portal (kLinuxXdgPrintPortal) has been enabled by default, modernizing the printing stack. On Android, the SaveInstanceStateObserver interface was extended to support persisting state across device reboots. (eb227d2) (3fe2dd5)

2025 Week 50

Open Standalone Page

Chromium Weekly: 2025 Week 50

Overview

A monumental week for API evolution, this summary covers approximately 1870 relevant commits out of 2518 total across 6 days. The period was dominated by an exceptionally large number of breaking changes across core services, UI, networking, and platform-specific APIs, requiring immediate action from many embedders. Beyond API churn, significant web platform updates landed, including changes to CSS viewport unit behavior and lazy loading, while a major architectural refactor in Blink was attempted and reverted. Key feature work includes enabling the OOPIF PDF viewer by default on desktop and adding PDF handling capabilities to Chrome on Android.

Breaking Changes

⚠️ BREAKING BREAKING CHANGE: A massive number of C++ APIs were broken. EnterpriseIdentityService was removed entirely. autofill::AutofillClient lost methods like GetPopupScreenLocation() and DidFillForm(). TabStripModel::selection_model() changed its return type. signin::OAuthConsumerRegistry gained a new pure virtual method. media::VideoFrame's mapping APIs were removed. The ownership model for blink::Gradient was changed from scoped_refptr to std::unique_ptr. (5d6bd7b) (80af047) (0e0c6aa) (58e491f) (01e5c4c) (a607b59) (2e59e5c)
⚠️ BREAKING BREAKING CHANGE: Core base library and networking APIs were updated. net::ERR_DNS_SERVER_FAILED was removed in favor of more specific error codes. base::SysInfo memory functions now return ByteSize instead of ByteCount. The deprecated SimpleURLLoader::BodyAsStringCallbackDeprecated was removed, requiring migration to the std::optional version. (0b88079) (c7e3442) (31e0c06)
⚠️ BREAKING BREAKING CHANGE: The browser updater component's public API was refactored. Embedders must now include the new central header updater.h as previous headers like BrowserUpdaterClient are now internal or removed. (d4d03c1) (793c922)
⚠️ BREAKING BREAKING CHANGE: Multiple Android Java APIs were changed. AwBackForwardCacheSettings was removed from the WebView API in favor of direct methods. ActivityTabProvider and BrowserControlsVisibilityDelegate no longer inherit from ObservableSupplierImpl, requiring callers to use .asObservable(). (b8c03f6) (01f1868) (1aa8864)
⚠️ BREAKING BREAKING CHANGE: The extensions.webRequest API now formats securityInfo.certificates.fingerprint.sha256 as a colon-separated hex string (AA:BB:CC...) instead of a contiguous one, which may break extensions that parse this value. (33cf423)
⚠️ BREAKING BREAKING CHANGE: The content::RenderProcessHost::FastShutdownIfPossible public API signature was changed to add a new optional parameter, breaking embedders who implement the RenderProcessHost interface. (1095311) (4b90c98)

Web Platform & Rendering

The Out-of-Process iframe (OOPIF) for the PDF viewer is now enabled by default on Windows, macOS, and Linux, improving security and stability by isolating the PDF content in its own process. (30caec7)
CSS viewport units (vh, vw, etc.) now account for the presence of classic scrollbars on the root element. This aligns Chrome with a new specification consensus and may affect page layouts. (83692eb)
The behavior of <img loading="lazy"> was updated to better align with the HTML specification. An image element will now correctly wait until it enters the viewport to fire its load event, even if the resource was fetched out-of-band. (c1c615c)
A large-scale architectural refactoring to remove the Supplementable pattern from core Blink classes like Document and Page was attempted and subsequently reverted due to instability, putting a significant internal modernization effort on hold. (98766f7) (5d280d5) (926943c) (c9da8ad)
Native support for Matroska MIME types (.mkv, .mka) was added, allowing these video and audio files to be played inline by the browser instead of being automatically downloaded. (d081300)

Services & Extensions

A critical bug was fixed where the browser could hang if an extension used a blocking webRequest listener in a service worker that was active but had not yet finished registering its listeners. (022ce91)
A garbage collection mechanism was implemented for Bound Session Credentials (DBSC), allowing the UnexportableKeyService to delete orphaned token binding keys and improve storage hygiene. (262fa98)
The extensions messaging system is being updated to support structured cloning, with serialization logic being moved to common code to prepare for more complex data passing. (69363e6) (88e3bae)

Android

Chrome on Android can now be registered as an application to open PDF files, allowing users to open PDFs from other apps directly in the browser via an "Open with" intent. (237aee7)
The desktopCapture API is now enabled for desktop Android, providing screen sharing capabilities for web applications on tablet form factors. (4ab565d)
The Tab Resumption feature, which helps users resume previous tasks on the New Tab Page, is now enabled by default, and its associated feature flag has been removed. (7e8699d)

Infrastructure

A pure Rust JPEG XL decoder, jxl-rs, was added as a third-party dependency, continuing the integration of memory-safe languages for image parsing. (740e9bb)
The FontConfig dependency was updated to build without FreeType, removing FreeType-related APIs and simplifying the build dependency graph on Linux. (94a6cd7) (eee60fc)

2025 Week 49

Open Standalone Page

Chromium Weekly: 2025 Week 49

Overview

This week was marked by an extraordinary number of breaking API changes, headlined by the default C++ standard being raised to C++23. Across 3,162 commits, with over 2,300 deemed relevant, developers made significant updates to core interfaces like ContentBrowserClient, media::VideoFrame, and WebAuthn, requiring widespread updates for embedders. Major features like the built-in HLS player were shipped, while legacy code such as the old headless mode and the "Identifiability Study" was removed.

Breaking Changes & API Evolution

⚠️ BREAKING BREAKING CHANGE The default C++ standard is now C++23. This is a major toolchain update requiring embedders to use a compatible compiler and adapt to stricter language rules or updated standard library behavior. (5047a65)
⚠️ BREAKING BREAKING CHANGE Multiple virtual methods were removed from the core content::ContentBrowserClient interface, including IsUnpartitionedStorageAccessAllowedByUserPreference, GetUserAgentBasedOnPolicy, and IsInitialWebUIScheme. This breaks all embedder implementations. (fcea483) (18b17a9) (26c4ae9) (f9d507d)
⚠️ BREAKING BREAKING CHANGE The media::VideoFrame API was heavily refactored. STORAGE_GPU_MEMORY_BUFFER was renamed to STORAGE_MAPPABLE_SHARED_IMAGE, VideoFrame::ScopedMapping was made non-virtual, and viz::TransferableResource was changed to use a ClientSharedImage object. (715fc38) (42fcda8) (db2f79e) (bbb801f) (fdbf02d)
⚠️ BREAKING BREAKING CHANGE The public WebAuthn and Identity APIs were significantly changed. The webauthn::PasskeyModel interface was refactored to use a unified GetPasskeys() method, FIDO headers were moved to device/fido/public/, and the AccountInfo::hosted_domain field was made private. (c1498b4) (583d7e5) (0615b88) (0cc5bbc) (bb0a00d) (265e995)
⚠️ BREAKING BREAKING CHANGE Support for the old headless mode via --headless=old has been completely removed. Scripts relying on this argument will now launch the new headless mode instead. (b18a8a9)
⚠️ BREAKING BREAKING CHANGE Major refactoring on Android removed TabModelImpl, redesigned the WebAuthn callback system into a unified WebauthnRequestCallback, and changed the core ObservableSupplier utility to be monotonic. (ba8d47a) (b8d1545) (4478f90) (416a61c)
⚠️ BREAKING BREAKING CHANGE The public mojo::ConnectionGroup::Ref class was renamed to mojo::ConnectionGroupRef to improve build times by allowing forward declaration. Consumers of this API must update to the new name. (a0aae0e)

Web Platform & Blink

Several features were enabled by default and had their flags removed, including the built-in HLS player, the location.origin API, and the CSS multi-column properties column-height and column-wrap. (f100e37) (d390482) (a6dd974)
The experimental "Identifiability Study" (Privacy Budget) feature and its associated code, metrics, and mojo interfaces have been removed from the codebase. (db00ab2) (0d71dc3) (52c1810) (b770092)
CSS letter-spacing and word-spacing now support percentage values. The focusgroup feature was also improved with a priority attribute and navigation based on visual order. (8405f8d) (b43c1e0) (03107b9)
The cookieStore API now supports the maxAge property, allowing developers to set a cookie's expiration relative to the current time. (516446e)
⚠️ BREAKING BREAKING CHANGE The XSLTProcessor web API is now gated by a feature flag. If disabled, the API is removed from the global scope, which could break sites that rely on it. (13f370a)

Core Services & Security

The Session Storage implementation was refactored to improve data lifecycle management and prepare for a future swappable SQLite backend. Work also continued on transparent disk cache encryption for the network service. (a87a03d) (0fdd088) (cd57155)
The GPU persistent cache is now used for Ganesh and GL shader caches, centralizing cache management. On Wayland, frame timing is improved for Variable Refresh Rate (VRR) displays by using wp_presentation v2. (0e93910) (9fc41d8)
The components/ip_protection feature was deleted from the codebase. The legacy UserAgentReduction enterprise policy was also removed. (a402ef2) (c6fcfae) (64f74a0)
Security was hardened by enabling Branch Target Identification (BTI) for Linux on Arm builds. The Sanitizer API was also improved to enforce parsing in an inert DocumentFragment. (b885f91) (ae77388)

Mobile Platforms (Android & iOS)

⚠️ BREAKING BREAKING CHANGE A large-scale refactoring for the Android "Tab Collection" project continued, removing legacy classes like TabModelImpl and TabGroupModelFilterImpl to unify tab management logic. (ba8d47a) (b8d1545) (64dbe67) (e23a3ed)
The AwNavigationListener interface for Android WebView was updated with a new onLargestContentfulPaint method to expose web performance metrics to embedders. (5339dca)
On iOS, development continued on the AI-powered Composebox and the native Passkey client. The file upload panel was also updated to use the modern PHPickerViewController. (10d7f06) (e424d9b) (929f329)
On iOS, the Reading Mode feature was enabled by default for non-US regions and now supports automatic language translation detection. (da536ae) (f700d5f)

2025 Week 48

Open Standalone Page

Chromium Weekly: 2025 Week 48

Overview

This week saw a massive volume of changes, with 2140 relevant commits out of 2680 total. Development was marked by an exceptionally high number of breaking changes to core C++, Java, and public web APIs, requiring significant attention from embedders. Major themes include the enabling of the network service sandbox on Windows, continued refactoring of identity and sign-in components, and advancements in CSS features like Masonry (renamed to grid-lanes).

Major Breaking Changes

⚠️ BREAKING BREAKING CHANGE: The network service sandbox is now enabled by default on Windows. This major security enhancement significantly restricts the privileges of the network process and may break embedders who rely on the previous unsandboxed behavior for custom network integrations. (c6bd7f0)
⚠️ BREAKING BREAKING CHANGE: The chrome.browsingData extension API can no longer be used to delete passwords. Calls to removePasswords or remove with the "passwords" datatype will now be a no-op, representing a significant behavioral change for a stable extension API. (9fb257e)
⚠️ BREAKING BREAKING CHANGE: Core identity management APIs have been refactored. The public AccountInfo::hosted_domain field has been removed across C++ and Mojo, requiring the use of accessor methods. Additionally, the SigninClient interface has a new pure virtual method, GetOAuthConsumerFromId. (da1dfa4) (a77b9c6) (3428bfe) (5657390)
⚠️ BREAKING BREAKING CHANGE: The native Cronet API has been fully removed. All exported Cronet_* entry points are no longer available from the shared library, breaking any projects that link against it. (89965a4)
⚠️ BREAKING BREAKING CHANGE: On Android, the public Java method TabModelOrchestrator.getTabModelSelector() now correctly returns @Nullable. Consumers must now handle a potential null return value to prevent runtime exceptions. (b933824)
⚠️ BREAKING BREAKING CHANGE: The Chrome DevTools Protocol (CDP) moved the StyleSheetId type from the CSS domain to the DOM domain. CDP clients that interact with stylesheets must update their domain references. (23a0a9f)
⚠️ BREAKING BREAKING CHANGE: Numerous C++ and Java APIs saw breaking signature changes, including the removal of CanvasResourceProvider::GLContext(), the removal of base::win::GenericScopedHandle::IsValid(), and changes to net::CacheEncryptionDelegate::Init and gpu::ValueValidator to use modern types like base::OnceCallback and base::span. (5a28a27) (a6bff80) (1d7e43b) (94185a3)

Web Platform & APIs

The experimental CSS Masonry feature has been renamed to grid-lanes to align with specification changes. Concurrently, initial support for the random() CSS function has been implemented. (54e0c23) (67fef76) (4de93da) (87aa6cc)
The WindowControlsOverlay API has been enabled by default on Android, allowing PWAs to draw content into the title bar area for a more integrated app-like experience. (450df2e)
The WebNN API on Windows will now use the ONNX Runtime (ORT) backend by default, replacing the previous DirectML implementation. (3c0defa)
Speculation rules have been updated to support prerendering on form submissions via a new form_submission field, enabling faster navigations after a user submits a form. (b392716)
The CSS pseudo-element ::search-text for styling find-in-page results has been enabled by default. (cc8be7c)

Security & Privacy

Code related to the "privacy budget" identifiability study has been removed. Additionally, the Shared Storage API has been formally deprecated, and enterprise policies for the Topics API were deprecated ahead of its removal. (0e49a82) (7f86b6c) (d400432) (d9ee6f7)
Passkey support continues to mature, with significant progress on iOS credential validation and assertion handling. A generic CredentialSorter was also introduced to unify the sorting of passkeys and passwords on desktop and Android. (b25cb50) (2d29cc9) (3186314) (979c489)
The internal HTTP cache has been upgraded to use SHA-256 instead of SHA-1 for tracking no-store keys. This change is currently behind the kHttpCacheUseSha256 feature flag. (76846c5)
A new DNS-over-HTTPS (DoH) provider, "DNS4EU", was added for users in the European Union. (84aec82)

Android & iOS

A significant behavioral change was made on Android to delete Incognito windows upon closure, reverting a previous change that made them restorable. (6793084)
On iOS, the legacy share extension receiver, service, and factory have been removed as part of a major refactor of content sharing. (3e900c5) (bc8e30c) (600ff42)
On Android, tab restoration logic is being refactored out of TabStateStore into a new TabRestorer class to improve modularity. (4ca1217) (27d1638) (ec7da97)

Developer Tools & Infrastructure

A new UI has been added to chrome://inspect that allows developers to toggle a remote debugging "approval mode", providing more explicit control over inspection. (2748580) (2e576ad) (6a4ce7b)
A large-scale, automated refactoring replaced coarse-grained #pragma allow_unsafe_buffers with more granular UNSAFE_TODO() markers throughout the gpu/ directory to improve memory safety analysis. (319e918) (b8be193) (224caf1)
The Linux installer scripts (build.sh) for Debian and RPM packages have been ported to Python for better maintainability and robustness. (f963b7c)

2025 Week 47

Open Standalone Page

Chromium Weekly: 2025 Week 47

Overview

This week saw a massive volume of changes in Chromium, with 3305 commits landing on the main branch, of which over 1800 were analyzed as relevant. The development was dominated by a wave of breaking API changes and large-scale refactorings aimed at modernizing the codebase, most notably the complete removal of the legacy `blink::Supplementable` pattern. Key advancements were made in CSS features like Anchor Positioning, while several Privacy Sandbox APIs were marked for deprecation, and security was enhanced with new policies and remote debugging controls.

Major Breaking Changes & API Modernization

⚠️ BREAKING BREAKING CHANGE: The foundational blink::Supplementable base class has been completely removed from the engine. This major, multi-day refactoring simplifies object lifetime management but requires significant updates to any downstream code that used this pattern to attach extra data to Blink objects. (de5182b) (801a173) (4c9ba80) (ee79c91)
⚠️ BREAKING BREAKING CHANGE: The public classes content::ResourceContext and content::BrowserOrResourceContext have been removed from the Content API. This simplifies the threading model but breaks embedders who relied on these long-standing classes for IO thread operations. (4752211) (954d496)
⚠️ BREAKING BREAKING CHANGE: The codebase is now standardized on C++20, with the use_cxx17 build variable removed. The PartitionAlloc memory allocator now explicitly requires C++20 for compilation. (e67ce2f) (28c854b)
⚠️ BREAKING BREAKING CHANGE: Skia's public PNG APIs have been migrated from a libpng-based implementation to a new Rust-based one. Embedders must update from SkPngEncoder.h/Decoder.h to the new SkPngRustEncoder.h/Decoder.h APIs. (32b26f0)
⚠️ BREAKING BREAKING CHANGE: Numerous public API signatures were changed, requiring embedder recompilation and code changes. Notable examples include adding a use_capture parameter to WebNode::AddEventListener, removing margin methods from views::BubbleDialogDelegate, and changing content::NavigationHandle::SetRequestHeader to use std::string_view. (35457fe) (3645cfd) (7d6e063)
⚠️ BREAKING BREAKING CHANGE: The obsolete Plugin system's public API surface has been significantly reduced. Methods like PluginService::RefreshPlugins() and PluginService::GetPluginsAsync() have been removed or altered, requiring embedders to migrate to new synchronous methods. (ced68fd) (958d69c) (71852ae)
⚠️ BREAKING BREAKING CHANGE: The Fingerprinting Protection Filter (FPF) feature has been removed entirely, including the public virtual method fingerprinting_protection_ruleset_service() from the core BrowserProcess interface. (d035d43)

Web Platform & Blink Engine

CSS Anchor Positioning has been significantly improved to correctly account for CSS transforms on anchor elements. Additionally, position-anchor: none is now supported and serves as the default value. (02c2db1) (f95ef29) (351afdf)
⚠️ BREAKING BREAKING CHANGE: The experimental CSS feature display: masonry has been renamed to display: grid-lanes to align with evolving standards. All related properties have also been renamed, breaking content that used the old masonry-* keywords. (76cc361) (7d1e648) (9809f19)
Several Privacy Sandbox APIs have been marked for deprecation. Using the Attribution Reporting API's opt-in JS APIs and HTML attributes, or the document.browsingTopics() API, will now trigger console warnings ahead of their future removal. (d6ce47b) (7403da1)
The performance.interactionCount API, which allows websites to measure the total number of user interactions, is now enabled by default and considered a stable feature. (5937143)
The text-autospace CSS property, which provides typographic control over spacing between different scripts, is now enabled by default. (aa69938)
A new experimental API, streamAppendHTMLUnsafe(), has been added to Element and ShadowRoot. It returns a WritableStream for streaming HTML content into a container, controlled by the DocumentPatching runtime flag. (ac2a153)

Security & Privacy

Remote debugging security has been enhanced with a new 'approval-only' mode. When enabled, it disables all HTTP endpoints and requires each new WebSocket connection to be manually approved via a UI dialog. (7c12e9d) (0b9af34) (3d94716)
A new IncognitoModeBlocklist enterprise policy has been implemented. This allows administrators to set URL blocking rules that apply specifically to Incognito mode and take precedence over regular profile policies. (97821c4)
Work continues on Device-Bound Session Credentials (DBSC), with a new mojo proxy service to allow the sandboxed network process to access the Unexportable Key Service in the browser process. (18b3276) (690d4ed) (49778c4)
The loading of external XML entities is now more restricted by default to mitigate XXE vulnerabilities. The parser blocks external entities for general XML contexts while still allowing them for XSLT processing. (a4ebc5c)

Platform-Specific Updates

On Android, the android:extractNativeLibs flag has been removed from application manifests. This can improve installation time and reduce device storage usage as native libraries are no longer compressed within the APK. (658806c)
On Linux, the browser UI now respects the system-level GTK preference for whether middle-clicking in a text field pastes content from the selection clipboard. (6fa784e) (362c5e8)
On iOS, the Incognito SoftLock feature, which requires authentication to view Incognito tabs after leaving the app, has been enabled by default. This follows a major cleanup of legacy session storage code. (3b7b75f) (3903121) (0afdef0)

2025 Week 46

Open Standalone Page

Chromium Weekly: 2025 Week 46

Overview

This week in Chromium, development focused on significant internal refactoring, web platform advancements, and performance tuning. Out of 1184 total commits, 848 were analyzed, highlighting a major multi-day effort to remove Blink's `Supplementable` pattern for better performance and code health. Key user-facing changes include the removal of the non-standard `scroll-start` CSS property, the launch of the `ch-ua-high-entropy-values` permissions policy, and security enhancements to V8 and DNS-over-HTTPS.

Blink & Web Platform

⚠️ BREAKING BREAKING CHANGE: A massive, multi-day refactoring initiative continued to remove the internal Supplementable pattern from core Blink classes, including Document, LocalFrame, HTMLVideoElement, and Page. This shift from a hash-table to an array-based model improves performance and simplifies the object model, but may require updates for projects that patch Blink's internals. (a0c6dba) (cdd031f) (4acc768) (0d09159) (209a1e8) (0f63769)
⚠️ BREAKING BREAKING CHANGE: The non-standard scroll-start CSS property and its associated logic have been removed from the codebase. In a separate change, experimental CSS gap decoration properties were renamed to align with specifications, such as column-rule-outset becoming column-rule-inset. (c2d5dd2) (45245de)
The WebNN API continues to mature with groundwork for Windows support, where the browser will now attempt to automatically install the WinAppRuntime dependency. New command-line switches for testing and expanded test coverage for float16 data types were also added. (16ad7ec) (98e6bd5) (1ab6dab)
The ch-ua-high-entropy-values permissions policy has been launched, giving sites more granular control over User-Agent Client Hints. Additionally, the FedCmErrorAttribute feature for the FedCM API is now enabled by default. (e8fe18f) (bf364e8)
⚠️ BREAKING BREAKING CHANGE: The setHitTestRegions API for the experimental HTML-in-canvas feature has been removed. Hit testing is now always-on and driven by CSS transforms, simplifying the API. (3a9e6b2)

Performance & Rendering

Tab switching performance is set to improve with the new WebContentsObserver::OnVisibilityWillChange method, which allows a renderer's process priority to be boosted *before* a page becomes visible. (8da687b)
Renderer memory usage was reduced by implementing a cache for memory-mapped font files, preventing redundant mapping of the same font. (d66e867) (5812124)
Two critical correctness fixes landed in the Viz compositor, one ensuring property change flags are correctly synced to prevent incorrect damage calculations, and another fixing a crash related to browser control animations. (5c3f0d5) (5fe41f2)

Security & Privacy

V8 introduced a new 'site familiarity' heuristic that may disable certain optimizations on unfamiliar websites. This trades a small amount of performance for increased security and stability, based on browsing history and Safe Browsing data. (9beb380)
Secure DNS (DNS-over-HTTPS) in 'automatic' mode is now more robust. If a user's configured DNS provider does not support DoH, Chrome can now fall back to a well-known provider to ensure DNS queries remain encrypted. (76cab8c) (984ddf8)
New infrastructure for Private UMA (PUMA) was added. This system will collect privacy-preserving metrics with reduced system information and upload them to a separate endpoint from standard UMA. (23fdfe8) (1d3ac16)

Deprecations & Code Health

⚠️ BREAKING BREAKING CHANGE: Several features and APIs were removed, including the UI for ARC ADB Sideloading on ChromeOS, suggestion types for Autofill Plus Addresses, and the legacy Picture-in-Picture UI, which has been fully replaced by the modern 2024 controls. (6f1bec5) (69b5460) (272e694)
⚠️ BREAKING BREAKING CHANGE: As part of Project Bedrock's goal to decouple core components, several observers were migrated away from the global BrowserList to a per-profile model, requiring updates to downstream code. (0e5b5d1) (1f82c9e) (2577a13)
⚠️ BREAKING BREAKING CHANGE: The Plugin Service and AutofillDriver APIs were simplified. PluginService::GetPlugins is now synchronous, and AutofillDriver::ExtractForm was changed to ExtractFormWithField, requiring updates at all call sites. (f262f82) (5063b6a)