Chromium Blog: February 2012

. Instead, extensions must use out-of-line scripts loaded from within their package, such as . ","Extensions can no longer use eval(). Note: If you’re using eval to parse JSON today, we suggest using JSON.parse instead. ","Extensions can load plug-ins, such as SWF files, only from within their package or from a whitelist of HTTPS hosts. ","recent study","improve the security","These defenses are extremely effective: adopting one of the recommended CSPs would prevent 96% (49 out of 51) of the core extension vulnerabilities we found. ","a complete list","more details","extension documentation","mailing list","Posted by Adam Barth, Chrome Security Engineer","\n Google\n ","\n\nLabels:\n\n\n\nextensions\n\n\n ,\n \n\nsecurity\n\n\n","\nPwnium: rewards for exploits\n","\nMonday, February 27, 2012\n","once again","Chromium Security Rewards program","CanSecWest","Posted by Chris Evans and Justin Schuh, Google Chrome Security Team ","\n\nLabels:\n\n\n\nsecurity\n\n\n","\nTech preview of Chromium with Dart engine now available\n","\nThursday, February 16, 2012\n","Cross posted to the Google Code Blog","Dart","Dart VM into Chromium","Chromium + Dart VM","try Dart","let us know","Posted by Anton Muhin, Vijay Menon, and Pavel Podivilov, Software Engineers ","\n\nLabels:\n\n\n\ndart\n\n\n","\nChanges in Chrome Web Store categories system\n","\nTuesday, February 14, 2012\n","launched the Chrome Web Store","developer dashboard","Business Tools","Shopping","Lifestyle","developer site","developer forum","Posted by Jia Tam, Software Engineer","\n\nLabels:\n\n\n\nchrome web store\n\n\n","\nNew resources for Chrome Developers\n","\nMonday, February 13, 2012\n","Field Guide to Web Applications","HTML5Rocks.com","Games","Business","Mobil","HTML5 technology classes","Chrome Developers","Posted by Eric Bidelman & Pete LePage ","\nThe Future of JavaScript – take a peek today!\n","\nFriday, February 10, 2012\n","Harmony","dev channel","Lexical scoping. Now \"let\" is the new \"var\" – traditional \"var\" declarations are complemented with \"let\" and \"const\". Both are properly block-scoped bindings, eliminating a common source of errors and weird behaviour. Function declarations are now officially allowed in local scope as well, and also obey lexical scoping. (Note: Lexical scoping is only available in ES strict mode.)","Collections. Efficient maps and sets will make your life easier. Any value can be used as a key or element, including objects. No surprises, no more need to abuse objects as dictionaries. (Caveat: Iteration over collections is not yet specified.)","Weak maps. A special kind of map for which the garbage collector determines when a key is no longer reachable, so that the key-value pair can be removed from the map automatically. This goes a long way towards avoiding memory leaks in long-lived tables and relieves the developer from worrying about stale entries.","Proxies. A proxy simulates a JavaScript object or function, and can customize just about any aspect of their behaviour that you can imagine. This is a real power feature, that takes reflection to a new level and can be used to implement various advanced abstractions and interfaces. ","a lot more","Experimental JavaScript features","feedback","Posted by Andreas Rossberg and Michael Starzinger, Software Engineers","\n\nLabels:\n\n\n\njavascript\n\n\n","\nGPU accelerating 2D Canvas and enabling 3D content for older GPUs\n","\nThursday, February 9, 2012\n","Beta release","Canvas","chrome://gpu","file a bug","recognize","WebGL","SwiftShader","--blacklist-accelerated-compositing","--blacklist-webgl","Beta","Posted by John Bauman and Brian Salomon, Software and Pixel Engineers","\nExpanding the Chromium Security Rewards Program\n","first announced","well over $300,000 of rewards","vulnerability reward program","a big hit","High-severity Chromium OS security bugs are now in scope. Chromium OS includes much more than just the Chromium browser, so we’re rewarding security bugs across the whole system, as long as they are high severity and present when “developer mode” is switched off. Examples of issues that may generate a reward could include (but are not limited to): ","Renderer sandbox escapes via Linux kernel bugs. ","Memory corruptions or cross-origin issues inside the Pepper Flash plug-in. ","Serious cross-origin or memory corruption issues in default-installed apps, extensions or plug-ins. ","Violations of the verified boot path. ","Web- or network-reachable vulnerabilities in system libraries, daemons or drivers.","Chromium OS bug tracker","Chromium bug tracker","We may elect to issue “bonuses” ranging from $500 to $1000 if a bug reporter takes on fixing the bug they have found themselves. For eligibility, this process involves working with the Chromium community to produce a peer reviewed patch. These bonuses are granted on top of the base reward, which typically runs between $500 and $3133.70. ","The base reward for a well-reported and significant cross-origin bug (for example a so-called UXSS or “Universal XSS”) is now $2000. ","core security principles","Posted by Chris Evans, Google Chrome Security","\nA deeper look at Chrome for Android\n","\nTuesday, February 7, 2012\n","we introduced","innovative features","HTML5 features","remote debugging","Chrome Developer Tools","issue tracker","Posted by Arnaud Weber, Engineering Manager, Chrome ","\n\nLabels:\n\n\n\nmobile\n\n\n","\n\n\n \n \n\n\n\n\n \n \n\n\n\n\n\n \n \n\n\n","\nLabels\n","\n \n ","\n\n$200K\n\n\n1\n\n","\n\n10th birthday\n\n\n4\n\n","\n\nabusive ads\n\n\n1\n\n","\n\nabusive notifications\n\n\n2\n\n","\n\naccessibility\n\n\n3\n\n","\n\nad blockers\n\n\n1\n\n","\n\nad blocking\n\n\n2\n\n","\n\nadvanced capabilities\n\n\n1\n\n","\n\nandroid\n\n\n2\n\n","\n\nanti abuse\n\n\n1\n\n","\n\nanti-deception\n\n\n1\n\n","\n\nbackground periodic sync\n\n\n1\n\n","\n\nbadging\n\n\n1\n\n","\n\nbenchmarks\n\n\n1\n\n","\n\nbeta\n\n\n83\n\n","\n\nbetter ads standards\n\n\n1\n\n","\n\nbilling\n\n\n1\n\n","\n\nbirthday\n\n\n4\n\n","\n\nblink\n\n\n2\n\n","\n\nbrowser\n\n\n2\n\n","\n\nbrowser interoperability\n\n\n1\n\n","\n\nbundles\n\n\n1\n\n","\n\ncapabilities\n\n\n6\n\n","\n\ncapable web\n\n\n1\n\n","\n\ncds\n\n\n1\n\n","\n\ncds18\n\n\n2\n\n","\n\ncds2018\n\n\n1\n\n","\n\nchrome\n\n\n35\n\n","\n\nchrome 81\n\n\n1\n\n","\n\nchrome 83\n\n\n2\n\n","\n\nchrome 84\n\n\n2\n\n","\n\nchrome ads\n\n\n1\n\n","\n\nchrome apps\n\n\n5\n\n","\n\nChrome dev\n\n\n1\n\n","\n\nchrome dev summit\n\n\n1\n\n","\n\nchrome dev summit 2018\n\n\n1\n\n","\n\nchrome dev summit 2019\n\n\n1\n\n","\n\nchrome developer\n\n\n1\n\n","\n\nChrome Developer Center\n\n\n1\n\n","\n\nchrome developer summit\n\n\n1\n\n","\n\nchrome devtools\n\n\n1\n\n","\n\nChrome extension\n\n\n1\n\n","\n\nchrome extensions\n\n\n3\n\n","\n\nChrome Frame\n\n\n1\n\n","\n\nChrome lite\n\n\n1\n\n","\n\nChrome on Android\n\n\n2\n\n","\n\nchrome on ios\n\n\n1\n\n","\n\nChrome on Mac\n\n\n1\n\n","\n\nChrome OS\n\n\n1\n\n","\n\nchrome privacy\n\n\n4\n\n","\n\nchrome releases\n\n\n1\n\n","\n\nchrome security\n\n\n10\n\n","\n\nchrome web store\n\n\n32\n\n","\n\nchromedevtools\n\n\n1\n\n","\n\nchromeframe\n\n\n3\n\n","\n\nchromeos\n\n\n4\n\n","\n\nchromeos.dev\n\n\n1\n\n","\n\nchromium\n\n\n9\n\n","\n\ncloud print\n\n\n1\n\n","\n\ncoalition\n\n\n1\n\n","\n\ncoalition for better ads\n\n\n1\n\n","\n\ncontact picker\n\n\n1\n\n","\n\ncontent indexing\n\n\n1\n\n","\n\ncookies\n\n\n1\n\n","\n\ncore web vitals\n\n\n2\n\n","\n\ncsrf\n\n\n1\n\n","\n\ncss\n\n\n1\n\n","\n\ncumulative layout shift\n\n\n1\n\n","\n\ncustom tabs\n\n\n1\n\n","\n\ndart\n\n\n8\n\n","\n\ndashboard\n\n\n1\n\n","\n\nData Saver\n\n\n3\n\n","\n\nData saver desktop extension\n\n\n1\n\n","\n\nday 2\n\n\n1\n\n","\n\ndeceptive installation\n\n\n1\n\n","\n\ndeclarative net request api\n\n\n1\n\n","\n\ndesign\n\n\n2\n\n","\n\ndeveloper dashboard\n\n\n1\n\n","\n\nDeveloper Program Policy\n\n\n2\n\n","\n\ndeveloper website\n\n\n1\n\n","\n\ndevtools\n\n\n13\n\n","\n\ndigital event\n\n\n1\n\n","\n\ndiscoverability\n\n\n1\n\n","\n\nDNS-over-HTTPS\n\n\n4\n\n","\n\nDoH\n\n\n4\n\n","\n\nemoji\n\n\n1\n\n","\n\nemscriptem\n\n\n1\n\n","\n\nenterprise\n\n\n1\n\n","\n\nextensions\n\n\n27\n\n","\n\nFast badging\n\n\n1\n\n","\n\nfaster web\n\n\n1\n\n","\n\nfeatures\n\n\n1\n\n","\n\nfeedback\n\n\n2\n\n","\n\nfield data\n\n\n1\n\n","\n\nfirst input delay\n\n\n1\n\n","\n\nFollow\n\n\n1\n\n","\n\nfonts\n\n\n1\n\n","\n\nform controls\n\n\n1\n\n","\n\nframeworks\n\n\n1\n\n","\n\nfugu\n\n\n2\n\n","\n\nfund\n\n\n1\n\n","\n\nfunding\n\n\n1\n\n","\n\ngdd\n\n\n1\n\n","\n\ngoogle earth\n\n\n1\n\n","\n\ngoogle event\n\n\n1\n\n","\n\ngoogle io 2019\n\n\n1\n\n","\n\ngoogle web developer\n\n\n1\n\n","\n\ngooglechrome\n\n\n12\n\n","\n\nharmful ads\n\n\n1\n\n","\n\nhtml5\n\n\n11\n\n","\n\nHTTP/3\n\n\n1\n\n","\n\nHTTPS\n\n\n4\n\n","\n\niframes\n\n\n1\n\n","\n\nimages\n\n\n1\n\n","\n\nincognito\n\n\n1\n\n","\n\ninsecure forms\n\n\n1\n\n","\n\nintent to explain\n\n\n1\n\n","\n\nios\n\n\n1\n\n","\n\nios Chrome\n\n\n1\n\n","\n\nissue tracker\n\n\n3\n\n","\n\njank\n\n\n1\n\n","\n\njavascript\n\n\n5\n\n","\n\nlab data\n\n\n1\n\n","\n\nlabelling\n\n\n1\n\n","\n\nlargest contentful paint\n\n\n1\n\n","\n\nlaunch\n\n\n1\n\n","\n\nlazy-loading\n\n\n1\n\n","\n\nlighthouse\n\n\n2\n\n","\n\nlinux\n\n\n2\n\n","\n\nLite Mode\n\n\n2\n\n","\n\nLite pages\n\n\n1\n\n","\n\nloading interventions\n\n\n1\n\n","\n\nloading optimizations\n\n\n1\n\n","\n\nlock icon\n\n\n1\n\n","\n\nlong-tail\n\n\n1\n\n","\n\nmac\n\n\n1\n\n","\n\nmanifest v3\n\n\n2\n\n","\n\nmetrics\n\n\n2\n\n","\n\nmicrosoft edge\n\n\n1\n\n","\n\nmixed forms\n\n\n1\n\n","\n\nmobile\n\n\n2\n\n","\n\nna\n\n\n1\n\n","\n\nnative client\n\n\n8\n\n","\n\nnative file system\n\n\n1\n\n","\n\nNew Features\n\n\n5\n\n","\n\nnotifications\n\n\n1\n\n","\n\noctane\n\n\n1\n\n","\n\nopen web\n\n\n4\n\n","\n\norigin trials\n\n\n2\n\n","\n\npagespeed insights\n\n\n1\n\n","\n\npagespeedinsights\n\n\n1\n\n","\n\npasswords\n\n\n1\n\n","\n\npayment handler\n\n\n1\n\n","\n\npayment request\n\n\n1\n\n","\n\npayments\n\n\n2\n\n","\n\nperformance\n\n\n20\n\n","\n\nperformance tools\n\n\n1\n\n","\n\npermission UI\n\n\n1\n\n","\n\npermissions\n\n\n1\n\n","\n\nplay store\n\n\n1\n\n","\n\nportals\n\n\n3\n\n","\n\nprefetching\n\n\n1\n\n","\n\nprivacy\n\n\n2\n\n","\n\nprivacy sandbox\n\n\n4\n\n","\n\nprivate prefetch proxy\n\n\n1\n\n","\n\nprofile guided optimization\n\n\n1\n\n","\n\nprogressive web apps\n\n\n2\n\n","\n\nProject Strobe\n\n\n1\n\n","\n\nprotection\n\n\n1\n\n","\n\npwa\n\n\n1\n\n","\n\nQUIC\n\n\n1\n\n","\n\nquieter permissions\n\n\n1\n\n","\n\nreleases\n\n\n3\n\n","\n\nremovals\n\n\n1\n\n","\n\nrlz\n\n\n1\n\n","\n\nroot program\n\n\n1\n\n","\n\nsafe browsing\n\n\n2\n\n","\n\nSecure DNS\n\n\n2\n\n","\n\nsecurity\n\n\n36\n\n","\n\nsite isolation\n\n\n1\n\n","\n\nslow loading\n\n\n1\n\n","\n\nsms receiver\n\n\n1\n\n","\n\nspam policy\n\n\n1\n\n","\n\nspdy\n\n\n2\n\n","\n\nspectre\n\n\n1\n\n","\n\nspeed\n\n\n4\n\n","\n\nssl\n\n\n2\n\n","\n\nstore listing\n\n\n1\n\n","\n\nstrobe\n\n\n2\n\n","\n\nsubscription pages\n\n\n1\n\n","\n\nsuspicious site reporter extension\n\n\n1\n\n","\n\nTCP\n\n\n1\n\n","\n\nthe fast and the curious\n\n\n23\n\n","\n\nTLS\n\n\n1\n\n","\n\ntools\n\n\n1\n\n","\n\ntracing\n\n\n1\n\n","\n\ntransparency\n\n\n1\n\n","\n\ntrusted web activities\n\n\n1\n\n","\n\ntwa\n\n\n2\n\n","\n\nuser agent string\n\n\n1\n\n","\n\nuser data policy\n\n\n1\n\n","\n\nv8\n\n\n6\n\n","\n\nvideo\n\n\n2\n\n","\n\nwasm\n\n\n1\n\n","\n\nweb\n\n\n1\n\n","\n\nweb apps\n\n\n1\n\n","\n\nweb assembly\n\n\n2\n\n","\n\nweb developers\n\n\n1\n\n","\n\nweb intents\n\n\n1\n\n","\n\nweb packaging\n\n\n1\n\n","\n\nweb payments\n\n\n1\n\n","\n\nweb platform\n\n\n1\n\n","\n\nweb request api\n\n\n1\n\n","\n\nweb vitals\n\n\n1\n\n","\n\nweb.dev\n\n\n1\n\n","\n\nweb.dev live\n\n\n1\n\n","\n\nwebapi\n\n\n1\n\n","\n\nwebassembly\n\n\n1\n\n","\n\nwebaudio\n\n\n3\n\n","\n\nwebgl\n\n\n7\n\n","\n\nwebkit\n\n\n5\n\n","\n\nWebM\n\n\n1\n\n","\n\nwebmaster\n\n\n1\n\n","\n\nwebp\n\n\n5\n\n","\n\nwebrtc\n\n\n6\n\n","\n\nwebsockets\n\n\n5\n\n","\n\nwebtiming\n\n\n1\n\n","\n\nwritable-files\n\n\n1\n\n","\n\nyerba beuna center for the arts\n\n\n1\n\n","\n \n ","\nArchive\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2024\n\n","\nJun\n","\nMay\n","\nApr\n","\nMar\n","\nFeb\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2023\n\n","\nNov\n","\nOct\n","\nSep\n","\nAug\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2022\n\n","\nDec\n","\nJan\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2021\n\n","\nJul\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2020\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2019\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2018\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2017\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2016\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2015\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2014\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2013\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2012\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2011\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2010\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2009\n\n","\n\n\n \n \n\n\n\n\n \n \n \n \n\n\n\n2008\n\n","Feed","Follow @ChromiumDev","\nGive us feedback in our Product Forums.\n","\n Google\n ","\n Privacy\n ","\n Terms\n "]}