New Update Chrome 97 is coming today with controversial Keyboard API feature

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Today, Chrome 97 is finally arriving in the Stable channel, with a notable feature being a new attribute in the Keyboard API, which is proving to be quite controversial.

Previously, some web apps like Excel, PowerPoint, and Word could not use the Keyboard API to identify which key has been pressed on a specific layout such as French or English. The addition of the "keyboard-map" value solves this problem and while web developers obviously support it, it has faced strong criticism from Apple's WebKit team and the development team at Mozilla. Both have voiced privacy concerns, saying that this API exposes a fingerprinting surface that can be used to identify and track you, especially if you're using a keyboard layout that is uncommon in a region. As such, the API change has been classified as "harmful" by Apple and Mozilla, and will not be implemented in Safari and Firefox, respectively.

Yet another change is that newline normalization in a form will now be done at a later stage in Chrome, which will align its behavior with Safari and Firefox which already do this. Additionally, CSS math functions can now accept a "number" value where previously only "integer" was supported. Similarly, the perspective CSS function now supports a "none" argument that resolves into the identity matrix so animations that utilize it can make use of it in an easier manner.

There is a new HTMLScriptElement.supports() method too. This enables developers to utilize a unified way to detect new features that use script elements. It's also easier to search from the last index of an Array using two new methods.

Another interesting feature in Chrome 97 is an enhancement to the communication protocols. Currently, developers use either WebSockets or RTCDataChannel when communicating bidirectionally with a remote server. The former is based on TCP which means that is not suitable for latency sensitive applications while the latter is based on SCTP, which is mainly designed for peer-to-peer communication. Google is now introducing a WebTransport protocol framework that tackles both these problems and supports bidirectional communication of reliable and unreliable data using cancelable streams and UDP-esque datagrams. There has been no signal from Apple yet but Mozilla has classified it as "worth prototyping", which is obviously a good sign.

Finally, a "name" attribute has been added to the "PermissionStatus" interface too so that it's easier to identify and differentiate between different objects of the Permissions API. Service workers handling navigation requests will now utilize the origin and redirect chain from "FetchEvent.request" as well.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057

Google Chrome 97 introduces controversial keyboard API​

Here is the official explanation of why the feature has been implemented:
getLayoutMap() used in conjunction with code solves the problem of identifying the actual key pressed in keyboard with different layout maps such as English vs French keyboards, but since getLayoutMap() isn't available in all contexts (can't be used inside iframes), Office web apps like Excel, Word, PowerPoint, etc. that show up as embedded experiences in Outlook Web, Teams, etc. and are running in iframes, can't use this API.
Adding keyboard-map to the allow attribute list solves this problem.
Google will implement the API in Chrome, but many other browsers, even those based on Chromium, won't implement it or will disable the API so that it can't be used by websites.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top