What’s New in Chrome 83? Trusted Types, Form Controls, and Security Enhancements

Chrome 83 stable version was released, skipping Chrome 82.

Key Updates

Trusted Types – a new mechanism to prevent DOM‑based XSS by requiring safe handling of strings before they are assigned to dangerous sinks such as innerHTML. Enabling Trusted Types causes a TypeError when unsafe strings are used.

Form Controls Refresh – Chrome and Edge collaborated to improve the appearance and functionality of HTML form elements. New visual styles, better touch support, accessibility, and keyboard handling are introduced.

Cross‑Origin Isolation – Two new HTTP headers, Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy, create an isolated environment that mitigates Spectre‑like side‑channel attacks and protects APIs such as Performance.measureMemory() and the JS self‑profiling API.

Core Web Vitals (Network Life) – Emphasis on metrics that affect user experience: Largest Contentful Paint, First Input Delay, and Cumulative Layout Shift.

Memory Measurement API – The new performance.measureMemory() API helps detect memory usage and leaks.

Native File System API – A trial version adds writable streams and file‑handle persistence, allowing developers to write files directly and store handles in IndexedDB.

Code Examples

const elem = document.getElementById('myDiv');
// Trusted types enabled – this throws a TypeError
elem.innerHTML = `Hello, world!`;

// Using a safe function
elem.textContent = '';
// Using DOMPurify with trusted types
import DOMPurify from 'dompurify';
const str = `Hello, world!`;
elem.innerHTML = DOMPurify.sanitize(str, {RETURN_TRUSTED_TYPE: true});

async function writeURLToFile(fileHandle, url) {
  // Create a writable stream
  const writable = await fileHandle.createWritable();
  // Fetch the content
  const response = await fetch(url);
  // Pipe the response into the file
  await response.body.pipeTo(writable);
}

UI and Appearance Updates

Tab groups let users color‑code tabs for better multitasking. New generic form elements (progress bars, meters, range sliders, checkboxes, radio buttons) receive a refreshed look. Privacy and security settings have been reorganized, with default third‑party cookie blocking in incognito mode and a new eye‑icon indicating blocked cookies.

Additional Enhancements

Support for first‑level detection API and new CSS @supports functions.

Improved ARIA annotations for screen readers.

Preferred‑color‑scheme media query for dark‑mode control.

JavaScript now supports module sharing in service workers.

Google also offers a bug‑bounty program; recent discoveries have earned developers significant rewards.