Chrome 83 arrives with redesigned security settings, third-party cookies blocked in Incognito

Google today launched Chrome 83 for Windows, Mac, Linux, Android, and iOS. Chrome 83 includes redesigned safety and privacy settings, third-party cookies blocked in Incognito mode, and more developer features. You can update to the latest version now using Chrome’s built-in updater or download it directly from

With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome’s regular additions and changes, developers have to stay on top of everything available — as well as what has been deprecated or removed. Among other things, Chrome 83 removes downloads in sandboxed iframes.

Chrome 83 is arriving early. When the coronavirus crisis took hold, millions found themselves spending more time in their browsers as they learn and work from home. But the crisis is also impacting software developers. Google paused Chrome releases, ultimately delaying Chrome 81, skipping Chrome 82 altogether, and moving Chrome 83 up a few weeks. Microsoft followed suit with Edge’s release schedule, consistent with Google’s open source Chromium project, which both Chrome and Edge are based on. Mozilla meanwhile committed to not changing Firefox’s release schedule, which sees a new version every four weeks.

Privacy and security settings on desktop

Chrome settings redesigned

Chrome settings redesigned

VB Transform 2020 Online – July 15-17. Join leading AI executives:
Register for the free livestream.

Chrome 83 redesigns the privacy and security settings on desktop with simplified language and visuals. Here’s the breakdown:

  • Cookie changes: You can choose if and how cookies are used by websites you visit, with options to block third-party cookies in regular or Incognito mode, and to block all cookies on some or all websites.
  • Site Settings: The controls are reorganized into two distinct sections to help you find the most sensitive website permissions (access to your location, camera or microphone, and notifications) and most recent permissions activity.
  • You and Google: At the top of Chrome settings, this section (previously called People) shows your sync controls. These controls put you in charge of what data is shared with Google to store in your Google Account and made available across all your devices.
  • Clear browsing data: Because many people regularly delete their browsing history, this is now at the top of the Privacy & Security section.

Speaking of moving things around, there’s a new puzzle icon for your extensions on your toolbar. You can use it to control what data extensions can access on sites you visit. You can still your favorite extensions to the toolbar.

Chrome extensions icon

Chrome extensions icon

There is also a new safety check in settings, which will tell you if the passwords you’ve asked Chrome to remember have been compromised, and if so, how to fix them. It will also flag if Google’s Safe Browsing service is turned off, if your Chrome version is up-to-date, and whether malicious extensions are installed.

Enhanced Safe Browsing protection and Secure DNS

Google’s Safe Browsing service protects over 4 billion devices by providing lists of URLs that contain malware or phishing content to Chrome, Firefox, and Safari browsers, as well as to internet service providers (ISPs). Enhanced Safe Browsing is supposed to take things a step furtherwith more proactive and tailored protections from phishing, malware, and other web-based threats. If you turn it on, Chrome proactively checks whether pages and downloads are dangerous by sending information about them to Google Safe Browsing.

Google Chrome Enhanced Safe Browsing

Google Chrome Enhanced Safe Browsing

If you’re signed in to Chrome, Enhanced Safe Browsing will further protect your data in Google apps you use (Gmail, Drive, etc.) “based on a holistic view of threats you encounter on the web and attacks against your Google Account.” Over the next year, Google plans to add more protections to this mode including tailored warnings for phishing sites and file downloads, and cross-product alerts.

Chrome Secure DNS

Chrome Secure DNS

When you try to open a website, your browser first needs to determine which server is hosting it via a DNS (Domain Name System) lookup. Chrome’s new Secure DNS feature uses DNS-over-HTTPS to encrypt this step so attackers can’t see what sites you visit and send you to phishing websites. Chrome 83 will automatically upgrade you to DNS-over-HTTPS if your current service provider supports it (you can disable this or configure a different secure DNS provider in the Advanced security section).

Third-party cookies blocked in Incognito

In Incognito mode, Chrome doesn’t save your browsing history, information entered in forms, or browser cookies. Starting with Chrome 83, the browser blocks third-party cookies by default within each Incognito session. You can allow third-party cookies for specific sites by clicking the “eye” icon in the address bar. You might not see this feature right away — it’s rolling out gradually across Windows, Mac, Linux, and Android.

Chrome incognito third-party cookies

Chrome incognito third-party cookies

Google is playing catch up here. Mozilla has been experimenting with blocking third-party cookies in Firefox’s private browsing mode since November 2015. The company went further in June 2019, blocking third-party cookies by default in all browser sessions, not just private mode.

Android and iOS

Chrome 83 for Android is rolling out slowly on Google Play. The changelog isn’t available yet — it merely states that “This release includes stability and performance improvements.”

Chrome 83 for iOS is out on Apple’s App Store. The changelog isn’t out yet.

Developer features

Chrome 83 also includes the latest V8 JavaScript engine. Version 8.3 brings performance improvements: Faster ArrayBuffer tracking in the garbage collector and bigger Wasm memories. Google has also deprecated experimental WeakRefs and FinalizationRegistry APIs. Check out the full changelog for more information.

Other developer features in this release include:

  • ARIA Annotations: New ARIA annotations support screen reader accessibility for comments, suggestions, and text highlights with semantic meanings (similar to <mark>). Additionally, related information can now be tied semantically to an element allowing descriptions, definitions, footnotes and comments to be tied to another element.
  • ‘auto’ keyword for ‘-webkit-appearance’ CSS property: The -webkit-appearance CSS property has a new auto keyword, which indicates the default appearance of the target element. This is a step on the way towards replacing the non-standard -webkit-appearance property with a future fully standardized appearance property.
  • Barcode Detection API: Chrome now supports the Barcode Detection API, a subset of the Shape Detection API which provides the ability to detect and decode barcodes in an image provided by a script. The image may come from any type of image buffer source such as an <image>, <video> or <canvas> tag. Previously supporting barcode detection on a web page required inclusion of a large third-party library. This API is only available on devices with Google Play Services installed and is not available on uncertified devices.
  • CSS contain-intrinsic-size: The contain-intrinsic-size property allows developers to specify a placeholder size which would be used while contain: size is applied. With contain-intrinsic-size specified, elements lay out as if they had a single child with fixed size, the one specified by this property, unless they have an explicit width/height.
  • The motivation for the property is to provide a placeholder sizing for subtree content which is either not yet available or not rendered. There was previously no way to provide this other than sizing the element itself which may not be desirable as it affects how the element lays out in its container. Examples are available from the WICG.
  • CSS Color Adjust: Many operating systems now have a “dark mode” preference. Some browsers already offer an option to transform web pages into a dark theme. The prefers-color-scheme media query lets authors support their own dark theme so they have full control over experiences they build. The meta tag lets a site explicitly opt-in to fully supporting a dark theme so that the browser loads a different user agent sheet and not ever apply transformations.
  • display:inline-grid/grid/inline-flex/flex for <button>: The display keywords inline-grid, grid, inline-flex, and flex now function with the <button> element when the align property is applied. (Demo)
  • ES Modules for shared workers (‘module’ type option): JavaScript now supports modules in shared workers. Setting module type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available in worker contexts. With this feature, web developers can more easily write programs in a composable way and share them among a page and workers.
  • Improvements to font-display: A few changes have been made to the way font-display works on Chrome. Setting font-display to optional no longer causes relayout. Web font preloading is allowed to slightly block rendering (for all font-display values), so that if the font loads fast enough, Chrome doesn’t need to render with fallback.
  • IndexedDB relaxed durability transactions: IDBDatabase.transaction() now accepts an optional durability argument to control flushing of data to storage. This allows developers to explicitly trade off durability for performance. Previously after writing an IndexedDB transaction, Firefox did not flush to disk but Chrome did. This provided increased durability by guaranteeing that data is written to the device’s disk rather than merely to an intermediate OS cache. Unfortunately, this comes with a significant performance cost. Valid options are "default", "strict", and "relaxed". The "default" option uses whatever behavior is provided by the user agent and is currently the default. An example is shown below. The current value may be read using IDBTransaction.durability.
  • Out-Of-Renderer Cross-Origin Resource Sharing: Out-Of-Renderer Cross-Origin Resource Sharing (OOR-CORS) is a new CORS implementation that inspects network accesses. Chrome’s previous CORS implementation was only available to Blink core parts, XHR and Fetch APIs, while a simplified implementation was used in other parts of the application. HTTP requests made by some internal modules could not be inspected for CORS at all. The new implementation addresses these shortcomings.
  • Reversed range for <input type=time>: Chrome now supports reversed ranges for <input> elements whose type is time, allowing developers to express time inputs that cross midnight. A reversed range is one where the maximum is less than the minimum. In this state, the input allows values that are less than the minimum or greater than the maximum, but not between them. This functionality has been in the specification for many years, but has not yet been implemented in Chrome.
  • Support “JIS-B5” and “JIS-B4” @page: Chrome now supports two page sizes for the @page rule, both listed in the CSS Paged Media Module Level 3 spec.
  • @supports selector() feature query function: The new @supports function provides feature detection for CSS selectors. Web authors can use this feature to query whether the UA supports the selector before they actually try to apply the specified style rules matching the selector.
  • RTCPeerConnection.canTrickleIceCandidates: The canTrickleIceCandidates boolean property indicates whether a remote peer is capable of handling trickle candidates. It exposes information from the SDP session description.
  • RTCRtpEncodingParameters.maxFramerate: This encoding parameter allows developers to limit the framerate on a video layer before sending. Use RTCRtpSender.setParameters() to set the new framerate, which takes effect after the current picture is complete. read it back using RTCRtpEncodingParameters.maxFramerate. Setting maxFramerate to 0 freezes the video on the next frame.
  • RTCRtpSendParameters.degradationPreference: A new attribute for RTCRtpSendParameters called degradationPreference allows developers to control how quality degrades when constraints such as bandwidth or CPU prevent encoding at the configured frame rate and resolution. For example, on a screen share app, users will probably prefer screen legibility over animations. On a video conference users likely prefer a smooth frame rate over a higher resolution. Valid values for degradationPreference are "maintain-framerate", "maintain-resolution", and "balanced".
  • WebXR DOM Overlay: DOM overlay is a feature for immersive AR on handheld devices that lets two-dimensional page content be shown as an interactive transparent layer on top of the WebXR content and camera image. With this feature, developers can use the DOM to create user interfaces for WebXR experiences. For VR, inline sessions are by definition within the DOM. For AR, though, there is no inline mode making this particularly important for certain use cases. To try the feature use one of the two samples in Chrome 83. This feature is currently only available on ARCore-based handheld devices.

For a full rundown of what’s new, check out the Chrome 83 milestone hotlist.

Google releases a new version of its browser every six weeks or so. But the schedule is a little hectic nowadays. Chrome 84 will arrive in mid-July.