This article is more than 1 year old

Chrome 89 beta: Google presses on with 'advanced hardware interactions' that Mozilla, Apple see as harmful

Adding Serial API, Web NFC support, richer human interface device support

Google has released a beta of Chrome 89, adding further hardware interaction APIs even though Mozilla and Apple consider many of these features harmful, as well as introducing a desktop-sharing API for Windows and Chrome OS.

New features in Chrome 89 to interact with hardware begin with the WebHID (Human Interface Devices) API, which lets developers write JavaScript to communicate with devices such as gamepads or keyboards using device-specific logic, rather than relying on the devices to implement standard APIs like the Gamepad API.

"The inability to access uncommon or unusual HID devices is particularly painful, for example, when it comes to gamepad support. Gamepad inputs and outputs are not well standardized and web browsers often require custom logic for specific devices. This is unsustainable and results in poor support for the long tail of older and uncommon devices," said Google's Chromium team.

The new web sharing dialog on Windows. The detail will vary depending on which applications have registered with the operating system.

The new web sharing dialog on Windows. The detail will vary depending on which applications have registered with the operating system

Chrome 89 also supports Web NFC (Near Field Communications), meaning that web applications can read and write NFC tags. Applications include things like scanning badges at events, provisioning services, or directing users to additional content.

Another new feature is the Web Serial API, which enables direct communication between web applications and devices with serial ports. This is in addition to the WebUSB API, which has been supported since Chrome 61 – but is not supported in Firefox or Safari for security and privacy reasons. More on this below.

Web-sharing APIs already implemented for Chrome on Android (since Chrome 75) have now been added on Windows and Chrome OS. The idea is to replace the little buttons optimistic websites display for sharing content to Twitter, Facebook, and the like, with a single Share button that calls the operating system's sharing feature.

The feature also allows sharing files such as picture or plain text documents (the range of file extensions supported is limited). Firefox does not support web sharing, but it is in Microsoft Edge (81 and higher) and Safari (12.1 and higher on macOS, 12.2 on iOS).

Native support for decoding AVIF images has been added to Chrome on Android (it was already in desktop Chrome). There are also some CSS tweaks. The V8 JavaScript engine is updated to 8.9 and now has top-level await, which improves the process for importing JavaScript modules.

Mozilla states its position on 'harmful' APIs such as WebUSB – but users may just think Firefox is broken.

Mozilla states its position on 'harmful' APIs such as WebUSB – but users may just think Firefox is broken

Enhanced device support in Chrome further closes the gap between web and native applications but also increases the potential attack surface. Mozilla's current standards position on the WebUSB API, for example, is that it is harmful.

To that end, it has said that "because many USB devices are not designed to handle potentially malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent."

Other APIs considered harmful by Mozilla include the Serial API and Web NFC.

The difficulty is that when users find features supported by Chrome that do not work in Mozilla's Firefox they may simply regard Firefox as broken and it becomes another factor in Chrome’s dominance. See for example this GitHub issue on WebADB, an application which lets you access the Android debug API from a browser. It is hard to communicate to users that a feature may be missing for their protection.

Apple's WebKit team is also opposed to many of these APIs, including Web NFC, Web HID, Serial API and WebUSB, "due to fingerprinting, security, and other concerns". ®

More about

TIP US OFF

Send us news


Other stories you might like