Chrome 89 beta: Google presses on with 'advanced hardware interactions' that Mozilla, Apple see as harmful
Adding Serial API, Web NFC support, richer human interface device support
Google has released a beta of Chrome 89, adding further hardware interaction APIs even though Mozilla and Apple consider many of these features harmful, as well as introducing a desktop-sharing API for Windows and Chrome OS.
"The inability to access uncommon or unusual HID devices is particularly painful, for example, when it comes to gamepad support. Gamepad inputs and outputs are not well standardized and web browsers often require custom logic for specific devices. This is unsustainable and results in poor support for the long tail of older and uncommon devices," said Google's Chromium team.
The new web sharing dialog on Windows. The detail will vary depending on which applications have registered with the operating system
Chrome 89 also supports Web NFC (Near Field Communications), meaning that web applications can read and write NFC tags. Applications include things like scanning badges at events, provisioning services, or directing users to additional content.
Another new feature is the Web Serial API, which enables direct communication between web applications and devices with serial ports. This is in addition to the WebUSB API, which has been supported since Chrome 61 – but is not supported in Firefox or Safari for security and privacy reasons. More on this below.
Web-sharing APIs already implemented for Chrome on Android (since Chrome 75) have now been added on Windows and Chrome OS. The idea is to replace the little buttons optimistic websites display for sharing content to Twitter, Facebook, and the like, with a single Share button that calls the operating system's sharing feature.
The feature also allows sharing files such as picture or plain text documents (the range of file extensions supported is limited). Firefox does not support web sharing, but it is in Microsoft Edge (81 and higher) and Safari (12.1 and higher on macOS, 12.2 on iOS).
Mozilla states its position on 'harmful' APIs such as WebUSB – but users may just think Firefox is broken
Enhanced device support in Chrome further closes the gap between web and native applications but also increases the potential attack surface. Mozilla's current standards position on the WebUSB API, for example, is that it is harmful.
To that end, it has said that "because many USB devices are not designed to handle potentially malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent."
Other APIs considered harmful by Mozilla include the Serial API and Web NFC.
The difficulty is that when users find features supported by Chrome that do not work in Mozilla's Firefox they may simply regard Firefox as broken and it becomes another factor in Chrome’s dominance. See for example this GitHub issue on WebADB, an application which lets you access the Android debug API from a browser. It is hard to communicate to users that a feature may be missing for their protection.
Apple's WebKit team is also opposed to many of these APIs, including Web NFC, Web HID, Serial API and WebUSB, "due to fingerprinting, security, and other concerns". ®