Google has released Chrome 137 that is bringing new features like integrated Gemini chatbot support for Windows and macOS, enhanced AI-powered phishing detection, and improved privacy protections. The update also removes the --load-extension flag for security reasons and discontinues SwiftShader fallback in WebGL for better system integrity. The update now available alongside a stable update to the open-source Chromium project. The Chromium project serves as Chrome’s foundation. Chrome includes additional features not found in Chromium, such as Google branding, automatic updates, DRM support, and crash reporting.
Advertisеment
Highlights
- Gemini chatbot integration for Windows and macOS users with AI Pro or Ultra subscriptions.
- Enhanced privacy through “blob:” URL isolation and HSTS cache tracking protection.
- Support for DTLS 1.3 in WebRTC for post-quantum encryption readiness.
- Removal of the
--load-extensionflag to prevent malicious extension installs. - Discontinued fallback to SwiftShader for WebGL on Linux and macOS; replaced with WARP on Windows.
- New CSS features including
if(),reading-flow, andshape(). - Introduction of the JSPI API for better WebAssembly and JavaScript integration.
- Chrome 137 also enhances security by fixing one vulnerability and improving sandboxing.
Let's dive into details.
What's new in Chrome 137
Gemini Chatbot Integration (Windows/macOS)
Google has integrated the Gemini chatbot into Chrome 137 for Windows and macOS. Gemini can explain page content and answer questions without leaving the current tab. It supports both text and voice input.
This feature is currently limited to U.S.-based users with Google AI Pro or Ultra subscriptions.
Blob URL Scheme Isolation
Similar to previous storage partitioning changes, Chrome now isolates how the "blob:" URL scheme behaves. This helps prevent cross-site tracking by binding local data access to the domain that initiated it.
Each object key now includes a domain-specific attribute, ensuring better privacy controls when using locally generated files via the Blob or File APIs.
Enhanced Browser Protection with AI
In Enhanced Protection mode (under Safe Browsing settings), Chrome now uses a client-side large language model to detect potentially fraudulent websites.
If suspicious content is detected, Chrome sends the findings to Google servers for further analysis. While this version only collects data, future releases will show warnings directly to users.
HSTS Cache Tracking Protection
Chrome now blocks hidden user identification through the HSTS cache.
Previously, sites could store bits of information by checking whether certain domains had been accessed over HTTPS. For example, a 32-bit identifier could be reconstructed based on which images loaded over HTTP or HTTPS.
Chrome now prevents HSTS updates in subresource requests, limiting them to top-level navigations only.
DTLS 1.3 Support for WebRTC
Chrome 137 adds support for DTLS 1.3, the latest Datagram Transport Layer Security protocol. This enables the use of post-quantum encryption algorithms in WebRTC connections.
Removal of "--load-extension" CLI Flag
To reduce the risk of malicious extension installation, Chrome has removed the --load-extension command-line option.
Developers who want to load unpacked extensions should now use the “Load Unpacked” button in the Extensions UI (chrome://extensions/) after enabling Developer Mode. This change does not affect Chromium builds or Chrome for Testing.
Discontinuation of SwiftShader Fallback for WebGL
Chrome no longer automatically falls back to SwiftShader, a software-based Vulkan renderer, when GPU acceleration is unavailable.
Instead of switching to SwiftShader, WebGL context creation will now fail gracefully. This improves security by avoiding JIT-generated code execution in GPU-related processes.
A new flag, --enable-unsafe-swiftshader, allows developers to re-enable SwiftShader if needed. On Linux and macOS, a console warning appears when SwiftShader is used in Chrome 137. In Chrome 138, the fallback will be fully disabled. On Windows, SwiftShader has already been replaced with WARP, a built-in software rendering system.
Autofill with AI
Chrome introduces a new setting called “Autofill with AI”, designed to simplify web form completion.
When enabled, the browser uses an AI model to understand the form structure and fills in fields based on previously completed entries.
Web Cryptography API Updates
The Web Cryptography API now supports cryptographic operations based on the Curve25519 elliptic curve, including the Ed25519 digital signature algorithm.
New CSS Features
Chrome 137 introduces several new CSS properties and functions:
- reading-flow: Controls element order in flex, grid, and block layouts for screen readers and sequential navigation.
- reading-order: Manually overrides element reading order.
- if() function: Selects values conditionally using a semicolon-separated list of “condition: value” pairs.
- shape() function for offset-path: Enables forming shapes using standard CSS syntax similar to the path() function but with simpler formatting.
JSPI API for WebAssembly
The new JavaScript Promise Integration (JSPI) API allows WebAssembly applications to work seamlessly with JavaScript Promises.
This enables WebAssembly programs to generate promises and interact with promise-based APIs.
Canvas API Improvements
The CanvasRenderingContext2D, OffscreenCanvasRenderingContext2D, and ImageData APIs now support pixel formats that use floating-point color components.
Experimental Rewriter and Writer APIs
Origin trials now include experimental Rewriter and Writer APIs. These let developers rewrite or generate text using large language models — for example, summarizing content or adjusting tone.
Web Developer Tools Enhancements
Web developer tools now support workspace binding, allowing changes made in the DevTools editor to be saved directly to local files.
The built-in AI assistant now also helps with CSS edits and performance analysis.
Security Updates
Chrome 137 fixes one vulnerability. Many issues were found using automated tools such as AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer, and AFL.
No critical flaws were discovered that would allow attackers to bypass Chrome's sandbox protections or execute arbitrary system code.
As part of its bug bounty program, Google awarded $7,500 across eight reports:
- One $4,000 reward
- One $2,000 reward
- One $1,000 reward
- One $500 reward
Four additional rewards are still pending evaluation.
For users who need more time to upgrade, Chrome offers an Extended Stable branch, supported for 8 weeks after release. The next major version, Chrome 138, is scheduled for release on June 24, 2025.
You will find the official announcement here.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
