What Changed in Blink: Chromium 131 → 132
Blink EngineWhy This Matters
Blink is the rendering engine behind Chrome, Edge, Opera, Brave, Vivaldi, and virtually every Chromium-based browser — which together account for roughly 70% of all web traffic. When Blink changes, the web changes. A single commit here can affect billions of page loads per day.
Between versions 131 and 132, the Blink team landed 1,329 commits from 307 contributors, referencing 933 bug reports. This cycle brought significant work on the customizable <select> element, CSS list item ordinal fixes, IndexedDB modernization, and compositor warm-up optimizations. Here’s the breakdown.
At a Glance
| Metric | Count |
|---|---|
| Total commits | 1,329 |
| Areas touched | 8 |
| Bugs referenced | 933 |
| Contributors | 307 |
CSS
CSS saw 320 changes — the largest category. The ListItemOrdinal system received two important fixes: ordinal values no longer get unnecessarily updated when a counter-set CSS property is present, and the explicit value is now correctly used when counter-set is set to empty. These may sound arcane, but they fix real-world bugs in numbered lists with custom counters.
CSS animations got a subtle but impactful fix for unintended behavior when animating to or from an underlying auto height or width — a common pain point for developers doing height transitions. The nesting selector (:is(), :has()) saw an assertion fix when :scope is used inside :has(), closing a crash-inducing edge case. Scroll paint properties were improved with ScrollPaintPropertyNode::OverflowClipNode being used more consistently in cull rect calculations.
The team also expanded WebDX feature mappings for text-wrap, text-wrap-style, and text-emphasis, improving how Chrome tracks adoption of these newer CSS properties. Table fragmentation continued to be gardened with flaky print-mode tests disabled while longer-term fixes are developed. The DocumentFragment optimization for ChildNode/ParentNode methods eliminates an unnecessary intermediate parent, slightly improving DOM manipulation performance for CSS-driven layouts.
320 total changes. Browse CSS commits →
DOM & HTML
DOM & HTML was a close second with 304 changes. The customizable <select> element made significant progress: the mutation observer is now scoped to size==1, non-multiple <select> elements and properly tied to element attachment — a crucial optimization that prevents unnecessary observation overhead on traditional multi-select elements.
A separate feature flag for ariaOwnsElements was added, decoupling it from the broader AOMAriaRelationshipProperties feature. This granular control lets the team ship ARIA relationship improvements independently, reducing risk. The plugin element (<object>, <embed>) received a safety fix that verifies subframe URLs are valid and loadable before proceeding — closing a potential navigation loophole.
The spanification campaign continued aggressively in this layer, touching image decoders, dark mode classifiers, compositing reasons, and the HTML entity parser. Each conversion replaces a raw pointer with a bounds-checked span, incrementally improving Blink’s memory safety posture.
304 total changes. Browse DOM & HTML commits →
JavaScript / Web APIs
JavaScript internals received 131 changes centered on promise system modernization. The team replaced ScriptPromiseResolver<IDLPromise<T>> with the simpler ScriptPromiseResolver<T> — a welcome simplification that reduces template nesting. The StreamPromiseThen() utility was deprecated in favor of ScriptPromise<>::Then/React where conversions are straightforward, making promise chains easier to follow.
TransferableStream got its Then() usage properly typed, and promises were threaded more consistently through UnderlyingSourceBase. The Shadow Realm implementation had test expectations repaired after WPT importer damage, and the ExceptionState system continued its evolution with message_ and code_ moving to DummyExceptionStateForTesting.
The DevTools dedicated worker agent host lifecycle was improved: it’s now only kept alive when PlzDedicatedWorker is disabled, reducing resource usage in the common case. And ThenCallable now always applies exception context when throwing, closing a gap in error reporting.
131 total changes. Browse JavaScript commits →
Web Platform APIs
Web APIs saw 150 changes with important developer-facing additions. IndexedDB was refactored to support getAllRecords() alongside the existing getAll() and getAllKeys() — a long-requested feature that lets developers retrieve full key-value records in a single call, reducing round-trips.
The Storage Access API gained a practical improvement: allow-storage-access-by-user-activation was moved to the iframe sandbox’s set of supported tokens, making it easier for sandboxed iframes to request storage access. Private State Tokens (formerly Trust Tokens) updated their Permissions Policy default allowlist to use a wildcard, broadening adoption potential.
WebRTC received new tests for common SDP munging patterns involving payload types — the kind of test coverage that prevents subtle regressions in real-time communication. OffscreenCanvas fixed a potential null pointer dereference in EnableAcceleration, and the Controlled Frame API added a CQ test to catch when new permissions are added without proper handling.
150 total changes. Browse Web Platform API commits →
Performance
29 changes targeted performance, headlined by compositor warm-up being enabled by default. Both WarmUpCompositor and Prerender2WarmUpCompositor are now on for everyone, meaning the rendering pipeline starts warming up earlier during navigation — particularly impactful for prerendered pages.
An ODR (One Definition Rule) violation was fixed where the same header was compiled with different defines — the kind of undefined behavior that can cause mysterious bugs. GpuMemoryBufferManager now checks operational status before passing VideoFrames, preventing crashes when the GPU process is in a degraded state. Ruby layout (for East Asian text annotations) got a fix for FindRuby search over inline formatting contexts where <ruby> has no next sibling. And AudioWorkletGlobalScope now has a valid currentFrame during construction — a fix that matters for audio worklets that read timing data in their setup code.
29 total changes. Browse Performance commits →
Security & Privacy
28 changes strengthened security. A critical fix stopped using IsSameOriginWith when comparing browser vs. renderer local origins — a subtle but important correction that prevents potential security checks from being bypassed due to origin comparison semantics.
DevTools gained network cookie blocking support for port and scheme mismatches, with both backend support and user-facing issues surfaced. WebAuthn Level 3 compliance improved with client extensions added to getClientCapabilities(). Partitioned visited links got a new flag with a ‘self-links’ mode, giving finer control over privacy-sensitive link styling. And Fenced Frames saw test refactoring for headless mode compatibility plus a new restriction preventing file://localhost/* files from loading — closing a local file access vector.
28 total changes. Browse Security commits →
Accessibility
25 changes improved accessibility. The Prompt API (Chrome’s on-device AI language model) received a fix for system prompt checking during ai.languageModel creation — important for ensuring AI-generated content meets accessibility guidelines. WebNN renamed error messages from “buffer” to “tensor” terminology, improving developer experience. The team also fixed popup display (e.g., <select> dropdowns) to not show when the tab isn’t focused — a practical fix for keyboard and screen reader users who switch tabs during interactions.
25 total changes. Browse Accessibility commits →
Other Changes
An additional 342 commits cover code health and emerging standards. WebDX feature mappings expanded significantly, adding prefers-contrast, prefers-reduced-transparency, hyphenate-character, and hyphenate-limit-chars — all part of Chrome’s effort to track adoption of newer web platform features.
The bindings layer switched to CallWith=Isolate instead of CallWith=ScriptState in trusted_type_policy.idl where a full script state isn’t needed, reducing overhead. Event Timing had its HandleKeyboardEventSimulatedClick flag promoted to stable, and a new UMA was added for when ResolveToConfig values should coerce to true but are incorrectly treated as false — diagnostic telemetry that helps catch real-world compatibility issues. The DataChannel implementation fixed a bug keeping BlobReader alive until the FileReaderLoader resolves, preventing premature garbage collection during blob transfers.
342 total changes. Browse all commits →
Bottom Line
Who should care? If you’re building with IndexedDB, the new getAllRecords() support is a genuine quality-of-life improvement. CSS authors working with counter-set and animation transitions get important correctness fixes. And the customizable <select> element continues to progress toward general availability.
Biggest impact: The compositor warm-up being enabled by default means every Chrome user gets faster navigation rendering. Combined with the <select> mutation observer scoping and Storage Access API improvements, Chromium 132 is a release that balances developer-facing features with meaningful performance gains.
Browse the Full Diff
Explore all 1,329 commits on Chromium’s Gitiles:
🔗 chromium.googlesource.com/chromium/src/+log/131.0.6778.0..132.0.6834.0/third_party/blink