What Changed in Blink: Chromium 132 → 133
Blink EngineWhy This Matters
Blink is the rendering engine behind Chrome, Edge, Opera, Brave, Vivaldi, and virtually every Chromium-based browser — which together account for roughly 70% of all web traffic. When Blink changes, the web changes. A single commit here can affect billions of page loads per day.
Between versions 132 and 133, the Blink team landed a massive 2,011 commits from 361 contributors, referencing 1,497 bug reports. This was a monster cycle — the largest in recent memory — dominated by CSS view transitions, partitioned cookies privacy work, dynamic safe area insets, and WebNN improvements. Here’s the full picture.
At a Glance
| Metric | Count |
|---|---|
| Total commits | 2,011 |
| Areas touched | 8 |
| Bugs referenced | 1,497 |
| Contributors | 361 |
CSS
CSS dominated this cycle with a staggering 589 changes — nearly a third of all commits. The headline story is CSS View Transitions, which received extensive work on both same-document and cross-document (navigation) transitions. The team addressed flaky test failures, paint holding timeouts, and pagereveal constructor behavior across threaded and GPU-rasterized configurations. This level of investment signals that View Transitions is being hardened for broad production use.
Dynamic safe area insets saw continued development with CSS-side notification to the browser when safe-area-inset-bottom is used in paint-inducing styles — part of the effort to make web content work seamlessly with dynamic UI elements like virtual keyboards and notch areas. Event Timing had modal dialog paint interruption handling improved, and the video rendering pipeline got a defensive fix removing a DCHECK in WebMediaPlayerMSCompositor for the LowLatencyVideoRendererAlgorithm.
The accessibility-layout bridge was improved with AxBlockFlowIterator aligned to AbstractInlineTextBox for text-only navigation, ensuring screen readers traverse text content consistently. The GPU rasterization path saw gardening for object-view-box interactions with video elements — edge cases that matter for responsive media layouts.
589 total changes. Browse CSS commits →
DOM & HTML
DOM & HTML was the second-largest area with 416 changes. The select parser relaxation effort continued with test additions for the reset-algorithm-rendering behavior in headless shell, part of making the customizable <select> element work correctly across rendering modes. PerformanceEntry was updated so presentationTime returns std::optional<> to match its IDL signature — a type safety improvement that prevents incorrect default values from leaking through.
WebNN validation tests saw extensive gardening, particularly for the CPU service backend, as the team works to stabilize the Neural Network API across platforms. Pointer events compatibility got fixes for preventdefault behavior on Mac ARM64, and the <object> element SVG print-only rendering was marked as flaky — known edge cases being tracked rather than ignored.
The spanification effort reached deep into the platform layer this cycle, touching text encoding registries, network state notifiers, and HTML form elements. Each change converts a bounds-unchecked pointer operation to a safer span-based API, continuing Chromium’s multi-year memory safety initiative.
416 total changes. Browse DOM & HTML commits →
JavaScript / Web APIs
JavaScript internals received 181 changes focused on promise safety and service worker intelligence. ScriptPromise::Then()/React()/Catch() were changed from a hard CHECK(IsEmpty()) to an early exit — a pragmatic fix that prevents crashes in edge cases where promises are resolved multiple times, while still maintaining correct behavior.
ClipboardItem now takes a HeapVector with MemberScriptPromises in its constructor, properly integrating with Blink’s garbage collector for async clipboard operations. The Service Worker layer got smarter with speculation-rules prefetch being stopped for URLs that have a no-fetch-handler ServiceWorker — avoiding wasted network requests when the service worker won’t intercept them.
Build system improvements landed with missing includes added for use_libcxx_modules builds, and the non-generated-bindings usage of ExceptionState’s 4-parameter constructor was removed. The ServiceWorkerEventQueueWaitForScriptEvaluation flag was cleaned up, indicating the feature has stabilized.
181 total changes. Browse JavaScript commits →
Web Platform APIs
Web APIs saw 217 changes with several developer-visible additions. Navigation user activation was fixed for same-document pushState/replaceState — a bug that could cause user activation state to go stale after history API calls, affecting permission prompts and autoplay behavior.
HEVC video codec support was tightened to only accept the standard hvc1.<profile>.<profile_compatibility>.<tier and level>.* format, rejecting non-conformant codec strings. SharedStorage gained a with_lock modifier for both Window and SharedStorageWorklet contexts, enabling atomic read-modify-write operations — a significant primitive for privacy-preserving cross-site data sharing.
WebAuthn modernized its return types, with PublicKeyCredential::authenticatorAttachment() switching to String’s null representation instead of std::optional. The Bluetooth API now disables intensive throttling for pages with active Bluetooth connections — a practical fix for IoT dashboards and Web Bluetooth applications that need to stay responsive. And the SharedBitmapProvider removal from CanvasResourceProvider continued the GPU pipeline modernization.
217 total changes. Browse Web Platform API commits →
Performance
39 changes targeted performance, with the standout being sticky position support added to DynamicSafeAreaInsetsSupportedByCC — enabling the compositor to handle sticky elements that interact with safe area insets without round-tripping to the main thread. This is particularly important for mobile web apps with sticky headers and dynamic viewport changes.
The window.onmove event was moved to its own feature flag and marked as experimental — a new event that fires when a window is repositioned, useful for multi-window PWAs. IndexedDB removed relaxed durability annotations for internal web tests, tightening test accuracy. The SharedBitmapIdRegistrar was removed from PrepareTransferableResource(), continuing the long-running GPU pipeline simplification.
DevTools got a targeted optimization: frame timing trace events are now suppressed for the UI compositor, reducing noise in performance traces. The spanification effort continued with StringImpl::Find and a new StringImpl::CharacterBuffer<>() helper.
39 total changes. Browse Performance commits →
Security & Privacy
46 changes — nearly double the typical count — hardened security and privacy. The dominant theme is partitioned cookies: multiple commits re-enabled partitioned popins tests, added WPT coverage for partitioned cookies in multiple iframes, and ensured protocol tests wait for all expected events. This is part of Chrome’s Privacy Sandbox initiative to partition third-party cookies by top-level site.
Partitioned popins (pop-up windows with partitioned storage) had their tests re-enabled after stabilization. The CSP fuzzer got spanification treatment, and the stale CspStopMatchingWildcardDirectivesToFtp flag was cleaned up. Attribution Reporting debug mode had an unnecessary feature flag removed, and the aggregatable debug test suite was extended — both signs of the privacy-preserving measurement API maturing.
The team also removed AcceleratedStaticBitmapImage::CreateFromVideoFrameSharedImage, eliminating a code path that could create images from video frames without proper security checks.
46 total changes. Browse Security commits →
Accessibility
24 changes improved accessibility. The tree traversal logic received multiple fixes: next and previous pointers no longer point to nested line content, ancestor traversal in label/description computation only continues when relevant, and missing parent nodes are now handled non-fatally with diagnostic info collection instead of crashes. UpdateRelatedTree and UpdateRelatedText can now be safely called with pruned nodes.
The LabelAndDelegatesFocusNewHandling feature flag was removed, indicating that the improved focus delegation behavior for labeled controls has fully shipped. WebNN switched to AllowSharedBufferSource for writeTensor and readTensor, and the team updated navigation logic to properly open all files dropped into web content — an accessibility and usability improvement for drag-and-drop workflows.
24 total changes. Browse Accessibility commits →
Other Changes
An additional 499 commits span code health and infrastructure. The std::optional to null String migration was a major theme, with PreferenceObject::override(), RTCIceCandidate::url(), and other APIs switching to String’s null representation — a more idiomatic Blink pattern that reduces unnecessary allocations.
ThenCallable::Call<> got a fast path for when React() returns a ScriptValue, and the SynchronousMutationObserver was removed from MouseEventManager and PointerEventManager, reducing the coupling between input handling and DOM mutation observation. DevTools agents were prepared for using std::unique_ptr<> for pointer-like Maybe<> types, and expired telemetry counters like ContentCapture.CaptureContentDelayTime were cleaned up.
The XSLT processor was spanified, and stale feature flags (WinRetrieveSuggestionsOnlyOnDemand) were cleaned up — part of the continuous effort to keep Chromium’s codebase lean.
499 total changes. Browse all commits →
Bottom Line
Who should care? If you’re using CSS View Transitions, this is the release that battle-hardened the feature across all rendering configurations. Web Bluetooth developers get relief from aggressive throttling, and SharedStorage’s with_lock modifier unlocks new privacy-preserving patterns. Anyone tracking partitioned cookies should note the expanded test coverage — Chrome is methodically preparing for the third-party cookie deprecation.
Biggest impact: With 2,011 commits — the largest cycle in this series — Chromium 133 represents a convergence of multiple long-running initiatives: View Transitions maturation, Privacy Sandbox hardening, and the relentless spanification effort. The 589 CSS commits alone make this one of the most CSS-heavy releases in Blink’s history.
Browse the Full Diff
Explore all 2,011 commits on Chromium’s Gitiles:
🔗 chromium.googlesource.com/chromium/src/+log/132.0.6834.0..133.0.6943.0/third_party/blink