Firefox and Chrome reaching major versions 100 may break some websites
Mozilla has issued a warning about the upcoming versions 100 for both Chrome and Firefox. The change in the version number from 2 to 3 digits may cause some problems when visiting websites that are not prepared for this change. For example, it’s possible that some parsing libraries may have hard-coded assumptions or bugs that don’t take into account three-digit major version numbers.
Version 100
Chrome expected to reach the first three digit major version number in the first half of 2022. According to the Firefox release calendar, Firefox Nightly will reach version 100 during the first quarter of 2022 (probably March). At that rate it will reach Firefox stable release version early May 2022.
For now, the estimated dates are March 29 for Chrome and May 3 for Firefox.
User agent string
The problem originates from the user agent string that browsers send to websites you are visiting. If you are the kind of person that uses different browsers or different devices to access websites, you may have noticed that sites can look quite different depending on which browser you use to view them. When your browser sends a request to a website, it identifies itself with the user agent string before it retrieves the content you’ve requested. The data in the user agent string help the website to deliver the content in a format that suits your browser. Even though depending on user agents alone is no longer enough to optimize a website, they are still an important source of information.
For web browsers the format of the user agent string is:
[Browser]/[version] ([system and browser information]) [platform] ([platform details]) [extensions]
For example the latest version of Firefox will show:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
Why is that a problem?
As we pointed out, websites read the user agent string and optimize their content for the browser they identify by reading that information.
Some website developers will have created routines or use JavaScript libraries to identify the string Firefox and then grab either the first two digits after the semicolon “/” or the last two digits before the “.” which does not pose any problems as long as the user agent string is broadcasting two digits. But now that the last part will change to Firefox/100.0 these routines will identify your Firefox version as respectively “10” or “00”. Other libraries may even return a null result which will effectively break the site.
As a result of a mismatched version number, the visitor may get the version of the website that was designed for very early versions of the correct browser, or a version that was designed to work for all types of “unidentifiable” browsers. This is usually not an optimal experience.
Testing
Both Mozilla and Firefox are testing the compatibility of major websites ahead of time.
With the experience racked up back when browsers first reached version 10 long ago, when lots of issues were discovered with User Agent parsing libraries, Chrome has warned that developers and IT admins should test their services in advance to avoid the same issues from happening again.
If there are issues with sites that Mozilla or Google cannot fix before these versions are released, both Google and Mozilla have backup plans ready to ensure the sites are not affected.
If you would like to help testing or to test your own site, you can read here how to proceed, and if you notice something that is breaking because of the user agent string, you are welcome to file a report on webcompat.
Edge
Edge is not trailing far behind in version number, but since Edge is a Chromium based browser we can expect the worst problems to be found out by that time. Starting with Microsoft Edge 97, site owners can test this upcoming user agent string by enabling the #force-major-version-to-100 experiment flag in edge://flags to ensure their user agent parsing logic is robust and works as expected.
The post Firefox and Chrome reaching major versions 100 may break some websites appeared first on Malwarebytes Labs.