OpenFin is now co-stable with Chrome!

OpenFin v13 marks the first major version of OpenFin to be co-stable with Chromium. This is an exciting milestone not only for OpenFin, but for all of our users.

Building on top of Chromium while keeping up with its relentless upgrade cycle has been a challenge since the first projects began to do this back in 2009 (Chromium Embedded Framework). Chromium is now up to 25 million plus lines of code (another almost 10 million of spaces and comments) across 36 different languages. The Chromium project has had over a thousand contributors and releases a new version every 6 weeks.

The Challenge

Since the first version of OpenFin OS, we’ve strived to gain parity with the latest version of Chromium in order to offer the best security, features, and performance for applications. And starting with version 6 of the OS, we’ve leveraged the Electron project to help us get there. However, some key design choices on the Electron side present us with a different set of challenges.

In order to manage the complexity of Chromium, the Electron team employs a strategy that packages the parts of Chromium important to Electron and removes the rest. Many of the Chromium components that end up on the Electron chopping block are core capabilities that OpenFin customers simply cannot do without such as group policy controls, print preview, inline PDF viewing and spellcheck.

Bringing Chromium Back

To solve this problem, we actively maintain a significant fork of Electron that re-enables Chromium features. This is no easy feat because coupling is extreme in Chromium’s current architecture. As part of our upgrade process, our Chromium engineering team identifies all dependencies and subsystems that are required for a given feature to operate. Our engineers then vet Chromium’s execution flow when in the standard Chrome browser and develop a strategy for maintaining the same flow in Electron. Changes are made in our Electron fork and are also applied to Chromium’s source code. All this work must be re-performed by our team with each major version upgrade of the runtime in order to stay in sync with upstream changes from Chromium and Electron.

But Wait There’s More …

Beyond bringing Chromium back, with each OS upgrade, painstaking effort goes into maintaining and improving core components of OpenFin’s security model and architecture. This includes:

• Multi-tenant Architecture: We retain the Chromium multi-tenant model and allow applications, while isolated in their own render processes, to share the same browser process – optimizing memory and CPU consumption on the desktop.
• Multi-Runtime Architecture: We enable applications to run on the same desktop using different versions of OpenFin, all while maintaining interoperability between the applications. Development teams that are deploying to the same desktop can upgrade at their own pace while continuing to cross communicate with applications running on older versions of OpenFin.
• Managed Auto-Updating: We enable seamless and secure upgrading of the OpenFin version by simply changing a version in a manifest file.
• Web Security: We provide a secure, web-first developer experience and application model that strongly limits vulnerability to Cross-site scripting (XSS) attacks.
• Sandboxing and Signing: We ensure that downloaded code must always run in the Chromium sandbox and that any code sitting on the filesystem is signed and validated prior to loading.
• API Security: We sandbox APIs with a system of central permissions so applications cannot access sensitive APIs without explicit permission from the owner of the desktop where the app is running.

What’s Next?

Being co-stable with Chrome means that OpenFin now delivers the enterprise security and architecture needed by our customers while also providing the latest critical security patches, bug fixes, and new features from Chromium.

Our schedule is now designed to be co-stable with every other version of Chromium (OpenFin 14 – Chromium 78, OpenFin 15 – Chromium 80, etc.) going forward. Developers should expect these major versions effectively once per quarter and very close to the date that the Chrome team moves the same version to stable. And since OpenFin decouples the Chromium engine from your application code, leveraging these Chromium upgrades is just a simple update to your app’s manifest file.

This is a major accomplishment that we’re eager to share with our users and we want to give a big shout out to our engineering team for all the hard work that went into it. We’re excited to see what co-stability can do for financial applications and what other products our team can create in the future to continue to propel the industry into the future.

To learn more about co-stability and the latest version of OpenFin, visit our Versions page.