WebProNews

Tag: Chrome

  • Google Releases Chrome 88 to Fix Zero-Day Vulnerability

    Google Releases Chrome 88 to Fix Zero-Day Vulnerability

    Google Chrome users should immediately update to version 88, as the update fixes a vulnerability that is being actively exploited.

    Google has a policy of not disclosing too much detail about security issues until the majority of users have updated:

    Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

    Nonetheless, the update includes a fix for a heap buffer overflows in the V8 JavaScript engine. The most worrisome detail is that the vulnerability is already being exploited:

    Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

    Even if automatic updates are enabled, users should manually update as soon as possible to make sure there’s not unnecessary gaps in their security.

  • Google and Barry Diller’s IAC At Odds Over Chrome Extensions

    Google and Barry Diller’s IAC At Odds Over Chrome Extensions

    Google and IAC are at odds over what Google calls misleading marketing practices, putting a lucrative deal at stake.

    IAC/InterActive Corp. offers a number of extensions for Google’s popular Chrome web browser. IAC markets the extensions as useful tools to make users’ lives easier. These can include manuals for various tools, saving users from searching for them. Other extensions provide easy access to government forms, or daily Bible quotes.

    According to the Wall Street Journal, however, some of IAC’s extensions do not perform as advertised. Even worse, the Chrome safety and trust team found that some extensions steer users toward more ads. According to documents the WSJ gained access to, the behavior was egregious enough the Chrome team recommended “immediate removal and deactivation” of the company’s extensions from the Chrome store.

    IAC’s chairman, Barry Diller, has said doing so would be devastating to IAC’s business. That hasn’t stopped Google from removing a number of the extensions, although the company told Reuters it is still working with IAC and reviewing their remaining extensions.

    Part of Google’s concern as it moves forward is the need to juggle appearances with the security of its users. The company is already under extensive scrutiny over antitrust and anticompetitive concerns. As a result, any action Google takes need to be above reproach and not add to the scrutiny it’s already under.

  • Google Rolling Out Chrome Tab Groups

    Google Rolling Out Chrome Tab Groups

    Google Chrome is about to help browser tab addicts keep things more organized with tab groups.

    As Google points out, when it comes to web browsing, there are two types of people: tab minimalists and tab collectors. Collectors, as the name implies, use tabs far more than minimalists, bouncing back and forth between possibly dozens of tabs. Unfortunately, it can be difficult to keep up with them, especially once a browser starts truncating the titles to make room for more.

    “Now, with a simple right click, you can group your tabs together and label them with a custom name and color,” writes Edward Jung in a blog post. “Once the tabs are grouped together, you can move and reorder them on the tab strip.

    “We’ve been testing out tab groups for several months now (as have some of you), and we’re finding new ways to stay organized.”

    According to Jung, some users are choosing to organize their tabs by topic, others by priority. However a person wants to organize them, the new feature should be a big help.

    The company plans to start rolling the feature out in the next version of Chrome, but users can try it now by downloading the beta.

    Image Credit: Google

  • Chrome Will Start Blocking Resource Heavy Ads

    Chrome Will Start Blocking Resource Heavy Ads

    Google has announced that Chrome will soon start blocking resource intensive ads.

    Internet ads may be a fact of life, but not all ads are created equal. Some, such as poorly programmed ones, can consume a disproportionate amount of resources, draining a laptop’s battery and slowing down a network. Google is working to address the problem, experimenting with ways of identifying those ads and blocking them.

    “We have recently discovered that a fraction of a percent of ads consume a disproportionate share of device resources, such as battery and network data, without the user knowing about it,” writes Marshall Vale, Chrome Product Manager. “These ads (such as those that mine cryptocurrency, are poorly programmed, or are unoptimized for network usage) can drain battery life, saturate already strained networks, and cost money.

    “In order to save our users’ batteries and data plans, and provide them with a good experience on the web, Chrome will limit the resources a display ad can use before the user interacts with the ad. When an ad reaches its limit, the ad’s frame will navigate to an error page, informing the user that the ad has used too many resources.”

    This is good news for Chrome users, especially those who primarily use a notebook. Google will continue working on the solution for the next few months, with rollout planned for August.

  • DuckDuckGo Releases Tracker Radar to Expose Hidden Tracking

    DuckDuckGo Releases Tracker Radar to Expose Hidden Tracking

    DuckDuckGo is the preeminent privacy-oriented search engine and the company is taking it a step further by releasing a tool to help expose hidden tracking.

    As the company points out, a quality tracking blocker is critical to online privacy. Without one, advertisers can amass a shocking amount of detail about web users, including location history, browsing history, shopping history and more. Combining the data they collect can even give them a pretty good idea of exactly how old a user is, their ethnicity, preferences and habits.

    When the company started exploring possibilities, it was not happy with the state of current options.

    “When we set out to add tracker protection, we found that existing lists of trackers were mostly manually curated, which meant they were often stale and never comprehensive,” reads the company’s announcement. “And, even worse, those lists sometimes break websites, which hinders mainstream adoption. So, over the last couple of years we built our own data set of trackers based on a crawling process that doesn’t have these drawbacks. We call it DuckDuckGo Tracker Radar. It is automatically generated, constantly updated, and continually tested.

    “Today we’re proud to release DuckDuckGo Tracker Radar to the world, and are also open sourcing the code that generates it. This follows our recent release of our Smarter Encryption data and crawling code (that powers the upgraded website encryption component in our apps and extensions).

    “Tracker Radar contains the most common cross-site trackers and includes detailed information about their tracking behavior, including prevalence, ownership, fingerprinting behavior, cookie behavior, privacy policy, rules for specific resources (with exceptions for site breakage), and performance data.”

    Tracker Radar is included in DuckDuckGo’s Privacy Browser for iOS and Android, as well as the Privacy essentials browser extension for Safari, Firefox and Chrome on the desktop. Developers can also download Tracker Radar and include it in their own tools.

  • Google and Microsoft Reigniting Browser Wars

    Google and Microsoft Reigniting Browser Wars

    Some things are too good to last, and it appears Google and Microsoft’s BFF cooperation on the browser front is one of them, as both companies are taking swipes at the other.

    Microsoft’s current browser, Edge, uses Google’s Chromium rendering engine. Chromium is an open-source rendering engine that a number of browsers, including Chrome, are powered by. Microsoft retired its own HTML rendering engine in favor of the move to Chromium in an effort to improve compatibility and reliability. Basing Edge on Chromium also lets Microsoft focus more resources on the browser’s front-end and user experience. Microsoft has even added a number of significant features to Edge that have made, or are making, their way into Chrome.

    The cracks started to show up when Google began using user agents to warn Microsoft Edge users they should “upgrade” to Google’s Chrome. User agent strings are the method by which web browsers identify themselves. In the early days of the web, when Internet Explorer and Netscape Navigator were vying for dominance, webmasters would routinely code their websites to primarily work with one or the other browser. Webmasters would check a visiting browser’s user agent, or identity, and warn users they needed to “upgrade” if they weren’t running the browser their website was designed to support. Eventually, as the web started becoming more standards-compliant, the practice largely fell out of favor, with webmasters focusing on creating websites that adhered to standards and worked for everyone.

    Now Google seems intent on going back to those dark days of the early web. According to Windows Latest, “Google services are still targeting Edge with scary warnings. In the past, Google has displayed a warning when users opened services such as Google Teams, Gmail, Google Docs and YouTube Music in Edge.”

    Interestingly, if Edge users change their user agent to Chrome, the warning goes away. Google is also not targeting other Chromium-based browsers, such as Opera.

    Microsoft, in turn, has been warning individuals who try to download extensions from the Chrome Web Store that downloaded extensions from “unverified” sources may not be safe.

    Chris Matyszczyk, with ZDNet, reached out to both companies, as well as did a bit of his own investigating.

    “My sniffings around Google suggest the company may have been taken aback by the positive public reaction to Edge,” writes Matyszczyk. “Oddly, Google doesn’t seem to be offering these scary messages to users of, say, the Opera browser.

    “My nasal probings around Redmond offer the reasoning that, well, Microsoft hasn’t tested or verified extensions that arrive from places other than they Microsoft Edge add-ons website. Why, they’re far too busy to do that. And, well, it’s the Chrome web store. Who knows what you’ll find over there? Oh, and Edge gives you more control over your data, so there.”

    Whatever the motivations of both companies, the back-and-forth, tit-for-tat needs to stop. Dragging users back to the ‘90s-style browser wars that emphasized protecting turf over supporting standards is a losing recipe for everyone involved—especially the end user.

  • 500 Chrome Extensions Caught Uploading Private Data

    500 Chrome Extensions Caught Uploading Private Data

    Independent research Jamila Kaya, in cooperation with Cisco-owned Duo Security, helped uncover approximately 500 Chrome extensions that were uploading private data from millions of users.

    Kaya used Duo Security’s CRXcavator—an automated tool designed specifically to help assess Chrome extensions— to “uncover a large scale campaign of copycat Chrome extensions that infected users and exfiltrated data through malvertising while attempting to evade fraud detection on the Google Chrome Web Store.” Initially, Kaya discovered 70 malicious extensions being used by 1.7 million users. Kaya and Duo Security notified Google, who went on to find an additional 430 similar extensions.

    “In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users,” wrote Kaya and Duo Security’s Jacob Rickerd. “This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”

    Google quickly removed all 500 extensions, and implemented new policies to make it harder for these type of extensions to reappear. As Duo Security recommends, individuals should periodically review the extensions they’re using and delete any they don’t recognize or no longer use.

  • Google Chrome Will Start Blocking Insecure Downloads

    Google Chrome Will Start Blocking Insecure Downloads

    Google announced in a blog post today that it is taking the next step toward protecting users from insecure downloads.

    Over the last couple of years, more and more websites are using HTTPS to secure traffic to their websites. One potential attack vector is when downloadable files are not secure on otherwise secure websites.

    “For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements,” the post reads.

    As a result, Google is planning to gradually start blocking “mixed content downloads,” or insecure downloads from secure pages.

    “As a first step, we are focusing on insecure downloads started on secure pages,” the post continues. “These cases are especially concerning because Chrome currently gives no indication to the user that their privacy and security are at risk.

    “Starting in Chrome 82 (to be released April 2020), Chrome will gradually start warning on, and later blocking, these mixed content downloads. File types that pose the most risk to users (e.g., executables) will be impacted first, with subsequent releases covering more file types. This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see.”

    Starting with Chrome 82 (released April 2020) the desktop version will start giving warnings when it encounters executable mixed content downloads, and increase the warnings and levels taken to block it with each subsequent release. By Chrome 86 (released October 2020) all mixed content downloads will be blocked. Because mobile platforms inherently provide a greater degree of security, Google plans to wait until Chrome 83 to implement warnings on iOS and Android.

    This is another good step by the world’s biggest browser maker to help keep users safe and secure.

  • WhatsApp Bug Let Hackers Access Computers Via a Text Message

    WhatsApp Bug Let Hackers Access Computers Via a Text Message

    Facebook has just patched a vulnerability in WhatsApp that could allow a hacker to take control of a target’s computer via a single text message.

    Security research Gal Weizman, with PerimiterX, discovered the flaw and worked with Facebook to fix it. The flaw does not impact all users, only those using the iOS version paired with a desktop version, either macOS or Windows.

    According to Facebook’s security advisory, “a vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.”

    As Weizman points out, much of this is because Facebook has not properly updated the underlying framework on which the desktop version of WhatsApp is built on. That framework is Electron, a platform that allows developers to use web technologies to create “native” apps. Electron, in turn, is based on Chromium, the open-source foundation of Google Chrome. In an era where cloud computing and web applications have become dominant, Electron gives companies the ability to maximize their developer talent by focusing on web languages, frameworks and technologies.

    Unfortunately, in this instance, WhatsApp was based on Electron 4.1.4, instead of the current 7.x.x. In version 4.1.4, the included version of Chromium was Chrome/69, instead of the current Chrome/78. If Facebook had updated to the latest version of Electron, and therefore the underlying Chromium, this bug would not have been possible, as it had been patched in Chromium and Electron some time ago.

    “It is 2020, no product should be allowing a full read from the file system and potentially a RCE from a single message,” Weizman writes.

    He’s absolutely right. At a time when hackers are developing more powerful tools and methods to compromise systems, there is no excuse for development this lazy and irresponsible.

  • Chrome Ad Blocker Will Tackle Video Ads

    Chrome Ad Blocker Will Tackle Video Ads

    Beginning August 5, 2020, Google Chrome will begin blocking some of the most intrusive video ads, according to a blog post.

    According to the post, Google relies on the Better Ads Standards, developed by the Coalition for Better Ads. The group recently announced new standards, addressing some of the most intrusive types of video ads.

    The first type is “long, non-skippable pre-roll ads or groups of ads longer than 31 seconds that appear before a video and that cannot be skipped within the first 5 seconds.”

    The second type is “mid-roll ads of any duration that appear in the middle of a video, interrupting the user’s experience.”

    The third type is “image or text ads that appear on top of a playing video and are in the middle 1/3 of the video player window or cover more than 20 percent of the video content.”

    The Coalition has made it clear that website owners should stop showing these video ads within the next four months. As a result, effective August 5, 2020, Google will stop displaying these kinds of ads. Google also makes clear that YouTube will be reviewed to ensure compliance with the new guidelines.

    This announcement is good news for anyone who has had to sit through these kind of ads, and Google is to be commended for quickly implementing the Coalition’s new guidelines.

  • Google Paid Record-Breaking $6.5 Million In Bug Bounties In 2019

    Google Paid Record-Breaking $6.5 Million In Bug Bounties In 2019

    Google has announced it paid a record-breaking $6.5 million through its Vulnerability Reward Programs in 2019.

    Google’s VRPs rewards security researchers who find and report bugs so the company can address them. According to the company, 2019’s payout doubled what had been paid in any previous single year.

    Programs such as this have become a critical tool for companies in the fight against hackers and cybercriminals. By relying on security researchers and “white hat” hackers, companies hope to find security vulnerabilities and bugs before cyber criminals, or “black hats.”

    According to Google, “since 2010, we have expanded our VRPs to cover additional Google product areas, including Chrome, Android, and most recently Abuse. We’ve also expanded to cover popular third party apps on Google Play, helping identify and disclose vulnerabilities to impacted app developers. Since then we have paid out more than $21 million in rewards.”

    Although $6.5 million is a sizable amount, it pales in comparison to the cost of an exploited security vulnerability or data breach. In fact, according to a study sponsored by IBM Security, the average cost of a single data breach is $3.92 million. In view of the number of bug fixes that $6.5 million facilitated, it seems like quite the bargain.

  • Microsoft Responsible For Latest Google Chrome Feature

    Microsoft Responsible For Latest Google Chrome Feature

    Once bitter rivals in the browser wars, Microsoft and Google are now cooperating like never before, with a major Chrome feature originating with Microsoft, according to The Verge.

    Microsoft recently moved its Edge browser over to Chromium, the open-source rendering engine that serves as the basis for Chrome. Since the move, Microsoft has been responsible for some 1,900 changes and improvements to Chromium, according to CNET.

    While many of these changes are under-the-hood, the latest is a very visible one. CNET says “the tab management feature in Edge lets you right-click on a single tab or a group of tabs you’ve selected then send them to a new or different Edge browser window. It’s useful if you like to group related tabs into a single window.”

    The feature caught the eye of Google software engineer Leonard Grey and, as The Verge points out, “now Microsoft is helping bring it directly to Chromium and Chrome.” This is an excellent example of the overall benefit that comes from tech companies working together around open standards and open-source software.

  • Advertisers Balk At Google’s Plan To Kill Third-Party Cookies

    Advertisers Balk At Google’s Plan To Kill Third-Party Cookies

    In what is a surprise to no one, advertisers are begging Google not to kill third-party cookies in Chrome, according to CNBC.

    Google announced earlier this week its plans to phase out third-party cookies within two years. The company is trying to improve user privacy, while at the same time addressing the needs of advertisers, something it does not believe other browser makers do. While Apple’s Safari and Mozilla’s Firefox both include the ability to block third-party cookies, Google believes those solutions leave advertisers in the cold and encourage them to use more drastic and invasive methods to track users and make money.

    In their post announcing the plans, Google was light on details, promising to continue working with the web and advertising community to deliver a solution that was beneficial to all parties. That doesn’t seem to be enough for advertisers, however, as Dan Jaffe, EVP of government relations at the Association of National Advertisers, and Dick O’Brien, EVP of government relations at the American Association of Advertising Agencies, issued a statement protesting Google’s decision.

    According CNBC, the statement said Google’s plans“may choke off the economic oxygen from advertising that startups and emerging companies need to survive.”

    The advertising groups acknowledged Google’s efforts to implement an alternative to the current cookie-based methods, but urged caution so as not to disrupt the web’s ecosystem with a half-baked solution.

    “In the interim, we strongly urge Google to publicly and quickly commit to not imposing this moratorium on third party cookies until effective and meaningful alternatives are available,” the statement said.

    As CNBC highlights, these same groups have expressed opposition to California’s CCPA privacy law, so it should be no surprise they aren’t happy with anything that impedes their ability to advertise—not even in the name of protecting user privacy.

  • Mozilla Lays Off Employees To Help Fund Innovation

    Mozilla Lays Off Employees To Help Fund Innovation

    Mozilla interim CEO Mitchell Baker announced a round of layoffs at the software company, citing the need to “innovate in the areas most likely to impact the state of the internet and internet life.”

    TechCrunch originally reported the story, with news that some 70 employees were impacted. This is a relatively high number for a corporation that only employees around 1,000 people, and Baker indicated there may be more yet to come.

    The vast majority of Mozilla’s income is derived from search royalties. Search engines, such as Google, pay Mozilla a portion of advertising income when a user searches using the built-in search bar. For several years Yahoo was Mozilla’s default search engine, and a large source of their revenue, until Mozilla cancelled the agreement in 2017. Now, much of Mozilla’s revenue comes from Google, the maker of Chrome. This puts the software company in the awkward—and potentially dangerous—position of relying on its prime competitor as the primary source of its income. As a result, Mozilla has been working on efforts to diversify its income streams for some time. Unfortunately, those appear to be taking longer to pay off than anticipated.

    “You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen,” Baker writes in her memo, according to TechCrunch. “Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future.”

    The employees impacted by the layoffs will receive “generous exit packages” and help finding new jobs. In the post on the company’s site, Baker discussed how difficult the decision was but, at the same time, emphasized how strong Mozilla is positioned going forward.

    “Mozilla has a strong line of sight on future revenue generation from our core business. In some ways, this makes this action harder, and we are deeply distressed about the effect on our colleagues. However, to responsibly make additional investments in innovation to improve the internet, we can and must work within the limits of our core finances.”

  • Google Restricting Cookies In Chrome To Improve Privacy

    Google Restricting Cookies In Chrome To Improve Privacy

    The days of cookies may be coming to an end as Google announces its plans to phase out third-party cookies within two years.

    The first indications of Google’s plans came in August when the company announced a new initiative called Privacy Sandbox. The initiative was founded in an effort to keep publishers from abusing technologies to track users. Specifically, many web publishers have found ways to work around blanket efforts to block third-party cookies with even more invasive types of tracking, such as fingerprinting. As Google describes:

    “With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected.”

    With today’s announcement, Google is looking for a more nuanced approach, one that addresses the needs of advertisers to make money in a way that does not abuse privacy. The company has been receiving feedback from W3C forums and other standards participants, feedback that indicates it is on the right track. Bolstered by this feedback, Google has committed to a timeline for its plans.

    “Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome. Our intention is to do this within two years.”

    Google also plans to address other privacy issues, such as cross-site tracking and fingerprinting. The company has been under increasing scrutiny for Chrome’s privacy, or lack thereof. In June 2019, The Washington Post went so far as to label the browser “spy software,” and blamed it on Google’s position as both a browser maker and the single biggest cookie generator on the web. Relying on the search giant to protect user privacy is akin to relying on the fox to guard the henhouse.

    Hopefully Privacy Sandbox and Google’s commitment to phase out third-party cookies are a step in the right direction.

  • Google Chrome Will Get Error Codes To Help With Troubleshooting

    Google Chrome Will Get Error Codes To Help With Troubleshooting

    According to ZDNet, Google’s Chrome web browser will soon receive error codes similar to those shown on the Windows blue screen of death (BSOD) display.

    The feature was proposed by Eric Lawrence, a software engineer working on the Chromium-based version of Microsoft Edge. The goal is to provide users with a convenient way to diagnose issues by giving them an error code they can research and learn about.

    The feature is currently being tested in Chrome v81, but there has been no confirmation that it will make the final build of v81, or be included in the next release. Either way, all indications are this is a permanent addition to the browser.

    As ZDNet highlights, since it was an engineer working on Microsoft’s browser that suggested the feature, it will likely make its way to other Chromium-based browsers, such as Opera, Vivaldi and Brave.

  • Chrome For Android Update Fixes Data Wiping Bug

    Chrome For Android Update Fixes Data Wiping Bug

    Last week reports started surfacing of what appeared to be a data wiping bug in version 79 of Google Chrome for Android. Following a fix, Google has resumed the rollout.

    The issue had to do with Chrome acting as WebView in the most recent versions of Android. Third-party apps that access the web often use Chrome as the rendering engine, rather than bundling one of their own.

    According to Android Police, “when you log in with a web page inside an app, or use browsers like DuckDuckGo that lack their own internal rendering engine, Chrome is responsible for loading that content. Some Android apps actually run entirely inside WebView, such as applications built with Apache Cordova (PhoneGap) or packaged web apps like Twitter Lite.

    “One of the changes in Chrome 79 is that the location where web data is stored was updated. However, as one comment on a Chromium bug page pointed out, data from localStorage and WebSQL — two types of storage commonly used by web apps and packaged apps — wasn’t migrated properly.

    “Long story short, when devices were updated to Chrome 79, web apps and WebView applications had some (or all) local data deleted. While the data is still technically intact, since Chrome didn’t delete old data after the migration, there’s no way to access it right now.”

    The new update addresses this issue and properly migrates the data to the new location. If a user upgraded to the broken version 79, any new data saved to the new location will be overwritten with the original data from pre-79 versions of Chrome. In the event important data was saved to the new location with the broken update, that data can still be accessed and recovered if needed.

    This fix will be a welcome relief to users who originally thought their data was gone.

  • New Chrome Feature Will Alert You If Your Password Is Stolen

    New Chrome Feature Will Alert You If Your Password Is Stolen

    In a blog post today, Google announced the addition of a significant security feature to Chrome, one that will alert users if their password has been stolen.

    With new data breaches occurring and being reported on a near-daily basis, people’s usernames and passwords are increasingly showing up for sale on the dark web. With many people reusing passwords across websites, a single compromised website can leave individuals vulnerable across a myriad of sites and services.

    First introduced earlier this year as an extension named Password Checkup, the feature has been rolled into Chrome’s settings as part of its Safe Browsing features.

    “When you type your credentials into a website, Chrome will now warn you if your username and password have been compromised in a data breach on some site or app. It will suggest that you change them everywhere they were used.”

    Google’s post also discussed improvements to Safe Browsing’s anti-phishing features.

    “Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure. The list refreshes every 30 minutes, protecting 4 billion devices every day against all kinds of security threats, including phishing.

    “However, some phishing sites slip through that 30-minute window, either by quickly switching domains or by hiding from our crawlers. Chrome now offers real-time phishing protections on desktop, which warn you when visiting malicious sites in 30 percent more cases. Initially we will roll out this protection to everyone with the “Make searches and browsing better” setting enabled in Chrome.”

    These improvements are welcome additions to one of the most popular browsers in use and Google is to be commended for making Password Checkup an included feature, where more people will benefit from it.

  • New Google Chrome Feature May Drive Users to Firefox

    New Google Chrome Feature May Drive Users to Firefox

    The Register is reporting on a new feature in an upcoming version of Google Chrome that has privacy-conscious users worried. A recent API called getInstalledRelatedApps may allow websites to determine what apps are installed on a user’s device.

    At first glance, the API seems to have an admirable purpose. If users have both web and native applications installed, they could be bombarded by duplicate sets of notifications. If a website can determine that its native app is installed, it would then prioritize notifications for the native app. Unfortunately, the API doesn’t really seem to be aimed at improving the experience—not for the user at least.

    In response to a question from Opera developer Daniel Bratell, expressing concern about how this API would help users, Google engineer Rayan Kanso wrote:

    “Although this isn’t an API that would directly benefit users, it indirectly benefits them through improved web experiences,” Kanso wrote. “We received very positive OT [off-topic] feedback from partners using this API, and the alternative is them using hacks to figure whether their native app is installed.”

    In other words, this API is more about making it easier for web and app developers’ marketing needs than it is truly making users’ lives easier.

    The privacy implications are clear: If websites can determine what apps are installed on a person’s phone or tablet, it can provide a relatively complete picture, otherwise known as a fingerprint, about that person’s habits.

    As The Register points out, Peter Snyder, a privacy researcher at browser maker Brave, voiced his own concerns:

    “I don’t follow the claim about non-fingerprint-ability. If I’m a company with a large number of apps (e.g. google), with 16-32 apps registered in app stores, the subset of which apps any user has installed is likely to be a very strong semi-identifier, no, and so be extremely risky for the user / valuable for the fingerprinter, no?

    “Apologies if I’m misunderstanding, but this seems like a very clear privacy risk.

    Put differently, if this isn’t a privacy risk, whats the rational behind disallowing this in private browsing mode?”

    With browsers like Firefox and Safari placing an emphasis on privacy and security, it’s a safe bet this is yet another move that will drive users away from Chrome.

  • Microsoft Looking For Help From Linux Developers to Port Edge to Linux

    Microsoft Looking For Help From Linux Developers to Port Edge to Linux

    Microsoft’s Edge web browser has received generally positive reviews, and has proven to be a worthy successor to Internet Explorer and a solid contender among modern browsers.

    In December 2018, Microsoft announced its intention to abandon EdgeHTML as the browser’s rendering engine in favor of Chromium, the same rendering engine Google Chrome uses. In the months since the announcement, Microsoft has worked on versions of Edge for Windows 7, 8 and 10, as well as Xbox One, macOS, iOS and Android.

    Now, Microsoft has teased the possibility of Edge making its way to Linux as well. Sean Larkin, a member of the Edge development team, took to Twitter to solicit feedback from Linux developers:

    “We on the @MSEdgeDev team are fleshing out requirements to bring Edge to Linux, and we need your help w/ some assumptions!”

    Larkin went to say that “if you’re a dev who depends on Linux for dev, testing, personal browsing, please take a second to fill out this survey!”

    If Microsoft successfully brings Edge to Linux, it could make life for Linux web developers easier, allowing them to natively test how their sites and web applications work in Microsoft’s latest browser.

    Here’s a link to the survey…

  • Google Chrome Revealed As Cause of Mass Mac Pro Failure

    Google Chrome Revealed As Cause of Mass Mac Pro Failure

    Earlier this week, studios and video shops in Hollywood and around the country went into collective panic mode when their Mac Pro workstations refused to reboot.

    News started hitting Twitter September 24 as Mac Pros started slowly crashing and refusing to boot up again. Almost immediately, keen-eyed users started noticing that affected systems were running older versions of macOS, as well as Avid’s Media Composer. In addition to a statement by the company, Avid’s CEO Jeff Rosica and its CTO Tim Claman released a video promising their engineers were working “around the clock” to address the problem.

    Despite fears the issues might be caused by a virus, by Wednesday, September 25 Google Chrome had been identified as the culprit. On Google’s Chrome Help site, a support manager made the statement:

    “We recently discovered that a Chrome update may have shipped with a bug that damages the file system on macOS machines with System Integrity Protection (SIP) disabled, including machines that do not support SIP. We’ve paused the release while we finalize a new update that addresses the problem.”

    This comes on the heels of a recent, high-profile article in the Washington Post labeling Chrome as spyware and encouraging individuals to switch to Firefox. Meanwhile, both Firefox and Apple have increased their privacy efforts in a clear shot across Google’s bow.

    While users may be willing to trade privacy for convenience, Google may have a harder time getting people to stay with Chrome if it gets a reputation for corrupting expensive workstations.