In a Wall Street Journal article comparing Apple's HomePod Mini against the competition, a Google spokesperson hinted that the company is working on integrating its Chromecast streaming devices and Nest Audio speakers. The Verge reports: Being able to combine a streaming platform with a smart phone speaker makes a lot of sense for these companies. After all, customers already have all the hardware in their living room -- why not repurpose those speakers to improve the sound of your Netflix movies? Plus, there's the added bonus of inciting customers to stay within a company's ecosystem. You're more likely to buy a HomePod mini if it works with the Apple TV you already have. The ability to link smart speakers to streaming boxes is also something that both Apple and Amazon already offer.

Google's plans are extremely vague for now -- The Wall Street Journal makes no mention of which devices the company is looking to link together, when the feature will arrive, or what sort of use cases it's looking to achieve. But with Google increasingly looking to push users toward its smart home devices, making them all work better together just makes good sense.

Yesterday, Apple released the latest version of macOS: macOS Big Sur (also known as macOS 11.0) and the rollout was anything but smooth. Many users have complained about Apple services such as iMessage, or even Apple Pay, not working for them. Personally, my 5K iMac (2013), which isn't even compatible with Big Sur, ground to a halt yesterday, as I was unable to open up Google Chrome or any of my Adobe Creative Cloud apps. Even navigating my system preferences was painfully slow.

According to developer Jeff Johnson, the reason apps were failing to launch was because a process called "trustd" failed to attempt to connect to Apple's Online Certificate Status Protocol website (oscp.apple.com). "[D]enying the connection between "trustd" and oscp.apple.com fixes the issue, as does disabling a Mac's connection to the internet," notes Apple Insider. Slashdot reader shanen shares their experience: The story is about different problems, so I'll just start with my own anecdote. The 12GB download was amazingly slow. I'm being charitable and willing to attribute that to high demand. Eventually it did finish. The installation process didn't seem to be too bad. Then I did something with the Mac and it immediately wanted another upgrade. Turned out to be a double upgrade of two slightly different versions of some tools, but another (slow) GB bites the dust. Meanwhile, it decided to do that double-upgrade again? One of those two must have succeeded, because the third attempt failed with the appropriate notice that it had succeeded.

Bottom line? Not reassuring, but it seems to be okay now. I should have made a note about what triggered the extra GB, but I don't think I did anything unusual that should have required an OS-level extension of the system. Ergo, whatever was going on, I think it belonged in the original 12 GB download... Disclaimer needed: I just had an extremely negative interaction with Apple about the battery swelling problem in the course of attempting to consider whether or not I should upgrade my old MacBook Pro. It started on the Apple website, which was amazingly unhelpful even after it dangled a trade-in offer of some kind. Then it continued with a long phone call to a very kind and friendly person who seemed to know not so much, though he eventually led me to the search that revealed "Optimized Battery Charging" as an option that my old Mac cannot use. By the way, new iPhones apparently have it, too. So right now I think Apple finally figured out how to stop the battery swelling, but I am still screwed. I regard the Mac as a sunk cost, and the second rule of sunk cost is to NOT throw good money after bad. The first rule is that no one wants to talk about their mistakes, eh?

So did your upgrade to Big Sur go better than mine? I really hope so. Why share the misery? We have plenty of that with "He whose name need not be mentioned" anymore.

A group of journalists has built a browser extension, called Simple Search, to show you what Google search would look like without the information panels, shopping boxes, and search ads. The Verge reports: Introducing the extension, Maddy Varner and Sam Morris describe it as a conscious throwback to an earlier version of Google search, before the integration of the Knowledge Graph and its accompanying information boxes. "The extension lets you travel back to a time when online search operated a little differently," they write. "Nowadays, you don't always have to click any of the 'blue links' to get information related to your search -- Google gives you what it thinks is important in info boxes of information pulled from other websites." The extension works on Google and Bing searches and is available for both Firefox and Chrome browsers.

Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. From a report: The new feature is scheduled to go live with Chrome 88, to be released in January 2021. While the term "tab-nabbing" refers to a broad class of tab hijacking attacks [see OWASP, Wikipedia], Google is addressing a particular scenario. This scenario refers to situations when users click on a link, and the link opens in a new tab (via the "target=_blank" attribute). These new tabs have access to the original page that opened the new link. Via the JavaScript "window.opener" function, the newly opened tabs can modify the original page and redirect users to malicious sites. This type of attack has powered quite a few phishing campaigns across the years. To mitigate this threat, browser makers like Apple, Google, and Mozilla have created the rel="noopener" attribute.

Emil Protalinski, reporting for VentureBeat: For more than a decade, I've used Net Applications' NetMarketShare tool to track the desktop browser and operating system markets. The monthly reports have been critical in gauging which browsers and new versions of operating systems are gaining or losing market share. Last week, Net Applications released its final NetMarketShare report. The loss could not come at a worse time. After Chrome cemented its spot as the world's de facto browser, there hasn't been a lot of movement. But that might be about to change. Chrome's creator, Google, is facing the biggest U.S. antitrust case in a generation. Mozilla, which depends on Google for almost all its revenue, is rightly worried about becoming "collateral damage."

[...] So why is Net Applications killing off NetMarketShare? Don't act surprised when I tell you the undisputed market leader has something to do with it. In January, Google proposed deprecating the User-Agent string (used to identify which browser and operating system is being used) as part of its war on fingerprinting. Net Applications says the change will break NetMarketShare's device detection technology and "cause inaccuracies for a long period of time." Add the ongoing problem of filtering out bots to prevent skewing of the result, and Net Applications decided it was best to throw in the towel after 14 years. Net Applications provided its reports based on data captured from 100 million sessions each month over thousands of websites.

A series of tweets by one Miami University student that were critical of a proctoring software company have been hidden by Twitter after the company filed a copyright takedown notice. TechCrunch reports: Erik Johnson, a student who works as a security researcher on the side, posted a lengthy tweet thread in early September about Proctorio, an Arizona-based software company that several U.S. schools -- including his own -- use to monitor students who are taking their exams remotely. But six weeks later, Johnson received an email from Twitter saying three of those tweets had been removed from his account in response to a request by Proctorio filed under the Digital Millennium Copyright Act.

Proctorio, based in Scottsdale, Arizona, says its proctoring software is privacy friendly. Students are required to install its Chrome extension before taking a test, which the company says students can remove once they're done. Unlike desktop software, most Chrome extensions can be easily downloaded and their source code viewed and examined. Johnson did this and tweeted his findings. Three of those tweets described under what circumstances Proctorio would "terminate" a student's exam if it detected signs of potential cheating -- such as if a student "switched networks" or if "abnormal clicking" and "eye movements" were detected. The tweets also included a link to snippets of code found in Proctorio's Chrome extension, which Johnson posted to code-sharing site Pastebin. Those three tweets are no longer accessible on Twitter after Proctorio filed its takedown notices. The code shared on Pastebin is also no longer accessible, nor is a copy of the page available from the Internet Archive's Wayback Machine, which said the web address had been "excluded." Proctorio emailed TechCrunch a statement through its crisis communications firm Edelman, claiming Johnson "violated Proctorio's exclusive rights by copying and posting extracts from Proctorio's software code on his Twitter account," and in response, Proctorio filed the DMCA takedown request "to ask that the content be removed and Twitter removed it."

"Mr. Johnson's claim that he has the right to reproduce the code because he was able to download it is simply not true. Regardless of his ability to download the files, they remain protected under the Copyright Act. Also, had Mr. Johnson looked at the files he downloaded, he would have seen the multiple copyright notices in the header of each file that state expressly that the code is owned by Proctorio and that 'unauthorized reproduction, display, modification, or distribution of this software, or any portion of it, may result in severe civil and criminal penalties, and will be prosecuted to the full extent permitted by law.' His reproduction of that code violated Proctorio's rights, which is why Proctorio asked Twitter to remove it," said Edelman's senior vice president Andy Lutzky, on behalf of Proctorio.

Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, have built their own take on Google's open-source Chromium web browser. ZDNet reports: Some of you may be saying, "Wait, haven't they offered Chromium for years? Well, yes, and no. For years, Mint used Ubuntu's Chromium build. But then Canonical, Ubuntu's parent company, moved from releasing Chromium as an APT-compatible DEB package to a Snap. The Ubuntu Snap software packing system, along with its rivals Flatpak and AppImage, is a new, container-oriented way of installing Linux applications. The older way of installing Linux apps, such as DEB and RPM package management systems for the Debian and Red Hat Linux families, incorporate the source code and hard-coded paths for each program.

While tried and true, these traditional packages are troublesome for developers. They require programmers to hand-craft Linux programs to work with each specific distro and its various releases. They must ensure that each program has access to specific libraries' versions. That's a lot of work and painful programming, which led to the process being given the name: Dependency hell. Snap avoids this problem by incorporating the application and its libraries into a single package. It's then installed and mounted on a SquashFS virtual file system. When you run a Snap, you're running it inside a secured container of its own. For Chromium, in particular, Canonical felt using Snaps was the best way to handle this program. [...]

Lefebvre wrote, "The Chromium browser is now available in the official repositories for both Linux Mint and LMDE. If you've been waiting for this I'd like to thank you for your patience." Part of the reason was, well, Canonical was right. Building Chromium from source code is one really slow process. He explained, "To guarantee reactivity and timely updates we had to automate the process of detecting, packaging and compiling new versions of Chromium. This is an application which can require more than 6 hours per build on a fast computer. We allocated a new build server with high specifications (Ryzen 9 3900, 128GB RAM, NMVe) and reduced the time it took to build Chromium to a little more than an hour." That's a lot of power! Still, for those who love it, up-to-date builds of Chromium are now available for Mint users.

Google has announced plans to run its own certificate root program/store for Chrome, in a major architectural shift for the company's web browser program. From a report: A "root program" or a "root store" is a list of root certificates that operating systems and applications use to verify the identity of a software program during its installation routine. Browsers like Chrome use root stores to check the validity of an HTTPS connection. They do this by looking at the website's TLS certificate and checking if the root certificate that was used to generate the TLS cert is included in the local root program/store. Since its launch in late 2009, Chrome was configured to use the "root store" of the underlying platform. For example, Chrome on Windows checked a site's TLS certificate against the Microsoft Trusted Root Program, the root store that ships with Windows; Chrome on macOS relied on the Apple Root Certificate Program; and so on. But in a wiki page, shared with ZDNet by one of our readers, Google announced plans to create its own root store, named the Chrome Root Program, that will ship with all versions of Chrome, on all platforms, except iOS.

An anonymous reader shares a report: When he received the notification from Google he couldn't quite believe it. Cleroth, a game developer who asked not to use his real name, woke up to see a message that all his Google accounts were disabled due to "serious violation of Google policies." His first reaction was that something must have malfunctioned on his phone. Then he went to his computer and opened up Chrome, Google's internet browser. He was signed out. He tried to access Gmail, his main email account, which was also locked. "Everything was disconnected," he told Business Insider. Cleroth had some options he could pursue: One was the option to try and recover his Google data â" which gave him hope. But he didn't go too far into the process because there was also an option to appeal the ban. He sent in an appeal.

He received a response the next day: Google had determined he had broken their terms of service, though they didn't explain exactly what had happened, and his account wouldn't be reinstated. (Google has been approached for comment on this story.) Cleroth is one of a number of people who have seen their accounts suspended in the last few days and weeks. In response to a tweet explaining his fear at being locked out of his Google account after 15 years of use, others have posted about the impact of being barred from the company that runs most of the services we use in our day-to-day lives. "I've been using a Google account for personal and work purposes for years now. It had loads of various types of data in there," said Stephen Roughley, a software developer from Birkenhead, UK. "One day when I went to use it I found I couldn't log in." Roughley checked his backup email account and found a message there informing him his main account had been terminated for violating the terms of service. "It suggested that I had been given a warning and I searched and searched but couldn't find anything," added Roughley. "I then followed the link to recover my account but was given a message stating that my account was irrecoverable." Roughley lost data including emails, photos, documents and diagrams that he had developed for his work. "My account and all its data is gone," he said.

Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. From a report: The zero-day is expected to be patched on November 10, which is the date of Microsoft's next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google's elite vulnerability research team. On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week. The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome's secure container and run code on the underlying operating system -- in what security experts call a sandbox escape.

New submitter andreavenezia shares a report from The Verge: Chrome OS may finally be getting a dark mode, but so far it's only been spotted in its experimental Canary channel, Android Central reported. Before you go tinkering with Canary just be advised: Canary is Google's "bleeding edge" Chrome OS path, which receives daily updates of features before they've been widely tested. It can only be accessed from Chromebooks switched into a special developer mode (not to be confused with the Chrome OS Developer channel). Google warns that Canary can be "unstable."

But at the moment, to activate dark mode on your Chromebook, you need to have the Canary channel installed. Once you've done that, Android Central says you just open Chrome and type in chrome://flags/#enable-force-dark and chrome://flags/#enable-webui-dark-mode into the URL bar. I should note I tried this on my older Chromebook and wasn't able to get it to work. But here's the view Android Police captured. Android Central says the dark mode has some bugs, but notes it seems to apply across the UI, not just as darker backgrounds.

"No one asked Microsoft to port its Edge browser to Linux," writes Steven J. Vaughan-Nichols at ZDNet, adding "Indeed, very few people asked for Edge on Windows.

"But, here it is. So, how good — or not — is it..?" The new release comes ready to run on Ubuntu, Debian, Fedora, and openSUSE Linux distributions... Since I've been benchmarking web browsers since Mosaic rolled off the bit assembly line, I benchmarked the first Edge browser and Chrome 86 and Firefox 81 on my main Linux production PC.... First up: JetStream 2.0, which is made up of 64 smaller tests. This JavaScript and WebAssembly benchmark suite focuses on advanced web applications. It rewards browsers that start up quickly, execute code quickly, and run smoothly. Higher scores are better on this benchmark.

JetStream's top-scorer — drumroll please — was Edge with 136.971. But, right behind it within the margin of error, was Chrome with a score of 132.413. This isn't too surprising. They are, after all, built on the same platform. Back in the back was Firefox with 102.131. Next up: Kraken 1.1. This benchmark, which is based on the long-obsolete SunSpider, measures JavaScript performance. To this basic JavaScript testing, it added typical use-case scenarios. Mozilla, Firefox's parent organization, created Kraken. With this benchmark, the lower the score, the better the result. To no great surprise, Firefox took first place here with 810.1 milliseconds (ms). Following it was Chrome with 904.5ms and then Edge with 958.8ms.

The latest version of WebXPRT is today's best browser benchmark. It's produced by the benchmark professionals at Principled Technology. This company's executives were the founders of the Ziff Davis Benchmark Operation, the gold-standard of PC benchmarking. WebXPRT uses scenarios created to mirror everyday tasks. These include Photo Enhancement, Organize Album, Stock Option Pricing, Local Notes, Sales Graphs, and DNA Sequencing. Here, the higher the score, the better the browser. On this benchmark, Firefox shines. It was an easy winner with a score of 272. Chrome edges out Edge 233 to 230.
The article concludes that "Oddly, Edge, which turned in a poor performance when I recently benchmarked it on Windows, did well on Linux. Who'd have guessed...? Edge is a good, fast browser on Linux. If you're a Windows user coming over to Linux or you're doing development work aimed at Edge, then by all means try Edge on Linux. It works and it works well."

Yet Vaughan-Nichols admits he's still not going to switch to Edge. "Chrome is more than fast enough for my purposes and I don't want my information tied into the Microsoft ecosystem. For better or worse, mine's already locked into the Googleverse and I can live with that."

"Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild, Threatpost reported this week: Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday. Project Zero is an internal security team at the company aimed at finding zero-day vulnerabilities.

By Tuesday, Google already had released a stable channel update, Chrome version 86.0.4240.111, that deploys five security fixes for Windows, Mac & Linux — among them a fix for the zero-day, which is being tracked as CVE-2020-15999 and is rated as high risk. "Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," Prudhvikumar Bommana of the Google Chrome team wrote in a blog post announcing the update Tuesday... "The fix is also in today's stable release of FreeType 2.10.4," Ben Hawkes, technical lead for the Project Zero team, tweeted. Meanwhile, security researchers took to Twitter to encourage people to update their Chrome browsers immediately to avoid falling victim to attackers aiming to exploit the flaw...

In addition to the FreeType zero day, Google patched four other bugs — three of high risk and one of medium risk — in the Chrome update released this week... So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.

This week the Verge reported: If you ask Chrome to delete all cookies and site data whenever you quit the browser, it's reasonable to expect that this policy applies to all websites. Recently, though, a bug in the browser meant data wasn't being removed for two sites in particular: Google and YouTube.

This problem was first documented by iOS developer Jeff Johnson on his blog. Johnson found that in Chrome version 86.0.4240.75, "local storage" data for Google.com and YouTube.com stuck around even after restarting the browser. We've been able to replicate similar behavior... The Register notes that Chrome's behavior could allow Google to stash cookie-style data as site data, allowing it to track users even when they think they're being careful by deleting their cookie and site data every time they close the browser.

In a statement, Google said it was aware of the issue and was working on a fix... At least one of the affected sites, YouTube, appears to have already been fixed. After we upgraded the Chrome browser to version 86.0.4240.111, YouTube's local storage data seems to successfully purge after a restart, although the data from Google.com still sticks around.

An anonymous reader shares a report: Site Isolation is a modern browser security feature that works by separating each web page and web iframes in their own operating system process in order to prevent sites from tampering or stealing with each other's data. The feature was first deployed with Google Chrome in mid-2018, with the release of Chrome 67. Although initially, Site Isolation was meant to be deployed as a general improvement to Chrome's security posture, the feature came just in time to serve as a protective measure against the Spectre vulnerability impacting modern CPUs. Seeing the feature's success, Mozilla also announced plans to support it with the Firefox browser in February 2019, as part of an internal project codenamed Fission.

For both Google and Mozilla, implementing Site Isolation was a time-consuming operation, requiring engineers to re-write large chunks of their browsers' internal architecture. The process took about two years for both Google and Mozilla. While Site Isolation is now a stable feature inside Chrome, this work is now nearing its completion inside Firefox. According to an update to the Project Fission wiki page, Site Isolation can now be enabled inside versions of Firefox Nightly, the Firefox version where new features are tested.

An anonymous reader quotes a report from Ars Technica: Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users' social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github. Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google's Chrome Web Store. Xu told me that Nano Adblocker and Nano Defender, which often are installed together, have about 300,000 installations total.

Four days ago, Raymond Hill, maker of the uBlock Origin extension upon which Nano Adblocker is based, revealed that the new developers had rolled out updates that added malicious code. The first thing Hill noticed the new extension doing was checking if the user had opened the developer console. If it was opened, the extension sent a file titled "report" to a server at https://def.dev-nano.com/. "In simple words, the extension remotely checks whether you are using the extension dev tools -- which is what you would do if you wanted to find out what the extension is doing," he wrote. The most obvious change end users noticed was that infected browsers were automatically issuing likes for large numbers of Instagram posts, with no input from users. Cyril Gorlla, an artificial intelligence and machine learning researcher at the University of California in San Diego, told me that his browser liked more than 200 images from an Instagram account that didn't follow anyone. The screenshot to the right shows some of the photos involved.

Cloudflare has released the beta of its new "browser isolation" service, which runs a web browser in the cloud, reports TechRadar. As more and more computing is done inside a browser as opposed to on a system itself, many enterprise organizations have begun to deploy browser isolation services where the browser doesn't actually run on a user's computer. Instead the browser runs on a virtual machine inside a cloud provider's data center. This means that any threats from the browser will stay in that virtual machine and won't be able to infect a corporate laptop or move laterally across an organization's network...

Cloudflare Browser Isolation does thing a bit differently by sending the final output of a browser's web page rendering. As a result, the only thing every sent to a user's device is a package of draw commands to render the webpage and this also means that the company's new service will be compatible with any HTML5 compliant browser including Chrome, Safari, Edge and Firefox.

As Cloudflare has data centers in 200 cities around the world, its browser isolation service should be able to deliver a responsive web browsing experience regardless of where a user is located.
It's part of a larger push, since this week Cloudflare also released their network-as-a-service solution "Cloudflare One," which according to Cloudflare "protects and accelerates the performance of devices, applications, and entire networks to keep workforces secure." "After decades of building legacy corporate networks, organizations are left with clunky systems designed to protect their now empty offices. The only way to secure today's work-from-anywhere economy is to secure each individual employee, protecting their individual networks, devices, and access to business-critical applications," said Matthew Prince, CEO of Cloudflare... Companies have traditionally used a castle-and-moat approach to security, creating a barrier between the enterprise network and external threats. Now that applications have moved to the cloud, and more employees have moved outside of the office, that model is broken.

Employees are frustrated with the speed and experience of VPNs, and organizations want an alternative to the expensive patchwork of legacy solutions required to secure and connect corporate offices to each other and the internet. Today's new landscape requires a zero trust approach, where organizations do not automatically trust any requests to corporate data or resources, and instead, verify every attempt to connect to corporate systems before allowing them access... This unified solution enables fast and safe connections to workplace applications, allows teams to use an app without exposing it to the public internet, makes personal devices safe for business use, and works in any environment with any cloud provider.

Slashdot reader alternative_right shares a report from Politico: Justice Department and state prosecutors investigating Google for alleged antitrust violations are considering whether to force the company to sell its dominant Chrome browser and parts of its lucrative advertising business, three people with knowledge of the discussions said...

The conversations — amid preparations for an antitrust legal battle that the Department of Justice is expected to begin in the coming weeks — could pave the way for the first court-ordered break-up of a U.S. company in decades. The forced sales would also represent major setbacks for Google, which uses its control of the world's most popular web browser to aid the search engine that is the key to its fortunes.

Discussions about how to resolve Google's control over the $162.3 billion global market for digital advertising remain ongoing, and no final decisions have been made, the people cautioned, speaking anonymously to discuss confidential discussions. But prosecutors have asked advertising technology experts, industry rivals and media publishers for potential steps to weaken Google's grip... A major antitrust report that the House Judiciary Committee released this week found that Chrome's market share allows Google to "effectively set standards for the industry," an issue of particular relevance as Chrome phases out cookies. "Google's ad-based business model can prompt questions about whether the standards Google chooses to introduce are ultimately designed primarily to serve Google's interests," the House report said. "Market participants are concerned that while Google phases out third-party cookies needed by other digital advertising companies, Google can still rely on data collected throughout its ecosystem."
Friday Politico reported the antitrust suit against Google is likely to be filed "early next week, but without the sign-on of any Democratic attorneys general, four people familiar with the case said Friday — upending the Trump administration's hopes to enlist bipartisan support for its fight against the internet giant..."

Instead a bipartisan group of states "expects to file an antitrust complaint challenging Google's search practices at a later date, the people said. That group, led by Democratic attorneys general in Colorado and Iowa along with Nebraska's Republican attorney general, has expressed concern about what they view as the Justice Department's narrow approach to the case, the people said. Filing a separate suit would allow more leverage if the Department of Justice negotiates a settlement with Google they don't like, they said."

Google has changed how a core component of the Chrome browser works in order to add additional privacy protections for its users. From a report: Known as the HTTP Cache or the Shared Cache, this Chrome component works by saving copies of resources loaded on a web page, such as images, CSS files, and JavaScript files. The idea is that when a user revisits the same site or visits another website where the same files are used, Chrome will load them from its internal cache, rather than waste time re-downloading each file all over again.

[...] With Chrome 86, released earlier this week, Google has rolled out important changes to this mechanism. Known as "cache partitioning," this feature works by changing how resources are saved in the HTTP cache based on two additional factors. From now on, a resource's storage key will contain three items, instead of one: The top-level site domain (http://a.example), the resource's current frame (http://c.example), and the resource's URL (https://x.example/doge.png). By adding additional keys to the cache pre-load checking process, Chrome has effectively blocked all the past attacks against its cache mechanism, as most website components will only have access to their own resources and won't be able to check resources they have not created themselves.

An anonymous reader writes: Google today launched Chrome 86 for Windows, Mac, Linux, Android, and iOS. Chrome 86 brings password protections for Android and iOS, VP9 for macOS Big Sur, autoupgrades for insecure forms, focus indicator improvements, and a slew of developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome.

With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers have to stay on top of everything available -- as well as what has been deprecated or removed. Chrome 86, for example, deprecates support for FTP URLs, starting with 1% of users and ramping up to 100% by Chrome 88.