Roughly 70% of all serious security bugs in the Chrome codebase are memory management and safety bugs, Google engineers said. From a report: Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components. The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities.

"Around 70% of our serious security bugs are memory safety problems," the Chromium project announced this week. "Our next major project is to prevent such bugs at source."

ZDNet reports: The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Both companies are basically dealing with the same problem, namely that C and C++, the two predominant programming languages in their codebases, are "unsafe" languages....

Google says that since March 2019, 125 of the 130 Chrome vulnerabilities with a "critical" severity rating were memory corruption-related issues, showing that despite advances in fixing other bug classes, memory management is still a problem... Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components...

While software companies have tried before to fix C and C++'s memory management problems, Mozilla has been the one who made a breakthrough by sponsoring, promoting and heavily adopting the Rust programming language in Firefox... Microsoft is also heavily investing in exploring C and C++ alternatives⦠But this week, Google also announced similar plans as well... Going forward, Google says it plans to look into developing custom C++ libraries to use with Chrome's codebase, libraries that have better protections against memory-related bugs. The browser maker is also exploring the MiraclePtr project, which aims to turn "exploitable use-after-free bugs into non-security crashes with acceptable performance, memory, binary size and minimal stability impact."

And last, but not least, Google also said it plans to explore using "safe" languages, where possible. Candidates include Rust, Swift, JavaScript, Kotlin, and Java.

Technology company ScreenHits is launching ScreenHits TV, a streaming video aggregator app that lets consumers bundle different services together in a single interface. From a report: The service creates a one-stop electronic programming guide where users can search the libraries of both free and subscription streaming platforms, as well as live online TV without jumping from platform to platform and without having to repeatedly sign up for new services. Subscribers of SVOD platforms such as Netflix, Disney+, Amazon Prime, HBO Go, MUBI and other streaming services, including BBC iPlayer, can integrate their existing services within the app, which is set to go live across multiple territories, including the U.S. and the U.K., by the end of this month. Entry-level subscriptions to ScreenHits will start at $1.99 per month and will initially be available on Samsung Smart TVs, Amazon Fire Stick, Apple Store, Google Chrome, Android and for the desktop.

Google has released today version 83 of its Chrome web browser, one of the most feature-packed Chrome updates released since the browser's initial launch back in 2009. From a report: Today's v83 release includes a slew of new features. These include enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature, among many many others. The reason why Chrome 83 includes so many features is because Google canceled the Chrome 82 release due to the ongoing coronavirus pandemic. As a result, some of the Chrome 82 features were pushed into Chrome 83, while others were rescheduled for later this year.

Google today announced that Chrome will soon start blocking resource-heavy ads. From a report: The company ads that mine cryptocurrency, are poorly programmed, or are unoptimized for network usage because they "drain battery life, saturate already strained networks, and cost money." There are three possible thresholds an ad can hit to be blocked: 4MB of network data, 15 seconds of CPU usage in any 30 second period, or 60 seconds of total CPU usage. Google will be experimenting with this change "over the next several months" and will roll it out on Chrome stable "near the end of August."

Google Chrome is rolling out a new feature to help you better manage all your open tabs. The company announced today the launch of "tab groups" for the beta version of its web browser, which will allow you to organize, label, and even color-code your tabs for easy access. The feature will make its way to the stable release of Chrome starting next week. From a report: To use the new feature, you can right-click on a tab and choose "Add tab to group." You can then select an existing group to move the tab to or create a new one, which you'll also name and label. The company had been testing this solution for several months before today's public release, as some had already spotted. Based on this early research, Google says it found that many people tended to organize their tabs by topic -- like a project they're working on or a set of shopping and review sites, for example. Others, however, would organize tabs by urgency -- labeling them things like "ASAP," "this week," or "later." Google also suggests tab groups can be used to help keep you focused on task progress, by grouping them into areas like "in progress," "need to follow up," and "completed."

Google has added a very useful feature to Google Lens, its multipurpose object recognition tool. From a report: You can now copy and paste handwritten notes from your phone to your computer with Lens, though it only works if your handwriting is neat enough. In order to use the new feature, you need to have the latest version of Google Chrome as well as the standalone Google Lens app on Android or the Google app on iOS (where Lens can be accessed through a button next to the search bar). You'll also need to be logged in to the same Google account on both devices. That done, simply point your camera at any handwritten text, highlight it on-screen, and select copy. You can then go to any document in Google Docs, hit Edit, and then Paste to paste the text. And voila -- or, viola, depending on your handwriting.

Google announced this week new rules for the Chrome Web Store in an attempt to cut down the number of shady Chrome extensions submitted and listed on the site. From a report: Starting August 27, Google says it intends to enforce a new set of rules, which will result in a large number of extensions being delisted. These rules are meant to crack down on a series of practices extension developers have been recently employing to flood the Web Store with shady extensions or boost install counts for low-quality content. They include:
1. Developers cannot submit duplicate extensions anymore. (e.g. Wallpaper extensions that have different names but provide the user with the same wallpapers when installed.)
2. Extensions are not allowed to use "keyword spam" techniques to flood metadata fields with multiple terms and have the extension listed across multiple categories to improve the extension's visibility in search results.
3. Developers are not allowed to use misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata. Extension metadata needs to be accurate, and Google intends to be strict about it.
4. Developers are now forbidden from inflating product ratings, reviews, or install counts by illegitimate means, such as fraudulent or paid downloads, reviews, and ratings.

Google has announced the general availability of a long-awaited feature -- the ability to manage Windows 10 devices through G Suite. From a report: Until today, companies that used G Suite to manage corporate endpoints could only enroll Android, iOS, Chrome, and Jamboard devices. Once enrolled in a G Suite enterprise plan, system administrators at these companies would have full control over the enrolled devices, to ensure that company data was safeguarded from sloppy employees. G Suite admins could enforce security policies related to login operations, file storage, encryption, and other features. Starting this week, the same features are now also available for working with Windows 10 devices, Google announced in a blog post. These include the ability to, among other things: Log into Windows 10 systems using a Google account, control Windows 10 update rules, and change Windows 10 settings remotely.

An anonymous reader quotes a report from BetaNews: Microsoft is no stranger to hitting its customers with ads for its products and services, and it seems that the company is so keen that people make the switch to the new Chromium-based version of Edge that it is now bombarding Outlook.com users with banner ads. The ads are targeting people who visit the web-based version of Outlook using Google Chrome, and they see Microsoft extolling the speed and performance of its most recent web browser.

As spotted by Windows Latest a series of ads appear at the top of Outlook.com encouraging people to try out Microsoft Edge. In the ads, Microsoft claims that Edge brings "the best of the web," makes "Outlook more accessible," and boosts "speed, performance and compatibility." The good news about the latest batch of ads from Microsoft is that they are not terribly persistent. While there are a number of different banner ads which are displayed in rotation after a refresh or on each new visit to Outlook.com, once they have been dismissed they do not seem to make a reappearance.

Social distancing and stay-home orders have led to booming demand for grocery delivery services. In some big cities, people report not being able to find an open delivery time slot for days or weeks at a time. And now Motherboard has found a series of bots that automatically give some people an upper hand when limited delivery time slots are available on Amazon Fresh or Wholefoods. From a report: A slew of developers have made bots and other tools that, in some cases, automatically hunt for a free delivery slot, grab it, and then complete the user's food order, making sure they have a much better chance of buying food before other people snatch up the slot. While some of the developers told Motherboard they designed their bots to help those in need, such as senior citizens who may need to stay inside as exposure to the coronavirus could be more serious for them, others are dealing with the ethical issue of releasing a tool that can clearly be abused, by allowing those who can figure out how to use a technical tool to buy food while others go without.

"Yes, it's an unfair advantage over others who aren't tech-savvy but may still need to purchase items urgently. However, I try my best to reduce the abused [sic] problem," Manfong, the developer behind a Chrome extension that notifies users when a delivery slot is available, told Motherboard in an email. Checkout bots, often reserved for buying things like limited edition sneakers or concert tickets, are in particularly high demand at the moment for other items. Last week Motherboard reported how one developer had created a bot dedicated to buying the Nintendo Switch, with resellers grabbing as many as they can to sell for a profit during the crisis. Now, that idea of getting a technical one-up over others has expanded to buying essential items such as food.

Vivaldi, the browser launched by former Opera CEO Jon von Tetzchner, has long positioned itself as a highly customizable alternative to Chrome and Firefox for power users. Today, the team is launching version 3.0 of its desktop browser, with built-in tracker and ad blockers, and it's bringing its Android browser out of beta. From a report: I've long been a fan of Vivaldi, but the company was relatively late to the tracking protection game. Now it's doubling down by integrating a blocklist powered by DuckDuckGo's Tracker Radar. Like competing browsers, Vivaldi offers three blocking levels that users can easily toggle on and off for individual websites. Those blocking levels are relatively blunt, though, with the options to either block trackers, block trackers and ads, or disable blocking. Competitors like Edge offer slightly more nuanced options for blocking trackers, though I would expect Vivaldi to adopt a similar scheme over time.

The web-based Apple Music experience that launched in beta last September is now available at music.apple.com. MacRumors reports: The previous beta.music.apple.com address automatically forwards to the newly launched version. Once you're signed into the web version of Apple Music with your Apple ID that has an associated Apple Music subscription, you'll have access to all of your library and playlist content, as well as the same personal mixes and recommendations you'll see in the Music apps for iOS, Mac, and Android. Apple Music content plays right in the web browser, providing access for an array of devices and platforms that don't have native Music app support, include Windows 10, Linux, and Chrome OS.

Google has removed 49 Chrome extensions from the Web Store that posed as legitimate cryptocurrency wallet apps but contained malicious code that stole crypto-wallet private keys, mnemonic phrases, and other raw secrets. From a report: The 49 extensions were discovered by Harry Denley, Director of Security at the MyCrypto platform, who shared his findings exclusively with ZDNet last week. Denley says the 49 extensions appear to have been put together by the same person/group, believed to be a Russian-based threat actor. "Whilst the extensions all function the same, the branding is different depending on the user they are targeting," Denley said. The MyCrypto security researcher says he has identified malicious extensions posing as known crypto-wallets apps such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.

An anonymous reader writes: Google today launched Chrome 81 for Windows, Mac, Linux, Android, and iOS. Chrome 81 includes an Origin Trial of Web NFC for mobile, early Augmented Reality support, mixed images autoupgraded to HTTPS, TLS 1.0 and TLS 1.1 deprecated, and more developer features. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 81 removes the "discard" element and FTP support.

An anonymous reader writes: Mozilla today launched Firefox 75 for Windows, Mac, and Linux. Firefox 75 includes a revamped address bar with significant search improvements, a few performance tweaks, and a handful of developer features. You can download Firefox 75 for desktop now from Firefox.com, and all existing users should be able to upgrade to it automatically. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider.

When the coronavirus crisis took hold, millions found themselves spending more time in their browsers as they learn and work from home. But the crisis is also impacting software developers. Google was forced to pause its Chrome releases, which typically arrive every six weeks. Ultimately, Chrome 81 was delayed, Chrome 82 is being skipped altogether, and Chrome 83 has been moved up a few weeks. Microsoft has followed suit with Edge's release schedule, consistent with Google's open source Chromium project, which both Chrome and Edge are based on. Mozilla wants to make clear it is not in the same boat. The company took an indirect jab at Google and Microsoft today, saying: "We've built empathy into our systems for handling difficult or unexpected circumstances. These strengths are what allow us to continue to make progress where some of our competitors have had to slow down or stop work."

Long-time Slashdot reader AmiMoJo quotes Softpedia: It was probably just a matter of time, but the thing so many people, including everyone at Microsoft, expected finally happened: Microsoft Edge surpassed Mozilla Firefox to become the world's second most-used desktop browser. Data provided by market analysis firm NetMarketShare reveals that the whole thing happened in March, when the adoption of the Chromium-powered Microsoft Edge improved to a level that allowed it to overtake Mozilla's own browser.

So right now, Microsoft Edge is the second most-used desktop browser on the planet with a share of 7.59%, while Mozilla Firefox is now third with 7.19%.

As for who's leading the pack, Google Chrome continues to be number one with a share of 68.50%.

Part of America's Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA) "has advised users to update Google Chrome as new high-rated security vulnerabilities have been found," reports Forbes: In an April 1 posting, CISA confirmed that Google Chrome version 80.0.3987.162 "addresses vulnerabilities that an attacker could exploit to take control of an affected system," be that Windows, Mac or Linux. It went on to state that it "encourages" users and administrators to apply the update. It's not just CISA that is warning about the need to update Google Chrome. The Center for Internet Security (CIS) is a non-profit entity that works to safeguard both private and public organizations against cyber threats. In a multi-state information sharing and analysis center (MS-ISAC) advisory, it has also warned of multiple vulnerabilities in Google Chrome.

The most severe of these could allow an attacker to achieve arbitrary code execution within the context of the browser... All it would take for an attacker to exploit the vulnerabilities is to get the user to visit, by way of a phishing attack or even redirection from a compromised site, a maliciously crafted web page.
Beside three high-rated vulnerabilities, Forbes reports that "a further five security vulnerabilities were discovered by the Google internal security team using a combination of internal audits and fuzzing."

Microsoft today announced upcoming features for its Edge browser based on Google's Chromium open source project, the same browser Google's Chrome is based on. Consumer features like Vertical Tabs, Smart Copy, and Password Monitor are coming soon. Microsoft also shared a few updates for existing or already announced features like Collections, InPrivate mode, and Immersive Reader.

An anonymous reader shares a report: Google paused Chrome updates last week when it canceled the Chrome 81 release in order to avoid causing severe disruptions to web developers, system administrators, and its own engineers, most working from home or having resources strained due to ever-worsening coronavirus (COVID-19) outbreak. In a blog post on the Chrome blog today, Google said it is now ready to resume work on Chrome. The company said that starting next week, the current Chrome 80 release will start receiving security updates once again. Chrome v81, initially scheduled to be released on March 17, was rescheduled for April 7, at which time, web developers and system administrators would have had the time to adapt to their new working conditions.