An anonymous reader shares a report: Frustrated by web pages that never seem to load properly? Well, Google hopes to make them a thing of the past. Today, the company announced that Chrome on Android's Data Saver, a feature that automatically improves page loading using "built-in optimizations" and dedicated servers -- speeding them up by a factor of two and reducing data usage by up to 90 percent -- now supports encrypted HTTPS webpages. Previously, it only worked with unencrypted HTTP content. The latest stable version of Chrome on Android indicates in the URL bar when a lightweight version of a web page -- a Lite page -- is being displayed. Tapping the indicator shows additional information and provides an option to load the original version of the page. Google says that Chrome will automatically disable Lite pages on a per-site basis when it detects that "users frequently opt to load the original page."

"Japanese police have brought in, questioned, and charged a 13-year-old female student from the city of Kariya for sharing [links to] browser exploit code online," writes ZDNet. An anonymous reader shares their report: The code was a mere prank that triggered an infinite loop in JavaScript to show an "unclosable" popup when users accessed a certain link, Japanese news agency NHK reported yesterday. The popup could be closed in some browsers -- such as Edge and Firefox on desktop -- but couldn't be closed in others, such as Chrome on desktop and the majority of mobile browsers.

The popup was hosted in several places online, and police say the teenager helped spread the links... The teenage girl did not create the malicious code, which had been shared on online forums by multiple users for the past few years. NHK reported that police also searched the house of a second suspect, 47-year-old man from Yamaguchi, and are also looking at three other suspects for the same "crime" of sharing the link on internet forums.
Ars Technica found a tweet suggesting that the code was actually written in 2014.

Google said this week that a Chrome zero-day the company patched last week was actually used together with a second one, a zero-day impacting the Microsoft Windows 7 operating system. From a report: The two zero-days were part of ongoing cyber-attacks that Clement Lecigne, a member of Google's Threat Analysis Group, discovered last week on February 27. The attackers were using a combination of a Chrome and Windows 7 zero-days to execute malicious code and take over vulnerable systems. The company revealed the true severity of these attacks in a blog post this week. Google said that Microsoft is working on a fix, but did not give out a timeline. The company's blog post comes to put more clarity into a confusing timeline of events that started last Friday, March 1, when Google released Chrome 72.0.3626.121, a new Chrome version that included one solitary security fix (CVE-2019-5786) for Chrome's FileReader --a web API that lets websites and web apps read the contents of files stored on the user's computer.

Microsoft this week revamped Skype's browser-based client with a slew of new features. From a report: The Seattle company this week announced the rollout of a major Skype for Web update, which introduces high-definition video calling, a redesigned notifications panels, a revamped media gallery, and more. It's available on any PC running Windows 10 and Mac OS X 10.12 or higher with the latest versions of Google Chrome or Microsoft Edge. The bulk of the new capabilities debuted in preview last October, but they're available widely starting this week. Skype for Web does not support Safari, Firefox, and Opera browsers, Microsoft has confirmed.

Last December, Microsoft announced that it has embraced Google's Chromium open source project for Edge development on the desktop, a move that shocked many. We now have some leaked screenshots of the browser in its current state, and they appear to show a browser resembling Google Chrome. Neowin reports: A lot of the design language and icons have remained similar to what they were like before, but there are definitely many changes that will be familiar to Chrome users. For one, the options to see all your tabs and to set aside the currently open tabs have been removed compared to the current version of Edge. To the right of the address bar, you'll be able to find your extensions, as well as your profile picture similar to what Chrome looks like. Bing is integrated into the browser -- as you'd expect of a Microsoft-made browser -- and the New Tab background can be set to rotate based on Bing's image of the day. Scrolling down will reveal a personalized news feed powered by Microsoft News, similar to the old Edge. The layout of the feed can be customised based on your preference from among a number of options.

The settings options for the browser have also changed. While Edge settings are currently available via a slide-out menu from the right, the new Edge's settings are accessible through a new tab similar to Chrome. It'll show the Microsoft account you're logged into, as well as the usual array of toggles and tidbits you'd expect. Ominously, the about page for the browser now acknowledges the contributions of the Chromium project, as well as other open source software, a stark reminder that this isn't the Microsoft of yesteryear. This is a new browser, and a new Microsoft.

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.

Chrome is going to get a big speed boost -- at least for web pages you've recently visited. CNET: With a feature called bfcache -- backward-forward cache -- Google's web browser will store a website's state as you navigate to a new page. If you then go back to that page, Chrome will reconstitute it rapidly instead of having to reconstruct it from scratch. Then, if you retrace your steps forward again, Chrome will likewise rapidly pull that web page out of its memory cache. The speed boost doesn't help when visiting new websites. But this kind of navigation is very common: Going back accounts for 19 percent of pages viewed on Chrome for Android and 10 percent on Chrome for personal computers, Google said. With bfcache, that becomes "extremely fast."

The FIDO Alliance -- a consortium that develops open source authentication standards -- has been pushing to expand its secure login protocols to make seamless logins a reality for several years. Today, it has hit the jackpot: Google. From a report: On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning that the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone's fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser instead of laboriously typing in your password every time you want to log in. Web developers can now design their sites to interact with Android's FIDO2 management infrastructure.

More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website, a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed. From a report: The same survey also found that roughly 85 percent of the 120,000 Chrome extensions listed on the Chrome Web Store don't have a privacy policy listed, meaning there's no legally-binding document describing how extension developers are committing to handling user data. Additional survey findings include the fact that 77 percent of the tested Chrome extensions didn't list a support site, 32 percent used third-party JavaScript libraries that contained publicly known vulnerabilities, and nine percent could access and read cookie files, some of which are used for authentication operations.

A group of researchers say that it will be difficult to avoid Spectre bugs in the future unless CPUs are dramatically overhauled. From a report: Google researchers say that software alone is not enough to prevent the exploitation of the Spectre flaws present in a variety of CPUs. The team of researchers -- including Ross McIlroy, Jaroslav Sevcik, Tobias Tebbi, Ben L Titzer and Toon Verwaest -- work on Chrome's V8 JavaScript engine. The researchers presented their findings in a paper distributed through ArXiv and came to the conclusion that all processors that perform speculative execution will always remain susceptible to various side-channel attacks, despite mitigations that may be discovered in future.

Google has sent out invites to this year's Game Developers Conference (GDC) press event, where the company is expected to unveil a new game streaming product. ExtremeTech reports: There have been rumors about a Google game stream product or service for several years. Initially, leaks pointed to a hardware platform called Yeti that would stream games to a connected display. In late 2018, Google rolled out a game streaming test called Project Stream. To publicize the demo, it worked with Ubisoft to give everyone free access to the new Assassin's Creed Odyssey. Google wrapped up Project Stream in early 2019, offering players a free copy of Assassin's Creed Odyssey as thanks. Of course, you'd need a real gaming PC to run that version.

Google's GDC event will take place on March 19th at 10 AM Pacific. All we know for sure is that Google is there to talk about a gaming project. It just seems extremely likely that it will be a new phase for Project Stream. It might remain browser-only, but Google does have a giant network of TV's out there with Chromecast streaming dongles plugged in. If it could leverage those to stream games, it could instantly have as many eyeballs as Sony or Microsoft.

Microsoft has released an official Timeline extension for Google Chrome called "Web Activities" that brings Timeline integration to Google's web browser. From a report: Just like with Microsoft Edge, this new extension syncs web browsing activities with the Timeline feature on Windows 10, making it easier to pick up old activities and search through webpages you've visited recently. The extension is available now in the Chrome Web Store, and ties with your Microsoft Account.

AmiMoJo writes: When browsing the web with Google Chrome, some sites are using a method to determine if a visitor is in a regular browsing session or in incognito mode. As this can be considered a breach of privacy, Google will be changing how a particular API works so that web sites can no longer utilize this technique.

Chrome supports the FileSystem API, which allows sites to create a virtual file system that lives within the sandbox of the browser. This allows sites that utilize large assets, such as online games, to download these assets to a virtual file system so that they do not have to download them each time they are needed. Currently the FileSystem API is not available in incognito sessions, because it leaves files behind and could be considered a privacy risk. Currently the API doesn't work in incognito mode, offering sites a way to check for it. In a Chrome Gerrit post started this week and updated earlier this morning, Google has stated that they are changing the FileSystem API so that it can be used in incognito mode, without the risks to privacy.

Google has changed its stance on upcoming Chrome Manifest V3 changes as benchmark shows they lied about performance hit. Catalin Cimpanu, writing for ZDNet: A study analyzing the performance of Chrome ad blocker extensions published on Friday has proven wrong claims made by Google developers last month, when a controversy broke out surrounding their decision to modify the Chrome browser in such a way that would have eventually killed off ad blockers and many other extensions. The study, carried out by the team behind the Ghostery ad blocker, found that ad blockers had sub-millisecond impact on Chrome's network requests that could hardly be called a performance hit. Hours after the Ghostery team published its study and benchmark results, the Chrome team backtracked on their planned modifications. At the root of Ghostery's benchmark into ad blocker performance stands Manifest V3, a new standard for developing Chrome extensions that Google announced last October.

An anonymous reader shares a report: Samsung's mobile internet browser, if you ask its users, is pretty great. A lot of folks even say it's better than Chrome. That appreciation has manifested in the app hitting a very exclusive Play Store milestone: Samsung Internet Browser now has more than one billion installs. That impressive figure puts the browser's install base ahead of those of Firefox and Opera combined. Now, there are a couple of caveats here: for one, Samsung's browser comes pre-loaded on Samsung devices, of which each activation counts as an "install." What's more, both Firefox's and Opera's Play Store listings report that each browser has "100,000,000+" installs, which, because of the somewhat silly way figures are reported on Android's app marketplace, means their combined installs total anywhere between 200 million and 999,999,998. Still, though, Samsung's browser is on more devices than the both of 'em.

The Google Play Store has been caught hosting an app designed to steal cryptocurrency from unwitting end users, according to researchers with Eset security company. "The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers," reports Ars Technica. "As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers." From the report: So-called clipper malware has targeted Windows users since at least 2017. The clipper malware available in Google Play impersonated a service called MetaMask, which is designed to allow browsers to run apps that work with the digital coin Ethereum. The primary purpose of Android/Clipper.C, as Eset has dubbed the malware, was to steal credentials needed to gain control of Ethereum funds. It also replaced both bitcoin and Ethereum wallet addresses copied to the clipboard with ones belonging to the attackers. Eset spotted the app shortly after its introduction to Google Play on February 1. Google has since removed it. Stefanko said it's the first time clipper malware has been hosted in the Android app bazaar. Eset malware researcher Lukas Stefanko wrote: "This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app -- only add-ons for desktop browsers such as Chrome and Firefox. Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims' cryptocurrency funds."

Microsoft cybersecurity expert Chris Jackson recently published a post on the official Windows IT Pro blog, titled "The perils of using Internet Explorer as your default browser." Jackson urges users that it's time to stop using its old web browser, a product Microsoft officially discontinued in 2015. From a report: In his post, Jackson explains how Microsoft customers still ask him Internet Explorer related questions for their business. The fact of the matter is that while most average internet users have moved on to Google Chrome, Firefox, or Microsoft's Edge, some businesses are still working with older web apps or sites that were designed for Internet Explorer. Instead of updating its tech, many companies have chosen to just keep using the various enterprise compatibility modes of Microsoft's old web browser. But, Jackson says "enough is enough." It's time to event stop calling Internet Explorer a web browser.

Google Chrome 73, scheduled for release next month, will be the first version of Chrome that will officially support the multimedia keys that some users have on their desk and laptop keyboards, ZDNet reports. From the report: Support for multimedia keys will initially be available for Chrome on Chrome OS, macOS, and Windows, while support for Linux will come later (unspecified date). Users will be able to control both audio and video content played in Chrome, including skipping through playlists. Initial support is planned for multimedia keys such as "play," "pause," "previous track," "next track," "seek backward," and "seek forward." Key presses will be supported at the Chrome level, not the tab level, meaning that multimedia buttons will work regardless if the Chrome browser is in the operating system's foreground or background (minimized).

An anonymous reader quotes a report from ZDNet: After a year of secret preparations, Mozilla has publicly announced plans today to implement a "site isolation" feature, which works by splitting Firefox code in isolated OS processes, on a per-domain (site) basis. The concept behind this feature isn't new, as it's already present in Chrome, since May 2018. Currently, Firefox comes with one process for the browser's user interface, and a few (two to ten) processes for the Firefox code that renders the websites. With Project Fission (as this was named), Firefox split processes will change, and a separate one will be created for each website a user is accessing. This separation will be so fine-grained that just like in Chrome, if there's an iframe on the page, that iframe will receive its own process as well, helping protect users from threat actors that hide malicious code inside iframes (HTML elements that load other websites inside the current website). This is the same approach Chrome has taken with its "Site Isolation."

DuckDuckGo cautions internet users that companies like Google, Facebook, and Twitter, do not respect the "Do Not Track" setting on web browsers. From a report: According to DuckDuckGo's research, over 77% of US adults are not aware of that fact. The "Do Not Track" (DNT) setting on browsers sends signals to web services to stop tracking a user's activity. However, the DNT setting is only a voluntary signal which websites are not obligated to respect. "It can be alarming to realize that Do Not Track is about as foolproof as putting a sign on your front lawn that says "Please, don't look into my house" while all of your blinds remain open."