An anonymous reader shares a report: Google released earlier today Chrome 67, the latest stable release of its web browser. According to changelogs released with Chrome 67, this version adds support for a Generic Sensors API, improves AR and VR experiences, and deprecates the HTTP-Based Public Key Pinning (HPKP) security feature. Probably the biggest change in Chrome 67 is the addition of the Generic Sensors API. As the name implies, this is an API that exposes data from device sensors to public websites. The new API is based on the Generic Sensor W3C standard. This API is meant primarily for mobile use, and in its current version, websites can use Chrome's Generic Sensors API to access data from a device's accelerometer, gyroscope, orientation and motion sensors. Another API that shipped with Chrome is the WebXR Device API. Developers can use this API to build virtual and augmented reality experiences on Chrome for mobile-based VR headsets like Google Daydream View and Samsung Gear VR, as well as desktop-hosted headsets like Oculus Rift, HTC Vive, and Windows Mixed Reality Headsets.

Unknown third parties appear to be exploiting the Chrome Store's 'theme' section to offer visitors access to a wide range of pirate movies including "Black Panther", "Avengers: Infinity War" and "Rampage." From a report: When clicking through to the page offering Ready Player One, for example, users are presented with a theme that apparently allows them to watch the movie online in "Full HD Online 4k." Of course, the whole scheme is a dubious scam which eventually leads users to Vioos dot co, a platform that tries very hard to give the impression of being a pirate streaming portal but actually provides nothing of use. In fact, as soon as one clicks the play button on movies appearing on Vioos dot co, visitors are re-directed to another site called Zumastar which asks people to "create a free account" to "access unlimited downloads and streaming." Google services have a history of being exploited.

The latest installment of Microsoft's browser battery challenge shows once again that Edge consumes less energy than Chrome and Firefox. From a report: With the Windows 10 April 2018 Update rolling out across the globe, Microsoft thinks it's once again time to square Edge up against Chrome and Firefox in a new battery-life test. Microsoft's browser experiment shows a time-lapse of "three identical devices, three different browsers, streaming one video." Firefox, Edge, and Chrome play what appears to be a Netflix video on three Surface Books. As usual, the Edge device lasts the longest, depleting the battery after 14 hours and 20 minutes. The Chrome device lasted 12 hours and 32 minutes, while the Firefox laptop ran out of steam after just seven hours and 15 minutes.

An anonymous reader quotes a report from The Verge: Microsoft and Google are jointly disclosing a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says "these mitigations are also applicable to variant 4 and available for consumers to use today." However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won't see negative performance impacts.

"If enabled, we've observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems," explains Leslie Culbertson, Intel's security chief. As a result, end users (and particularly system administrators) will have to pick between security or optimal performance. The choice, like previous variants of Spectre, will come down to individual systems and servers, and the fact that this new variant appears to be less of a risk than the CPU flaws that were discovered earlier this year.

The popular Gboard keyboard app for iOS and Android devices has a fundamental flaw. According Reddit user SurroundedByMachines, the red underline has stopped appearing for incorrectly spelled words since November of last year -- and it doesn't appear to be limited to any one device. Issues with the spell checker have been reported on multiple devices across Android and iOS. A simple Google search brings up several different threads where people have reported issues with the feature.

What's more is that nobody at Google seems to get the memo. The Reddit user who first brought this to our attention filed several bug reports, left a review, and joined the beta channel to leave feedback there, yet no response was given. "Many people have been having the issue, and it's even been escalated to the community manager," writes SurroundedByMachines. Since the app has over 500 million downloads on the Play Store alone, this issue could be frustrating a lot of users, especially those who use their phones to send work emails or write documents. Have you noticed Gboard's broken spell checker on your device? If so, you may want to look into another third-party keyboard, such as SwiftKey or Cheetah Keyboard.

Google announced Thursday it plans to drop the "Secure" indicator from the Chrome URL address bar -- starting with Chrome v68, set for release in July -- and only show a lock icon when the user is navigating to an HTTPS-secured website. From a report: The move is scheduled to take effect with the release of Chrome 69, scheduled for September, this year. Emily Schechter, Product Manager for Chrome Security, said the company is now comfortable making this move as a large chunk of Chrome's traffic is now via HTTPS. Since most traffic is HTTPS anyway, it's not necessary to draw the user's attention to the "Secure" indicator anymore.

Google this week rolled out an update to Chrome to patch a bug that had rendered millions of web-based games useless. From a report: The bug was introduced in mid-April when Google launched Chrome 66. One of this release's features was its ability to block web pages with auto-playing audio. [...] Not all games were affected the same. For some HTML5 games, users could re-enable audio by interacting with the game's canvas via a click-to-play interaction. Unfortunately, older games and those that weren't coded with such policy remained irrevocably broken, no matter what Chrome options users tried to modify in their settings sections. [...] With today's release of Chrome for Desktop v66.0.3359.181, Google has now fixed this issue, but only temporarily. John Pallett, a product manager at Google, admitted that Google "didn't do a good job of communicating the impact of the new autoplay policy to developers using the Web Audio API." He said, for this reason, the current version of Chrome, v66, will no longer automatically mute Web Audio objects.

Currently, you can head to the "History and Privacy" settings in YouTube and toggle on the options to pause watch and search history if you don't want the site to track your searches and watched videos, but that can be a bit complicated each time you want to search for something weird. According to Android Police, "YouTube will make it a little easier to go into incognito without digging into many settings and without having to disable it later." A new "Incognito Mode" will appear when you tap your account avatar in the top right of the app. From the report: With "Incognito Mode" on, all your activity from the current session is not saved and subscriptions are hidden too. It's as if you were signed out without being so, and there's a neat incognito icon replacing your avatar. If you turn off Incognito or become inactive on YouTube, you'll be back to using your own account.

Browser makers are working on a new W3C API that will standardize Picture-in-Picture (PiP) mode and allow websites to show a floating video popup outside the browser window itself. From a report: In the past, picture-in-picture has only been supported inside a web page's canvas as a floating window that only appeared inside the current website, as the user scrolled up and down the page. Some platforms added support for a picture-in-picture mode, but those were OS-specific APIs that worked with all sorts of video apps, not just browsers. Now, the Web Platform Incubator Community Group (WICG) at the World Wide Web Consortium (W3C), has released details about a browser-specific API for standardizing picture-in-picture interactions that allow websites to open an external "floating video" popup outside the browser window itself. [...] Chrome and Safari have already shipped out the new Picture-in-Picture API.

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

An anonymous reader quotes a report from Ars Technica: An update Google rolled out for its popular Chrome browser this weekend helps prevent those annoying auto-playing video ads on many websites from disturbing your day with unwanted sound as well. But that update is causing consternation for many Web-based game developers who are finding that the change completely breaks the audio in their online work. The technical details behind the problem involve the way Chrome handles WebAudio objects, which are now automatically paused when a webpage starts up, stymying auto-playing ads. To get around this, Web-based games now have to actively restart that pre-loaded audio object when the player makes an action to start the game, even if that audio wasn't autoplaying beforehand. "The standard doesn't require you to do this, so no one would have thought to do this before today," developer Andi McClure told Ars Technica. "With Chrome's new autoplay policies, developers shouldn't assume that audio can be played before a user gesture," Google told The Daily Dot in a statement. "With gaming in Chrome, this may affect Web Audio. We have shared details on what developers can do to address this, and the design for the policy was published last year."

Google today announced Chrome OS is getting Linux support. "As a result, Chromebooks will soon be able to run Linux apps and execute Linux commands," reports VentureBeat. "A preview of Linux on the Pixelbook will be released first, with support for more devices coming soon." From the report: "Just go to wherever you normally get those apps, whether it's on the websites or through apt-get in the Linux terminal, and seamless get those apps like any other Linux distribution," Chrome OS director of product management Kan Liu told VentureBeat.

Support for Linux apps means developers will finally be able to use a Google device to develop for Google's platforms, rather than having to depend on Windows, Mac, or Linux machines. And because Chrome OS doesn't just run Chrome OS-specific apps anymore, developers will be able to create, test, and run any Android or web app for phones, tablets, and laptops all on their Chromebooks. Without having to switch devices, you can run your favorite IDE -- as long as there is a Debian Linux version (for the curious, Google is specifically using Debian Stretch here -- code in your favorite language and launch projects to Google Cloud with the command line.

When Google released Chrome 66 just over two weeks ago, it received lots of attention and praise for introducing the ability to mute autoplaying videos with sound until you press play. Today, Chrome product manager John Pallett revealed that "the new policy blocks about half of unwanted autoplays." VentureBeat reports: Pallett also shared that "a significant number" of autoplays are paused, muted, or have their tab closed within six seconds by Chrome users. He didn't say how many exactly, as the number varies significantly from site to site. But that shouldn't surprise anyone, given how much work Google put into this latest feature. Chrome decides which autoplaying content to stop in its tracks by learning your preferences and ranking each website according to your past behavior. If you don't have browsing history with a site, Chrome allows autoplay for over 1,000 sites where Google says the highest percentage of visitors play media with sound (sites where media is the main point of visiting the site). As you browse the web, Chrome updates that list by enabling autoplay on sites where you play media with sound during most of your visits, and disables it on sites where you don't.

Several users who have updated their computers to Windows 10 April 2018 Update are reporting that Chrome is freezing their machines. From a report: I have now used the April 2018 Update for nearly 24 hours and the same problem has presented itself no less than five times. For a machine - which was working perfectly prior to the update - with a Core i7 CPU, 16GB of RAM, and a 512GB SSD, I naturally resorted to Reddit and Microsoft forum threads to see if others were experiencing the issue. It appears that several users on Reddit (spotted by Softpedia) with machines sporting varying configurations are experiencing the problem as well, and the only fix to it is the one I found too; that is, putting the laptop to sleep using the power button or closing the lid.

Starting today, Google Chrome will show a full-page warning whenever users are accessing an HTTPS website that's using an SSL certificate that has not been logged in a public Certificate Transparency (CT) log. From a report: By doing so, Chrome becomes the first browser to implement support for the Certificate Transparency Log Policy. Other browser makers have also agreed to support this mechanism in the future, albeit they have not provided more details. This new policy was first proposed by Google engineers in 2016, and was scheduled to enter into effect in October 2017, but was later delayed for 2018.

Remember that popular browser extension that let you sync your bookmarks on multiple devices? Launched in 2006 by Foxmarks (a company created by EFF co-founder Mitch Kapor), it was saved from death in 2010 when it was acquired by the password-management service LastPass. But now BetaNews reports: If you're a user of Xmarks, there's some bad news for you -- the service is closing down... The bookmark syncing tool, which is available as an addon for Chrome, Firefox, Internet Explorer and Safari, is to be shuttered on May 1... Emails have also been sent out to registered users notifying them of the impending closure.

"On May 1, 2018, we will be shutting down Xmarks... After this date, your bookmarks should remain available in any previously accessed browser, but they will no longer sync and your Xmarks account will be deactivated... After careful consideration and evaluation, we have decided to discontinue the Xmarks solution so that we can continue to focus on offering the best possible password vaulting to our community."
It was apparently especially popular with long-time Slashdot reader vm, who writes "I have held on to my Xmarks account over the years because I can always get to them despite changes in operating systems, browsers, employers, etc.

"What do other folks use that may also have a mobile option?"

Catalin Cimpanu, writing for BleepingComputer: Google engineers have rolled out a new Chrome user interface (UI). Work on the new Refresh UI has been underway since last year, Bleeping Computer has learned. The new UI is in early testing stages, and only available via the Google Chrome Canary distribution, a version of the Chrome browser used as a testing playground. Users who are interested in giving the new UI a spin must install Chrome Canary, and then access chrome://flags, a section that contains various experimental options not included in Chrome's default settings section.

"After years of phones, laptops, tablets, and TV screens converging on 16:9 as the 'right' display shape -- allowing video playback without distracting black bars -- smartphones have disturbed the universality recently by moving to even more elongated formats like 18:9, 19:9, or even 19.5:9 in the iPhone X's case," writes Amelia Holowaty Krales via The Verge. "That's prompted me to consider where else the default widescreen proportions might be a poor fit, and I've realized that laptops are the worst offenders." Krales makes the case for why a 16:9 screen of 13 to 15 inches in size is a poor fit: Practically every interface in Apple's macOS, Microsoft's Windows, and on the web is designed by stacking user controls in a vertical hierarchy. At the top of every MacBook, there's a menu bar. At the bottom, by default, is the Dock for launching your most-used apps. On Windows, you have the taskbar serving a similar purpose -- and though it may be moved around the screen like Apple's Dock, it's most commonly kept as a sliver traversing the bottom of the display. Every window in these operating systems has chrome -- the extra buttons and indicator bars that allow you to close, reshape, or move a window around -- and the components of that chrome are usually attached at the top and bottom. Look at your favorite website (hopefully this one) on the internet, and you'll again see a vertical structure.

As if all that wasn't enough, there's also the matter of tabs. Tabs are a couple of decades old now, and, like much of the rest of the desktop and web environment, they were initially thought up in an age where the predominant computer displays were close to square with a 4:3 aspect ratio. That's to say, most computer screens were the shape of an iPad when many of today's most common interface and design elements were being developed. As much of a chrome minimalist as I try to be, I still can't extricate myself from needing a menu bar in my OS and tab and address bars inside my browser. I'm still learning to live without a bookmarks bar. With all of these horizontal bars invading our vertical space, a 16:9 screen quickly starts to feel cramped, especially at the typical laptop size. You wind up spending more time scrolling through content than engaging with it. What is your preferred aspect ratio for a laptop? Do you prefer Microsoft and Google's machines that have a squarer 3:2 aspect ratio, or Apple's MacBook Pro that has a 16:10 display?

Kaleigh Rogers, writing for Motherboard: Andrey Meshkov, the cofounder of ad-blocker AdGuard, recently got curious about the number of knock-off ad blocking extensions available for Google's popular browser Chrome. These extensions were deliberately styled to look like legitimate, well-known ad blockers, but Meshkov wondered why they existed at all, so he downloaded one and took a look at the code. "Basically I downloaded it and checked what requests the extension was making," Meshkov told me over the phone. "Some strange requests caught my attention."

Meshkov discovered that the AdRemover extension for Chrome -- which had over 10 million users -- had code hidden inside an image that was loaded from the remote command server, giving the extension creator the ability to change its functions without updating. This alone is against Google's policy, and after Meshkov wrote about a few examples on AdGuard's blog, many of which had millions of downloads, Chrome removed the extensions from the store. I reached out to Google, and a spokesperson confirmed that these extensions had been removed.

An anonymous reader writes: Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's -- and inherently Edge's -- anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API.

Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.