Google will remove the familiar lock icon that allows users to check a website's Transport Layer Security status for the connection, citing research that only a few users correctly understood its precise meaning. From a report: The lock icon has been displayed by web browsers since the 1990s, indicating that the connection to web sites is secured and authenticated with encryption. However, Google said its 2021 research showed that only 11 percent of participants in a study correctly understood the meaning of the lock icon. This, Google argued, is not harmless since most phishing sites also use the hyper text transfer protocol secure extension (HTTPS) and also display the lock icon. Ergo, a lock icon is not in actual fact an indicator of a site's security. [...] Starting with Chrome version 117, Google will introduce a new "tune" icon, which does not imply a site is trustworthy, and is more obviously clickable. The "tune" icon is more commonly associated with settings and other control, and Google said a more neutral indicator like that prevents the misunderstanding around site security that the lock icon is causing.

An anonymous reader quotes a report from Gizmodo: Microsoft issued a Windows update that broke a Chrome feature, making it harder to change your default browser and annoying Chrome users with popups, Gizmodo has learned. An April Windows update borked a new button in Chrome -- the most popular browser in the world -- that let you change your default browser with a single click, but the worst was reserved for users on the enterprise version of Windows. For weeks, every time an enterprise user opened Chrome, the Windows default settings page would pop up. There was no way to make it stop unless you uninstalled the operating system update. It forced Google to disable the setting, which had made Chrome more convenient.

This petty chapter of the browser wars started in July 2022 when Google quietly rolled out a new button in Chrome for Windows. It would show up near the top of the screen and let you change your default browser in one click without pulling up your system settings. For eight months, it worked great. Then, in April, Microsoft issued Windows update KB5025221, and things got interesting. "Every time I open Chrome the default app settings of Windows will open. I've tried many ways to resolve this without luck," one IT administrator said on a Microsoft forum. A Reddit user noticed that the settings page also popped up any and every time you clicked on a link, but only if Chrome was your default browser. "It doesn't happen if we change the default browser to Edge," the user said. Others made similar complaints on Google support forums, some saying that entire organizations were having the issue. Users quickly realized the culprit was the operating system update.

For people on the regular consumer version of Windows, things weren't quite as bad; the one-click "Make Default" button just stopped working. Gizmodo was able to replicate the problem. In fact, we were able to circumvent the issue just by changing the name of the Chrome app on a Windows desktop. It seems that Microsoft threw up the roadblock specifically for Chrome, the main competitor to its Edge browser. [...] In response, Google had to disable its one-click default button; the issue stopped after it did. In other words, Microsoft seems to have gone out of its way to break a Chrome feature that made life easier for users. Google confirmed the details of this story, but declined to comment further.

An anonymous reader quotes a report from The Hacker News: Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was first discovered in the wild in December 2019.

The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Google Earth Pro and Google Chrome that are hosted on fake websites. [...] The major distributors of CryptBot, per Google, are suspected to be operating a "worldwide criminal enterprise" based out of Pakistan. Google said it intends to use the court order, granted by a federal judge in the Southern District of New York, to "take down current and future domains that are tied to the distribution of CryptBot," thereby kneecapping the spread of new infections.

Google Chromebooks expire too soon, saddling taxpayer-funded public schools with excessive expenses and inflicting unnecessary environmental damage, according to the US Public Interest Research Group (PIRG) Education Fund. The Register reports: In a report on Tuesday, titled "Chromebook Churn," US PIRG contends that Chromebooks don't last as long as they should, because Google stops providing updates after five to eight years and because device repairability is hindered by the scarcity of spare parts and repair-thwarting designs. This planned obsolescence, the group claims, punishes the public and the world.

"The 31 million Chromebooks sold globally in the first year of the pandemic represent approximately 9 million tons of CO2e emissions," the report says. "Doubling the life of just Chromebooks sold in 2020 could cut emissions equivalent to taking 900,000 cars off the road for a year, more than the number of cars registered in Mississippi." The report says that excluding additional maintenance costs, longer lasting Chromebooks could save taxpayers as much as $1.8 billion dollars in hardware replacement expenses.

The US PIRG said it wants: Google to extend its ChromeOS update policy beyond current device expiration dates; hardware makers to make parts more available so their devices can be repaired; and hardware designs that enable easier part replacement and service. [...] According to US PIRG, making an average laptop releases 580 pounds of carbon dioxide into the atmosphere, amounting to 77 percent of the total carbon impact of the device during its lifetime. Thus, the 31 million Chromebooks sold during the first year of the pandemic represent about 8.9 million tons of CO2e emissions. "We think that Google should extend the automatic update expiration to 10 years after launch date," said Lucas Gutterman, who leads US PIRG's Designed to Last campaign. "There's just no reason why we should be throwing away a computer that still is otherwise functional just because it passes a certain date."

"We're asking Google to use their leadership among the OEMs to design the devices to last, to make some of the changes that we list, to have them be more easily repairable by actually producing spare parts that folks can buy at reasonable prices," he added. "And to design with modularity and repair in mind, so that you can, for example, use the plastic bezel on one Chromebook on the next version, rather than having to buy a whole new set of spare parts just because a clip has changed."

Alphabet's Google on Tuesday convinced a U.S. appeals court to cancel three anti-malware patents at the heart of a Texas jury's $20 million infringement verdict against the company. Reuters reports: The U.S. Court of Appeals for the Federal Circuit said (PDF) that Alfonso Cioffi and Allen Rozman's patents were invalid because they contained inventions that were not included in an earlier version of the patent. Cioffi and the late Rozman's daughters sued Google in East Texas federal court in 2013, alleging anti-malware functions in Google's Chrome web browser infringed their patents for technology that prevents malware from accessing critical files on a computer.

A jury decided in 2017 that Google infringed the patents and awarded the plaintiffs $20 million plus ongoing royalties, which their attorney said at the time were expected to total about $7 million per year for the next nine years. But the Federal Circuit said Tuesday that all of the patents were invalid. The three patents were reissued from an earlier anti-malware patent, and federal law required the new patents to cover the same invention as the first, the unanimous three-judge panel concluded. The appeals court said the new patents outlined technology specific to web browsers that the first patent did not mention.

Bleeping Computer warned this week about compromised web sites "that display fake Google Chrome automatic update errors that distribute malware to unaware visitors." The campaign has been underway since November 2022, and according to NTT's security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores...

If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. "An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update," reads the fake Chrome error message. The scripts will then automatically download a ZIP file called 'release.zip' that is disguised as a Chrome update the user should install.

However, this ZIP file contains a Monero miner that will utilize the device's CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:\Program Files\Google\Chrome as "updater.exe" and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the "BYOVD" (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.

The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.

"Earlier this week, Google released an emergency security update for the Chrome browser due to a vulnerability that is being actively exploited in the wild," reports Hot Hardware: On Friday, Google highlighted CVE-2023-2033, reported by Clément Lecigne of Google's own Threat Analysis Group (TAG). This vulnerability is a 'type confusion' bug in the JavaScript engine for Chromium browsers useing the V8 Javascript engine. In short, type confusion is a bug that allows memory to be accessed with the wrong type, allowing for the reading or writing of memory out of bounds. The CVE page says that an attacker could create an HTML page that allows the exploitation of heap corruption.

While there is no Common Vulnerability Scoring System (CVSS) score attached to the vulnerability yet, Google is tracking this as a "high" severity issue. This is likely due in part to the fact that "Google is aware that an exploit for CVE-2023-2033 exists in the wild."
The article notes that Chrome updates are generally done automatically, but you can also check for updates by clicking Chrome's three-dots menu in the top-right corner, then "Help" and "About Chrome."

"The fact remains that Google Chrome is the arbiter of web standards," argues FSF campaigns manager Greg Farough (while adding that Firefox, "through ethical distributions like GNU IceCat and Abrowser, can weaken that stranglehold.")

"Google's deprecation of the JPEG-XL image format in February in favor of its own patented AVIF format might not end the web in the grand scheme of things, but it does highlight, once again, the disturbing amount of control it has over the platform generally." Part of Google's official rationale for the deprecation is the following line: "There is not enough interest from the entire ecosystem to continue experimenting with JPEG-XL." Putting aside the problematic aspects of the term "ecosystem," let us remark that it's easy to gauge the response of the "entire ecosystem" when you yourself are by far the largest and most dangerous predator in said "ecosystem." In relation to Google's overwhelming power, the average web user might as well be a microbe. In supposedly gauging what the "ecosystem" wants, all Google is really doing is asking itself what Google wants...

While we can't link to Google's issue tracker directly because of another freedom issue — its use of nonfree JavaScript — we're told that the issue regarding JPEG-XL's removal is the second-most "starred" issue in the history of the Chromium project, the nominally free basis for the Google Chrome browser. Chromium users came out of the woodwork to plead with Google not to make this decision. It made it anyway, not bothering to respond to users' concerns. We're not sure what metric it's using to gauge the interest of the "entire ecosystem," but it seems users have given JPEG-XL a strong show of support. In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format.

As the response to JPEG-XL's deprecation has shown, our rallying together and telling Google we want something isn't liable to get it to change its mind. It will keep on wanting what it wants: control; we'll keep on wanting what we want: freedom.

Only, the situation isn't hopeless. At the present moment, not even Google can stop us from creating the web communities that we want to see: pages that don't run huge chunks of malicious, nonfree code on our computers. We have the power to choose what we run or do not run in our browsers. Browsers like GNU IceCat (and extensions like LibreJS and JShelter> ) help with that. Google also can't prevent us from exploring networks beyond the web like Gemini. What our community can do is rally support behind those free browsers that choose to support JPEG-XL and similar formats, letting the big G know that even if we're smaller than it, we won't be bossed around.

An anonymous reader shares a report: Firefox has a reputation of being something of a resource hog, even among modern browsers. But it might not be entirely earned, because it looks like a CPU bug affecting Firefox users on Windows was actually the fault of Windows Defender. The latest update to the ubiquitous security tool addresses the issue, and should result in measurably lower CPU usage for the Windows version of Firefox. According to Mozilla senior software engineer Yannis Juglaret, the culprit was MsMpEng.exe, which you might recognize from your Task Manager. It handles the Real-Time protection feature that monitors web activity for malicious threats.

The bug was causing Firefox to call on the service much more frequently than comparable browsers like Chrome or Edge, resulting in notable CPU spikes. Said CPU spikes could reduce performance in other applications or affect a laptop's battery life. The issue was first reported on Mozilla's bug tracker system way back in 2018 and quickly assigned to the MsMpEng service, but some more recent and diligent documentation on the part of Juglaret resulted in more swift action from Microsoft's developers.

While Chrome 112 just shipped this week and Chrome 113 only in beta, there is already a big reason to look forward to that next Chrome web browser release: Google is finally ready to ship WebGPU support. From a report: WebGPU provides the next-generation high performance 3D graphics API for the web. With next month's Chrome 113 stable release, the plan is to have WebGPU available out-of-the-box for this new web graphics API. Though in that version Google is limiting it to ChromeOS, macOS, and Windows... Yes, Google says other platforms like Linux will see their roll-out later in the year. The WebGPU API is more akin to Direct3D 12, Vulkan, and Metal compared with the existing WebGL being derived from OpenGL (ES). From Google's blog post: WebGPU is a new API for the web, which exposes modern hardware capabilities and allows rendering and computation operations on a GPU, similar to Direct3D 12, Metal, and Vulkan. Unlike the WebGL family of APIs, WebGPU offers access to more advanced GPU features and provides first-class support for general computations on the GPU. The API is designed with the web platform in mind, featuring an idiomatic JavaScript API, integration with promises, support for importing videos, and a polished developer experience with great error messages.

This initial release of WebGPU serves as a building block for future updates and enhancements. The API will offer more advanced graphics features, and developers are encouraged to send requests for additional features. The Chrome team also plans to provide deeper access to shader cores for even more machine learning optimizations and additional ergonomics in WGSL, the WebGPU Shading Language.

Google today promoted the Chrome 112 web browser to their stable channel on all supported platforms. Phoronix reports: Starting as an origin trial with Chrome 112 is WebAssembly (WASM) Garbage Collection support. Yes, garbage collection to allow for efficient support for high-level managed languages with WebAssembly. This trial support allows for compilers targeting WASM to integrate with a garbage collector in the host VM. Also on the WebAssembly front with today's Chrome browser update is making WebAssembly tail call support available out of the box. This adds explicit tail call and indirect tail call opcodes. This support is useful for correct/efficient implementations of languages that require tail call elimination, compilation of control constructs that can be implemented with it, and other computations being expressed as WASM functions.

Meanwhile by default in Chrome 112 is now CSS nesting support as the ability to nest CSS style rules inside other style rules for increasing modularity and maintainability of style sheets. Chrome 112 also adds support for the CSS animation-composition property. Behind a developer flag is also the background-blur feature that allows using a native platform's API for camera background segmentation. This is intended for use with web-based video conferencing applications running within the web browser to make use of native platform APIs. A full list of changes is available on the Chrome Releases blog.

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. BleepingComputer reports: eFile.com was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called 'popper.js'. The development comes at a crucial time when U.S. taxpayers are wrapping up their IRS tax returns before the April 18th due date. BleepingComputer can confirm, the malicious JavaScript file 'popper.js' was being loaded by almost every page of eFile.com, at least up until April 1st. As of today, the file is no longer seen serving the malicious code.

On March 17th, a Reddit thread surfaced where multiple eFile.com users suspected the website was "hijacked." At the time, the website showed an SSL error message that, some suspected, was fake and indicative of a hack. Turns out that's indeed the case. [...] The malicious JavaScript file 'update.js', further attempts to prompt users to download next stage payload, depending on whether they are using Chrome [update.exe - VirusTotal] or Firefox [installer.exe - VirusTotal]. Antivirus products have already started flagging these executables as trojans.

BleepingComputer has independently confirmed these binaries establish a connection to a Tokyo-based IP address, 47.245.6.91, that appears to be hosted with Alibaba. The same IP also hosts the illicit domain, infoamanewonliag[.]online associated with this incident. Security research group, MalwareHunterTeam further analyzed these binaries, and stated that these contain Windows botnets written in PHP -- a fact that the research group mocked. Additionally, the group called out eFile.com for leaving the malicious code on its website for weeks: "So, the website of [efile.com]... got compromised at least around middle of March & still not cleaned," writes MalwareHunterTeam.

Valve announced today that Steam will require Windows 10 or later on January 1, 2024. The reason? Google Chrome. PC Gamer reports: "The newest features in Steam rely on an embedded version of Google Chrome, which no longer functions on older versions of Windows," Valve's typically curt announcement reads. "In addition, future versions of Steam will require Windows feature and security updates only present in Windows 10 and above." January 1, 2024 is the day of doom for Steam on the old Windows versions. "After that date, the Steam Client will no longer run on those versions of Windows. In order to continue running Steam and any games or other products purchased through Steam, users will need to update to a more recent version of Windows."

Gizmodo reports that Amazon "is thinking about releasing a web browser, a boring-sounding project that could have massive implications." The company has sent a survey to users asking detailed questions, including which features would "convince you to download and try" a "new desktop/laptop browser from Amazon...."

The survey asked a variety of questions. Most telling was the last question: "Imagine that there is a new desktop/laptop browser from Amazon available to do. Select which of the following you would most like to know more about." The survey went on to list topics such as privacy, syncing passwords across devices, and shopping features.... Users were asked to rate the importance of features including text to speech, extensions, the availability to sync data across desktop and mobile devices, and — notably — blocking third party cookies.

Amazon seems to be seriously considering a web browser of its own, and it comes at a time when it would have an unusual impact on the advertising business. The ad industry is bracing for cataclysmic change as Google moves closer to killing third-party cookies in Chrome, the world's most popular web browser, which would kneecap one of the primary ways businesses track consumers for ads.... Part of what makes Amazon so attractive to marketers is the fact that the company sits on a treasure trove of data about what consumers are buying and what their shopping habits are like. If Amazon could match that information with the data collection that comes from a web browser, it could tip the scales of internet advertising in favor of the retail giant.
One thing Amazon asked users is whethered they'd be convinced to download and try a browser if it offered "AI-enabled tab, history, and bookmarks management to automatically sort these into categories for quick search and retrieval."

Mike Butcher writes via TechCrunch: SidekickWas it the pandemic? Did everyone follow too many ADHD TikTokers? Have smartphones fried our brains? Whatever the case, there is a boom in ADHD tech solutions, from online drug deliveries to web sites and apps. [...] Now there is a Sidekick, who's pitch is that it's a "productivity browser." Today it's launching a host of features geared to ADHD sufferers and the attention distracted more generally. The company claims users with ADHD noticed a "significant improvement" after using the browser. The Chromium-based browser was founded by Dmitry Pushkarev (a Stanford PhD in Molecular Biology, ex-Amazon exec and ADHDer).

So how does it work? To nullify distractions, the browser incorporates AdBlock 2.0; a Focus Mode Timer disables all sounds, badges and notifications for a selected time or indefinitely; a Task Manager organizes your day; and there's a built-in Pomodoro timer; it also claims to run 3x faster than Chrome, which, apparently, is important for ADHD sufferers. Suffice it to say, it has a number of other distraction-killing features; however, I'm not going to list them all here.

CEO and founder Dmitry Pushkarev said, in a statement, "Modern browsers are not designed for work, but for consuming web pages. This gap really hurts hundreds of millions of users. We are convinced that lowering web distraction reduces anxiety and increases the quality of people's work and the quality of their lives." He says the startup plans to make money via corporate subscribers, who will pay to get their ADHD-afflicted workers into a more productive mode.

An Nvidia GPU driver update has caused some users to see inflated CPU usage after closing 3D games, which persists until a reboot. Nvidia confirmed the problem with driver update 531.18, and will post a hotfix on March 7. PCWorld reports: The company confirmed the problem with the latest driver update, 531.18, which was published on February 28th. An updated list of open issues (including some that didn't make it into the full release notes) was posted to Nvidia's support forum, and spotted by VideoCardz.com. Issue number 4007208 reads, "Higher CPU usage from NVIDIA Container may be observed after exiting a game." Some users are showing CPU usage of up to 10-15 percent in these conditions -- not enough to seriously hamper most gaming desktops, but more than enough to be an annoyance, especially if you use your PC for other intensive tasks. Like opening three Chrome tabs at once.

At the moment there's no easy fix, so the immediate solution if you're affected is to roll back your driver to version 528.49 from February 8th, available for manual download here.

Google has begun the process of bringing Chrome's full Blink browser engine to iOS against current App Store rules, and now we have our first look at the test browser in action. 9to5Google reports: In the weeks since the project was announced, Google (and Igalia, a major open source consultancy and frequent Chromium contributor) have been hard at work getting a simplified "content_shell" browser up and running in iOS and fixing issues along the way. As part of that bug fixing process, some developers have even shared screenshots of the minimal Blink-based browser running on an iPhone 12. In the images, we can see a few examples of Google Search working as expected, with no glaringly obvious issues in the site's appearance. Above the page contents, you can see a simple blue bar containing the address bar and typical browser controls like back, forward, and refresh.

With a significant bit of effort, we were able to build the prototype browser for ourselves and show other sites including 9to5Google running in Blink for iOS, through the Xcode Simulator. As an extra touch of detail, we now know what the three-dots button next to the address bar is for. It opens a menu with a "Begin tracing" button, to aid performance testing. From these work-in-progress screenshots, it seems clear that the Blink for iOS project is already making significant progress, but it's clearly a prototype not meant to be used like a full web browser. The next biggest step that Google has laid out is to ensure this version of Blink/Chromium for iOS passes all of the many tests that ensure all aspects of a browser are working correctly.

Nvidia is releasing new GPU drivers today that will upscale old blurry web videos on RTX 30- and 40-series cards. The Verge reports: RTX Video Super Resolution is a new AI upscaling technology from Nvidia that works inside Chrome or Edge to improve any video in a browser by sharpening the edges of objects and reducing video artifacts. Nvidia will support videos between 360p and 1440p up to 144Hz in frame rate and upscale all the way up to 4K resolution.

This impressive 4K upscaling has previously only been available on Nvidia's Shield TV, but recent advances to the Chromium engine have allowed Nvidia to bring this to its latest RTX 30- and 40-series cards. As this works on any web video, you could use it to upscale content from Twitch or even streaming apps like Netflix where you typically have to pay extra for 4K streams.

After widely rolling out an Energy Saver mode, Google has made four optimizations to Chrome for Mac that allows the browser to match the battery life you get when using Safari. 9to5Google reports: Google conducted testing on a MacBook Pro (13", M2, 2022 with 8 GB RAM running macOS Ventura 13.2.1) with Chrome 110.0.5481.100 in February of 2023. It showed that you can "browse for 17 hours or watch YouTube for 18 hours." For comparison, Apple touts up to 17 hours of wireless web browsing, and up to 20 hours Apple TV app movie playback. Meanwhile, Google uses this open-source benchmarking suite to run tests, and says that users will also "see performance gains on older models." Four changes from waking the CPU less often to tuning memory compression are specifically credited:

- Eliminating unnecessary redraws: "We navigated on real-world sites with a bot and identified Document Object Model (DOM) change patterns that don't affect pixels on the screen. We modified Chrome to detect those early and bypass the unnecessary style, layout, paint, raster and gpu steps. We implemented similar optimizations for changes to the Chrome UI."
- Fine tuning iframes: "...we fine-tuned the garbage collection and memory compression heuristics for recently created iframes. This results in less energy consumed to reduce short-term memory usage (without impact on long-term memory usage)."
- Tweaking timers: "...Javascript timers still drive a large proportion of a Web page's power consumption. As a result, we tweaked the way they fire in Chrome to let the CPU wake up less often. Similarly, we identified opportunities to cancel internal timers when they're no longer needed, reducing the number of times that the CPU is woken up."
- Streamlining data structures: "We identified data structures in which there were frequent accesses with the same key and optimized their access pattern."

Google Chrome's giving its page zoom feature a boost, which should make it more helpful for people who have difficulty reading the smaller screen on a phone. From a report: With the improved feature, you can increase the size of text, images, videos, and interactive controls on mobile web pages by up to 300 percent while preserving their original formatting. While the feature hasn't yet become available for all Chrome users, you can access it now if you download the Chrome beta on your phone or tablet. To enable the feature, tap the three dots icon in the top right corner of the browser, hit Settings > Accessibility, and then adjust the zoom level to your liking. Google will save this preference for all the sites you browse so you won't have to keep tweaking it, and will even bypass the ones that try to block zoom features. Previously, Google only allowed users to adjust text scaling options up to 200 percent.