An anonymous reader writes: A planned update to one of the Google Chrome extensions APIs would kill much more than a few ad blockers, ZDNet has learned, including browser extensions for antivirus products, parental control enforcement, phishing detection, and various privacy-enhancing services. Developers for extensions published by F-Secure, NoScript, Amnesty International, and Ermes Cyber Security, among others, made their concerns public today after news broke this week that Google was considering the API change. Furthermore, efforts to port NoScript from Firefox to Chrome are also impacted, according to the plugin's author, who says the new API update all but cripples the NoScript for Chrome port.

"Threatpost has a link to some recent research about ways web pages can exploit browser extensions to steal information or write files," writes Slashdot reader jbmartin6. "Did we need another reason to be deeply suspicious of any browser extension? Not only do they spy on us for their makers, now other people can use them to spy on us as well. The academic paper is titled 'Empowering Web Applications with Browser Extensions' (PDF)." From the report: "An attacker [uses] a script that is present in a web application currently running in the user browser. The script either belongs to the web application or to a third party. The goal of the attacker is to interact with installed extensions, in order to access user sensitive information. It relies on extensions whose privileged capabilities can be exploited via an exchange of messages with scripts in the web application," researchers wrote. They added, "Even though content scripts, background pages and web applications run in separate execution contexts, they can establish communication channels to exchange messages with one another... APIs [are used] for sending and receiving (listening for) messages between the content scripts, background pages and web applications."

The researcher behind the paper focused on a specific class of web extension called "WebExtensions API," a cross-browser extensions system compatible with major browsers including Chrome, Firefox, Opera and Microsoft Edge. After analyzing 78,315 extensions that used the specific WebExtension API, it found 3,996 that were suspicious. While it seems voluminous, they noted that research found a small number of vulnerable extensions overall, and that concern should be measured. However, "browser vendors need to review extensions more rigorously, in particular take into consideration the use of message passing interfaces in extensions."

"Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including various ad blockers," reports The Register. "The drafted changes will also limit the capabilities available to extension developers, ostensibly for the sake of speed and safety. Chromium forms the central core of Google Chrome, and, soon, Microsoft Edge." From the report: In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users. Manifest v3 refers to the specification for browser extension manifest files, which enumerate the resources and capabilities available to browser extensions. Google's stated rationale for making the proposed changes is to improve security, privacy and performance, and supposedly to enhance user control.

But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest. The webRequest API allows extensions to intercept network requests, so they can be blocked, modified, or redirected. This can cause delays in web page loading because Chrome has to wait for the extension. In the future, webRequest will only be able to read network requests, not modify them. The declarativeNetRequest allows Chrome (rather than the extension itself) to decide how to handle network requests, thereby removing a possible source of bottlenecks and a potentially useful mechanism for changing browser behavior. The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."

Kevin C. Tofel, writing for About Chromebooks: I've been following the bug report that tracks progress on adding GPU acceleration for the Linux container in Chrome OS and there's good news today. The first two Chrome OS boards should now, or very soon, be able to try GPU hardware acceleration with the new startup parameter found last month. The bug report says the -enable-gpu argument was added to the Eve and Nami boards.

There's only one Eve and that's the Pixelbook. Nami is used on a number of newer devices, including: Dell Inspiron 14, Lenovo Yoga Chromebook C630, Acer Chromebook 13, Acer Chromebook Spin 13, and HP X360 Chromebook 14.

An anonymous reader quotes a report from VentureBeat: Google today announced that Chrome's ad blocker is expanding across the globe starting on July 9, 2019. As with last year's initial ad blocker rollout, the date is not tied to a specific Chrome version. Chrome 76 is currently scheduled to arrive on May 30 and Chrome 77 is slated to launch on July 25, meaning Google will be expanding the scope of its browser's ad blocker server-side. Google last year joined the Coalition for Better Ads, a group that offers specific standards for how the industry should improve ads for consumers.

In February, Chrome started blocking ads (including those owned or served by Google) on websites that display non-compliant ads, as defined by the coalition. When a Chrome user navigates to a page, the browser's ad filter checks if that page belongs to a site that fails the Better Ads Standards. If so, network requests on the page are checked against a list of known ad-related URL patterns and any matches are blocked, preventing ads from displaying on the page. Because the Coalition for Better Ads announced this week that it is expanding its Better Ads Standards beyond North America and Europe to cover all countries, Google is doing the same. In six months, Chrome will stop showing all ads on sites in any country that repeatedly display "disruptive ads."

vikingpower writes: Until now, yours truly has been running a one-man freelancer show. However, since January 1st the first employee is here, and of course I'm mighty proud of a stellarly clever young person working for me. She works remotely (I'm in one European capital; she is in another) and I need to buy her a laptop. Since she's straight out of college and a non-techie, she basically only knows one OS: Windows, although she could get comfortable with macOS. However, as a long-time (server-side) programmer, I feel Apple hardware is seriously overpriced. Also, my brilliant first employee will mostly do research and hardly needs anything more than a browser, Office or Office-like software (yes, I'm looking at you, Libre Office, and I love you!), and bibliography software. Should I get her a Chromebook or a mid-level laptop running Windows? Any thoughts?

An anonymous reader shares a report: AMD's early CES 2019 announcements brought us some updates on its laptop processors, which include a targeted attempt to capture some of the growing cheap Chromebook market, slightly faster mobile Ryzens and a promise to keep everyone's AMD laptop drivers up to date with the latest zero-day game-release optimizations. Sadly, the news didn't include the much-anticipated, high-performance 7-nanometer Navi GPUs or the rumored Ryzen 3000-series desktop CPUs -- hopefully, the company's just holding back that info for its CEO's keynote on Wednesday. For the first time, AMD has gained a little bit of traction in Chromebooks with some partner announcements at CES such as the HP Chromebook 14 AMD and the Acer Chromebook 315. The announcements are in conjunction with the new A4-9120C and its sibling, the A6-9220C, which have slower CPU and GPU clock speeds than the 15-watt full-fat versions. That allows AMD to match the 6-watt target power draw of Intel's competing Celeron and Pentium models. AMD claims somewhat better performance on both Chrome OS and Android apps, which is possible given that their clock speeds are still faster despite the drop. Further reading: AMD at CES 2019: Ryzen Mobile 3000-Series Launched, 2nd Gen Mobile at 15W and 35W, and Chromebooks.

An anonymous reader quotes a report from 9to5Google: We've long suspected that Google's upcoming operating system, Fuchsia, would join the ranks of Chrome OS (and Android) in its support for Android apps. Today, that suspicion has been confirmed by a new change found in the Android Open Source Project, and we can say with confidence that Fuchsia will be capable of running Android apps using the Android Runtime. To make it simple, Fuchsia will use a specially designed version of the Android Runtime ("ART" above) to run Android applications. This version of ART will be installable on any Fuchsia device using a .far file, Fuchsia's equivalent of Android's APK.

How exactly Fuchsia will use the Android Runtime from there is still unclear. This is includes whether the Android Runtime is able to work as expected to replace Linux kernel calls with equivalents from Fuchsia's Zircon kernel or if ART will run inside of a Linux virtual machine using Machina, Fuchsia's virtual machine system. Regardless, what is clear is that Fuchsia devices are intended to run Android applications.

Last year, Google pushed 'dark mode', a feature that replaces the shiny, whitespace background on a web page with a dark color, to its Android operating system and YouTube service. The company is now working to expand the feature to Chrome's Windows 10 application. Peter Kasting, a Chrome developer, confirmed the move in response to a user's query on a Reddit thread. He said a "native dark mode support is in progress" for Chrome's desktop application. Until then, reminded Kasting, "we generally suggest people use a dark theme" for Chrome via a third-party extension.

An anonymous reader shares a report: Chrome OS was originally a laptop platform, but slowly it's being reworked for tablet form factors. However, as that goes on, there have been some hiccups. Most recently, many have noted the poor performance of tablet mode especially on Chrome OS products like the Pixel Slate, but it seems a fix for that lag is incoming. If you tuned into any hands-on or review coverage of Google's Pixel Slate, you're likely familiar with the performance issues many have described. In tablet mode, Chrome OS has a lot of issues with lag. This is especially evident in the multitasking screen, and it seems that is the first thing Google is looking at to fix these problems. ChromeUnboxed notes a recent bug tracker which reveals how Google plans to start fixing Chrome OS tablet mode lag in the multitasking screen. Somewhat hilariously, it seems a big reason for the poor frame rates in the animations on this screen actually comes down to how the OS renders the rounded corners on this screen.

An anonymous reader quotes Neowin: Every time Microsoft releases a Windows 10 feature update, it runs some efficiency tests to prove that its Edge browser is significantly faster than the competition, which includes Mozilla Firefox and Google Chrome. Then the company posts the detailed results on its Windows blog and YouTube channel, boasting about the power efficiency of its browser. Even though the company still has run battery tests, it has remained strangely silent about them, posting about it on GitHub only. While many thought that Microsoft's silence on the matter was due to Edge finally losing to the competition, it appears that this is not the case.

As spotted by Paul Thurrott, Microsoft has indeed run efficiency tests for Edge in Windows 10 version 1809, pitting it against the likes of Firefox and Chrome. Through these tests, the company has concluded that Edge lasts 24% longer than Chrome and a massive 94% longer than Firefox on average.
"While Edge appears to have won these efficiency tests easily as well, it is likely that the company did not decide to promote this achievement -- as it has always done previously -- because of the planned abandonment of EdgeHTML in favor of Chromium," the article concludes.

"It will be very interesting to see if Microsoft Edge is able to maintain its battery advantage once the switch to Chromium is complete."

Catalin Cimpanu, writing for ZDNet: Every major user interface (UI) redesign project is a hit and miss game, and Google's new Chrome UI appears to be a colossal miss. Designed with mobile devices in mind, the new Chrome user interface style was officially rolled out in September this year, with the release of Chrome version 69. Not all users liked the new UI, and this was clear from the beginning, with some users voicing their discontent online even back then. However, those users who didn't appreciate the new lighter-toned Chrome interface had the option to visit the chrome://flags page and modify a Chrome setting and continue using Chrome's older UI.

But with Chrome version 71, released earlier this month, Google has removed the Chrome flag that allowed users to use the old UI. As you might imagine, this change did not go well, at all. Chrome's new UI might have been developed with a mobile-first approach in mind, but the UI is problematic on laptops and desktops, where its lighter tone and rounded tabs make it extremely hard to distinguish tabs from one another, especially when users open multiple tabs. Since being able to distinguish and switch between tabs at a fast pace is an important detail in most of today's internet-based jobs, many users have been having trouble adapting to the new UI both at work and at home, especially if they're the kind of people who deal with tens of tabs at the same time.

Google will add a new security feature to Chrome OS, the company's web-based operating system that powers its Chromebooks devices, it announced this week. From a report: The new feature, named USBGuard, will block access to the USB port access while the device's screen is locked. According to a Chrome OS source code commit spotted by Chrome Story earlier this week, the new feature is currently available in Chrome OS Canary builds and is expected to land in the stable branch of Chrome OS soon. Once this happens, users can enable it by modifying the following Chrome OS flag: chrome://flags/#enable-usbguard . The way this security feature is meant to work is by preventing the operating system from reading or executing any code when a USB-based device is plugged in, and the screen is locked.

Google engineers are currently working on a Chrome browser update that will block malicious websites from hijacking the browser's history and, indirectly, the Back button. From a report: The issue at hand is a well-known tactic often seen employed by many shady sites across the Internet. A user would visit a website, then he'd accidentally click or tap on an ad, and be taken to a new page. But when the user presses the Back button to go back to the previous page, the browser just reloads the same page over and over again, keeping the user trapped on the ad page. [...] Recent source code updates to the Chromium project, the open-source browser engine behind the Chrome browser, reveal that Google engineers are planning to crack down on this type of abusive behavior. These code updates will allow Chrome to detect when browser history entries have been generated by user interaction, or by an automated method.

A reader shares a report from Ars Technica's Peter Bright: With Microsoft's decision to end development of its own Web rendering engine and switch to Chromium, control over the Web has functionally been ceded to Google. That's a worrying turn of events, given the company's past behavior. Chrome itself has about 72 percent of the desktop-browser market share. Edge has about 4 percent. Opera, based on Chromium, has another 2 percent. The abandoned, no-longer-updated Internet Explorer has 5 percent, and Safari -- only available on macOS -- about 5 percent. When Microsoft's transition is complete, we're looking at a world where Chrome and Chrome-derivatives take about 80 percent of the market, with only Firefox, at 9 percent, actively maintained and available cross-platform.

The mobile story has stronger representation from Safari, thanks to the iPhone, but overall tells a similar story. Chrome has 53 percent directly, plus another 6 percent from Samsung Internet, another 5 percent from Opera, and another 2 percent from Android browser. Safari has about 22 percent, with the Chinese UC Browser sitting at about 9 percent. That's two-thirds of the mobile market going to Chrome and Chrome derivatives. In terms of raw percentages, Google won't have quite as big a lock on the browser space as Microsoft did with Internet Explorer -- Internet Explorer 6 peaked at around 80 percent, and all versions of Internet Explorer together may have reached as high as 95 percent. But Google's reach is, in practice, much greater: not only is the Web a substantially more important place today than it was in the early 2000s, but also there's a whole new mobile Web that operates in addition to the desktop Web. Google has deployed proprietary technology and left the rest of the industry playing catch-up, writes Peter. The company has "tried to push the Web into a Google-controlled proprietary direction to improve the performance of Google's online services when used in conjunction with Google's browser, consolidating Google's market positioning and putting everyone else at a disadvantage."

YouTube has been a particular source of problems. One example Peter provides has to do with a hidden, empty HTML element that was added to each YouTube video to disable Edge's hardware accelerated video decoding: "For no obvious reason, Google changed YouTube to add a hidden, empty HTML element that overlaid each video. This element disabled Edge's fastest, most efficient hardware accelerated video decoding. It hurt Edge's battery-life performance and took it below Chrome's. The change didn't improve Chrome's performance and didn't appear to serve any real purpose; it just hurt Edge, allowing Google to claim that Chrome's battery life was actually superior to Edge's. Microsoft asked Google if the company could remove the element, to no avail."

Joshua Bakita, a former software engineering intern on the Edge team at Microsoft, says one of the reasons why Microsoft had to ditch EdgeHTML rendering engine in Edge browser and switch to Chromium was to keep up with the changes (some of which were notorious) that Google pushed to its sites. These changes were designed to ensure that Edge and other browsers could not properly run Google's sites, he alleged. Responding to a comment, he wrote: "For example, they may start integrating technologies for which they have exclusive, or at least 'special' access. Can you imagine if all of a sudden Google apps start performing better than anyone else's?" This is already happening. I very recently worked on the Edge team, and one of the reasons we decided to end EdgeHTML was because Google kept making changes to its sites that broke other browsers, and we couldn't keep up.

For example, they recently added a hidden empty div over YouTube videos that causes our hardware acceleration fast-path to bail (should now be fixed in Win10 Oct update). Prior to that, our fairly state-of-the-art video acceleration put us well ahead of Chrome on video playback time on battery, but almost the instant they broke things on YouTube, they started advertising Chrome's dominance over Edge on video-watching battery life. What makes it so sad, is that their claimed dominance was not due to ingenious optimization work by Chrome, but due to a failure of YouTube. On the whole, they only made the web slower.

Now while I'm not sure I'm convinced that YouTube was changed intentionally to slow Edge, many of my co-workers are quite convinced -- and they're the ones who looked into it personally. To add to this all, when we asked, YouTube turned down our request to remove the hidden empty div and did not elaborate further. And this is only one case.

Starting Tuesday, Firefox will nudge you to try out options designed to make the web more interesting, more useful or more productive. From a report: Mozilla's new Firefox 64 keeps an eye on what you're up to and prompts you to try extensions and features that could help you with that activity, the browser maker said. For example, if you open the same tab lots of times, it could suggest you pin it to your tab strip for easier future access. Other suggestions include installing the Facebook Container extension to curtail the social network's snooping, a Google Translate extension to tap into Google's service, and the Enhancer for YouTube extension to do things like block ads and control playback on Google's video site.

The feature could help you customize Firefox more to your liking -- something that could help you stick with the browser in the face of Google Chrome's dominance. And that, in turn, could help Mozilla pursue its push toward a privacy-respecting web that's not just effectively controlled by Chrome.

SwiftOnSecurity, regarding Microsoft's switch to Chromium as Windows's built-in rendering engine: This isn't about Chrome. This is about ElectronJS. Microsoft thinks EdgeHTML cannot get to drop-in feature-parity with Chromium to replace it in Electron apps, whose duplication is becoming a significant performance drain. They want to single-instance Electron with their own fork. Electron is a cancer murdering both macOS and Windows as it proliferates. Microsoft must offer a drop-in version with native optimizations to improve performance and resource utilization. This is the end of desktop applications. There's nowhere but JavaScript. John Gruber of DaringFireball: I don't share the depth of their pessimism regarding native apps, but Electron is without question a scourge. I think the Mac will prove more resilient than Windows, because the Mac is the platform that attracts people who care. But I worry. In some ways, the worst thing that ever happened to the Mac is that it got so much more popular a decade ago. In theory, that should have been nothing but good news for the platform -- more users means more attention from developers. The more Mac users there are, the more Mac apps we should see.

The problem is, the users who really care about good native apps -- users who know HIG violations when they see them, who care about performance, who care about Mac apps being right -- were mostly already on the Mac. A lot of newer Mac users either don't know or don't care about what makes for a good Mac app.

With the news earlier today that Microsoft is embracing Chromium for Edge browser development on the desktop, VentureBeat decided to see what the other browser companies had to say about the decision. From the report: Google largely sees Microsoft's decision as a good thing, which is not exactly a surprise given that the company created the Chromium open source project. "Chrome has been a champion of the open web since inception and we welcome Microsoft to the community of Chromium contributors. We look forward to working with Microsoft and the web standards community to advance the open web, support user choice, and deliver great browsing experiences."

Mozilla meanwhile sees Microsoft's move as further validation that users should switch to Firefox. "This just increases the importance of Mozilla's role as the only independent choice. We are not going to concede that Google's implementation of the web is the only option consumers should have. That's why we built Firefox in the first place and why we will always fight for a truly open web." Mozilla regularly points out it develops the only independent browser -- meaning it's not tied to a tech company that has priorities which often don't align with the web. Apple (Safari), Google (Chrome), and Microsoft (Edge) all have their own corporate interests.

Opera thinks Microsoft is making a smart move, because it did the same thing six years ago. "We noticed that Microsoft seems very much to be following in Opera's footsteps. Switching to Chromium is part of a strategy Opera successfully adopted in 2012. This strategy has proved fruitful for Opera, allowing us to focus on bringing unique features to our products. As for the impact on the Chromium ecosystem, we are yet to see how it will turn out, but we hope this will be a positive move for the future of the web."

An anonymous reader writes: Microsoft today embraced Google's Chromium open source project for Edge development on the desktop. The company also announced Edge is coming to all supported versions of Windows and to macOS. Microsoft wants to make some big changes, which it says will happen "over the next year or so." The first preview builds of the Chromium-powered Edge will arrive in early 2019, according to Microsoft.

And yes, this means Chrome extension support.