An anonymous reader quotes a report from Ars Technica: A report from Business Insider claims that Google has axed "dozens" of employees from its laptop and tablet division. BI's sources describe the move as "roadmap cutbacks" and also say that Google will likely "pare down the portfolio" in the future. Google's Hardware division is run by Rick Osterloh and is expected to launch a game streaming console later this month. The division is responsible for the Pixel phones, Google Home speakers, the Chromecast, Google Wi-Fi, and lately, the Nest smart home division.

You could also call the "laptop and tablet" division the "Chrome OS" division. Both the Pixelbook and Pixel Slate ran Chrome OS, and they are the company's only products supporting that operating system. Is Chrome OS going to be OK? BI notes that manufacturing roles in the hardware division haven't changed, so in the short-term, Google's product lineup is likely to keep going. The report says that Google had "a bunch of stuff in the works" that now probably won't see the light of day. The move comes after the group received pressure to turn Google Hardware into "a real business" from higher-ups at Google/Alphabet. It's easy to imagine that the laptops and tablets -- which are Google Hardware's most expensive products -- were selling the worst.

An anonymous reader shares a report: In an update to the chromium engine, which underpins Google's popular Chrome browser, the search giant has quietly updated the lists of default search engines it offers per market -- expanding the choice of search product users can pick from in markets around the world. Most notably it's expanded search engine lists to include pro-privacy rivals in more than 60 markets globally. The changes, which appear to have been pushed out with the Chromium 73 stable release yesterday, come at a time when Google is facing rising privacy and antitrust scrutiny and accusations of market distorting behavior at home and abroad.

An anonymous reader quotes a report from Engadget: Alphabet offshoot Jigsaw is launching a Chrome extension designed to help moderate toxic comments on social media. The new open-source tool, dubbed "Tune," builds on the machine learning smarts introduced in Jigsaw's "Perspective" tech to help sites like Facebook and Twitter set the "volume" of abusive comments. Using "filter mix" controls, users can either turn toxic comments off altogether (what's known as "zen mode") or show selective types of posts containing attacks, insults, or profanity. Tune also works with Reddit, YouTube and Disqus. Jigsaw admits that Tune is still an experiment, meaning it may not spot all forms of toxicity or could hide non-offensive comments. "We're constantly working to improve the underlying technology, and users can easily give feedback right in the tool to help us improve our algorithms," C.J. Adams, Jigsaw product manager, wrote in a blog post.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 73 for Windows, Mac, and Linux. The release includes support for hardware media keys, PWAs and dark mode on Mac, and the usual slew of developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. Chrome 73 supports Progressive Web Apps (PWAs) on macOS. These apps install and behave like native apps (they don't show the address bar or tabs). Google killed off Chrome apps last year and has been focusing on PWAs ever since. Adding Mac support means Chrome now supports PWAs on all desktop and mobile platforms: Windows, Mac, Linux, Chrome OS, Android, and iOS. Chrome now also supports dark mode on Apple's macOS; dark mode for Windows is on the way, the team promises.

The VentureBeat report includes a long list of developer features included in this release, as well as all the security fixes found by external researchers. Chrome 73 implements a total of 60 security fixes.

An anonymous reader shares a report: Frustrated by web pages that never seem to load properly? Well, Google hopes to make them a thing of the past. Today, the company announced that Chrome on Android's Data Saver, a feature that automatically improves page loading using "built-in optimizations" and dedicated servers -- speeding them up by a factor of two and reducing data usage by up to 90 percent -- now supports encrypted HTTPS webpages. Previously, it only worked with unencrypted HTTP content. The latest stable version of Chrome on Android indicates in the URL bar when a lightweight version of a web page -- a Lite page -- is being displayed. Tapping the indicator shows additional information and provides an option to load the original version of the page. Google says that Chrome will automatically disable Lite pages on a per-site basis when it detects that "users frequently opt to load the original page."

"Japanese police have brought in, questioned, and charged a 13-year-old female student from the city of Kariya for sharing [links to] browser exploit code online," writes ZDNet. An anonymous reader shares their report: The code was a mere prank that triggered an infinite loop in JavaScript to show an "unclosable" popup when users accessed a certain link, Japanese news agency NHK reported yesterday. The popup could be closed in some browsers -- such as Edge and Firefox on desktop -- but couldn't be closed in others, such as Chrome on desktop and the majority of mobile browsers.

The popup was hosted in several places online, and police say the teenager helped spread the links... The teenage girl did not create the malicious code, which had been shared on online forums by multiple users for the past few years. NHK reported that police also searched the house of a second suspect, 47-year-old man from Yamaguchi, and are also looking at three other suspects for the same "crime" of sharing the link on internet forums.
Ars Technica found a tweet suggesting that the code was actually written in 2014.

Google said this week that a Chrome zero-day the company patched last week was actually used together with a second one, a zero-day impacting the Microsoft Windows 7 operating system. From a report: The two zero-days were part of ongoing cyber-attacks that Clement Lecigne, a member of Google's Threat Analysis Group, discovered last week on February 27. The attackers were using a combination of a Chrome and Windows 7 zero-days to execute malicious code and take over vulnerable systems. The company revealed the true severity of these attacks in a blog post this week. Google said that Microsoft is working on a fix, but did not give out a timeline. The company's blog post comes to put more clarity into a confusing timeline of events that started last Friday, March 1, when Google released Chrome 72.0.3626.121, a new Chrome version that included one solitary security fix (CVE-2019-5786) for Chrome's FileReader --a web API that lets websites and web apps read the contents of files stored on the user's computer.

Microsoft this week revamped Skype's browser-based client with a slew of new features. From a report: The Seattle company this week announced the rollout of a major Skype for Web update, which introduces high-definition video calling, a redesigned notifications panels, a revamped media gallery, and more. It's available on any PC running Windows 10 and Mac OS X 10.12 or higher with the latest versions of Google Chrome or Microsoft Edge. The bulk of the new capabilities debuted in preview last October, but they're available widely starting this week. Skype for Web does not support Safari, Firefox, and Opera browsers, Microsoft has confirmed.

Last December, Microsoft announced that it has embraced Google's Chromium open source project for Edge development on the desktop, a move that shocked many. We now have some leaked screenshots of the browser in its current state, and they appear to show a browser resembling Google Chrome. Neowin reports: A lot of the design language and icons have remained similar to what they were like before, but there are definitely many changes that will be familiar to Chrome users. For one, the options to see all your tabs and to set aside the currently open tabs have been removed compared to the current version of Edge. To the right of the address bar, you'll be able to find your extensions, as well as your profile picture similar to what Chrome looks like. Bing is integrated into the browser -- as you'd expect of a Microsoft-made browser -- and the New Tab background can be set to rotate based on Bing's image of the day. Scrolling down will reveal a personalized news feed powered by Microsoft News, similar to the old Edge. The layout of the feed can be customised based on your preference from among a number of options.

The settings options for the browser have also changed. While Edge settings are currently available via a slide-out menu from the right, the new Edge's settings are accessible through a new tab similar to Chrome. It'll show the Microsoft account you're logged into, as well as the usual array of toggles and tidbits you'd expect. Ominously, the about page for the browser now acknowledges the contributions of the Chromium project, as well as other open source software, a stark reminder that this isn't the Microsoft of yesteryear. This is a new browser, and a new Microsoft.

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.

Chrome is going to get a big speed boost -- at least for web pages you've recently visited. CNET: With a feature called bfcache -- backward-forward cache -- Google's web browser will store a website's state as you navigate to a new page. If you then go back to that page, Chrome will reconstitute it rapidly instead of having to reconstruct it from scratch. Then, if you retrace your steps forward again, Chrome will likewise rapidly pull that web page out of its memory cache. The speed boost doesn't help when visiting new websites. But this kind of navigation is very common: Going back accounts for 19 percent of pages viewed on Chrome for Android and 10 percent on Chrome for personal computers, Google said. With bfcache, that becomes "extremely fast."

The FIDO Alliance -- a consortium that develops open source authentication standards -- has been pushing to expand its secure login protocols to make seamless logins a reality for several years. Today, it has hit the jackpot: Google. From a report: On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning that the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone's fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser instead of laboriously typing in your password every time you want to log in. Web developers can now design their sites to interact with Android's FIDO2 management infrastructure.

More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website, a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed. From a report: The same survey also found that roughly 85 percent of the 120,000 Chrome extensions listed on the Chrome Web Store don't have a privacy policy listed, meaning there's no legally-binding document describing how extension developers are committing to handling user data. Additional survey findings include the fact that 77 percent of the tested Chrome extensions didn't list a support site, 32 percent used third-party JavaScript libraries that contained publicly known vulnerabilities, and nine percent could access and read cookie files, some of which are used for authentication operations.

A group of researchers say that it will be difficult to avoid Spectre bugs in the future unless CPUs are dramatically overhauled. From a report: Google researchers say that software alone is not enough to prevent the exploitation of the Spectre flaws present in a variety of CPUs. The team of researchers -- including Ross McIlroy, Jaroslav Sevcik, Tobias Tebbi, Ben L Titzer and Toon Verwaest -- work on Chrome's V8 JavaScript engine. The researchers presented their findings in a paper distributed through ArXiv and came to the conclusion that all processors that perform speculative execution will always remain susceptible to various side-channel attacks, despite mitigations that may be discovered in future.

Google has sent out invites to this year's Game Developers Conference (GDC) press event, where the company is expected to unveil a new game streaming product. ExtremeTech reports: There have been rumors about a Google game stream product or service for several years. Initially, leaks pointed to a hardware platform called Yeti that would stream games to a connected display. In late 2018, Google rolled out a game streaming test called Project Stream. To publicize the demo, it worked with Ubisoft to give everyone free access to the new Assassin's Creed Odyssey. Google wrapped up Project Stream in early 2019, offering players a free copy of Assassin's Creed Odyssey as thanks. Of course, you'd need a real gaming PC to run that version.

Google's GDC event will take place on March 19th at 10 AM Pacific. All we know for sure is that Google is there to talk about a gaming project. It just seems extremely likely that it will be a new phase for Project Stream. It might remain browser-only, but Google does have a giant network of TV's out there with Chromecast streaming dongles plugged in. If it could leverage those to stream games, it could instantly have as many eyeballs as Sony or Microsoft.

Microsoft has released an official Timeline extension for Google Chrome called "Web Activities" that brings Timeline integration to Google's web browser. From a report: Just like with Microsoft Edge, this new extension syncs web browsing activities with the Timeline feature on Windows 10, making it easier to pick up old activities and search through webpages you've visited recently. The extension is available now in the Chrome Web Store, and ties with your Microsoft Account.

AmiMoJo writes: When browsing the web with Google Chrome, some sites are using a method to determine if a visitor is in a regular browsing session or in incognito mode. As this can be considered a breach of privacy, Google will be changing how a particular API works so that web sites can no longer utilize this technique.

Chrome supports the FileSystem API, which allows sites to create a virtual file system that lives within the sandbox of the browser. This allows sites that utilize large assets, such as online games, to download these assets to a virtual file system so that they do not have to download them each time they are needed. Currently the FileSystem API is not available in incognito sessions, because it leaves files behind and could be considered a privacy risk. Currently the API doesn't work in incognito mode, offering sites a way to check for it. In a Chrome Gerrit post started this week and updated earlier this morning, Google has stated that they are changing the FileSystem API so that it can be used in incognito mode, without the risks to privacy.

Google has changed its stance on upcoming Chrome Manifest V3 changes as benchmark shows they lied about performance hit. Catalin Cimpanu, writing for ZDNet: A study analyzing the performance of Chrome ad blocker extensions published on Friday has proven wrong claims made by Google developers last month, when a controversy broke out surrounding their decision to modify the Chrome browser in such a way that would have eventually killed off ad blockers and many other extensions. The study, carried out by the team behind the Ghostery ad blocker, found that ad blockers had sub-millisecond impact on Chrome's network requests that could hardly be called a performance hit. Hours after the Ghostery team published its study and benchmark results, the Chrome team backtracked on their planned modifications. At the root of Ghostery's benchmark into ad blocker performance stands Manifest V3, a new standard for developing Chrome extensions that Google announced last October.

An anonymous reader shares a report: Samsung's mobile internet browser, if you ask its users, is pretty great. A lot of folks even say it's better than Chrome. That appreciation has manifested in the app hitting a very exclusive Play Store milestone: Samsung Internet Browser now has more than one billion installs. That impressive figure puts the browser's install base ahead of those of Firefox and Opera combined. Now, there are a couple of caveats here: for one, Samsung's browser comes pre-loaded on Samsung devices, of which each activation counts as an "install." What's more, both Firefox's and Opera's Play Store listings report that each browser has "100,000,000+" installs, which, because of the somewhat silly way figures are reported on Android's app marketplace, means their combined installs total anywhere between 200 million and 999,999,998. Still, though, Samsung's browser is on more devices than the both of 'em.

The Google Play Store has been caught hosting an app designed to steal cryptocurrency from unwitting end users, according to researchers with Eset security company. "The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers," reports Ars Technica. "As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers." From the report: So-called clipper malware has targeted Windows users since at least 2017. The clipper malware available in Google Play impersonated a service called MetaMask, which is designed to allow browsers to run apps that work with the digital coin Ethereum. The primary purpose of Android/Clipper.C, as Eset has dubbed the malware, was to steal credentials needed to gain control of Ethereum funds. It also replaced both bitcoin and Ethereum wallet addresses copied to the clipboard with ones belonging to the attackers. Eset spotted the app shortly after its introduction to Google Play on February 1. Google has since removed it. Stefanko said it's the first time clipper malware has been hosted in the Android app bazaar. Eset malware researcher Lukas Stefanko wrote: "This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app -- only add-ons for desktop browsers such as Chrome and Firefox. Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims' cryptocurrency funds."