"Earlier this week, Google released an emergency security update for the Chrome browser due to a vulnerability that is being actively exploited in the wild," reports Hot Hardware: On Friday, Google highlighted CVE-2023-2033, reported by Clément Lecigne of Google's own Threat Analysis Group (TAG). This vulnerability is a 'type confusion' bug in the JavaScript engine for Chromium browsers useing the V8 Javascript engine. In short, type confusion is a bug that allows memory to be accessed with the wrong type, allowing for the reading or writing of memory out of bounds. The CVE page says that an attacker could create an HTML page that allows the exploitation of heap corruption.

While there is no Common Vulnerability Scoring System (CVSS) score attached to the vulnerability yet, Google is tracking this as a "high" severity issue. This is likely due in part to the fact that "Google is aware that an exploit for CVE-2023-2033 exists in the wild."
The article notes that Chrome updates are generally done automatically, but you can also check for updates by clicking Chrome's three-dots menu in the top-right corner, then "Help" and "About Chrome."

"The fact remains that Google Chrome is the arbiter of web standards," argues FSF campaigns manager Greg Farough (while adding that Firefox, "through ethical distributions like GNU IceCat and Abrowser, can weaken that stranglehold.")

"Google's deprecation of the JPEG-XL image format in February in favor of its own patented AVIF format might not end the web in the grand scheme of things, but it does highlight, once again, the disturbing amount of control it has over the platform generally." Part of Google's official rationale for the deprecation is the following line: "There is not enough interest from the entire ecosystem to continue experimenting with JPEG-XL." Putting aside the problematic aspects of the term "ecosystem," let us remark that it's easy to gauge the response of the "entire ecosystem" when you yourself are by far the largest and most dangerous predator in said "ecosystem." In relation to Google's overwhelming power, the average web user might as well be a microbe. In supposedly gauging what the "ecosystem" wants, all Google is really doing is asking itself what Google wants...

While we can't link to Google's issue tracker directly because of another freedom issue — its use of nonfree JavaScript — we're told that the issue regarding JPEG-XL's removal is the second-most "starred" issue in the history of the Chromium project, the nominally free basis for the Google Chrome browser. Chromium users came out of the woodwork to plead with Google not to make this decision. It made it anyway, not bothering to respond to users' concerns. We're not sure what metric it's using to gauge the interest of the "entire ecosystem," but it seems users have given JPEG-XL a strong show of support. In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format.

As the response to JPEG-XL's deprecation has shown, our rallying together and telling Google we want something isn't liable to get it to change its mind. It will keep on wanting what it wants: control; we'll keep on wanting what we want: freedom.

Only, the situation isn't hopeless. At the present moment, not even Google can stop us from creating the web communities that we want to see: pages that don't run huge chunks of malicious, nonfree code on our computers. We have the power to choose what we run or do not run in our browsers. Browsers like GNU IceCat (and extensions like LibreJS and JShelter> ) help with that. Google also can't prevent us from exploring networks beyond the web like Gemini. What our community can do is rally support behind those free browsers that choose to support JPEG-XL and similar formats, letting the big G know that even if we're smaller than it, we won't be bossed around.

An anonymous reader quotes Neowin: Google Project Zero is a security team responsible for discovering security flaws in Google's own products as well as software developed by other vendors. Following discovery, the issues are privately reported to vendors and they are given 90 days to fix the reported problems before they are disclosed publicly.... Now, the security team has reported several flaws in CentOS' kernel.

As detailed in the technical document here, Google Project Zero's security researcher Jann Horn learned that kernel fixes made to stable trees are not backported to many enterprise versions of Linux. To validate this hypothesis, Horn compared the CentOS Stream 9 kernel to the stable linux-5.15.y stable tree.... As expected, it turned out that several kernel fixes have not been made deployed in older, but supported versions of CentOS Stream/RHEL. Horn further noted that for this case, Project Zero is giving a 90-day deadline to release a fix, but in the future, it may allot even stricter deadlines for missing backports....

Red Hat accepted all three bugs reported by Horn and assigned them CVE numbers. However, the company failed to fix these issues in the allotted 90-day timeline, and as such, these vulnerabilities are being made public by Google Project Zero.
Horn is urging better patch scheduling so "an attacker who wants to quickly find a nice memory corruption bug in CentOS/RHEL can't just find such bugs in the delta between upstream stable and your kernel."

Mike Butcher writes via TechCrunch: SidekickWas it the pandemic? Did everyone follow too many ADHD TikTokers? Have smartphones fried our brains? Whatever the case, there is a boom in ADHD tech solutions, from online drug deliveries to web sites and apps. [...] Now there is a Sidekick, who's pitch is that it's a "productivity browser." Today it's launching a host of features geared to ADHD sufferers and the attention distracted more generally. The company claims users with ADHD noticed a "significant improvement" after using the browser. The Chromium-based browser was founded by Dmitry Pushkarev (a Stanford PhD in Molecular Biology, ex-Amazon exec and ADHDer).

So how does it work? To nullify distractions, the browser incorporates AdBlock 2.0; a Focus Mode Timer disables all sounds, badges and notifications for a selected time or indefinitely; a Task Manager organizes your day; and there's a built-in Pomodoro timer; it also claims to run 3x faster than Chrome, which, apparently, is important for ADHD sufferers. Suffice it to say, it has a number of other distraction-killing features; however, I'm not going to list them all here.

CEO and founder Dmitry Pushkarev said, in a statement, "Modern browsers are not designed for work, but for consuming web pages. This gap really hurts hundreds of millions of users. We are convinced that lowering web distraction reduces anxiety and increases the quality of people's work and the quality of their lives." He says the startup plans to make money via corporate subscribers, who will pay to get their ADHD-afflicted workers into a more productive mode.

Google has begun the process of bringing Chrome's full Blink browser engine to iOS against current App Store rules, and now we have our first look at the test browser in action. 9to5Google reports: In the weeks since the project was announced, Google (and Igalia, a major open source consultancy and frequent Chromium contributor) have been hard at work getting a simplified "content_shell" browser up and running in iOS and fixing issues along the way. As part of that bug fixing process, some developers have even shared screenshots of the minimal Blink-based browser running on an iPhone 12. In the images, we can see a few examples of Google Search working as expected, with no glaringly obvious issues in the site's appearance. Above the page contents, you can see a simple blue bar containing the address bar and typical browser controls like back, forward, and refresh.

With a significant bit of effort, we were able to build the prototype browser for ourselves and show other sites including 9to5Google running in Blink for iOS, through the Xcode Simulator. As an extra touch of detail, we now know what the three-dots button next to the address bar is for. It opens a menu with a "Begin tracing" button, to aid performance testing. From these work-in-progress screenshots, it seems clear that the Blink for iOS project is already making significant progress, but it's clearly a prototype not meant to be used like a full web browser. The next biggest step that Google has laid out is to ensure this version of Blink/Chromium for iOS passes all of the many tests that ensure all aspects of a browser are working correctly.

Nvidia is releasing new GPU drivers today that will upscale old blurry web videos on RTX 30- and 40-series cards. The Verge reports: RTX Video Super Resolution is a new AI upscaling technology from Nvidia that works inside Chrome or Edge to improve any video in a browser by sharpening the edges of objects and reducing video artifacts. Nvidia will support videos between 360p and 1440p up to 144Hz in frame rate and upscale all the way up to 4K resolution.

This impressive 4K upscaling has previously only been available on Nvidia's Shield TV, but recent advances to the Chromium engine have allowed Nvidia to bring this to its latest RTX 30- and 40-series cards. As this works on any web video, you could use it to upscale content from Twitch or even streaming apps like Netflix where you typically have to pay extra for 4K streams.

Valentine's Day saw Mozilla releasing version 110.0 of its Firefox browser. OMG Ubuntu highlights some of its new features: Firefox already supports importing bookmarks, history, and passwords from Microsoft Edge, Google Chrome, Chromium, and Safari but once you have the Firefox 110 update you can also import data from Opera, Opera GX, and Vivaldi too — which is handy.

Other changes in Firefox 110 include the ability to clear date, time, and datetime-local input fields using using ctrl + backspace and ctrl + delete on Linux (and Windows) — no, can't say I ever noticed I couldn't do that, either.

Additionally, Mozilla say GPU-accelerated Canvas2D is now enabled by default on Linux, and we can all expect to benefit from a miscellaneous clutch of WebGL performance improvements.

An anonymous reader shares a report: Internet Explorer 11 was never Windows 10's primary browser -- that would be the old, pre-Chromium version of Microsoft Edge. But IE did continue to ship with Windows 10 for compatibility reasons, and IE11 remained installed and accessible in most versions of Windows 10 even after security updates for the browser ended in June of 2022. That ends today, as Microsoft's support documentation says that a Microsoft Edge browser update will fully disable Internet Explorer in most versions of Windows 10, redirecting users to Edge.

Mozilla is planning for the day when Apple will no longer require its competitors to use the WebKit browser engine in iOS. From a report: Mozilla conducted similar experiments that never went anywhere years ago but in October 2022 posted an issue in the GitHub repository housing the code for the iOS version of Firefox that includes a reference to GeckoView, a wrapper for Firefox's Gecko rendering engine. Under the current Apple App Store Guidelines, iOS browser apps must use WebKit. So a Firefox build incorporating Gecko rather than WebKit currently cannot be distributed through the iOS App Store.

As we reported last week, Mozilla is not alone in anticipating an iOS App Store regime that tolerates browser competition. Google has begun work on a Blink-based version of Chrome for iOS. The major browser makers -- Apple, Google, and Mozilla -- each have their own browser rendering engines. Apple's Safari is based on WebKit; Google's Chrome and its open source Chromium foundation is based on Blink (forked from WebKit a decade ago); and Mozilla's Firefox is based on Gecko. Microsoft developed its own Trident rendering engine in the outdated Internet Explorer and a Trident fork called EdgeHTML in legacy versions of Edge but has relied on Blink since rebasing its Edge browser on Chromium code.

Long-time Slashdot reader destinyland writes: Someone made a Chromium fork... for your terminal. The terminal-based browser Carbonyl "adheres to, and is compatible with modern standards," writes MUO, "meaning that pages behave as they should, and you can even watch streaming video, within the Linux terminal!"

But best of all, "Pages connect and render in an instant—seemingly quicker than a desktop GUI browser, and every page we visited was rendered correctly."
From the article: There are a bunch of good reasons to browse the internet from the comfort of your terminal. It could be that eschewing the bloat of X.org and Wayland, a terminal is all you have. Maybe you like SSHing into remote machines and browsing the internet from there.

Perhaps you, like us, just really, really like terminals.

Whatever the reason, your choices of web browsers have, until recently, been limited, and your experience of the world wide web has been a janky, barely-functional one.... We tested Carbonyl in a range of Linux terminals, including the XFCE terminal. GNOME terminal, kitty, and the glorious Cool Retro Terminal. Carbonyl was smooth, fast, and flawless in all of them.

We even connected to our Raspberry Pi via SSH in CRT, and ran Carbonyl remotely, watching Taylor Swift music videos on YouTube. No problem.
And yes, you can use it to play DOOM.

Longtime Slashdot reader Dotnaught writes: "Google's Chromium developers have begun work on an experimental web browser for Apple's iOS using the search giant's Blink engine," reports The Register. "That's unexpected because the current version of Chrome for iOS uses Apple's WebKit rendering engine under the hood. Apple requires every iOS browser to use WebKit and its iOS App Store Review Guidelines state, 'Apps that browse the web must use the appropriate WebKit framework and WebKit Javascript.'"

Google insists this is an experiment and isn't intended for release. But the stripped-down, Blink-based browser could be preparation for European competition rules that look like they will require Apple to stop requiring that other browser makers use its WebKit engine. "This is an experimental prototype that we are developing as part of an open source project with the goal to understand certain aspects of performance on iOS," said a Google spokesperson. "It will not be available to users and we'll continue to abide by Apple's policies."

An anonymous reader shares a report: Google and Microsoft don't always take pains to make sure their products work great together -- Google originally declared Microsoft's Chromium-based Edge browser "not supported" by the Google Drive web apps; Microsoft is always trying to make you use Bing -- but it looks like Google's ChromeOS will start working a bit better with the Microsoft 365 service later this year. Google says ChromeOS will add a "new integration" for Microsoft 365, making it easier to install the app and adding built-in support for OneDrive in ChromeOS' native Files app.

This should allow users to search for and access OneDrive files the same way they get to local files, or files stored in their Google Drive account. The integration will be added in "the coming months," and users in ChromeOS' dev and beta channels will be able to access it before it rolls out to all ChromeOS users later this year. ChromeOS users can currently access OneDrive and other Microsoft 365 services through their web interfaces or Android apps installed via the Google Play Store, but they don't integrate with the built-in ChromeOS Files app the way that Google Drive does. This integration will help close that gap for people who, for example, use Google products at home but Microsoft products at work or vice versa.

Google announced today that moving forward they will be allowing Rust code into the Chromium code-base, the open-source project that ultimately served as the basis for their Chrome web browser. Phoronix reports: Google is working to introduce a production Rust toolchain into their build system for Chromium and will be allowing Rust libraries for use within Chrome/Chromium. The timeframe for getting this all together is expected within the next year following a slow ramp. Google is backing Rust for Chromium to allow for simpler and safer code than "complex C++" overall, particularly around avoiding memory safety bugs. In turn using Rust should help speed-up development and improve overall security of the Chrome web browser. Initially they are focused on supporting interop in a single direction from C++ to Rust and for now will only be supporting third-party libraries for their Rust usage.

2022 was the year that Microsoft retired its Internet Explorer web browser (to concentrate on its Chromium-based Microsoft Edge browser).

Yet Ghacks reports that Internet Explorer "is still haunting some from its grave." Some websites and apps use code to determine the user agent. The user agent informs the site about several parameters, including the used web browser (engine) and operating system. When done correctly, it may reveal the used browser and that may then lead to a custom user experience.

When done incorrectly, it may lead to false identification; this is exactly what is happening on some sites currently regarding Internet Explorer user agent sniffing and the Firefox web browser. Some sites identify Firefox as Internet Explorer because of inaccurate user agent sniffing..
Internet Explorer 11's user agent ends by identifying its release version as rv:11.0, the article points out. So when a Firefox user visits a website using Firefox 110 (or any other version up to Firefox 119), "The site in question checks for rv:11 in the user agent [and] Firefox's rv:110 value is identified wrongly as Internet Explorer."

Instead of risking problems with functionality, compatibility, or other display issues for Firefox versions 110 through 119, Mozilla has "decided to freeze part of Firefox's version." Instead of echoing rv:110, rv:111 and so on up to rv:119, Firefox returns rv:109 instead. The end of the user agent string displays the actual version of Firefox still. Mozilla plans to restore the original user agent of Firefox with the release of Firefox 120. The organization plans to release Firefox 120 on November 21, 2023.

In June GitHub announced they'd retire their customizable text editor Atom on December 15th — so they could focus their development efforts on the IDEs Microsoft Visual Studio Code and GitHub Codespaces. "As new cloud-based tools have emerged and evolved over the years, Atom community involvement has declined significantly," according to a post on GitHub's blog.

So while "GitHub and our community have benefited tremendously from those who have filed issues, created extensions, fixed bugs, and built new features on Atom," this now means that:

- Atom package management will stop working
- No more security updates
- Teletype will no longer work
- Deprecated redirects that supported downloading Electron symbols and headers will no longer work
- Pre-built Atom binaries can continue to be downloaded from the atom repository releases

Fortunately, in 2014 GitHub open sourced the code for Atom. And according to It's FOSS News: A community build for it is already available; however, there seems to be a new version (Pulsar) that aims to bring feature parity with the original Atom and introduce modern features and updated architecture....

The reason why they made a separate fork is because of different goals for the projects. Pulsar wants to modernize everything to present a successor to Atom. Of course, the user interface is much of the same. Considering Pulsar hasn't had a stable release yet, the branding could sometimes seem all over the place. However, the essentials seem to be there with the documentation, packages, and features like the ability to install packages from Git repositories....

As of now, it is too soon to say if Pulsar will become something better than what the Atom community version offers. However, it is something that we can keep an eye on.... You can head to its official download page to get the package required for your system and test it out.
Like Atom, Pulsar is cross-platform support (supporting Linux, macOS, and Windows).

Microsoft's Chromium-based Edge browser was an improvement over the initial version of Edge in many ways, including its support for Windows 7 and Windows 8. But the end of the road is coming: Microsoft has announced that Edge will end support for Windows 7 and Windows 8 in mid-January of 2023, shortly after those operating systems stop getting regular security updates. From a report: Support will also end for Microsoft Edge Webview2, which can use Edge's rendering engine to embed webpages in non-Edge apps. The end-of-support date for Edge coincides with the end of security update support for both Windows 7 and Windows 8 on January 10, and the end of Google Chrome support for Windows 7 and 8 in version 110. Because the underlying Chromium engine in both Chrome and Edge is open source, Microsoft could continue supporting Edge in older Windows versions if it wanted, but the company is using both end-of-support dates to justify a clean break for Edge.

An anonymous reader quotes a report from Ars Technica: Following Google's beta rollout of the feature in October, passkeys are now hitting Chrome stable M108. "Passkey" is built on industry standards and backed by all the big platform vendors -- Google, Apple, Microsoft -- along with the FIDO Alliance. Google's latest blog says: "With the latest version of Chrome, we're enabling passkeys on Windows 11, macOS, and Android." The Google Password Manager on Android is ready to sync all your passkeys to the cloud, and if you can meet all the hardware requirements and find a supporting service, you can now sign-in to something with a passkey. [...]

Now that this is actually up and running on Chrome 108 and a supported OS, you should be able to see the passkey screen under the "autofill" section of the Chrome settings (or try pasting chrome://settings/passkeys into the address bar). Next up we'll need more websites and services to actually support using a passkey instead of a password to sign in. Google Account support would be a good first step -- right now you can use a passkey for two-factor authentication with Google, but you can't replace your password yet. Everyone's go-to example of passkeys is the passkeys.io demo site, which we have a walkthrough of here.

Longtime Slashdot reader BenFenner writes: While Chromium recently abandoned the JPEG-XL format (to much discussion on the feature request), it seems the Pale Moon browser quietly became the first to release support for the much-awaited image format. For those unfamiliar with Pale Moon, it is a Goanna-based web browser available for Windows, Linux and Android, focusing on efficiency and ease of use. Pale Moon 31.4.0 also adds support for MacOS 13 "Ventura" and addresses a number of performance- and security-related issues. A full list of the changes/fixes are available in the release notes.

Support for JPEG-XL was confirmed on GitHub.

The Browser Company's Chromium-based Arc browser "isn't perfect, and it takes some getting used to," writes the Verge. "But it's full of big new ideas about how we should interact with the web — and it's right about most of them." Arc wants to be the web's operating system. So it built a bunch of tools that make it easier to control apps and content, turned tabs and bookmarks into something more like an app launcher, and built a few platform-wide apps of its own. The app is much more opinionated and much more complicated than your average browser with its row of same-y tabs at the top of the screen. Another way to think about it is that Arc treats the web the way TikTok treats video: not as a fixed thing for you to consume but as a set of endlessly remixable components for you to pull apart, play with, and use to create something of your own. Want something to look better or have an idea for what to do with it? Go for it.

This is a fun moment in the web browser industry. After more than a decade of total Chrome dominance, users are looking elsewhere for more features, more privacy, and better UI. Vivaldi has some really clever features; SigmaOS is also betting on browsers as operating systems; Brave has smart ideas about privacy; even Edge and Firefox are getting better fast. But Arc is the biggest swing of them all: an attempt to not just improve the browser but reinvent it entirely....

Right now, Arc is only available for the Mac, but the company has said it's also working on Windows and mobile versions, both due next year. It's still in a waitlisted beta and is still very much a beta app, with some basic features missing, other features still in flux, and a few deeply annoying bugs. But Arc's big ideas are the right ones. I don't know if The Browser Company is poised to take on giants and win the next generation of the browser wars, but I'd bet that the future of browsers looks a lot like Arc....

In a way, Arc is more like ChromeOS than Chrome. It tries to expand the browser to become the only app you need because, in a world where all your apps are web apps and all your files are URLs, who really needs more than a browser?
The article describes Arc as a power user tool with vertical sidebar combining bookmarks, tabs, and apps. (And sets of these can apparently be combined into different "spaces".) These are enhanced with a hefty set of keyboard shortcuts (including tab searching), along with built-in media controls for Twitch/Spotify/Google Meet (as well as a picture-in-picture mode).
BR. Arc even has a shareable, collaborative whiteboard app "Easel". And it also offers powerful features like the ability to rewrite how your browser displays any site's CSS. ("I have one that removes the Trending sidebar from Twitter and another that cleans up my Gmail page.")

Following yesterday's article about Google Chrome preparing to deprecate the JPEG-XL image format, a Google engineer has now provided their reasons for dropping this next-generation image format. Phoronix reports: As noted yesterday, a patch is pending for the Google Chrome/Chromium browser to deprecate the still-experimental (behind a feature flag) JPEG-XL image format support from their web browser. The patch marks Chrome 110 and later as deprecating JPEG-XL image support. No reasoning was provided for this deprecation, which is odd considering JPEG-XL is still very young in its lifecycle and has been receiving growing industry interest and support.

Now this evening is a comment from a Google engineer on the Chromium JPEG-XL issue tracker with their expressed reasons: "Thank you everyone for your comments and feedback regarding JPEG XL. We will be removing the JPEG XL code and flag from Chromium for the following reasons:

- Experimental flags and code should not remain indefinitely
- There is not enough interest from the entire ecosystem to continue experimenting with JPEG XL
- The new image format does not bring sufficient incremental benefits over existing formats to warrant enabling it by default
- By removing the flag and the code in M110, it reduces the maintenance burden and allows us to focus on improving existing formats in Chrome"