In 2021, YouTube made the controversial decision to hide dislike counts on its platform, citing the aim of protecting creators from harassment. While this removed a valuable metric for viewers, alternatives have emerged, such as the browser extension Return YouTube Dislike and the new site Favoree. The latter is being hailed as "the Rotten Tomatoes of YouTube," where users can rate and review YouTube channels. BGR reports: Earlier this week, one user disappointed with the removal of YouTube's dislike counts took to Reddit to promote their new site Favoree. Rather than simply giving a channel a thumbs up or thumbs down, you can give it a rating out of five stars and even write a review. That way, you can actually see why people like or dislike a given channel.

This is a new site, so only a small handful of YouTube channels are currently represented (much less have many ratings or reviews) [...]. For example, Summoning Salt is a stellar channel a friend turned me on to a few years ago, which features long-form documentary-style videos about the history of speedrunning video games. The channel page on Favoree features a short description, a list of relevant keywords, embedded videos, and several written reviews.

Obviously, this is only going to work if Favoree really picks up steam and thousands of users start writing reviews and submitting new channels. That said, it's an interesting project, and the creator is accepting feedback on Reddit and acting on many of those suggestions rather quickly. It will be interesting to track Favoree to see how it develops.

Researchers from Cisco's Talos security team have uncovered detailed information about Predator, a sophisticated spyware sold to governments worldwide, which can secretly record voice calls, collect data from apps like Signal and WhatsApp, and hide or disable apps on mobile devices. Ars Technica reports: An analysis Talos published on Thursday provides the most detailed look yet at Predator, a piece of advanced spyware that can be used against Android and iOS mobile devices. Predator is developed by Cytrox, a company that Citizen Lab has said is part of an alliance called Intellexa, "a marketing label for a range of mercenary surveillance vendors that emerged in 2019." Other companies belonging to the consortium include Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., and Senpai. Last year, researchers with Google's Threat Analysis Group, which tracks cyberattacks carried out or funded by nation-states, reported that Predator had bundled five separate zero-day exploits in a single package and sold it to various government-backed actors. These buyers went on to use the package in three distinct campaigns. The researchers said Predator worked closely with a component known as Alien, which "lives inside multiple privileged processes and receives commands from Predator." The commands included recording audio, adding digital certificates, and hiding apps. [...]

According to Talos, the backbone of the malware consists of Predator and Alien. Contrary to previous understandings, Alien is more than a mere loader of Predator. Rather, it actively implements the low-level capabilities that Predator needs to surveil its victims. "New analysis from Talos uncovered the inner workings of PREDATOR and the mechanisms it uses to communicate with the other spyware component deployed along with it known as 'ALIEN,'" Thursday's post stated. "Both components work together to bypass traditional security features on the Android operating system. Our findings reveal the extent of the interweaving of capabilities between PREDATOR and ALIEN, providing proof that ALIEN is much more than just a loader for PREDATOR as previously thought to be." In the sample Talos analyzed, Alien took hold of targeted devices by exploiting five vulnerabilities -- CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003, CVE-2021-1048 -- the first four of which affected Google Chrome, and the last Linux and Android. [...] The deep dive will likely help engineers build better defenses to detect the Predator spyware and prevent it from working as designed. Talos researchers were unable to obtain Predator versions developed for iOS devices.

"Google Chrome will now check for typos in your URLs and display suggested websites based on what it thinks you meant," reports the Verge.

From Google's announcement: When you type a website into the Chrome address bar, it will now detect URL typos and suggest websites based on the corrections. This increases accessibility for people with dyslexia, language learners, and anyone who makes typos by making it easier to get to previously visited websites despite spelling errors. This feature is now available on Chrome desktop and will roll out to mobile in the coming months.
It was one of several new and recently launched features Google touted as part of Thursday's Global Accessibility Awareness Day.

Google also announced its Lookout app (which provides audio cues for low-vision users) can now provide descriptions of images on web pages "powered by an advanced visual language model developed by Google DeepMind." And Chrome on Android recently updated its TalkBack screen reader so tab switching now also offers a tab grid with additional features like tab groups, bulk tab actions and reordering.

An anonymous reader shares a report: Google's Privacy Sandbox aims to replace third-party cookies with a more privacy-conscious approach, allowing users to manage their interests and grouping them into cohorts based on similar browsing patterns. That's a major change for the online advertising industry, and after years of talking about it and releasing various experiments, it's about to get real for the online advertising industry. Starting in early 2024, Google plans to migrate 1% of Chrome users to Privacy Sandbox and disable third-party cookies for them, the company announced today. Google's plan to completely deprecate third-party cookies in the second half of 2024 remains on track.

In addition, with the launch of the Chrome 115 release in July, Google is making Privacy Sandbox's relevance and measurement APIs generally available to all Chrome users, making it easy for developers to test these APIs with live traffic. Google doesn't plan to make any significant changes to the API after this release. Deprecating third-party cookies for 1% of Chrome users doesn't sound like it would have a major impact, but as Google's Victor Wong, who leads product for Private Advertising Technology within Privacy Sandbox, told me, it will help developers assess their real-world readiness for the larger changes coming in late 2024. To get ready for this, developers will also be able to simulate their third-party cookie deprecation readiness starting in Q4 2023, when they'll be able to test their solutions by moving a configurable percentage of their users to Privacy Sandbox.

Designers are using Unreal Engine to create virtual renditions of architectural projects that were never fully realized, such as the Hillside Sample Project by Neoscape and Safdie Architects, showcasing Moshe Safdie's original vision for Montreal's Habitat 67 housing complex. The interactive 3D models offer exceptional detail of the structures and highlight the potential of real-time 3D renditions for pitching architectural concepts. Engadget reports: A young Safdie designed Habitat 67 for Montreal's 1967 World's Fair, also known as Expo 67. It was meant to combine the advantages of suburbia (such as gardens and multi-level housing) with the affordability and density of apartments. The affordability didn't pan out, and Safdie ended up producing a smaller-scale version for the fair. Habitat 67 ultimately launched Safdie's career, though, and it's still one of the better-known landmarks in the city.

You have a few options for exploring the complex. You can watch a video if you just want a quick overview, but you can also navigate a 3D space using either Google Chrome or a downloadable app. The interactive models let you either roam freely or have Safdie guide you through the project with narration at key points.

An anonymous reader shared this report from BGR: Last year, Microsoft Edge surpassed Safari as the second most popular desktop browser. Now, new data from Statcounter shows that Apple's browser has finally regained second place.

The full ranking shows that Google Chrome remains the most used browser... It's also interesting to note that after Firefox almost surpassed Safari in February of 2022, the browser is still losing its base to Microsoft Edge and Safari... Even the all-mighty Google Chrome has lost a bit of userbase, as it had 66.64% of users last April and now has 66.13%.
The final rankings (with data from April 2023):

• Google Chrome: 66.13%
• Safari: 11.87%
• Microsoft Edge: 11%
• Firefox: 5.65%
• Opera 3.09%
• Internet Explorer: 0.55%

An anonymous reader shares a report: Microsoft has now started notifying IT admins that it will force Outlook and Teams to ignore the default web browser on Windows and open links in Microsoft Edge instead. Reddit users have posted messages from the Microsoft 365 admin center that reveal how Microsoft is going to roll out this change. "Web links from Azure Active Directory (AAD) accounts and Microsoft (MSA) accounts in the Outlook for Windows app will open in Microsoft Edge in a single view showing the opened link side-by-side with the email it came from," reads a message to IT admins from Microsoft. While this won't affect the default browser setting in Windows, it's yet another part of Microsoft 365 and Windows that totally ignores your default browser choice for links. Microsoft already does this with the Widgets system in Windows 11 and even the search experience, where you'll be forced into Edge if you click a link even if you have another browser set as default. Further reading: Microsoft Broke a Chrome Feature To Promote Its Edge Browser.

Google will remove the familiar lock icon that allows users to check a website's Transport Layer Security status for the connection, citing research that only a few users correctly understood its precise meaning. From a report: The lock icon has been displayed by web browsers since the 1990s, indicating that the connection to web sites is secured and authenticated with encryption. However, Google said its 2021 research showed that only 11 percent of participants in a study correctly understood the meaning of the lock icon. This, Google argued, is not harmless since most phishing sites also use the hyper text transfer protocol secure extension (HTTPS) and also display the lock icon. Ergo, a lock icon is not in actual fact an indicator of a site's security. [...] Starting with Chrome version 117, Google will introduce a new "tune" icon, which does not imply a site is trustworthy, and is more obviously clickable. The "tune" icon is more commonly associated with settings and other control, and Google said a more neutral indicator like that prevents the misunderstanding around site security that the lock icon is causing.

An anonymous reader quotes a report from Gizmodo: Microsoft issued a Windows update that broke a Chrome feature, making it harder to change your default browser and annoying Chrome users with popups, Gizmodo has learned. An April Windows update borked a new button in Chrome -- the most popular browser in the world -- that let you change your default browser with a single click, but the worst was reserved for users on the enterprise version of Windows. For weeks, every time an enterprise user opened Chrome, the Windows default settings page would pop up. There was no way to make it stop unless you uninstalled the operating system update. It forced Google to disable the setting, which had made Chrome more convenient.

This petty chapter of the browser wars started in July 2022 when Google quietly rolled out a new button in Chrome for Windows. It would show up near the top of the screen and let you change your default browser in one click without pulling up your system settings. For eight months, it worked great. Then, in April, Microsoft issued Windows update KB5025221, and things got interesting. "Every time I open Chrome the default app settings of Windows will open. I've tried many ways to resolve this without luck," one IT administrator said on a Microsoft forum. A Reddit user noticed that the settings page also popped up any and every time you clicked on a link, but only if Chrome was your default browser. "It doesn't happen if we change the default browser to Edge," the user said. Others made similar complaints on Google support forums, some saying that entire organizations were having the issue. Users quickly realized the culprit was the operating system update.

For people on the regular consumer version of Windows, things weren't quite as bad; the one-click "Make Default" button just stopped working. Gizmodo was able to replicate the problem. In fact, we were able to circumvent the issue just by changing the name of the Chrome app on a Windows desktop. It seems that Microsoft threw up the roadblock specifically for Chrome, the main competitor to its Edge browser. [...] In response, Google had to disable its one-click default button; the issue stopped after it did. In other words, Microsoft seems to have gone out of its way to break a Chrome feature that made life easier for users. Google confirmed the details of this story, but declined to comment further.

An anonymous reader quotes a report from The Hacker News: Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was first discovered in the wild in December 2019.

The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Google Earth Pro and Google Chrome that are hosted on fake websites. [...] The major distributors of CryptBot, per Google, are suspected to be operating a "worldwide criminal enterprise" based out of Pakistan. Google said it intends to use the court order, granted by a federal judge in the Southern District of New York, to "take down current and future domains that are tied to the distribution of CryptBot," thereby kneecapping the spread of new infections.

Google Chromebooks expire too soon, saddling taxpayer-funded public schools with excessive expenses and inflicting unnecessary environmental damage, according to the US Public Interest Research Group (PIRG) Education Fund. The Register reports: In a report on Tuesday, titled "Chromebook Churn," US PIRG contends that Chromebooks don't last as long as they should, because Google stops providing updates after five to eight years and because device repairability is hindered by the scarcity of spare parts and repair-thwarting designs. This planned obsolescence, the group claims, punishes the public and the world.

"The 31 million Chromebooks sold globally in the first year of the pandemic represent approximately 9 million tons of CO2e emissions," the report says. "Doubling the life of just Chromebooks sold in 2020 could cut emissions equivalent to taking 900,000 cars off the road for a year, more than the number of cars registered in Mississippi." The report says that excluding additional maintenance costs, longer lasting Chromebooks could save taxpayers as much as $1.8 billion dollars in hardware replacement expenses.

The US PIRG said it wants: Google to extend its ChromeOS update policy beyond current device expiration dates; hardware makers to make parts more available so their devices can be repaired; and hardware designs that enable easier part replacement and service. [...] According to US PIRG, making an average laptop releases 580 pounds of carbon dioxide into the atmosphere, amounting to 77 percent of the total carbon impact of the device during its lifetime. Thus, the 31 million Chromebooks sold during the first year of the pandemic represent about 8.9 million tons of CO2e emissions. "We think that Google should extend the automatic update expiration to 10 years after launch date," said Lucas Gutterman, who leads US PIRG's Designed to Last campaign. "There's just no reason why we should be throwing away a computer that still is otherwise functional just because it passes a certain date."

"We're asking Google to use their leadership among the OEMs to design the devices to last, to make some of the changes that we list, to have them be more easily repairable by actually producing spare parts that folks can buy at reasonable prices," he added. "And to design with modularity and repair in mind, so that you can, for example, use the plastic bezel on one Chromebook on the next version, rather than having to buy a whole new set of spare parts just because a clip has changed."

Alphabet's Google on Tuesday convinced a U.S. appeals court to cancel three anti-malware patents at the heart of a Texas jury's $20 million infringement verdict against the company. Reuters reports: The U.S. Court of Appeals for the Federal Circuit said (PDF) that Alfonso Cioffi and Allen Rozman's patents were invalid because they contained inventions that were not included in an earlier version of the patent. Cioffi and the late Rozman's daughters sued Google in East Texas federal court in 2013, alleging anti-malware functions in Google's Chrome web browser infringed their patents for technology that prevents malware from accessing critical files on a computer.

A jury decided in 2017 that Google infringed the patents and awarded the plaintiffs $20 million plus ongoing royalties, which their attorney said at the time were expected to total about $7 million per year for the next nine years. But the Federal Circuit said Tuesday that all of the patents were invalid. The three patents were reissued from an earlier anti-malware patent, and federal law required the new patents to cover the same invention as the first, the unanimous three-judge panel concluded. The appeals court said the new patents outlined technology specific to web browsers that the first patent did not mention.

Bleeping Computer warned this week about compromised web sites "that display fake Google Chrome automatic update errors that distribute malware to unaware visitors." The campaign has been underway since November 2022, and according to NTT's security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores...

If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. "An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update," reads the fake Chrome error message. The scripts will then automatically download a ZIP file called 'release.zip' that is disguised as a Chrome update the user should install.

However, this ZIP file contains a Monero miner that will utilize the device's CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:\Program Files\Google\Chrome as "updater.exe" and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the "BYOVD" (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.

The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.

"Earlier this week, Google released an emergency security update for the Chrome browser due to a vulnerability that is being actively exploited in the wild," reports Hot Hardware: On Friday, Google highlighted CVE-2023-2033, reported by Clément Lecigne of Google's own Threat Analysis Group (TAG). This vulnerability is a 'type confusion' bug in the JavaScript engine for Chromium browsers useing the V8 Javascript engine. In short, type confusion is a bug that allows memory to be accessed with the wrong type, allowing for the reading or writing of memory out of bounds. The CVE page says that an attacker could create an HTML page that allows the exploitation of heap corruption.

While there is no Common Vulnerability Scoring System (CVSS) score attached to the vulnerability yet, Google is tracking this as a "high" severity issue. This is likely due in part to the fact that "Google is aware that an exploit for CVE-2023-2033 exists in the wild."
The article notes that Chrome updates are generally done automatically, but you can also check for updates by clicking Chrome's three-dots menu in the top-right corner, then "Help" and "About Chrome."

"The fact remains that Google Chrome is the arbiter of web standards," argues FSF campaigns manager Greg Farough (while adding that Firefox, "through ethical distributions like GNU IceCat and Abrowser, can weaken that stranglehold.")

"Google's deprecation of the JPEG-XL image format in February in favor of its own patented AVIF format might not end the web in the grand scheme of things, but it does highlight, once again, the disturbing amount of control it has over the platform generally." Part of Google's official rationale for the deprecation is the following line: "There is not enough interest from the entire ecosystem to continue experimenting with JPEG-XL." Putting aside the problematic aspects of the term "ecosystem," let us remark that it's easy to gauge the response of the "entire ecosystem" when you yourself are by far the largest and most dangerous predator in said "ecosystem." In relation to Google's overwhelming power, the average web user might as well be a microbe. In supposedly gauging what the "ecosystem" wants, all Google is really doing is asking itself what Google wants...

While we can't link to Google's issue tracker directly because of another freedom issue — its use of nonfree JavaScript — we're told that the issue regarding JPEG-XL's removal is the second-most "starred" issue in the history of the Chromium project, the nominally free basis for the Google Chrome browser. Chromium users came out of the woodwork to plead with Google not to make this decision. It made it anyway, not bothering to respond to users' concerns. We're not sure what metric it's using to gauge the interest of the "entire ecosystem," but it seems users have given JPEG-XL a strong show of support. In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format.

As the response to JPEG-XL's deprecation has shown, our rallying together and telling Google we want something isn't liable to get it to change its mind. It will keep on wanting what it wants: control; we'll keep on wanting what we want: freedom.

Only, the situation isn't hopeless. At the present moment, not even Google can stop us from creating the web communities that we want to see: pages that don't run huge chunks of malicious, nonfree code on our computers. We have the power to choose what we run or do not run in our browsers. Browsers like GNU IceCat (and extensions like LibreJS and JShelter> ) help with that. Google also can't prevent us from exploring networks beyond the web like Gemini. What our community can do is rally support behind those free browsers that choose to support JPEG-XL and similar formats, letting the big G know that even if we're smaller than it, we won't be bossed around.

An anonymous reader shares a report: Firefox has a reputation of being something of a resource hog, even among modern browsers. But it might not be entirely earned, because it looks like a CPU bug affecting Firefox users on Windows was actually the fault of Windows Defender. The latest update to the ubiquitous security tool addresses the issue, and should result in measurably lower CPU usage for the Windows version of Firefox. According to Mozilla senior software engineer Yannis Juglaret, the culprit was MsMpEng.exe, which you might recognize from your Task Manager. It handles the Real-Time protection feature that monitors web activity for malicious threats.

The bug was causing Firefox to call on the service much more frequently than comparable browsers like Chrome or Edge, resulting in notable CPU spikes. Said CPU spikes could reduce performance in other applications or affect a laptop's battery life. The issue was first reported on Mozilla's bug tracker system way back in 2018 and quickly assigned to the MsMpEng service, but some more recent and diligent documentation on the part of Juglaret resulted in more swift action from Microsoft's developers.

While Chrome 112 just shipped this week and Chrome 113 only in beta, there is already a big reason to look forward to that next Chrome web browser release: Google is finally ready to ship WebGPU support. From a report: WebGPU provides the next-generation high performance 3D graphics API for the web. With next month's Chrome 113 stable release, the plan is to have WebGPU available out-of-the-box for this new web graphics API. Though in that version Google is limiting it to ChromeOS, macOS, and Windows... Yes, Google says other platforms like Linux will see their roll-out later in the year. The WebGPU API is more akin to Direct3D 12, Vulkan, and Metal compared with the existing WebGL being derived from OpenGL (ES). From Google's blog post: WebGPU is a new API for the web, which exposes modern hardware capabilities and allows rendering and computation operations on a GPU, similar to Direct3D 12, Metal, and Vulkan. Unlike the WebGL family of APIs, WebGPU offers access to more advanced GPU features and provides first-class support for general computations on the GPU. The API is designed with the web platform in mind, featuring an idiomatic JavaScript API, integration with promises, support for importing videos, and a polished developer experience with great error messages.

This initial release of WebGPU serves as a building block for future updates and enhancements. The API will offer more advanced graphics features, and developers are encouraged to send requests for additional features. The Chrome team also plans to provide deeper access to shader cores for even more machine learning optimizations and additional ergonomics in WGSL, the WebGPU Shading Language.

Google today promoted the Chrome 112 web browser to their stable channel on all supported platforms. Phoronix reports: Starting as an origin trial with Chrome 112 is WebAssembly (WASM) Garbage Collection support. Yes, garbage collection to allow for efficient support for high-level managed languages with WebAssembly. This trial support allows for compilers targeting WASM to integrate with a garbage collector in the host VM. Also on the WebAssembly front with today's Chrome browser update is making WebAssembly tail call support available out of the box. This adds explicit tail call and indirect tail call opcodes. This support is useful for correct/efficient implementations of languages that require tail call elimination, compilation of control constructs that can be implemented with it, and other computations being expressed as WASM functions.

Meanwhile by default in Chrome 112 is now CSS nesting support as the ability to nest CSS style rules inside other style rules for increasing modularity and maintainability of style sheets. Chrome 112 also adds support for the CSS animation-composition property. Behind a developer flag is also the background-blur feature that allows using a native platform's API for camera background segmentation. This is intended for use with web-based video conferencing applications running within the web browser to make use of native platform APIs. A full list of changes is available on the Chrome Releases blog.

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. BleepingComputer reports: eFile.com was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called 'popper.js'. The development comes at a crucial time when U.S. taxpayers are wrapping up their IRS tax returns before the April 18th due date. BleepingComputer can confirm, the malicious JavaScript file 'popper.js' was being loaded by almost every page of eFile.com, at least up until April 1st. As of today, the file is no longer seen serving the malicious code.

On March 17th, a Reddit thread surfaced where multiple eFile.com users suspected the website was "hijacked." At the time, the website showed an SSL error message that, some suspected, was fake and indicative of a hack. Turns out that's indeed the case. [...] The malicious JavaScript file 'update.js', further attempts to prompt users to download next stage payload, depending on whether they are using Chrome [update.exe - VirusTotal] or Firefox [installer.exe - VirusTotal]. Antivirus products have already started flagging these executables as trojans.

BleepingComputer has independently confirmed these binaries establish a connection to a Tokyo-based IP address, 47.245.6.91, that appears to be hosted with Alibaba. The same IP also hosts the illicit domain, infoamanewonliag[.]online associated with this incident. Security research group, MalwareHunterTeam further analyzed these binaries, and stated that these contain Windows botnets written in PHP -- a fact that the research group mocked. Additionally, the group called out eFile.com for leaving the malicious code on its website for weeks: "So, the website of [efile.com]... got compromised at least around middle of March & still not cleaned," writes MalwareHunterTeam.

Valve announced today that Steam will require Windows 10 or later on January 1, 2024. The reason? Google Chrome. PC Gamer reports: "The newest features in Steam rely on an embedded version of Google Chrome, which no longer functions on older versions of Windows," Valve's typically curt announcement reads. "In addition, future versions of Steam will require Windows feature and security updates only present in Windows 10 and above." January 1, 2024 is the day of doom for Steam on the old Windows versions. "After that date, the Steam Client will no longer run on those versions of Windows. In order to continue running Steam and any games or other products purchased through Steam, users will need to update to a more recent version of Windows."