×
Hardware

Samsung Unveils Chromebook Plus V2 (betanews.com) 74

Brian Fagioli, writing for BetaNews: Samsung announces its latest such laptop -- the premium, yet affordable, Chromebook Plus (V2). This is a refresh of the first-gen "Plus" model. It can run Android apps and doubles as a convertible tablet, making it very versatile. Best of all, you won't have to wait long to get it -- it will go on sale very soon. "The Samsung Chromebook Plus (V2) puts productivity and entertainment at consumers' fingertips and at the tip of the built-in pen. At 2.91 pounds, its thin design makes it easy to slip into a bag and carry all day -- or use throughout the day with its extended battery life. Flipping its 12.2-inch FHD 1920x1080 resolution screen transforms it from notebook to tablet to sketchbook -- and back -- with two cameras for making it easier to stay connected with friends and sharing with the world. Plus, Chrome OS helps users get more done by providing access to millions of Android apps on Google Play," says Samsung. The Chromebook Plus, powered by Intel Celeron Processor 3965Y and 4GB of RAM, goes on sale later this month at $499.
KDE

KDE Plasma 5.13 Released (kde.org) 95

jrepin writes: KDE unveils the final release of Plasma 5.13, the free and open-source desktop environment. Members of the Plasma team have focused on optimizing startup and minimizing memory usage. Plasma Browser Integration is a suite of new features which make Firefox, Chrome and Chromium-based browsers work with your desktop. For example, downloads are now displayed in the Plasma notification popup, and the Media Controls Plasmoid can mute and skip videos and music playing from within the browser. Browser tabs can be opened directly using KRunner via the Alt-Space keyboard shortcut. System Settings design has been improved further. Window manager gained much-improved effects for blur and desktop switching. Wayland work continued, with the return of window rules, and initial support for screencasts and desktop sharing. You can view the changelog here.
Chrome

Google Disables Inline Installation For Chrome Extensions (venturebeat.com) 100

An anonymous reader writes: Google today announced that Chrome will no longer support inline installation of extensions. New extensions lose inline installation starting today, existing extensions will lose the ability in three months, and in early December the inline install API will be removed from the browser with the release of Chrome 71. Critics have pointed out such moves make the Chrome Web Store a walled garden, while Google insists pushing users to the store ultimately protects them.
The Internet

CSS Is Now So Overpowered It Can Deanonymize Facebook Users (bleepingcomputer.com) 92

An anonymous reader writes: Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. Information leaked via this attack could aid some advertisers linking IP addresses or advertising profiles to real-life persons, posing a serious threat to a user's online privacy. The leak isn't specific to Facebook but affects all sites which allow their content to be embedded on other web pages via iframes.

The actual vulnerability resides in the browser implementation of a CSS feature named "mix-blend-mode," added in 2016 in the CSS3 web standard. Security researchers have proven that by overlaying multiple layers of 1x1px-sized DIV layers on top of iframes, each layer with a different blend mode, they could determine what's displayed inside it and recover the data, to which parent websites cannot regularly access. This attack works in Chrome and Firefox, but has been fixed in recent versions.

Firefox

'Why I'm Switching From Chrome To Firefox and You Should Too' (fastcodesign.com) 337

An anonymous reader quotes an associate technology editor at Fast Company's Co.Design: While the amount of data about me may not have caused harm in my life yet -- as far as I know -- I don't want to be the victim of monopolistic internet oligarchs as they continue to cash in on surveillance-based business models. What's a concerned citizen of the internet to do? Here's one no-brainer: Stop using Chrome and switch to Firefox... [W]hy should I continue to use the company's browser, which acts as literally the window through which I experience much of the internet, when its incentives -- to learn a lot about me so it can sell advertisements -- don't align with mine....?

Unlike Chrome, Firefox is run by Mozilla, a nonprofit organization that advocates for a "healthy" internet. Its mission is to help build an internet in an open-source manner that's accessible to everyone -- and where privacy and security are built in. Contrast that to Chrome's privacy policy, which states that it stores your browsing data locally unless you are signed in to your Google account, which enables the browser to send that information back to Google. The policy also states that Chrome allows third-party websites to access your IP address and any information that site has tracked using cookies. If you care about privacy at all, you should ditch the browser that supports a company using data to sell advertisements and enabling other companies to track your online movements for one that does not use your data at all.... Firefox protects you from being tracked by advertising networks across websites, which has the lovely side effect of making sites load faster...

Ultimately, Firefox's designers have the leeway to make these privacy-first decisions because Mozilla's motivations are fundamentally different from Google's. Mozilla is a nonprofit with a mission, and Google is a for-profit corporation with an advertising-based business model.. While Firefox and Chrome ultimately perform the same service, the browsers' developers approached their design in a radically different way because one organization has to serve a bottom line, and the other doesn't.

The article points out that ironically, Mozilla supports its developers partly with revenue from Google, which (along with other search engines) pays to be listed as one of the search engines available in Firefox's search bar.

"But because it relies on these agreements rather than gathering user data so it can sell advertisements, the Mozilla Corporation has a fundamentally different business model than Google."
Google

Google Quits Selling Tablets (techcrunch.com) 143

Google has quietly crept out of the tablet business, removing the "tablets" heading from its Android page. It was there yesterday, but it's gone today. TechCrunch reports: Google in particular has struggled to make Android a convincing alternative to iOS in the tablet realm, and with this move has clearly indicated its preference for the Chrome OS side of things, where it has inherited the questionable (but lucrative) legacy of netbooks. They've also been working on broadening Android compatibility with that OS. So it shouldn't come as much surprise that the company is bowing out.

Sales have dropped considerably, since few people see any reason to upgrade a device that was originally sold for its simplicity and ease of use, not its specs. Google's exit doesn't mean Android tablets are done for, of course. They'll still get made, primarily by Samsung, Amazon and a couple of others, and there will probably even be some nice ones. But if Google isn't selling them, it probably isn't prioritizing them as far as features and support.
Android Police was first to break the news.
Chrome

Google Chrome 67 Released for Windows, Mac, and Linux (bleepingcomputer.com) 85

An anonymous reader shares a report: Google released earlier today Chrome 67, the latest stable release of its web browser. According to changelogs released with Chrome 67, this version adds support for a Generic Sensors API, improves AR and VR experiences, and deprecates the HTTP-Based Public Key Pinning (HPKP) security feature. Probably the biggest change in Chrome 67 is the addition of the Generic Sensors API. As the name implies, this is an API that exposes data from device sensors to public websites. The new API is based on the Generic Sensor W3C standard. This API is meant primarily for mobile use, and in its current version, websites can use Chrome's Generic Sensors API to access data from a device's accelerometer, gyroscope, orientation and motion sensors. Another API that shipped with Chrome is the WebXR Device API. Developers can use this API to build virtual and augmented reality experiences on Chrome for mobile-based VR headsets like Google Daydream View and Samsung Gear VR, as well as desktop-hosted headsets like Oculus Rift, HTC Vive, and Windows Mixed Reality Headsets.
Piracy

Google's Chrome Web Store Spammed With Dodgy 'Pirate' Movie Links (torrentfreak.com) 32

Unknown third parties appear to be exploiting the Chrome Store's 'theme' section to offer visitors access to a wide range of pirate movies including "Black Panther", "Avengers: Infinity War" and "Rampage." From a report: When clicking through to the page offering Ready Player One, for example, users are presented with a theme that apparently allows them to watch the movie online in "Full HD Online 4k." Of course, the whole scheme is a dubious scam which eventually leads users to Vioos dot co, a platform that tries very hard to give the impression of being a pirate streaming portal but actually provides nothing of use. In fact, as soon as one clicks the play button on movies appearing on Vioos dot co, visitors are re-directed to another site called Zumastar which asks people to "create a free account" to "access unlimited downloads and streaming." Google services have a history of being exploited.
Chrome

Edge Beats Chrome in Battery Test, Says Microsoft (zdnet.com) 102

The latest installment of Microsoft's browser battery challenge shows once again that Edge consumes less energy than Chrome and Firefox. From a report: With the Windows 10 April 2018 Update rolling out across the globe, Microsoft thinks it's once again time to square Edge up against Chrome and Firefox in a new battery-life test. Microsoft's browser experiment shows a time-lapse of "three identical devices, three different browsers, streaming one video." Firefox, Edge, and Chrome play what appears to be a Netflix video on three Surface Books. As usual, the Edge device lasts the longest, depleting the battery after 14 hours and 20 minutes. The Chrome device lasted 12 hours and 32 minutes, while the Firefox laptop ran out of steam after just seven hours and 15 minutes.
Security

Google and Microsoft Disclose New CPU Flaw, and the Fix Can Slow Machines Down (theverge.com) 83

An anonymous reader quotes a report from The Verge: Microsoft and Google are jointly disclosing a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says "these mitigations are also applicable to variant 4 and available for consumers to use today." However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won't see negative performance impacts.

"If enabled, we've observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems," explains Leslie Culbertson, Intel's security chief. As a result, end users (and particularly system administrators) will have to pick between security or optimal performance. The choice, like previous variants of Spectre, will come down to individual systems and servers, and the fact that this new variant appears to be less of a risk than the CPU flaws that were discovered earlier this year.

Software

Popular 'Gboard' Keyboard App Has Had a Broken Spell Checker For Months 54

The popular Gboard keyboard app for iOS and Android devices has a fundamental flaw. According Reddit user SurroundedByMachines, the red underline has stopped appearing for incorrectly spelled words since November of last year -- and it doesn't appear to be limited to any one device. Issues with the spell checker have been reported on multiple devices across Android and iOS. A simple Google search brings up several different threads where people have reported issues with the feature.

What's more is that nobody at Google seems to get the memo. The Reddit user who first brought this to our attention filed several bug reports, left a review, and joined the beta channel to leave feedback there, yet no response was given. "Many people have been having the issue, and it's even been escalated to the community manager," writes SurroundedByMachines. Since the app has over 500 million downloads on the Play Store alone, this issue could be frustrating a lot of users, especially those who use their phones to send work emails or write documents. Have you noticed Gboard's broken spell checker on your device? If so, you may want to look into another third-party keyboard, such as SwiftKey or Cheetah Keyboard.
Chrome

Google Chrome To Remove 'Secure' Indicator From HTTPS Pages in September (bleepingcomputer.com) 102

Google announced Thursday it plans to drop the "Secure" indicator from the Chrome URL address bar -- starting with Chrome v68, set for release in July -- and only show a lock icon when the user is navigating to an HTTPS-secured website. From a report: The move is scheduled to take effect with the release of Chrome 69, scheduled for September, this year. Emily Schechter, Product Manager for Chrome Security, said the company is now comfortable making this move as a large chunk of Chrome's traffic is now via HTTPS. Since most traffic is HTTPS anyway, it's not necessary to draw the user's attention to the "Secure" indicator anymore.
Google

Google Fixes Issue That Broke Millions of Web-Based Games in Chrome (bleepingcomputer.com) 37

Google this week rolled out an update to Chrome to patch a bug that had rendered millions of web-based games useless. From a report: The bug was introduced in mid-April when Google launched Chrome 66. One of this release's features was its ability to block web pages with auto-playing audio. [...] Not all games were affected the same. For some HTML5 games, users could re-enable audio by interacting with the game's canvas via a click-to-play interaction. Unfortunately, older games and those that weren't coded with such policy remained irrevocably broken, no matter what Chrome options users tried to modify in their settings sections. [...] With today's release of Chrome for Desktop v66.0.3359.181, Google has now fixed this issue, but only temporarily. John Pallett, a product manager at Google, admitted that Google "didn't do a good job of communicating the impact of the new autoplay policy to developers using the Web Audio API." He said, for this reason, the current version of Chrome, v66, will no longer automatically mute Web Audio objects.
Youtube

YouTube Might Finally Get An Incognito Mode (androidpolice.com) 61

Currently, you can head to the "History and Privacy" settings in YouTube and toggle on the options to pause watch and search history if you don't want the site to track your searches and watched videos, but that can be a bit complicated each time you want to search for something weird. According to Android Police, "YouTube will make it a little easier to go into incognito without digging into many settings and without having to disable it later." A new "Incognito Mode" will appear when you tap your account avatar in the top right of the app. From the report: With "Incognito Mode" on, all your activity from the current session is not saved and subscriptions are hidden too. It's as if you were signed out without being so, and there's a neat incognito icon replacing your avatar. If you turn off Incognito or become inactive on YouTube, you'll be back to using your own account.
The Internet

Chrome Tests Picture-in-Picture API To Show Floating Video Popups Outside the Browser (bleepingcomputer.com) 150

Browser makers are working on a new W3C API that will standardize Picture-in-Picture (PiP) mode and allow websites to show a floating video popup outside the browser window itself. From a report: In the past, picture-in-picture has only been supported inside a web page's canvas as a floating window that only appeared inside the current website, as the user scrolled up and down the page. Some platforms added support for a picture-in-picture mode, but those were OS-specific APIs that worked with all sorts of video apps, not just browsers. Now, the Web Platform Incubator Community Group (WICG) at the World Wide Web Consortium (W3C), has released details about a browser-specific API for standardizing picture-in-picture interactions that allow websites to open an external "floating video" popup outside the browser window itself. [...] Chrome and Safari have already shipped out the new Picture-in-Picture API.
Chrome

Malicious Chrome Extensions Infect Over 100,000 Users Again (arstechnica.com) 39

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

Chrome

In Blocking Autoplay Videos, Chrome Is Breaking Many Web-Based Games (arstechnica.com) 77

An anonymous reader quotes a report from Ars Technica: An update Google rolled out for its popular Chrome browser this weekend helps prevent those annoying auto-playing video ads on many websites from disturbing your day with unwanted sound as well. But that update is causing consternation for many Web-based game developers who are finding that the change completely breaks the audio in their online work. The technical details behind the problem involve the way Chrome handles WebAudio objects, which are now automatically paused when a webpage starts up, stymying auto-playing ads. To get around this, Web-based games now have to actively restart that pre-loaded audio object when the player makes an action to start the game, even if that audio wasn't autoplaying beforehand. "The standard doesn't require you to do this, so no one would have thought to do this before today," developer Andi McClure told Ars Technica. "With Chrome's new autoplay policies, developers shouldn't assume that audio can be played before a user gesture," Google told The Daily Dot in a statement. "With gaming in Chrome, this may affect Web Audio. We have shared details on what developers can do to address this, and the design for the policy was published last year."
Chrome

You Can Now Run Linux Apps On Chrome OS (venturebeat.com) 106

Google today announced Chrome OS is getting Linux support. "As a result, Chromebooks will soon be able to run Linux apps and execute Linux commands," reports VentureBeat. "A preview of Linux on the Pixelbook will be released first, with support for more devices coming soon." From the report: "Just go to wherever you normally get those apps, whether it's on the websites or through apt-get in the Linux terminal, and seamless get those apps like any other Linux distribution," Chrome OS director of product management Kan Liu told VentureBeat.

Support for Linux apps means developers will finally be able to use a Google device to develop for Google's platforms, rather than having to depend on Windows, Mac, or Linux machines. And because Chrome OS doesn't just run Chrome OS-specific apps anymore, developers will be able to create, test, and run any Android or web app for phones, tablets, and laptops all on their Chromebooks. Without having to switch devices, you can run your favorite IDE -- as long as there is a Debian Linux version (for the curious, Google is specifically using Debian Stretch here -- code in your favorite language and launch projects to Google Cloud with the command line.

Chrome

Google Says Chrome Blocks 'About Half' of Unwanted Autoplays (venturebeat.com) 102

When Google released Chrome 66 just over two weeks ago, it received lots of attention and praise for introducing the ability to mute autoplaying videos with sound until you press play. Today, Chrome product manager John Pallett revealed that "the new policy blocks about half of unwanted autoplays." VentureBeat reports: Pallett also shared that "a significant number" of autoplays are paused, muted, or have their tab closed within six seconds by Chrome users. He didn't say how many exactly, as the number varies significantly from site to site. But that shouldn't surprise anyone, given how much work Google put into this latest feature. Chrome decides which autoplaying content to stop in its tracks by learning your preferences and ranking each website according to your past behavior. If you don't have browsing history with a site, Chrome allows autoplay for over 1,000 sites where Google says the highest percentage of visitors play media with sound (sites where media is the main point of visiting the site). As you browse the web, Chrome updates that list by enabling autoplay on sites where you play media with sound during most of your visits, and disables it on sites where you don't.
Chrome

Google Chrome is Freezing Intermittently With the Windows 10 April 2018 Update, Users Say (neowin.net) 183

Several users who have updated their computers to Windows 10 April 2018 Update are reporting that Chrome is freezing their machines. From a report: I have now used the April 2018 Update for nearly 24 hours and the same problem has presented itself no less than five times. For a machine - which was working perfectly prior to the update - with a Core i7 CPU, 16GB of RAM, and a 512GB SSD, I naturally resorted to Reddit and Microsoft forum threads to see if others were experiencing the issue. It appears that several users on Reddit (spotted by Softpedia) with machines sporting varying configurations are experiencing the problem as well, and the only fix to it is the one I found too; that is, putting the laptop to sleep using the power button or closing the lid.

Slashdot Top Deals