An anonymous reader writes: An exploit vendor published a price list for the zero-day bugs it's willing to buy. The highest paid bugs are for remote jailbreaks for iOS. Second is Android and Windows Phone. Third there are remote code execution bugs for Chrome, Flash, and Adobe's PDF Reader. This is the same company that just paid $1 million to a hacker for the first iOS9 jailbreak.
An anonymous reader writes: Back in March, Google announced the Chromebit, a small computer crammed into an HDMI stick that runs Chrome OS. The device, built by Asus, has now launched for $85. It weighs 75 grams, runs on a Rockchip ARM processor, and includes a USB port. It has 16GB of storage and 2GB of RAM, and connects via 802.11ac Wi-Fi and Bluetooth 4.0. According to Tech Crunch, the Chromebit is not particularly fast, but it's usable for basic tasks. "As long as the work only involves web apps (or maybe a remote connection to a more fully-featured machine), the Chromebit is up for the job and can turn any screen into a usable desktop."
An anonymous reader writes: Google has announced it is extending Chrome support for Windows XP until April 2016. The company will also end Chrome support for Windows Vista, OS X 10.6 Snow Leopard, OS X 10.7 Lion, and OS X 10.8 Mountain Lion at the same time. This means Google will provide regular Chrome updates and security patches for users on these operating systems for five more months. After that, the browser will still work, but it will be stuck on the last version released in April.
citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."
An anonymous reader writes: According to a report at the Wall Street Journal (paywalled) Google plans to merge its Chrome operating system into Android. Google engineers have already been working on this transition for two years; the company expects to have a functioning preview next year, and a finished product in 2017. "The move is also an attempt by Google to get Android running on as many devices as possible to reach as many people as possible. The operating system runs phones, tablets, watches, TVs and car infotainment systems. Adding laptops could increase Android's user base considerably. That should help Google woo more outside developers who want to write apps once and have them work on as many gadgets as possible, with little modification." This doesn't mean Chrome OS is on its way out. According to public statements from Google execs, it will continue to exist and see active development.
An anonymous reader writes with a report at The Stack that: eFast Browser, a new malicious adware which disguises itself as Google Chrome, has hijacked internet users' systems in an apparent effort to serve its own ads and harvest user activity to sell to third-party advertisers. It is able to mirror the aesthetics of Chrome as it uses the same source code, available across the open-source project Chromium. Once installed, eFast places ads across existing web pages, linking to third-party e-commerce sites or other malicious platforms.
PC World reports that even as Microsoft is pushing voice input on the desktop (in the form of an expanded role for its Cortana digital assistant), Google is responding to user (dis)interest in searching by voice from the desktop, by dropping "OK Google"-based voice commands in the latest iteration of Chrome. This seems too bad to me, so I wish they'd at least leave the voice input as an option; I've only lately been getting comfortable with search by voice on my phone, and though I've found the results to be hit or miss (my phone responds a bit too often to "OK," and seems to stumble even on some common words, spoken clearly), when it works I really like it.
MojoKid writes: The Internet and web browsers are an ever changing congruous mass of standards and design. Browser development is a delicate balance between features, security, compatibility and performance. However, although each browser has its own catchy name, some of them share a common web engine. Regardless, if you are in a business environment that's rolling out Windows 10, and the only browsers you have access to are Microsoft Edge or IE — go with Edge. It's the better browser of the two by far (security not withstanding). If you do have a choice, then there might better options to consider, depending on your use case. The performance differences between browsers currently are less significant than one might think. If you exclude IE, most browsers perform within 10-20% of each other, depending on the test. For web standards compliance like HTML5, Blink browsers (Chrome, Opera and Vivaldi) still have the upper-hand, even beating the rather vocal and former web-standards champion, Mozilla. Edge seems to trail all others in this area even though it's often the fastest in various tests.
An anonymous reader writes: Google today announced it is removing the notification center from Chrome for Windows, Mac, and Linux. The reason the company is giving for the change is simple: "In practice, few users visit the notification center." The notification center in Chrome OS will remain. Google said this change will take effect for Windows, Mac, and Linux users "in the upcoming release." To be clear, this is not in reference to yesterday's Chrome 46 launch — the notification center is still there. We thus expect that the notification center will thus be removed in Chrome 47, which is slated to arrive in about six weeks.
An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.
basscomm writes: Hot on the heels of the formation of the independent board to oversee "acceptable ads", users of the popular Chrome ad blocking extension, AdBlock, got notice that AdBlock is participating in the program, and that acceptable ads are being turned on by default. At the bottom of the announcement, buried in the fine print is word that AdBlock has been sold, but nobody will say to whom.
Two of the products officially unveiled at Google's much-anticipated (at least much-hyped) release announcement were widely and correctly predicted: a pair of new Nexus phones. The flagship is the all-metal Huawei 6P, with a 5.7" AMOLED display (2,560x1,440), 3GB of RAM, and a Snapdragon 810 chip. The Huawei overshadows the nonetheless respectable second offering, the LG-made Nexus 5X, which makes concessions in the form of less RAM (2GB instead of the 6P's 3), smaller battery (2700mAh, instead of 3450) and a lesser Snapdragon chip inside (808, rather than 810). Both phones, though, come with USB-C and with a big upgrade for a line of phones not generally praised for its cameras: a large-pixel 12.3-megapixel Sony camera sensor. Much less predicted: Google announced a new bearer for the Pixel name, after its line of high-end Chromebooks; today's entrant is a tablet, not running Chrome, and it's running Android rather than Chrome OS. The Pixel C tablet will debut sometime later this year; google touts it as "the first Android tablet built end-to-end by Google." Also on the agenda today, news that Android 6 will start hitting Nexus devices next week.
An anonymous reader writes: A newly found bug in Google Chrome for Android means incognito mode really isn't as locked-down as it's designed to be. Some sites you visit while using the privacy feature are still saved, and can be retrieved simply by opening the browser's settings. Google Chrome for Android has had incognito mode since February 2012. Here is Google's official description of the feature: "If you don't want Google Chrome to save a record of what you visit and download, you can browse the web in incognito mode."
We mentioned a few months back Microsoft's beta of a browser-based intrerface to Skype. Now, reports Engadget, Skype will be able to work without a plug-in (as was required for the beta). However, it will work -- at least at first -- only with Microsoft's Edge browser. The latest Windows 10 Insider Preview build comes with Object RTC API. That's the element that allows real-time audio and video communication without the need for any installation not just for Skype for Web and Outlook.com, but also for other WebRTC-compatible services. To note, Chrome, Firefox and Safari all support WebRTC standards, but it's unclear if and when Skype will enable a plug-in-less experience for those browsers, as well.
New submitter jack_babylon writes: On September 14th, Symantec's subsidiary certificate authority Thawte accidentally released a "small number" of " "inappropriately issued" security certificates, apparently intended for internal testing only. However, the fact that these were logged in the wild by Google (and, apparently, DigiCert) seems to indicate that they escaped the lab, at least far enough for a false google.com cert to raise the appropriate red flags. This sounds similar to the recent acts of poor judgement that got CNNIC's certs removed entirely from Firefox and Chrome, if more limited in scope and more quickly addressed (through, among other things, termination of some Symantec employees). (And like all reports one hopes go away quietly, these were released in the dead of a Friday night — h/t BoingBoing for noting this news.)
An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space).