Items tagged with browsers
Microsoft Explains Why Chromium Edge Browser Was Crashing With Google Set As Default Search Provider
Something weird and seemingly fishy was going on with Microsoft's retooled Edge browser, whereby changing the default search engine from Bing to Google was causing it to crash. Was that by nefarious design? The answer is no, even if some people will never believe it. Instead, the culprit turned out to be a change in Google's search service, and not a tweak to Edge. The suspicious issue manifested around a week ago, when Edge users noticed that typing in the browser's address bar would cause it to crash, though only if Google was set as the default search option. At the time, Microsoft offered up a temporary workaround while it investigated the cause, and worked out a fix, which is now available....
Read more...
As far as Mozilla is concerned, its Firefox browser is becoming more secure by being the only one to enable encrypted DNS over HTTPS (DoH) by default for users in the United States. The gradual rollout has already begun and will continue over the new few weeks, so long as no major issues rear their ugly heads. "Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your...
Read more...
Starting next month, Google will tighten the controls on its Chrome browser by limiting cross-site tracking, and within the next two years, it plans on eliminating third-party cookies from the equation. These and other steps are part of a larger initiative Google is calling "Privacy Sandbox," which entails open standards to enhance user privacy when surfing the web. "Our goal for this open source initiative is to make the web more private and secure for users, while also supporting publishers," Google said. On the surface, getting rid of third-party cookies may seem to go against the latter part of that statement, but Google believes there is a better way of satisfying both users and publishers....
Read more...
Mozilla is pushing out an incremental update to its Firefox browser to mitigate a critical security vulnerability. If left unpatched, the zero day threat could allow an attacker to gain full control of PC. Indeed, Mozilla is aware of malicious actors leveraging the flaw in the wild, so if you use Firefox, it is in your best interest to update right away. "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw," Mozilla stated in a security document. A type confusion attack consists of accessing data in memory that is supposed be out of bounds. This could lead to a crash, or...
Read more...
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all). The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition... Microsoft Edge (old version, not Chromium):...
Read more...
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely....
Read more...
Google is putting the final touches on a handful of new features headed to its Chrome browser, and today we get a glimpse of a few of them. For power surfers, the most interesting changes are those that apply to tab management. This is going to be more convenient on both desktop and mobile, with iOS users already having access to a tab grid layout. That same feature will arrive on Android sometime in the "next few weeks." Here is what it looks like on an iPhone running iOS 13 (with the new dark mode in IOS enabled)... You can rearrange tabs, but when it rolls out on Android, users will be able to group them as well. They can do this simply by tapping and dragging a tabbed page onto another within...
Read more...
Google has begun rolling out a new version of its popular Chrome browser for all available platforms, including Windows, Linux, Mac on the desktop, and Android and iOS on mobile. The new Chrome 76 update brings with it some nifty changes. Chief among them is a tougher stance against Adobe's troublesome Flash plugin—it is now blocked by default. Flash is essentially a dead platform and browser plugin walking. Around this time in 2017, Adobe announced that it was putting Flash on life support until 2020, at which point it plans on pulling the plug. The web at large has moved on to HTML5. However, there are still sites and services that use Flash. As such, Google still gives users the option...
Read more...
Not all browser extensions are used for good. It was recently discovered that several Chrome and Firefox browser extensions were stealing data from individual users and corporations. The data included everything from passwords to genetic information. Sam Jadali of securitywithsam.com revealed that the following browser extensions were leaking data: Chrome Extensions Branded Surveys HoverZoom Panel Community Surveys PanelMeasurement SpeakIt! Firefox Extensions SaveFrom.net Helper Chrome and Firefox Extensions FairShare Unlock SuperZoom The extensions affected macOS, Windows, Chrome OS, and Ubuntu operating systems and Chromium-based browsers like Opera and Yandex. The collected...
Read more...
Google is testing an new media control button in its Chrome browser that, when enabled, would allow users to pause and resume playing videos in tabs. As shown in the image above, the button appears in the upper-right side of the browser, next to the URL bar, and is accessible even for videos that are playing in background tabs. The feature is called Global Media Controls (GMC) and is available to test in the Canary build. You can install the Canary version of Chrome without overwriting your main Chrome installation (if you use that browser), as they can coexist without interrupting each other—it is like having a totally separate browser installed. As currently implemented, the play/pause...
Read more...
It is common knowledge that websites like to track your activity through cookies, but might we be giving up a bit too much privacy when surfing the web? The answer may depend on the specific browser you are using. In a recent examination of Google Chrome, a tech expert said he uncovered some startling differences in how Chrome and Mozilla's Firefox browsers treat user privacy. Geoffrey A. Fowler is a technology journalist for The Washington Post. It was there that he posted an opinion piece on why he feels that "Chrome has become surveillance software," and why he made the switch to Firefox. The article sits behind a paywall, but has been reprinted at a few other places (hit the link in the Via...
Read more...
You may have only recently updated your Firefox browser to build 67.0, but guess what? You should mash the update button once gain. The latest version, build 67.0.3, contains a fix for a major security vulnerability that is being actively exploited in the wild, according to Mozilla. Leaving Firefox unpatched is not a good idea. Listed as "CVE-2019-11707: Type confusion in Array.pop," Mozilla considers the vulnerability to be a critical one. It was discovered by a member of Google's Project Zero team and Coinbase Security, and promptly addressed with an update. "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable...
Read more...
Have you updated your web browser lately? If the answer is "no" and you are running Firefox (or Firefox Quantum, as Mozilla calls it these days), there is a new build available, version 67.0. This is a finalized release and not a beta build, and it brings with it improved performance and some new features, including a cryptocurrency mining blocker. The latter would have been more useful when cryptocurrency mining was booming, but hey, better late than never, right? To Mozilla's credit, the crypto-market is highly volatile, and who knows if we will see another surge in interest. If so, it's nice to know that the latest version of Firefox offers some level of protection against unwittingly mining...
Read more...
Mozilla this week offered an apology to Firefox users over for temporarily breaking add-ons last weekend, and then issuing a temporary fix that collected telemetry data. Simply put, Mozilla admits it "failed" its users. That said, the company says it has a permanent fix in place, and promises to delete usage data that was collected. "An error on our part prevented new add-ons from being installed, and stopped existing add-ons from working. Now that we’ve been able to restore this functionality for the majority of Firefox users, we want to explain a bit about what happened and tell you what comes next," Mozilla stated in a blog post. Mozilla went on to explain that it wanted to push out...
Read more...
I used to think that a toaster would be the final frontier for RGB lighting, but apparently Razer has that covered, or at least it is planning to. So what else does that leave? I'm not sure, maybe washing machines and dryers are on the radar. In the meantime, companies are coming up with new ways of leveraging RGB lights, with Vivaldi baking in support for Razer's Chroma lighting into the latest version of its web browser. In case you've never heard of it, Vivaldi is a cross-platform browser developed by a company founded by Opera Software co-founder Jon Stephenson von Tetzchner and Tatsuki Tomita. The idea was to re-introduce a bunch of features that had been axed during Opera's transition to...
Read more...
In an ongoing effort to stay one step ahead of the bad guys (or at least keep pace with them), Google has decided to block sign-ins from embedded browser frameworks, such as the Chromium Embedded Framework (CEF). The new policy will go into effect in June, so developers have a couple of months to adjust. This is intended as yet another layer of protection to keep users safe from phishing attempts, malware, and so forth. In this particular instance, blocking sign-ins from embedded browser frameworks is intended to protect against man-in-the-middle (MITM) attacks, which is basically when an attacker is able to eavesdrop communication between two parties. Enabling two-factor authentication can help,...
Read more...
At a cursory glance, it may seem like cryptocurrency mining is firmly in the rear view mirror, along with all of the unwanted side effects (GPU shortages, browser hijacking, and so forth), but not so fast. Bitcoin and other virtual currencies have seen a sharp rise in recent weeks. Does that mean we have to worry about sneaky web code using our browsers to mine cryptocurrencies? That remains to be seen, though to prevent that sort of thing, Mozilla is making some changes to Firefox. Mozilla stated in a blog post that it has added a feature to block fingerprinting and cryptomining in Firefox Nightly, as an option for users to turn on. Firefox Nightly is a pre-release version of Firefox that gets...
Read more...
Microsoft is in the process of rebuilding its Edge browser around Chromium, the same open source project that powers Google's own Chrome browser. The transition will not happen overnight—Microsoft said in December that the move will happen over the "next year or so," with no specific date mentioned. That said, testing has already begun, and you can kick the rebuilt browser's tires right now, if you want. Just as Microsoft does with Windows, it is testing new builds of its rebuilt Edge browser through an Insider program. "Calling all developers and tinkerers: your voices will help us shape the next version of Microsoft Edge. Sign up to be the first to know when preview builds are available,"...
Read more...
The European Commission does not mess around when it comes to slapping tech firms with hefty fines, if and when a company is found to be violating antitrust laws. Google knows this as well as any firm—the European Union levied a gargantuan $5 billion fine over Android abuses last year, and specifically in regards to smartphone makers being forced to pre-install Google Search and Chrome to gain access to other apps. As perhaps a preemptive move to avoid another big penalty, Google announced a key change it is making to Android. In an effort to "do more to ensure that Android phone makers know about the wide choice of browsers and search engines available" for their for phones, Google plans...
Read more...
If you are reading this, there is a good chance you are doing so on a Chrome browser, based on the available market share data. And if that is the case, do yourself a solid and update Chrome, "like right this minute." That suggestion is not coming directly from us, but from Justin Schuh, Google Chrome's security boss and engineering director. Schuh made the suggestion on Twitter, in which he pointed to a recent update to Chrome's Stable Channel for desktop systems. The reason he is sounding the alarm is because the latest update to Chrome mitigates a zero-day security hole labeled as CVE-2019-5786. The exact details of the zero-day vulnerability have not yet been disclosed, but it's presumably...
Read more...
Microsoft is rebuilding its Edge browser around the same rendering and JavaScript engines that drive Google's Chrome browser, a move that could see a public release by the end of the year. In the meantime, development has already begun. As such, the inevitable leaks have started rolling in, giving us an early glimpse of Edge in its reborn form. Click to Enlarge (Source: Neowin) As currently constructed, Edge is powered by EdgeHTML (rendering) and Chakra (JavaScript). However, Microsoft made the surprise announcement in December that it was gutting Edge and moving to Chromium, the same open source platform that powers Chrome, which will see Blink and V8 replace EdgeHTML and Chakra, respectively....
Read more...
Chrome is on its way towards becoming a much faster browser than it already is, though there is a caveat—the upcoming speed boost applies to previously visited webpages, as Google's developers are exploring a new back-and-forward cache scheme that will make navigating back and forth "very fast," the company says. "A back/forward cache (bfcache) caches whole pages (including the JavaScript heap) when navigating away from a page, so that the full state of the page can be restored when the user navigates back. Think of it as pausing a page when you leave it and playing it when you return," Google developer Addy Osmani explains. This new scheme caches entire web pages for faster access. It...
Read more...
