Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Google To Drop Chrome Support For 32-bit Linux 156

prisoninmate writes: Google announces that its Google Chrome web browser will no longer be available for 32-bit hardware platforms. Additionally, Google Chrome will no longer be supported on the Ubuntu 12.04 LTS (Precise Pangolin) and Debian GNU/Linux 7 (Wheezy) operating systems. Users are urged to update to the Ubuntu 14.04 LTS (Trusty Tahr) release and Debian GNU/Linux 8 (Jessie) respectively. Google will continue to support the 32-bit build configurations for those who want to build the open-source Chromium web browser on various Linux kernel-based operating systems. Reader SmartAboutThings writes, on a similar note, that: Microsoft is tolling the death knell for Internet Explorer with an announcement that it will end support for all older versions next year. Microsoft says that all versions older than the latest one will no longer be supported starting Jan. 12, 2016. After this date, Microsoft will no longer provide security updates or technical support for older Internet Explorer versions. Furthermore, Internet Explorer 11 will be the last version of Internet Explorer as Microsoft shifts its focus on its next web browser, Microsoft Edge.
The Almighty Buck

Exploit Vendor Publishes Prices For Zero-Day Vulnerabilities 21

An anonymous reader writes: An exploit vendor published a price list for the zero-day bugs it's willing to buy. The highest paid bugs are for remote jailbreaks for iOS. Second is Android and Windows Phone. Third there are remote code execution bugs for Chrome, Flash, and Adobe's PDF Reader. This is the same company that just paid $1 million to a hacker for the first iOS9 jailbreak.

Google's Chromebit Micro-Computer Launches ( 60

An anonymous reader writes: Back in March, Google announced the Chromebit, a small computer crammed into an HDMI stick that runs Chrome OS. The device, built by Asus, has now launched for $85. It weighs 75 grams, runs on a Rockchip ARM processor, and includes a USB port. It has 16GB of storage and 2GB of RAM, and connects via 802.11ac Wi-Fi and Bluetooth 4.0. According to Tech Crunch, the Chromebit is not particularly fast, but it's usable for basic tasks. "As long as the work only involves web apps (or maybe a remote connection to a more fully-featured machine), the Chromebit is up for the job and can turn any screen into a usable desktop."

Chrome V8 JavaScript Exploit Leaves All Android Devices Ripe For Attack ( 107

MojoKid writes: If you're an Android user that makes heavy use of Google's Chrome web browser (and what Android user doesn't?), you'll want to pay close attention to a new exploit that has the capability of taking your smartphone hostage. The exploit was demonstrated at MobilePwn2Own, which was held at a Tokyo-based PacSec conference. Quihoo 360 security researcher Guang Gong first uncovered the vulnerability, and thankfully, he hasn't publicly revealed detailed specifics on its inner workings. As soon as a phone accessed the website, the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a game) without any user interaction, to demonstrate complete control of the phone. Google reportedly has been made well aware of the exploit and will likely act quickly to resolve it.

New Android Phones Hijackable With Chrome Exploit ( 45

mask.of.sanity writes: Google's Chrome for Android has been popped with a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference, targets the JavaScript v8 engine and compromises phones when users visit a malicious website. It is also notable in that it is a single clean exploit that does not require chained vulnerabilities to work.

Google Will Retire Chrome Support For XP, Vista, OS X 10.6-8 In April 2016 ( 140

An anonymous reader writes: Google has announced it is extending Chrome support for Windows XP until April 2016. The company will also end Chrome support for Windows Vista, OS X 10.6 Snow Leopard, OS X 10.7 Lion, and OS X 10.8 Mountain Lion at the same time. This means Google will provide regular Chrome updates and security patches for users on these operating systems for five more months. After that, the browser will still work, but it will be stuck on the last version released in April.

Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone ( 100

citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."

Report: Google To Fold Chrome OS Into Android ( 104

An anonymous reader writes: According to a report at the Wall Street Journal (paywalled) Google plans to merge its Chrome operating system into Android. Google engineers have already been working on this transition for two years; the company expects to have a functioning preview next year, and a finished product in 2017. "The move is also an attempt by Google to get Android running on as many devices as possible to reach as many people as possible. The operating system runs phones, tablets, watches, TVs and car infotainment systems. Adding laptops could increase Android's user base considerably. That should help Google woo more outside developers who want to write apps once and have them work on as many gadgets as possible, with little modification." This doesn't mean Chrome OS is on its way out. According to public statements from Google execs, it will continue to exist and see active development.

eFast Malware Hijacks Browser With Chrome Clone ( 183

An anonymous reader writes with a report at The Stack that: eFast Browser, a new malicious adware which disguises itself as Google Chrome, has hijacked internet users' systems in an apparent effort to serve its own ads and harvest user activity to sell to third-party advertisers. It is able to mirror the aesthetics of Chrome as it uses the same source code, available across the open-source project Chromium. Once installed, eFast places ads across existing web pages, linking to third-party e-commerce sites or other malicious platforms.

Google Drops Desktop Voice Search In Chrome ( 51

PC World reports that even as Microsoft is pushing voice input on the desktop (in the form of an expanded role for its Cortana digital assistant), Google is responding to user (dis)interest in searching by voice from the desktop, by dropping "OK Google"-based voice commands in the latest iteration of Chrome. This seems too bad to me, so I wish they'd at least leave the voice input as an option; I've only lately been getting comfortable with search by voice on my phone, and though I've found the results to be hit or miss (my phone responds a bit too often to "OK," and seems to stumble even on some common words, spoken clearly), when it works I really like it.
Internet Explorer

Browser Tests Show Edge Fastest, But Weak On Standards ( 165

MojoKid writes: The Internet and web browsers are an ever changing congruous mass of standards and design. Browser development is a delicate balance between features, security, compatibility and performance. However, although each browser has its own catchy name, some of them share a common web engine. Regardless, if you are in a business environment that's rolling out Windows 10, and the only browsers you have access to are Microsoft Edge or IE — go with Edge. It's the better browser of the two by far (security not withstanding). If you do have a choice, then there might better options to consider, depending on your use case. The performance differences between browsers currently are less significant than one might think. If you exclude IE, most browsers perform within 10-20% of each other, depending on the test. For web standards compliance like HTML5, Blink browsers (Chrome, Opera and Vivaldi) still have the upper-hand, even beating the rather vocal and former web-standards champion, Mozilla. Edge seems to trail all others in this area even though it's often the fastest in various tests.

Google Is Removing the Desktop Notification Center From Chrome ( 116

An anonymous reader writes: Google today announced it is removing the notification center from Chrome for Windows, Mac, and Linux. The reason the company is giving for the change is simple: "In practice, few users visit the notification center." The notification center in Chrome OS will remain. Google said this change will take effect for Windows, Mac, and Linux users "in the upcoming release." To be clear, this is not in reference to yesterday's Chrome 46 launchthe notification center is still there. We thus expect that the notification center will thus be removed in Chrome 47, which is slated to arrive in about six weeks.

Firefox Support For NPAPI Plugins Ends Next Year ( 147

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

Chrome AdBlock Joining Acceptable Ads Program (And Sold To Anonymous Company) 352

basscomm writes: Hot on the heels of the formation of the independent board to oversee "acceptable ads", users of the popular Chrome ad blocking extension, AdBlock, got notice that AdBlock is participating in the program, and that acceptable ads are being turned on by default. At the bottom of the announcement, buried in the fine print is word that AdBlock has been sold, but nobody will say to whom.

Google Shows Off 2 New Nexus Phones, a New Pixel, and More 208

Two of the products officially unveiled at Google's much-anticipated (at least much-hyped) release announcement were widely and correctly predicted: a pair of new Nexus phones. The flagship is the all-metal Huawei 6P, with a 5.7" AMOLED display (2,560x1,440), 3GB of RAM, and a Snapdragon 810 chip. The Huawei overshadows the nonetheless respectable second offering, the LG-made Nexus 5X, which makes concessions in the form of less RAM (2GB instead of the 6P's 3), smaller battery (2700mAh, instead of 3450) and a lesser Snapdragon chip inside (808, rather than 810). Both phones, though, come with USB-C and with a big upgrade for a line of phones not generally praised for its cameras: a large-pixel 12.3-megapixel Sony camera sensor. Much less predicted: Google announced a new bearer for the Pixel name, after its line of high-end Chromebooks; today's entrant is a tablet, not running Chrome, and it's running Android rather than Chrome OS. The Pixel C tablet will debut sometime later this year; google touts it as "the first Android tablet built end-to-end by Google." Also on the agenda today, news that Android 6 will start hitting Nexus devices next week.

Chrome For Android's Incognito Mode Saves Some of the Sites You Visit 69

An anonymous reader writes: A newly found bug in Google Chrome for Android means incognito mode really isn't as locked-down as it's designed to be. Some sites you visit while using the privacy feature are still saved, and can be retrieved simply by opening the browser's settings. Google Chrome for Android has had incognito mode since February 2012. Here is Google's official description of the feature: "If you don't want Google Chrome to save a record of what you visit and download, you can browse the web in incognito mode."

Modern Browsers Are Undefended Against Cookie-based MITM Attacks Over HTTPS 66

An anonymous reader writes: An advisory from CERT warns that all web-browsers, including the latest versions of Chrome, Firefox, Safari and Opera, have 'implementation weaknesses' which facilitate attacks on secure (HTTPS) sites via the use of cookies, and that implementing HSTS will not secure the vulnerability until browsers stop accepting cookies from sub-domains of the target domain. This attack is possible because although cookies can be specified as being HTTPS-specific, there is no mechanism to determine where they were set in the first place. Without this chain of custody, attackers can 'invent' cookies during man-in-the-middle (MITM) attacks in order to gain access to confidential session data.

Skype For Microsoft Edge Will Work From the Browser, No Plug-Ins Required 89

We mentioned a few months back Microsoft's beta of a browser-based intrerface to Skype. Now, reports Engadget, Skype will be able to work without a plug-in (as was required for the beta). However, it will work -- at least at first -- only with Microsoft's Edge browser. The latest Windows 10 Insider Preview build comes with Object RTC API. That's the element that allows real-time audio and video communication without the need for any installation not just for Skype for Web and, but also for other WebRTC-compatible services. To note, Chrome, Firefox and Safari all support WebRTC standards, but it's unclear if and when Skype will enable a plug-in-less experience for those browsers, as well.

Symantec Subsidiary Thawte Issues Rogue Google Certificates 103

New submitter jack_babylon writes: On September 14th, Symantec's subsidiary certificate authority Thawte accidentally released a "small number" of " "inappropriately issued" security certificates, apparently intended for internal testing only. However, the fact that these were logged in the wild by Google (and, apparently, DigiCert) seems to indicate that they escaped the lab, at least far enough for a false cert to raise the appropriate red flags. This sounds similar to the recent acts of poor judgement that got CNNIC's certs removed entirely from Firefox and Chrome, if more limited in scope and more quickly addressed (through, among other things, termination of some Symantec employees). (And like all reports one hopes go away quietly, these were released in the dead of a Friday night — h/t BoingBoing for noting this news.)

Crash Chrome With 16 Characters 205

An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space).