Remember when Microsoft announced they'd be switching to Google's open source Chromium browser for developing their own Edge browser? At the time Google announced "We look forward to working with Microsoft and the web standards community to advance the open web, support user choice, and deliver great browsing experiences."

Now MSPoweruser reports Microsoft has indeed started collaborating on Chromium -- making suggestions like caret browsing and a native high-contrast mode -- and at least one of Microsoft's suggestions is already coming to Chrome. it looks like there is one feature that Chromium approved which will be making its way to Chrome soon. According to a new bug (via Techdows) filing on Chromium, Google is working on bringing text suggestions for hardware keyboard to Chrome soon. The feature will allow users to get suggestions as they type which is currently available on Windows 10 and on Microsoft Edge.

Google has just started working on the feature and has set the priority to 2 which suggests that the feature should be available sooner than later.

An anonymous reader shares a report: In an update to the chromium engine, which underpins Google's popular Chrome browser, the search giant has quietly updated the lists of default search engines it offers per market -- expanding the choice of search product users can pick from in markets around the world. Most notably it's expanded search engine lists to include pro-privacy rivals in more than 60 markets globally. The changes, which appear to have been pushed out with the Chromium 73 stable release yesterday, come at a time when Google is facing rising privacy and antitrust scrutiny and accusations of market distorting behavior at home and abroad.

Google's bug-hunting researchers known as Project Zero have revealed a fresh zero-day vulnerability in macOS called "BuggyCow." "The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac," reports Wired. "The trick's name is based on a loophole the hackers found in the so-called copy-on-write, or CoW, protection built into how MacOS manages a computer's memory." From the report: Some programs, when dealing with large quantities of data, use an efficiency trick that leaves data on a computer's hard drive rather than potentially clog up resources by pulling it into memory. That data, like any data in a computer's memory, can sometimes be used by multiple processes at once. The MacOS memory manager keeps a map of its physical location to help coordinate, but if one of those processes tries to change the data, the memory manager's copy-on-write safeguard requires it to make its own copy. Which is to say, a program can't simply change the data shared by all the other processes -- some of which could be more highly privileged, sensitive programs than the one requesting the change.

Google's BuggyCow trick, however, takes advantage of the fact that when a program mounts a new file system on a hard drive -- basically loading a whole collection of files rather than altering just one -- the memory manager isn't warned. So a hacker can unmount a file system, remount it with new data, and in doing so silently replace the information that some sensitive, highly privileged code is using. Technically, as a zero-day vulnerability with no patch in sight, BuggyCow applies to anyone with an Apple laptop or desktop. But given the technical skill and access needed to pull it off, you shouldn't lose much sleep over it. To even start carrying out this Rube Goldberg -- style attack, a hacker would need a victim to already have some form of malware running on their computer. And while BuggyCow would allow that malware to potentially mess with the inner workings of higher-privileged parts of the computer, it could do so only if it found a highly privileged program that kept its sensitive data on the hard drive rather than memory. Project Zero says it warned Apple about BuggyCow back in November, but Apple hadn't acted to patch it ahead of last week's public reveal.

Last December, Microsoft announced that it has embraced Google's Chromium open source project for Edge development on the desktop, a move that shocked many. We now have some leaked screenshots of the browser in its current state, and they appear to show a browser resembling Google Chrome. Neowin reports: A lot of the design language and icons have remained similar to what they were like before, but there are definitely many changes that will be familiar to Chrome users. For one, the options to see all your tabs and to set aside the currently open tabs have been removed compared to the current version of Edge. To the right of the address bar, you'll be able to find your extensions, as well as your profile picture similar to what Chrome looks like. Bing is integrated into the browser -- as you'd expect of a Microsoft-made browser -- and the New Tab background can be set to rotate based on Bing's image of the day. Scrolling down will reveal a personalized news feed powered by Microsoft News, similar to the old Edge. The layout of the feed can be customised based on your preference from among a number of options.

The settings options for the browser have also changed. While Edge settings are currently available via a slide-out menu from the right, the new Edge's settings are accessible through a new tab similar to Chrome. It'll show the Microsoft account you're logged into, as well as the usual array of toggles and tidbits you'd expect. Ominously, the about page for the browser now acknowledges the contributions of the Chromium project, as well as other open source software, a stark reminder that this isn't the Microsoft of yesteryear. This is a new browser, and a new Microsoft.

Nearly all 250 coal-fired plants in operation in the U.S. have leaked chemicals and contaminated the local groundwater supply with toxins [Editor's note: the link may be paywalled; you can check the alternative source, and original report (PDF)], according to a report released this week by environmental groups Environmental Integrity Project and Earthjustice. From a report: The report found that 91 percent of the nation's coal-fired power plants reported elevated levels of contaminants such as arsenic, lithium, chromium and other pollutants in nearby groundwater. In many cases, the levels of toxic contaminants that had leaked into groundwater were far higher than the thresholds set by the Environmental Protection Agency, the groups said.

The examples span the country. At a family ranch south of San Antonio, a dozen pollutants have leaked from a nearby coal ash dump, data showed. Groundwater at one Maryland landfill that contains ash from three coal plants was contaminated with eight pollutants. In Pennsylvania, levels of arsenic in the groundwater near a former coal plant were several hundred times the level the EPA considers safe for drinking. The voluminous data became publicly available for the first time last year because of a 2015 regulation that required disclosures by the overwhelming majority of coal plants.

An anonymous reader writes: Microsoft's Edge browser contains a secret whitelist that lets Facebook run Adobe Flash code behind users' backs. The whitelist allows Facebook's Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.

The whitelist isn't new. It existed in Edge before, and prior to February 2018, it included 58 entries, including domains and subdomains for Microsoft's main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ. The list was narrowed down to only two Facebook domains (facebook.com and apps.facebook.com) after a Google security researcher found that the whitelist mechanism had some security issues. The bug report also contains the original version of the whitelist, with all the 58 domains.

Google has changed its stance on upcoming Chrome Manifest V3 changes as benchmark shows they lied about performance hit. Catalin Cimpanu, writing for ZDNet: A study analyzing the performance of Chrome ad blocker extensions published on Friday has proven wrong claims made by Google developers last month, when a controversy broke out surrounding their decision to modify the Chrome browser in such a way that would have eventually killed off ad blockers and many other extensions. The study, carried out by the team behind the Ghostery ad blocker, found that ad blockers had sub-millisecond impact on Chrome's network requests that could hardly be called a performance hit. Hours after the Ghostery team published its study and benchmark results, the Chrome team backtracked on their planned modifications. At the root of Ghostery's benchmark into ad blocker performance stands Manifest V3, a new standard for developing Chrome extensions that Google announced last October.

At some point in the future, Chrome may gain a new feature, dubbed 'Never-Slow Mode', which would trim heavy web pages to keep browsing fast. From a report: The prototype feature is referenced in a work-in-progress commit for the Chromium open-source project. With Never-Slow Mode enabled, it would "enforce per-interaction budgets designed to keep the main thread clean." The design document for Never-Slow Mode hasn't been made public. However, the feature's owner, Chrome developer Alex Russell, has provided a rough outline of how it would work to speed up web pages with large scripts. "Currently blocks large scripts, sets budgets for certain resource types (script, font, css, images), turns off document.write(), clobbers sync XHR, enables client-hints pervasively, and buffers resources without 'Content-Length' set," wrote Russell.

Following Mozilla's footsteps, Google has released Chrome 72 for Windows, Mac, and Linux. From a report: The release includes code injection blocking and new developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often must make an effort to stay on top of everything available -- as well as what has been deprecated or removed -- most notably, Chrome 72 removes support for Chromecast setup on a computer. To set up a Chromecast, you'll now need to use a mobile device.

As this isn't a major release, there aren't many new features to cover. Chrome 72 for Windows, however, blocks code injections, reducing crashes caused by third-party software. The initiative to block code injections in Chrome started last year, with warnings letting users know that Chrome was fighting back. Those warnings are now gone, and Chrome blocks code injections full stop. Further reading: All the Chromium-based browsers.

An anonymous reader quotes a report from ZDNet: A Microsoft program manager has caused a stir on Twitter over the weekend by suggesting that Firefox-maker Mozilla should give up on its own rendering engine and move on with Chromium. "Thought: It's time for @mozilla to get down from their philosophical ivory tower. The web is dominated by Chromium, if they really 'cared' about the web, they would be contributing instead of building a parallel universe that's used by less than five percent?" wrote Kenneth Auchenberg, who builds web developer tools for Microsoft's Visual Studio Code.

Auchenberg's post referred to Mozilla's response to Microsoft's announcement in December that it would scrap Edge's EdgeHTML rendering engine for Chromium's. The move will leave Firefox's Gecko engine as the only alternative to Chromium, which is used by Opera and dozens of other browsers. Few people agreed with Auchenberg, including engineers from both Mozilla and Chromium. Long-serving Mozillian Asa Dotzler was not impressed. "Just because your employer gave up on its own people and technology doesn't mean that others should follow," Dotzler replied to Auchenberg. Auchenberg clarified that he didn't want to see Mozilla vanish, but said it should reorganize into a research institution "instead of trying to to justify themselves with the 'protectors of the web' narrative."

An anonymous reader writes: A planned update to one of the Google Chrome extensions APIs would kill much more than a few ad blockers, ZDNet has learned, including browser extensions for antivirus products, parental control enforcement, phishing detection, and various privacy-enhancing services. Developers for extensions published by F-Secure, NoScript, Amnesty International, and Ermes Cyber Security, among others, made their concerns public today after news broke this week that Google was considering the API change. Furthermore, efforts to port NoScript from Firefox to Chrome are also impacted, according to the plugin's author, who says the new API update all but cripples the NoScript for Chrome port.

"Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including various ad blockers," reports The Register. "The drafted changes will also limit the capabilities available to extension developers, ostensibly for the sake of speed and safety. Chromium forms the central core of Google Chrome, and, soon, Microsoft Edge." From the report: In a note posted Tuesday to the Chromium bug tracker, Raymond Hill, the developer behind uBlock Origin and uMatrix, said the changes contemplated by the Manifest v3 proposal will ruin his ad and content blocking extensions, and take control of content away from users. Manifest v3 refers to the specification for browser extension manifest files, which enumerate the resources and capabilities available to browser extensions. Google's stated rationale for making the proposed changes is to improve security, privacy and performance, and supposedly to enhance user control.

But one way Google would like to achieve these goals involves replacing the webRequest API with a new one, declarativeNetRequest. The webRequest API allows extensions to intercept network requests, so they can be blocked, modified, or redirected. This can cause delays in web page loading because Chrome has to wait for the extension. In the future, webRequest will only be able to read network requests, not modify them. The declarativeNetRequest allows Chrome (rather than the extension itself) to decide how to handle network requests, thereby removing a possible source of bottlenecks and a potentially useful mechanism for changing browser behavior. The report notes that Adblock Plus "should still be available" since "Google and other internet advertising networks apparently pay Adblock Plus to whitelist their online adverts."

An anonymous reader shares a report: Chrome OS was originally a laptop platform, but slowly it's being reworked for tablet form factors. However, as that goes on, there have been some hiccups. Most recently, many have noted the poor performance of tablet mode especially on Chrome OS products like the Pixel Slate, but it seems a fix for that lag is incoming. If you tuned into any hands-on or review coverage of Google's Pixel Slate, you're likely familiar with the performance issues many have described. In tablet mode, Chrome OS has a lot of issues with lag. This is especially evident in the multitasking screen, and it seems that is the first thing Google is looking at to fix these problems. ChromeUnboxed notes a recent bug tracker which reveals how Google plans to start fixing Chrome OS tablet mode lag in the multitasking screen. Somewhat hilariously, it seems a big reason for the poor frame rates in the animations on this screen actually comes down to how the OS renders the rounded corners on this screen.

An anonymous reader quotes Neowin: Every time Microsoft releases a Windows 10 feature update, it runs some efficiency tests to prove that its Edge browser is significantly faster than the competition, which includes Mozilla Firefox and Google Chrome. Then the company posts the detailed results on its Windows blog and YouTube channel, boasting about the power efficiency of its browser. Even though the company still has run battery tests, it has remained strangely silent about them, posting about it on GitHub only. While many thought that Microsoft's silence on the matter was due to Edge finally losing to the competition, it appears that this is not the case.

As spotted by Paul Thurrott, Microsoft has indeed run efficiency tests for Edge in Windows 10 version 1809, pitting it against the likes of Firefox and Chrome. Through these tests, the company has concluded that Edge lasts 24% longer than Chrome and a massive 94% longer than Firefox on average.
"While Edge appears to have won these efficiency tests easily as well, it is likely that the company did not decide to promote this achievement -- as it has always done previously -- because of the planned abandonment of EdgeHTML in favor of Chromium," the article concludes.

"It will be very interesting to see if Microsoft Edge is able to maintain its battery advantage once the switch to Chromium is complete."

Earlier this week, a former Microsoft Edge intern alleged that Google deliberately introduced bogus changes to YouTube to break the functionality of the video portal when users on Edge and other browsers tried to access the website. Google today denied the allegation. From a report: Google disputes Bakita's claims, and says the YouTube blank div was merely a bug that was fixed after it was reported. "YouTube does not add code designed to defeat optimizations in other browsers, and works quickly to fix bugs when they're discovered," says a YouTube spokesperson in a statement to The Verge. "We regularly engage with other browser vendors through standards bodies, the Web Platform Tests project, the open-source Chromium project and more to improve browser interoperability." In a statement, Microsoft said, "Google has been a helpful partner and we look forward to the journey as we work on the future of Microsoft Edge."

Google engineers are currently working on a Chrome browser update that will block malicious websites from hijacking the browser's history and, indirectly, the Back button. From a report: The issue at hand is a well-known tactic often seen employed by many shady sites across the Internet. A user would visit a website, then he'd accidentally click or tap on an ad, and be taken to a new page. But when the user presses the Back button to go back to the previous page, the browser just reloads the same page over and over again, keeping the user trapped on the ad page. [...] Recent source code updates to the Chromium project, the open-source browser engine behind the Chrome browser, reveal that Google engineers are planning to crack down on this type of abusive behavior. These code updates will allow Chrome to detect when browser history entries have been generated by user interaction, or by an automated method.

A reader shares a report from Ars Technica's Peter Bright: With Microsoft's decision to end development of its own Web rendering engine and switch to Chromium, control over the Web has functionally been ceded to Google. That's a worrying turn of events, given the company's past behavior. Chrome itself has about 72 percent of the desktop-browser market share. Edge has about 4 percent. Opera, based on Chromium, has another 2 percent. The abandoned, no-longer-updated Internet Explorer has 5 percent, and Safari -- only available on macOS -- about 5 percent. When Microsoft's transition is complete, we're looking at a world where Chrome and Chrome-derivatives take about 80 percent of the market, with only Firefox, at 9 percent, actively maintained and available cross-platform.

The mobile story has stronger representation from Safari, thanks to the iPhone, but overall tells a similar story. Chrome has 53 percent directly, plus another 6 percent from Samsung Internet, another 5 percent from Opera, and another 2 percent from Android browser. Safari has about 22 percent, with the Chinese UC Browser sitting at about 9 percent. That's two-thirds of the mobile market going to Chrome and Chrome derivatives. In terms of raw percentages, Google won't have quite as big a lock on the browser space as Microsoft did with Internet Explorer -- Internet Explorer 6 peaked at around 80 percent, and all versions of Internet Explorer together may have reached as high as 95 percent. But Google's reach is, in practice, much greater: not only is the Web a substantially more important place today than it was in the early 2000s, but also there's a whole new mobile Web that operates in addition to the desktop Web. Google has deployed proprietary technology and left the rest of the industry playing catch-up, writes Peter. The company has "tried to push the Web into a Google-controlled proprietary direction to improve the performance of Google's online services when used in conjunction with Google's browser, consolidating Google's market positioning and putting everyone else at a disadvantage."

YouTube has been a particular source of problems. One example Peter provides has to do with a hidden, empty HTML element that was added to each YouTube video to disable Edge's hardware accelerated video decoding: "For no obvious reason, Google changed YouTube to add a hidden, empty HTML element that overlaid each video. This element disabled Edge's fastest, most efficient hardware accelerated video decoding. It hurt Edge's battery-life performance and took it below Chrome's. The change didn't improve Chrome's performance and didn't appear to serve any real purpose; it just hurt Edge, allowing Google to claim that Chrome's battery life was actually superior to Edge's. Microsoft asked Google if the company could remove the element, to no avail."

Joshua Bakita, a former software engineering intern on the Edge team at Microsoft, says one of the reasons why Microsoft had to ditch EdgeHTML rendering engine in Edge browser and switch to Chromium was to keep up with the changes (some of which were notorious) that Google pushed to its sites. These changes were designed to ensure that Edge and other browsers could not properly run Google's sites, he alleged. Responding to a comment, he wrote: "For example, they may start integrating technologies for which they have exclusive, or at least 'special' access. Can you imagine if all of a sudden Google apps start performing better than anyone else's?" This is already happening. I very recently worked on the Edge team, and one of the reasons we decided to end EdgeHTML was because Google kept making changes to its sites that broke other browsers, and we couldn't keep up.

For example, they recently added a hidden empty div over YouTube videos that causes our hardware acceleration fast-path to bail (should now be fixed in Win10 Oct update). Prior to that, our fairly state-of-the-art video acceleration put us well ahead of Chrome on video playback time on battery, but almost the instant they broke things on YouTube, they started advertising Chrome's dominance over Edge on video-watching battery life. What makes it so sad, is that their claimed dominance was not due to ingenious optimization work by Chrome, but due to a failure of YouTube. On the whole, they only made the web slower.

Now while I'm not sure I'm convinced that YouTube was changed intentionally to slow Edge, many of my co-workers are quite convinced -- and they're the ones who looked into it personally. To add to this all, when we asked, YouTube turned down our request to remove the hidden empty div and did not elaborate further. And this is only one case.

SwiftOnSecurity, regarding Microsoft's switch to Chromium as Windows's built-in rendering engine: This isn't about Chrome. This is about ElectronJS. Microsoft thinks EdgeHTML cannot get to drop-in feature-parity with Chromium to replace it in Electron apps, whose duplication is becoming a significant performance drain. They want to single-instance Electron with their own fork. Electron is a cancer murdering both macOS and Windows as it proliferates. Microsoft must offer a drop-in version with native optimizations to improve performance and resource utilization. This is the end of desktop applications. There's nowhere but JavaScript. John Gruber of DaringFireball: I don't share the depth of their pessimism regarding native apps, but Electron is without question a scourge. I think the Mac will prove more resilient than Windows, because the Mac is the platform that attracts people who care. But I worry. In some ways, the worst thing that ever happened to the Mac is that it got so much more popular a decade ago. In theory, that should have been nothing but good news for the platform -- more users means more attention from developers. The more Mac users there are, the more Mac apps we should see.

The problem is, the users who really care about good native apps -- users who know HIG violations when they see them, who care about performance, who care about Mac apps being right -- were mostly already on the Mac. A lot of newer Mac users either don't know or don't care about what makes for a good Mac app.

With the news earlier today that Microsoft is embracing Chromium for Edge browser development on the desktop, VentureBeat decided to see what the other browser companies had to say about the decision. From the report: Google largely sees Microsoft's decision as a good thing, which is not exactly a surprise given that the company created the Chromium open source project. "Chrome has been a champion of the open web since inception and we welcome Microsoft to the community of Chromium contributors. We look forward to working with Microsoft and the web standards community to advance the open web, support user choice, and deliver great browsing experiences."

Mozilla meanwhile sees Microsoft's move as further validation that users should switch to Firefox. "This just increases the importance of Mozilla's role as the only independent choice. We are not going to concede that Google's implementation of the web is the only option consumers should have. That's why we built Firefox in the first place and why we will always fight for a truly open web." Mozilla regularly points out it develops the only independent browser -- meaning it's not tied to a tech company that has priorities which often don't align with the web. Apple (Safari), Google (Chrome), and Microsoft (Edge) all have their own corporate interests.

Opera thinks Microsoft is making a smart move, because it did the same thing six years ago. "We noticed that Microsoft seems very much to be following in Opera's footsteps. Switching to Chromium is part of a strategy Opera successfully adopted in 2012. This strategy has proved fruitful for Opera, allowing us to focus on bringing unique features to our products. As for the impact on the Chromium ecosystem, we are yet to see how it will turn out, but we hope this will be a positive move for the future of the web."