New submitter nthitz writes "Opera has announced that they will be dropping their rendering engine Presto, in favor of Webkit. This knocks the number of major rendering engines down to three. Opera will also be adopting the Chromium V8 Javascript engine. The news coincides with their announcement of 300 million users. '300 million marks the first lap, but the race goes on,' says Lars Boilesen, CEO of Opera Software. 'On the final stretch up to 300 million users, we have experienced the fastest acceleration in user growth we have ever seen. Now, we are shifting into the next gear to claim a bigger piece of the pie in the smartphone market.'" They've already submitted patches to improve multi-column layouts even.

The Firefox and Chrome teams have announced that their respective browsers can now communicate with each other via WebRTC for the purpose of audio and video communication without needing a third-party plugin. WebRTC is a new set of technologies that brings clear crisp voice, sharp high-definition (HD) video and low-delay communication to the web browser. From the very beginning, this joint WebRTC effort was embraced by the open web community, including engineers from the Chrome and Firefox teams. The common goal was to help developers offer rich, secure communications, integrated directly into their web applications. In order to succeed, a web-based communications platform needs to work across browsers. Thanks to the work and participation of the W3C and IETF communities in developing the platform, Chrome and Firefox can now communicate by using standard technologies such as the Opus and VP8 codecs for audio and video, DTLS-SRTP for encryption, and ICE for networking. To try this yourself, you’ll need desktop Chrome 25 Beta and Firefox Nightly for Desktop. In Firefox, you'll need to go to about:config and set the media.peerconnection.enabled pref to "true." Then head over to the WebRTC demo site and start calling."

chicksdaddy writes "Google cemented its reputation as the squarest company around Monday (pun intended), offering prizes totaling Pi Million Dollars — that's right: $3.14159 million greenbacks — in its third annual Pwnium hacking contest, to be held at the CanSecWest conference on March 7 in Vancouver, British Columbia. Google will pay $110,000 for a browser or system level compromise delivered via a web page to a Chrome user in guest mode or logged in. The company will pay $150,000 for any compromise that delivers 'device persistence' delivered via a web page, the company announced on the chromium blog. 'We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,' wrote Chris Evans of Google's Security Team."

mask.of.sanity writes "Github has killed its search function to safeguard users who were caught out storing keys and passwords in public repositories. 'Users found that quite a large number of users who had added private keys to their repositories and then pushed the files up to GitHub. Searching on id_rsa, a file which contains the private key for SSH logins, returned over 600 results. Projects had live configuration files from cloud services such as Amazon Web Services and Azure with the encryption keys still included. Configuration and private key files are intended to be kept secret, since if it falls into wrong hands, that person can impersonate the user (or at least, the user's machine) and easily connect to that remote machine.' Search links popped up throughout Twitter pointing to stored keys, including what was reportedly account credentials for the Google Chrome source code repository. The keys can still be found using search engines, so check your repos."

An anonymous reader writes "Google on Friday announced yet another security improvement for Chrome 25. In addition to killing silent extension installation, the omnibox in Google's browser will send all searches over a Secure Sockets Layer (SSL) connection. Chrome already does this for users who are signed in to Google: when they search from the address bar, their queries are sent over HTTPS. As of Chrome 25, however, the same will happen for users who aren't signed in to Google."

An anonymous reader writes "Google on Friday announced that it is changing its stance for silently installing extensions in its browser. As of Chrome 25, external extension deployment options on Windows will be disabled by default and all extensions previously installed using them will be automatically disabled."

If you use Chrome along with Google's Sync, you may have noticed something strange Monday: normally stable Chrome crashing. An article at Wired (excerpt below) explains why: "Late Monday, Google engineer Tim Steele confirmed what developers had been suspecting. The crashes were affecting Chrome users who were using another Google web service known as Sync, and that Sync and other Google services — presumably Gmail too — were clobbered Monday when Google misconfigured its load-balancing servers. ... Steele wrote in a developer discussion forum, a problem with Google's Sync servers kicked off an error on the browser, which made Chrome abruptly shut down on the desktop. 'It's due to a backend service that sync servers depend on becoming overwhelmed, and sync servers responding to that by telling all clients to throttle all data types,' Steele said. That 'throttling' messed up things in the browser, causing it to crash."

I recently sat down with Chris DiBona to talk about the 15th anniversary of Slashdot. In addition to discussing the joys of heading an email campaign against spamming politicians, and the perils of throwing a co-worker's phone into a bucket, even if you think that bucket is empty, we talked about the growth of Google Summer of Code. Below you'll find his story of how a conversation about trying to get kids to be more active with computers in the summer has led to the release of 55 million lines of code.

An anonymous reader writes "Last night, Google held its Pwnium 2 competition at Hack in the Box 2012, offering up a total of $2 million for security holes found in Chrome. Only one was discovered; a young hacker who goes by the alias 'Pinkie Pie' netted the highest reward level: a $60,000 cash prize and a free Chromebook (the second time he pulled it off). Google today patched the flaw and announced a new version of Chrome for Windows, Mac, and Linux."

puddingebola tips news that support for the 'do-not-track' privacy setting will soon be coming to Google Chrome. The feature was implemented for Chromium v23.0.1266.0 in a recent revision. Google has said DNT will make it into the public release of Chrome by the end of year. This will bring Chrome up to speed with Firefox, which has had it for a while, and IE 10, which will have it turned on by default. As for why Google is the last of the three do implement it, the LA Times points out a post earlier this year from Google's Susan Wojcicki: 'There’s been a lot of debate over the last few years about personalization on the web. We believe that tailoring your web experience — for example by showing you more relevant, interest-based ads, or making it easy to recommend stuff you like to friends — is a good thing.'"

dsinc writes "A Polish security researcher, Krzysztof Kotowicz, makes an worrisome entry in his blog: with a few lines of Javascript, any web site could list the extensions installed in Chrome (and the other browsers of the Chromium family). Proof of concept is provided here. As there are addons which deal with very personal things like pregnancy or religion, the easiness of access to those very private elements of your life is really troubling." Note: the proof of concept works, so don't click that link if the concept bothers you.

Tackhead writes "Hot on the hooves of Sergey Glazunov's hack 5-minutes into Pwn2Own, an image of an axe-wielding pink pony was the mark of success for a hacker with the handle of Pinkie Pie. Pinkie Pie subtly tweaked Chromium's sandbox design by chaining together three zero-day vulnerabilities, thereby widening his appeal to $60K in prize money, another shot at a job opportunity at the Googleplex, and instantly making Google's $1M Pwnium contest about 20% cooler. (Let the record show that Slashdot was six years ahead of this particular curve, and that April Fool's Day is less than a month away.)"

PatPending writes with news that Google will be offering up to $1 million for the discovery of new exploits in their Chrome browser. This comes as part of the CanSecWest security conference, and the rewards will be broken down into categories: $60,000 for an exploit using only Chrome bugs, $40,000 for an exploit using a Chrome bug in conjunction with other bugs, and $20,000 for exploits that affect Chrome (and other browsers) but are due to bugs in other software, like Flash, Windows, or drivers. Google had originally planned to offer rewards through the Pwn2Own competition, but they were concerned by the contest rules: "Unfortunately, we decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors. Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome. ... We guarantee to send non-Chrome bugs to the appropriate vendor immediately."

Trailrunner7 writes "Google is in the process of developing a tool to help users generate strong passwords for the various and sundry Web sites for which they need to register and authenticate. The password-generator is meant to serve as an interim solution for users while Google and other companies continue to work on widespread deployment of the OpenID standard. The tool Google engineers are working on is a fairly simple one. For people who are using the Chrome browser, whenever a site presents them with a field that requires creating a password, Chrome will display a small key icon, letting the users know that they could allow Chrome to generate a password for them."

snydeq writes "InfoWorld's Serdar Yegulalp takes an in-depth look at six Chromium-based spinoffs that bring privacy, security, social networking, and other interesting twists to Google's Chrome browser. 'When is it worth ditching Chrome for a Chromium-based remix? Some of the spinoffs are little better than novelties. Some have good ideas implemented in an iffy way. But a few point toward some genuinely new directions for both Chrome and other browsers.'"

mikejuk writes with an excerpt from an article at i-programmer about a neat graphics demo written in Dart: "One of the difficulties in getting a new computer language accepted by a wider audience is that there is doubt that it is real. Is it a toy language that just proves a concept or can it do real work? In the case of Dart, which is Google's replacement for JavaScript, the development is speeding ahead at a rate that is impressive but worrying. To prove that Dart is already a language that can be used, we now have a port of the well known 2D physics engine Box2D, the one Angry Birds uses, to Dart." Box2D has previously been ported to Javascript. Source is available at Google Code (under the Apache license). Note that you'll need Chromium to run the demos.

An anonymous reader writes "If you're reading this on Chrome, you're part of a wave that has ditched Internet Explorer or Firefox and helped vault Google's browser to the top Web browser spot worldwide." Are you reading this on Chrome? (I'm using Chromium right now, but that's pretty close.)

Orome1 writes "Microsoft, Mozilla and Google have announced that they are revoking trust in Malaysia-based DigiCert, an intermediate certificate authority authorized by well-known CA Entrust, following the issuing of 22 certificates with weak keys, lacking in usage extensions and revocation information. 'There is no indication that any certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised,' wrote Jerry Bryant of Microsoft's Trustworthy Computing."

shaitand writes about Google disagreeing with the desire of Chrome users to put tabs under (rather than above) the location bar: "This issue has had overwhelming feedback from users with no notable dissent. But Google revealed their view on the community, saying that feedback and comments aren't considered, and today moved to silence dissent and lock comments on the issue. [A Chromium developer] says, 'Commenting on this bug has absolutely no effect at all on the likelihood that we are going to reconsider. So that people don't get their hopes up falsely, I'm locking this bug to additional comments.'"

CWmike writes "Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project — a considerably higher number than DigiNotar has acknowledged earlier this week when it said 'several dozen' certificates had been acquired by attackers. Among the certificates acquired by the attackers in a mid-July hack of DigiNotar, Van de Looy's source said, were ones valid for mozilla.com, yahoo.com and torproject.org, a system that lets people connect to the Web anonymously. Mozilla confirmed that a certificate for its add-on site had been obtained by the DigiNotar attackers. 'DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue,' Johnathan Nightingale, director of Firefox development, said Wednesday. Looy's number is similar to the tally of certificates that Google has blacklisted in Chrome."