Google Is No Longer Bringing the Full Chrome Browser To Fuchsia

Google has formally discontinued its efforts to bring the full Chrome browser experience to its Fuchsia operating system. 9to5Google reports: In 2021, we reported that the Chromium team had begun an effort to get the full Chrome/Chromium browser running on Google’s in-house Fuchsia operating system. Months later, in early 2022, we were even able to record a video of the progress, demonstrating that Chromium (the open-source-only variant of Chrome) could work relatively well on a Fuchsia-powered device. This was far from the first time that the Chromium project had been involved with Fuchsia. Google’s full lineup of Nest Hub smart displays is currently powered by Fuchsia under the hood, and those displays have limited web browsing capabilities through an embedded version of the browser.

In contrast to that minimal experience, Google was seemingly working to bring the full might of Chrome to Fuchsia. To observers, this was yet another signal that Google intended for Fuchsia to grow beyond the smart home and serve as a full desktop operating system. After all, what good is a laptop or desktop without a web browser? Fans of the Fuchsia project have anticipated its eventual expansion to desktop since Fuchsia was first shown to run on Google’s Pixelbook hardware. However, in the intervening time — a period that also saw significant layoffs in the Fuchsia division — it seems that Google has since shifted Fuchsia in a different direction. The clearest evidence of that move comes from a Chromium code change (and related bug tracker post) published last month declaring that the “Chrome browser on fuchsia won’t be maintained.”

Read more of this story at Slashdot.

Compromised Sites Use Fake Chrome Update Warnings to Spread Malware

Bleeping Computer warned this week about compromised web sites “that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.”
The campaign has been underway since November 2022, and according to NTT’s security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores…

If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. “An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update,” reads the fake Chrome error message. The scripts will then automatically download a ZIP file called ‘release.zip’ that is disguised as a Chrome update the user should install.

However, this ZIP file contains a Monero miner that will utilize the device’s CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:Program FilesGoogleChrome as “updater.exe” and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the “BYOVD” (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.

The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.

Read more of this story at Slashdot.

Chrome 112 Released With WASM Garbage Collection Trial, CSS Nesting

Google today promoted the Chrome 112 web browser to their stable channel on all supported platforms. Phoronix reports: Starting as an origin trial with Chrome 112 is WebAssembly (WASM) Garbage Collection support. Yes, garbage collection to allow for efficient support for high-level managed languages with WebAssembly. This trial support allows for compilers targeting WASM to integrate with a garbage collector in the host VM. Also on the WebAssembly front with today’s Chrome browser update is making WebAssembly tail call support available out of the box. This adds explicit tail call and indirect tail call opcodes. This support is useful for correct/efficient implementations of languages that require tail call elimination, compilation of control constructs that can be implemented with it, and other computations being expressed as WASM functions.

Meanwhile by default in Chrome 112 is now CSS nesting support as the ability to nest CSS style rules inside other style rules for increasing modularity and maintainability of style sheets. Chrome 112 also adds support for the CSS animation-composition property. Behind a developer flag is also the background-blur feature that allows using a native platform’s API for camera background segmentation. This is intended for use with web-based video conferencing applications running within the web browser to make use of native platform APIs. A full list of changes is available on the Chrome Releases blog.

Read more of this story at Slashdot.

Why Google Is Removing JPEG-XL Support From Chrome

Following yesterday’s article about Google Chrome preparing to deprecate the JPEG-XL image format, a Google engineer has now provided their reasons for dropping this next-generation image format. Phoronix reports: As noted yesterday, a patch is pending for the Google Chrome/Chromium browser to deprecate the still-experimental (behind a feature flag) JPEG-XL image format support from their web browser. The patch marks Chrome 110 and later as deprecating JPEG-XL image support. No reasoning was provided for this deprecation, which is odd considering JPEG-XL is still very young in its lifecycle and has been receiving growing industry interest and support.

Now this evening is a comment from a Google engineer on the Chromium JPEG-XL issue tracker with their expressed reasons: “Thank you everyone for your comments and feedback regarding JPEG XL. We will be removing the JPEG XL code and flag from Chromium for the following reasons:

– Experimental flags and code should not remain indefinitely
– There is not enough interest from the entire ecosystem to continue experimenting with JPEG XL
– The new image format does not bring sufficient incremental benefits over existing formats to warrant enabling it by default
– By removing the flag and the code in M110, it reduces the maintenance burden and allows us to focus on improving existing formats in Chrome”

Read more of this story at Slashdot.