Bill Toulas reports via BleepingComputer: Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.

The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program's launch in 2010 has reached $59 million. For Android, the world's most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables. Google's other big software project, the Chrome browser, was the subject of 359 security bug reports that paid out a total of $2.1 million.

An anonymous reader quotes a report from Android Police: Seven years ago, Google announced that it would phase out all Chrome apps on Windows, Mac, and Linux by 2018 (it would actually take until 2023). In its place would be what the company called Progressive Web Apps (PWAs), web apps that can be installed on a user's desktop that act as if they are practically natural apps and programs. The idea grew quickly, with Chrome users having installed PWAs in record numbers by the beginning of 2022. Soon, every website will be installable on desktops through PWAs.

In Chrome Canary (the daily build version of Google Chrome and typically a couple of versions ahead of the stable build), websites can now be installed on desktops. As part of the latest daily build, Google has added an "Install page as app" option to the "Save and share" submenu on the desktop version (via @Leopeva64 on X). This makes clicking the app -- which is just the website made to look and feel like a native app -- always open in its own window. Sites that already have their own PWAs, like YouTube or Reddit, have been prompting users to install them for a while now and will have their "Install page as app" function actually showing the name of the site. For example, YouTube's entry will show as "Install YouTube." In February, it became possible to enable the flags necessary to make any website into a PWA, but it seems to have just now become fully implemented.

Jess Weatherbed reports via The Verge: Apple's iOS 17.4 update is now available, introducing new emoji and a cryptographic security protocol for iMessage, alongside some major changes to the App Store and contactless payments for the iPhone platform in Europe. Apple is making several of these changes to comply with the EU's Digital Markets Act (DMA), a law that aims to make the digital economy fairer by removing unfair advantages that tech giants hold over businesses and end users. iOS 17.4 will allow third-party developers to offer alternative app marketplaces and app downloads to EU users from outside the iOS App Store. Developers wanting to take advantage of this will be required to go through Apple's approval process and pay Apple a "Core Technology Fee" that charges 50 euro cents per install once an app reaches 1 million downloads annually. iPhone owners in the EU will see different update notes that specifically mention new options available for app stores, web browsers, and payment options.

The approval process may take some time, but we know that at least one enterprise-focused app marketplace from Mobivention will be available on March 7th. Epic is also working on releasing the Epic Game Store on iOS in 2024, and software company MacPaw is planning to officially launch its Setapp store in April. iOS 17.4 allows people in the EU to download alternative browser engines that aren't based on Apple's WebKit, such as Chrome and Firefox, with a new choice screen in iOS Safari that will prompt users to select a default browser when opened for the first time. While no browser alternatives have been officially announced, both Google and Mozilla are currently experimenting with new iOS browsers that could eventually be released to the public.

Apple is also introducing new APIs that allow third-party developers to utilize the iPhone's NFC payment chip for contactless payment services besides Apple Pay and Apple Wallet in the European Economic Area. No alternative contactless providers have been confirmed yet, but users will find a list of apps that have requested the feature under Settings > Privacy & Security > Contactless & NFC. While Apple previously revealed it was planning to drop support for progressive web apps (PWAs) in the EU to avoid building "an entirely new integration architecture" around DMA compliance, the company now says it will "continue to offer the existing Home Screen web apps capability" for EU users. However, these homescreen apps will still run using WebKit technology, with no option to be powered by third-party browser engines.

An anonymous reader shares a report: Google is introducing improvements to search suggestions in Chrome, the company announced today. As part of the changes, users will start to get more helpful search suggestions in Chrome based on what others are searching for, see more images for suggested searches and find search suggestions even with a poor connection.

Search suggestions are the drop-down list of suggested completions that appear before you finish typing out your query in Google. The feature generates predictions to help users save time and speed up their search. With these new updates, Google is expanding the availability of search suggestions and using them to boost inspiration. When users are signed into Chrome on desktop and open a new tab, they will now start to see suggestions in the search box related to their previous searches based on what other people are searching for.

An anonymous reader shared an news report: Microsoft has fixed an issue where its Edge browser was again misbehaving, this time by automatically importing browsing data and tabs from Chrome without consent. I personally experienced the bug last month, after I rebooted my PC for a regular Windows update and Microsoft Edge automatically opened with the Chrome tabs I was working on before the update. I asked Microsoft repeatedly to explain why this behavior had occurred for myself and many other Windows users, but the company refused to comment. Microsoft has now quietly issued a fix in the latest Microsoft Edge update.

Here's how Microsoft describes the fix: "Edge has a feature that provides an option to import browser data on each launch from other browsers with user consent. This feature's state might not have been syncing and displaying correctly across multiple devices. This is fixed."

Google said it will allow businesses to install ChromeOS Flex on their Windows devices, "potentially preventing millions of PCs from hitting landfills after Microsoft ends support for Windows 10 next year," reports Reuters. The Chrome operating system will ultimately allow users to keep using their Windows 10 systems, while also providing regular security updates and features like data encryption. From the report: ChromeOS is significantly less popular than other operating systems. In January 2024, it held a 1.8% share of the worldwide desktop OS market, far behind Windows' share of about 73%, according to data from research firm Statcounter. ChromeOS has struggled with wider adaptability due to its incompatibility with legacy Windows applications and productivity suites used by businesses. Google said that ChromeOS would allow users to stream legacy Windows and productivity applications, which will help deliver them to devices by running the apps on a data center.

DuckDuckGo keeps adding new features to its browser; and while these features are common in other browsers, DuckDuckGo is giving them a privacy-minded twist. The latest is a private, end-to-end encrypted syncing service. There's no account needed, no sign-in, and the company says it never sees what you're syncing. From a report: Using QR codes and shortcodes, and a lengthy backup code you store somewhere safe, DuckDuckGo's browser can keep your bookmarks, passwords, "favorites" (i.e., new tab page shortcuts), and settings for its email protection service synced between devices and browsers. DuckDuckGo points to Google's privacy policy for using its signed-in sync service on Chrome, which uses "aggregated and anonymized synchronized browsing data to improve other Google products and services." DuckDuckGo states that the encryption key for browser sync is stored only locally on your devices and that it lacks any access to your passwords or other data.

The Chromium team is prototyping Web Monetization to allow websites to automatically receive micro payments from visitors for their content, bypassing traditional ad or subscription models. The Register reports: Earlier this month, Alexander Surkov, a software engineer at open source consultancy Igalia, announced the Chromium team's intent to prototype Web Monetization, an incubating community specification that would let websites automatically receive payments from online visitors, as opposed to advertisers, via a web browser and a designated payment service.

"Web monetization is a web technology that enables website owners to receive micro payments from users as they interact with their content," Surkov wrote in an explanatory document published last summer. "It provides a way for content creators and website owners to be compensated for their work without relying solely on ads or subscriptions. Notably, Web Monetization (WM) offers two unique features -- small payments and no user interaction -- that address several important scenarios currently unmet on the web."

"Open Payments API is an open HTTP-based standard created to facilitate micro transactions on the web," wrote Surkov. "It is implemented by a wallet and enables the transfer of funds between two wallets. It leverages fine-grained access grants, based on GNAP (Grant Negotiation and Authorization Protocol), which gives wallet owners precise control over the permissions granted to applications connected to their wallet." The basic idea is web users will get a digital wallet, provided by Gatehub and Fynbos presently, and web publishers will add a link tag to their site's block formatted like so: . Thereafter, site visitors who have linked their digital wallet to their browser will pay out funds to the requesting publisher, subject to the browser's permissions policy.

Less than a week after naming Laura Chambers as interim CEO, Firefox's maker Mozilla said it is cutting about 60 jobs, or 5% of its workforce. The cuts are primarily in the product development organization. Bloomberg reports: "We're scaling back investment in some product areas in order to focus on areas that we feel have the greatest chance of success," Mozilla said in a statement. "We intend to re-prioritize resources against products like Firefox Mobile, where there's a significant opportunity to grow and establish a better model for the industry."

Mozilla last cut a significant number of jobs four years ago at the height of the Covid-19 pandemic. The not-for-profit company, which competes with Alphabet Inc.'s Google Chrome, Apple Inc.'s Safari and Microsoft Corp.'s Edge, has been grappling with sliding market share of its Firefox web browser in recent years. So far in 2024, the tech sector has cut 32,000 jobs.

Remember "Servo," Mozilla's "next-generation browser engine," focused on performance and robustness?

"The developers of Servo are starting 2024 by going all in..." reports It's FOSS News, citing a social media post from FOSDEM. "[T]he Servo Project team were there showing off the work done so far." If you were not familiar, Servo is an experimental browser engine that leverages the power of Rust to provide a memory-safe and modular experience that is highly adaptable. After Mozilla created Servo back in 2012 as a research project, it saw its share of ups and downs over the years, with it making a comeback in 2023; thanks to a fresh approach by the developers on how Servo should move forward.

Even though there are plenty of open source Chrome alternatives, with this, there's a chance that we will get some really cool options based on Servo that just might give Blink and Gecko a run for the money! Just a few months back, in September 2023, after The Servo Project officially joined Linux Foundation Europe, the existing contributors from Igalia stepped up their game by taking over the project maintenance. To complement that, at Open Source Summit Europe last year, Manuel Rego from Igalia shared some really useful insights when he presented.

He showcased stuff like the WebGL support, cross-platform support including mobile support for Android and Linux, among other things. They have experimented with Servo for embedded applications use-cases (like running it on Raspberry Pi), and have plans to make advances on it. As far as I can see, it looks like, Servo is faster for Raspberry Pi compared to Chromium. You can explore more such demos on Servo's demo webpage.
2024's roadmap includes "Initial Android support, that will see Servo being made to build on modern Android versions," according to the article, "with the developers publishing nightly APKs on the official website some time in the future."

One fun fact? "Even though Mozilla dropped the experimental project, Firefox still utilizes some servo components in the browser"

Another FOSDOM update from social media: "Thunderbird is also embracing Rust."

Apple is making changes to iOS in Europe to comply with the EU's Digital Markets Act cracking down on Big Tech gatekeepers. The act demands interoperability, fairness and privacy measures including allowing competing browser engines on iOS. Despite better browser choice, Google and Mozilla are unhappy with Apple's proposed changes. Mozilla says restricting browser engine integration to EU apps burdens rivals to build separate implementations. Mozilla's comment: "We are still reviewing the technical details but are extremely disappointed with Apple's proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps. The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations -- a burden Apple themselves will not have to bear. Apple's proposals fail to give consumers viable choices by making it as painful as possible for others to provide competitive alternatives to Safari. This is another example of Apple creating barriers to prevent true browser competition on iOS." Google's VP of engineering for Chrome, Parisa Tabriz, commented on DeMonte's statement, saying, "Strong agree with Mozilla. Apple isn't serious about supporting web browser or engine choice on iOS. Their strategy is overly restrictive, and won't meaningfully lead to real choice for browser developers."

Mozilla claims in a new 74-page research report that Microsoft "repeatedly uses harmful design" and "dark patterns" to push users toward Microsoft Edge and away from rival browsers like Mozilla's Firefox or Google's Chrome browser. PCMag: "Microsoft uses the harmful preselection, visual interference, trick wording, and disguised ads patterns to skew user choice," the report argues, adding that "Microsoft's harmful design practices mean users are unable to download, install, use, or set as default an alternative browser without interference." The researchers claim this harms consumers because they can experience "distortion of choice," lose trust in the broader tech industry, and even possibly experience "emotional distress" as a result of Microsoft's efforts.

For the study, user experiences were tested on Windows 10 Home and Windows 11 Pro as well as the Windows 11 Home Insider Preview Version. The UK-based testers did not attempt to use a VPN to change or hide their IP addresses during their investigation. While Microsoft recently said it will allow users in the European Union to uninstall Edge as part of its efforts to comply with the Digital Markets Act (DMA), it's unclear whether US, UK, or other users around the globe could ever get the same option. Some Windows 11 users can remove five other apps that come preinstalled, however.

Tom Warren, writing for The Verge: Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don't use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I'd left off in Chrome. I never imported my data into Microsoft Edge, nor did I confirm whether I wanted to import my tabs. But here was Edge automatically opening after a Windows update with all the Chrome tabs I'd been working on. I didn't even realize I was using Edge at first, and I was confused why all my tabs were suddenly logged out.

After the shock wore off, I looked to make sure I hadn't accidentally allowed this behavior. I found a setting in Microsoft Edge that imports data from Google Chrome on each launch. "Always have access to your recent browsing data each time you browse on Microsoft Edge," reads Microsoft's description of the feature in Edge. This setting was disabled, and I had never been asked to turn it on. So I went to install the same Windows update on a laptop, which actually resulted in it failing and my having to do a system restore. Once the system restore was complete, the same thing happened. Edge opened automatically with all of my Chrome tabs. I haven't been able to replicate the behavior on other PCs, but a number of X users replied to my post about this saying they have experienced the same thing in the past.

David Pierce reports via The Verge: A few minutes ago, I opened the new Arc Search app and typed, "What happened in the Chiefs game?" That game, the AFC Championship, had just wrapped up. Normally, I'd Google it, click on a few links, and read about the game that way. But in Arc Search, I typed the query and tapped the "Browse for me" button instead. Arc Search, the new iOS app from The Browser Company, which has been working on a browser called Arc for the last few years, went to work. It scoured the web -- reading six pages, it told me, from Twitter to The Guardian to USA Today -- and returned a bunch of information a few seconds later. I got the headline: Chiefs win. I got the final score, the key play, a "notable event" that also just said the Chiefs won, a note about Travis Kelce and Taylor Swift, a bunch of related links, and some more bullet points about the game.

Basically, instead of returning a bunch of search queries about the Chiefs game, Arc Search built me a webpage about it. And somewhere in there is The Browser Company's big idea about the future of web browsers -- that a browser, a search engine, an AI chatbot, and a website aren't different things. They're all just parts of an internet information finder, and they might as well exist inside the same app. [...] But from a pure product perspective, this feels closer to the way AI search should work than anything I've tried. Products like Copilot and Perplexity AI are cool, but they're fundamentally just chatbots with web access. Arc Search imagines something else entirely: AI that explores websites by building you a new one every time you ask.

Apple's new rules in the European Union mean browsers like Firefox can finally use their own engines on iOS. Although this may seem like a welcome change, Mozilla spokesperson Damiano DeMonte tells The Verge it's "extremely disappointed" with the way things turned out. From a report: "We are still reviewing the technical details but are extremely disappointed with Apple's proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps," DeMonte says. "The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations -- a burden Apple themselves will not have to bear." In iOS 17.4, Apple will no longer force browsers in the EU to use WebKit, the underlying engine that powers Safari. The change opens the door for other popular engines, such as Blink, which is used by Google Chrome and Microsoft Edge, as well as Gecko, the engine used by Firefox. It also means third-party browsers could become fully functional on iOS without any of the limitations that come along with WebKit.

prisoninmate shares a 9to5linux report: Flathub is currently one of the most popular app stores for Linux serving 1.6 billion downloads of over 2,400 apps in the Flatpak format, of which more than 850 apps have been verified by their original authors. And now, Flathub proudly announced today that it surpassed 1 million active users of Flatpak apps. The team believes that the recent growth in users comes from several factors, including the availability of some very popular apps (e.g. Firefox, Thunderbird, VLC, Spotify, OBS Studio, Google Chrome, Telegram), support for new and verified apps, the inclusion of Flathub as the default app source for the Steam Deck's desktop mode, as well as the growing adoption among many popular GNU/Linux distributions like Fedora Linux, Linux Mint, KDE neon, and others.

Nvidia is launching RTX Video HDR in its 551.23 Game Ready driver update, enabling RTX GPU owners to use AI to convert SDR videos to HDR in Microsoft Edge and Chrome. While subtle, it can add color detail to non-HDR YouTube videos when viewed on an HDR monitor. Like Nvidia's prior RTX Video Super Resolution for upscaling and sharpening web videos, the effect is minor but noticeable when toggling on and off.

Google is adding new AI features to Chrome, including tools to organize browser tabs, customize themes, and assist users with writing online content such as reviews and forum posts.

The writing helper is similar to an AI-powered feature already offered in Google's experimental search experience, SGE, which helps users draft emails in various tones and lengths. With the built-in Chrome writing tool, Google said users could potentially compose business reviews, RSVP messages, rental inquiries, and posts for online forums. TechCrunch adds: The still-experimental feature will be accessible in next month's Chrome release by right-clicking on a text box or field on the web and then choosing "help me write." To get started, you'll first write a few words and then Google's AI will jump in to help.

In a blog post today, Google announced that WebGPU is "now enabled by default in Chrome 121 on devices running Android 12 and greater powered by Qualcomm and ARM GPUs," with support for more Android devices rolling out gradually. Previously, the API was only available on Windows PCs that support Direct3D 12, macOS, and ChromeOS devices that support Vulkan.

Google says WebGPU "offers significant benefits such as greatly reduced JavaScript workload for the same graphics and more than three times improvements in machine learning model inferences." With lower-level access to a device's GPU, developers are able to enable richer and more complex visual content in web applications. This will be especially apparent with games, as you can see in this demo.

Next up: WebGPU for Chrome on Linux.

An anonymous reader quotes a report from Ars Technica: Google is updating the warning on Chrome's Incognito mode to make it clear that Google and websites run by other companies can still collect your data in the web browser's semi-private mode. The change is being made as Google prepares to settle a class-action lawsuit that accuses the firm of privacy violations related to Chrome's Incognito mode. The expanded warning was recently added to Chrome Canary, a nightly build for developers. The warning appears to directly address one of the lawsuit's complaints, that the Incognito mode's warning doesn't make it clear that Google collects data from users of the private mode.

Many tech-savvy people already know that while private modes in web browsers prevent some data from being stored on your device, they don't prevent tracking by websites or Internet service providers. But many other people may not understand exactly what Incognito mode does, so the more specific warning could help educate users. The new warning seen in Chrome Canary when you open an incognito window says: "You've gone Incognito. Others who use this device won't see your activity, so you can browse more privately. This won't change how data is collected by websites you visit and the services they use, including Google." The wording could be interpreted to refer to Google websites and third-party websites, including third-party websites that rely on Google ad services. The new warning was not yet in the developer, beta, and stable branches of Chrome as of today. It also wasn't in Chromium. The change to Canary was previously reported by MSPowerUser.

Incognito mode in the stable version of Chrome still says: "You've gone Incognito. Now you can browse privately, and other people who use this device won't see your activity." Among other changes, the Canary warning replaces "browse privately" with "browse more privately." The stable and Canary warnings both say that your browsing activity might still be visible to "websites you visit," "your employer or school," or "your Internet service provider." But only the Canary warning currently includes the caveat that Incognito mode "won't change how data is collected by websites you visit and the services they use, including Google." The old and new warnings both say that Incognito mode prevents Chrome from saving your browsing history, cookies and site data, and information entered in forms, but that "downloads, bookmarks and reading list items will be saved." Both warnings link to this page, which provides more detail on Incognito mode.