Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support

An anonymous reader writes Google has released Chrome/Chromium version 37 for Windows, Mac, and Linux. Among the changes are better-looking fonts on Windows and a revamped password manager. There are 50 security fixes, including several to patch a sandbox escaping vulnerability. The release also brings stable 64-bit Windows support which ...offers many benefits for speed, stability and security. Our measurements have shown that the native 64-bit version of Chrome has improved speed on many of our graphics and media benchmarks. For example, the VP9 codec that’s used in High Definition YouTube videos shows a 15% improvement in decoding performance. Stability measurements from people opted into our Canary, Dev and Beta 64-bit channels confirm that 64-bit rendering engines are almost twice as stable as 32-bit engines when handling typical web content. Finally, on 64-bit, our defense in depth security mitigations such as Partition Alloc are able to far more effectively defend against vulnerabilities that rely on controlling the memory layout of objects. The full changelog.

Shooter

[hooiberg]

Somehow I will always remember Chromium as the arcade type shooter with the same name.

Re:Shooter

There is nothing but hard vacuum out there,you space nutter.

And weeping brown dwarfs.

all that?

[turkeydance]

and for free?

Re:all that?

[RicktheBrick]

What the hell? I recently did a google search for chrome to install it. The very first entry on the list was a download that first installed a so called optimizer malware protector program. If one executes the program it will tell one that they have thousands of problems. Just send them some money and they will fix them for you. How am I suppose to know that the program did not install the problems and than ask money to fix them? It is the same as having people come to your door and tell you that your windows are not broken so pay us some money and we will ensure that they remain unbroken. If google will not help protect us from these people than how can I trust them to write a problem free browser?

Re: all that?

[Selivanow]

One cannot expect Google to save one from oneself.

Re:all that?

[Zero__Kelvin]

How is google going to stop you from posting lies on Slashdot?

Re:all that?

[stoploss]

How is google going to stop you from posting lies on Slashdot?

Haven't you heard the whispers about the Google kick squad, armed with Reason(tm) hypervelocity rail guns?

That's how.

Re: all that?

Google can't, but their friends at the NSA can.

Sweet

I hope the Firefox team once copies one sane feature from Chrome to their browser: the 64bit windows build.

Re:Sweet

I hope the Firefox team once copies one sane feature from Chrome to their browser: the 64bit windows build.

Here you go.

Re:Sweet

Is there a stable build?

Re:Sweet

I'm sure the Brony community can provide an equine themed build to your liking.

Re:Sweet

I hope the Firefox team once copies one sane feature from Chrome to their browser: the 64bit windows build.

Don't hope, vote.

Re:Sweet

You can always rename the file to say stable if that makes you feel better.

Re:Sweet

[Himmy32]

Pale Moon is a 64 bit build of the LTS version of Firefox. Highly recommend it.

Re:Sweet

Pale Moon is pretty shady and not official in anyway.

Re:Sweet

[OhSoLaMeow]

+1 funny if I had points.

Why not a master password for the PW manager?

[mlts]

I wish for a feature that is in Firefox... and that is the ability to set a master password and encrypt all password manager contents. That way, stored passwords and certificates are independently protected.

Re: Why not a master password for the PW manager?

I think it would be nice if Chrome stored all your passwords and especially your certs (like SMIME and PGP keys) on one of Google's servers. That way you'd have them any time and anywhere you want. Google could provide encryption and provide a key escrow service to that encryption so that, if you lose your master password, Google can recover your passwords for you. With Google's safety features, nothing could possibly go wrong.

Re:Why not a master password for the PW manager?

[The+MAZZTer]

Chrome already encrypts your data (on Windows at least) using your Windows login credentials using the Crypto API. If the user is not logged in, the passwords are impossible to read. If the user is logged in, all it takes is an API call run by that user to decrypt them, no reauthentication necessary (and this is why you lock your PC when you walk away). I think it is a very usable solution to the "but I save passwords to avoid remembering passwords, I don't want a master password" problem, but still keeping things secure.

I think cookies are encrypted now, too.

Re: Why not a master password for the PW manager?

[Noah+Haders]

lol snark right?

Re:Why not a master password for the PW manager?

[gstoddart]

So, are you saying that the data is "encrypted" in such a way as to be readable by anything which is running as your user?

Because, basically that would mean that it's not really encrypted in any meaningful way, because you inherently trust every single process to access your passwords.

Quite frankly, that sounds pretty dumb, because it means you explicitly make this available to every single process. So, Adobe could read your passwords if you read a PDF?

That's pretty weak if I understand what you said. And precisely why I don't trust applications to remember my passwords.

Re:Why not a master password for the PW manager?

[mlts]

Windows has the ability to stash login credentials securely, but on Linux, this functionality isn't present, so having the browser "pack its own parachute" with its own encryption would be nice.

Re:Why not a master password for the PW manager?

[DMUTPeregrine]

ChromeIPass + KeePass works rather well.

Re:Why not a master password for the PW manager?

[vux984]

, all it takes is an API call run by that user to decrypt them, no reauthentication necessary (and this is why you lock your PC when you walk away).

I'm far more concerned about malware than coworkers. Does locking my PC stop malware from harvesting the passwords? Does malware only run when you walk away and if you lock your PC that prevents it from running? If only, right? :)

The problem with saving passwords in a the user profile is that ANY non-privileged process running under my account can access them. That is plainly terrible.

Re:Why not a master password for the PW manager?

[Rob+Y.]

Chromium under KDE on linux nags you to set up a kwallet for passwords - I assume Gnome has a similar facility. So I guess it takes the same approach as on Windows - i.e., use the password storage facility provided by the OS. Not a bad approach. Kwallet makes you provide a password to access it the first time (presumably each app that accesses your wallet will ask for this the first time you grant it access. That's not the same as giving your passwords to anything you run as the GP suggested (thought maybe it works that way on Windows...)

Re:Why not a master password for the PW manager?

[Mortimer82]

Once you have any kind of malware on your computer, you have to assume anything you do within the context of that user account is compromised. Any malware which can read your password database could also just as easily be watching your activity and record the password the next time you enter a global password into a password manager.

As a user who is already used to quickly pressing Win+L to lock their computer each time they leave their desk, leveraging the Windows APIs is exceptionally convenient, especially when I consider that I don't have to manage yet another password independently of my Windows login password.

Also, those of us who recognise that it's no longer mid-2000 and that Microsoft has become a company who arguably sets one of the best examples on how to develop software securely, I have confidence that their API for this is thoroughly tested and proven. For Google to even attempt to come close, they would need to expend considerable effort which would ultimately achieve, at best, a reinvented wheel which would also be less convenient for Windows users.

Re:Why not a master password for the PW manager?

[Mortimer82]

If you are infected with malware, that malware could just as easily watch the password you type into a password manager, if anything, for Windows users, using the supported, well tested and proven Microsoft APIs is likely to be much better than Google trying to reinvent a wheel, which at best would still not be quite as convenient for users.

Re:Why not a master password for the PW manager?

[vux984]

that malware could just as easily watch the password you type into a password manager

That is actually far from "just as easily".

1) Hooking into the keyboard is much easier to detect from an antivirus-suspicious activity point of view.

2) It also requires that the malware be running WHILE I load unlock my password manager and enter the master password.

I personally run password safe, with multiple safes, with different category passwords because I distrust the native browser password storage.

Sure the low value websites safe is opened daily. But the one with my utilities and daily banking? Often goes a week or two at a time without being unlocked. The one for even higher value targets - my tax accounts, my domain registrar, certain investment accounts, often goes several weeks at a time between accesses.

That gives me in practice, a fairly large window to detect and remove malware before I'm hopelessly and completely compromised.

Compare that to your alternative, where the malware, can harvest all the passwords I've saved literally within milliseconds of its first run.

There is no comparison. I'll gamble with a keylogger over risking a malicious user process just being able to read my saved passwords every time.

Re:Why not a master password for the PW manager?

[Mortimer82]

You just happen to be super vigilant with your security and if Chrome had implemented a Firefox style password protected password manager it most certainly would not have met your needs either. You are very different from the vast majority of users and the most worthwhile measure you take above Firefox and Chrome, is that you compartmentalise your passwords. You however are a part of a very small number of people who go to those lengths and for the vast majority of users who have all their passwords in the same "vault", they would expose all their passwords within a day, making Chrome's strategy of leveraging Window's API arguably more secure than building their own. And keep in mind the vast majority of people would be infected for weeks or even months before they notice.

As for your argument about key loggers being "harder" to develop than other malware, keep in mind that a lot of malware these days is bought as a kit with a tonne of features. The people writing the malware are typically separate from the parties utilising the malware and once a password stealing module is written, it's available for everyone else to use, regardless of how hard it was write. Also, who said it had to be a key logger? It could be sniffing unencrypted memory, peeking forms in the browser window, it could be watching in countless different ways to avoid being detected as a key logger by AV.

And in regards to AV watching for key loggers, if they know to watch for key logger type activity, then it stands to reason they could also log attempts to read the password management API. In practice it's a cat and mouse game, as AV writers work to detect malware activity, malware writers work to avoid detection.

Malware writers are financially incentivised to come up with solutions, do not think that the hurdle required to get key sniffing is substantially different to that required for using the Windows API for password management, if it takes them a couple of weeks more to write one method, they might bill their clients more, or perhaps they are forced to include the feature so their clients don't use a competing product.

While you are a rare exception as you take extraordinary lengths to protect your credentials, for the vast majority of people, once they have malware, everything on their user profile is likely compromised and single password vault vs Windows API won't help them one bit, except that the Microsoft developed password vault is more convenient to users and likely better than a comparatively simple solution which would ship with a browser.

Re:Why not a master password for the PW manager?

[Bengie]

Windows does not only save encrypted data for a user that can be decrypted by any application, but also on a per user+application basis. This way no other application can decrypt the data. I would assume Chrome uses this part of the API. Of course this assumes no flaws in design and implementation.

Re:Why not a master password for the PW manager?

[vux984]

You just happen to be super vigilant with your security and if Chrome had implemented a Firefox style password protected password manager it most certainly would not have met your needs either.

It could potentially replace the lowest value vault.

the most worthwhile measure you take above Firefox and Chrome, is that you compartmentalise your passwords

Yes, and its a major failing of all systems out there that compartmentalization isn't better supported at the system level. Not only does the OS fail to guide users to compartmentalizing, it abjectly fails to support it at all.

Some random piece of software I download from the internet shouldn't get read access to my documents folders or be able to root through (on windows) the programdata folders of OTHER installed software by default. It should get access to its OWN programdata folder, it should get access to its own documents. If I want to grant it access to other things, that should be explicit.

As for your argument about key loggers being "harder" to develop than other malware

I didn't make that argument.

I made the argument that it was easier to *detect* keyboard hooks. And that hooking into the keyboard takes longer to compromise the passwords because it has to wait until passwords are typed in -- vs just being able to read them out.

then it stands to reason they could also log attempts to read the password management API.

That's a good point. However, the number of apps that have a legitimate reason to call the password management API is very high. The number of apps that legitimately need to hook into the keyboard apis necessary for keylogging the foreground app is pretty low. You could almost block that by default and require per-app authorization.

The password management API should also default to an app only being able to read its own data out without escalation. There's really no reason for App A being able to read credentials for App B.

Thinking about how app identity would actually be established, I think the on disk filesystem folder path of the running process should be sufficient, assuming that can't be easily spoofed (?)

That would allow updated versions of legitimate software to retrieve credentials stored with the previous version, but still prevent random drive-by processes from doing anything with them.

And that goes back to my complaint that OSes don't do compartmentalization well yet.

Re:Why not a master password for the PW manager?

[Fizyx]

Chrome already encrypts your data (on Windows at least) using your Windows login credentials using the Crypto API. If the user is not logged in, the passwords are impossible to read [...]

Really? Then wouldn't changing your Windows password brick the data store?

Gradients

[Ark42]

Can it render large CSS gradients without horrible banding yet?

Re:Gradients

We don't know.

Re:Gradients

The answer is still no, apparently: https://code.google.com/p/chro...

What a world we live in, where IE11 and Firefox have vastly better real-world CSS3 support and Chrome is just a pile of crap.

Re:Gradients

Looks fine to me.

Re:Gradients

Try this https://code.google.com/p/chro... in Chrome, Firefox, and IE. Notice now the large version of the same gradient looks like crap in only Chrome, but the rest all render it just fine.

Another oddity of this same bug in Chrome is this, which just defines all logic: http://jsfiddle.net/7C7ey/
Compare that in Chrome to Firefox and IE. You can't even come up with a reason to explain how bad it looks in Chrome, it just boggles the mind what could possible be causing that.

Re:Gradients

You can see the bug in "Linear Gradient (with Specified Arbitrary Stops)" on that page, but it is subtle. Compare Chrome to any good browser and notice how the blue starts to form bands on the far edge, instead of blending properly.

Hello, it is 2014

[qbast]

Why even bother with 32 bit builds?

Re:Hello, it is 2014

Because not everyone upgrades their computers every 2-3 years. My parents are still running a 32 bit OEM flavor of vista. They do not have the cash to go buy even a 300-400 dollar computer. Frankly they do not care. They get on their read a bit of email and use it for a bit of ebay.

Sure an upgrade would be nice for them. But it must come in the 'free range' and still be able to use their software.

Re:Hello, it is 2014

That was what I was saying back in 2007 when x64 support for Windows would have been thought of as abnormality.
Personally I think Windows never should have left the 16-bit era.

Re:Hello, it is 2014

[wisnoskij]

Even well into Windows 7, 32-bit continued to a very serious market share of NEW installs. At this point I do not think we are getting very many 32 bit installs at all, but any computer over 3 years probably has about a 60% chance of running a 32-bit OS. XP was the market overlord of a very long time, and continues to have a significant share, and its 64 bit edition was unusable.

Re:Hello, it is 2014

[datapharmer]

Strange, I used windows 64 bit for several years with no problem. That said I built it with components I knew had stable 64-bit drivers. Only problem I had was many browser plugins were 32-bit only but I can't blame Microsoft for that. It was a hell of a lot better than Vista x64 I can tell you that!

Re:Hello, it is 2014

[Himmy32]

Because support for 64 bit plugins are still lagging...

Re:Hello, it is 2014

[qbast]

Then would they care about browser upgrade?

Re:Hello, it is 2014

[CastrTroy]

There are devices sold that have a 32 bit OS installed. For devices that will never have more than 2 GB of RAM, it makes sense to save a little bit of memory by using the 32 bit version when it is all that is needed. Granted, it won't be long before just about every device has 4GB of RAM, and we will completely lose the 32 bit build.

Re:Hello, it is 2014

Because opencandy installed chrome for them.

Re:Hello, it is 2014

[cant_get_a_good_nick]

Moving to 64 bit means your entire ecosystem needs to move to 64 bit. Is every plug in, including every corporate internal plugin migrated to 32 bit? Even IE still has both builds, for this reason.

Re:Hello, it is 2014

[bill_mcgonigle]

Why even bother with 32 bit builds?

Especially if one of the claims is that the 64-bit renderer is "twice as stable"?

Frankly, that's not a claim that I was expecting to hear. People looking at cashing in on Google security bug bounties should probably be looking at datatypes that are not being properly used and are overflowing and crashing on 32-bit.

Re:Hello, it is 2014

[DRJlaw]

For devices that will never have more than 2 GB of RAM, it makes sense to save a little bit of memory by using the 32 bit version when it is all that is needed.

If that is your sole metric, perhaps. But x64 mode provides other features such as additional registers, a larger address space for ASLR, etc. Much of the speed increase Google is touting is due simply to the ability of the compiler to use x64 mode code.

Re:Hello, it is 2014

[DMUTPeregrine]

64-bit isn't just about ram, it's also about the extra registers & instructions.

Re:Hello, it is 2014

[reikae]

If you've upgraded in the last ten years you very likely have a 64-bit CPU. Athlon 64 machines probably can be had for free. From a quick search it also seems that Windows license allows you to choose either 32 or 64 bit version. I realise 64-bit computing wouldn't benefit your parents, but it doesn't require you to hop on an upgrade treadmill.

Re:Hello, it is 2014

[Ravaldy]

Yes but your OS needs to be 64 bit and until Windows 7 became dominant, 32 bit was still the biggest seller by far. If I recall until last year 80% of Windows OS installs were 32bit. Until last year many laptops still came with 32 bit Windows 7 which as far as I'm concerned was dumb.

Re:Hello, it is 2014

[CastrTroy]

I guess it depends on where you think the bottle neck would be and where you want to optimize. Is the bottleneck in your CPU, and you want to make sure you can use all the registers, or is the bottleneck in the amount of memory you have, causing your device to swap things out of RAM more often? Running a full desktop OS with full desktop applications on 2GB of ram is already pushing the limits on the minimum amount of RAM that most users could deal with. It may make sense to conserve memory as much as possible so you don't swap to disk, because that will greatly affect the user experience, rather than run the loaded process just a little faster because you have extra registers.

Re:Hello, it is 2014

[antdude]

Because some people still use 32-bit OSes on very old machines? :(

Re:Hello, it is 2014

[antdude]

I still use my very old, updated Windows XP Pro SP3 at home. It does what for me. I don't game and do anything fancy like I used to do.

Google?

[MagickalMyst]

This is a Google product. Nothing to see here, move along.

Video decoding regression

[kav2k]

> For example, the VP9 codec that’s used in High Definition YouTube videos shows a 15% improvement in decoding performance.

Except that with this version, hardware-accelerated decoding broke scaling, so it now seems to scale as nearest-neighbor. Thankfully, on Windows it's possible to override hardware decoding with chrome://flags, which is a workaround for now.

Re:Video decoding regression

[AmiMoJo]

Tragically Flash support still seems to be working. I was hoping that moving to 64 bit would break it.

Re:Video decoding regression

Also started using DirectWrite vs. GDI for font rendering, which seems to be causing all sorts of issues with web fonts. Can also be disabled in chrome://flags.

Re:Video decoding regression

[toddestan]

I'm just hoping that there is a way to disable that obnoxious "Install Flash" bar that comes up every time you visit a site with Flash and you don't have Flash installed. It's like Google can't imagine that someone would not want to install Flash (ditto for builds of Chromium running on OSes that don't even have Flash).

The tabs are slightly sucky

[jones_supa]

An old gripe: the tab implementation could be improved. To begin with, when using the normal horizontal tab strip, Firefox makes it scrollable with arrows when it gets crowded. Chrome just makes the tabs smaller and smaller. And hey, give me vertical tabs, à la Firefox's Tree Style Tab extension. Great way to utilize a wide screen monitor. Chrome did indeed have an experimental side tabs option a couple of years ago, but they removed it, and apparently their extension API hasn't allowed any third party to make a good vertical tabs implementation. Ah well.

Re:The tabs are slightly sucky

[thegarbz]

I switched to chrome because of this. With lots of tabs open Firefox have no indication of the number of tabs. At that point I'm usually interested in going through sequentially anyway and not go through by specific content, I.e. open up interesting Slashdot articles.

Re:The tabs are slightly sucky

[Bengie]

Using the newest version of Firefox at work, I have this lovely issue where our intranet website causes Firefox to hesitate for about 10 seconds, during which I can't even change tabs. Not only does Chrome fully load the page about 2x-3x faster, but I can switch tabs while it's rendering.

Re:The tabs are slightly sucky

[jones_supa]

That's not an UI problem but because Firefox does not run the tabs in separate threads like Chrome does.

64-bit support

[Imagix]

So when are they _finally_ going to have a 64-bit OS X version?

Re:64-bit support

[kthreadd]

It is 64 bit, check about:buildconfig.

Re:64-bit support

[Imagix]

Chrome isn't responding to about:buildconfig... and calling file on the executable:
$ file Google\ Chrome
Google Chrome: Mach-O executable i386

Re:64-bit support

[kthreadd]

Oh, my mistake. Wrong browser. :-)

Re:64-bit support

Version 39.0.2138.3 canary (64-bit)

(You can see the 64-bitness in Activity Monitor if you enable the Kind column)

Shooter

There is nothing but hard vacuum out there,you space nutter.

Pointer focus still broken

[crow]

If you're using Linux with pointer focus, Chrome is severely broken starting with version 35.

https://code.google.com/p/chro...

Chromium 37?

[OolimPhon]

I thought this was a story about an isotope...

Re:Chromium 37?

You're at least 5 releases early, probably 13: https://en.wikipedia.org/wiki/Isotopes_of_chromium

Re:Chromium 37?

[cant_get_a_good_nick]

:) sorry, no mod points today.....

Does it self-update to 64-bit?

[taxman_10m]

I've been running 32-bit Chrome on Windows 7 64-bit. Does the Chrome self-update upgrade it to Chrome 64-bit or is it a seperate download somewhere?

Re:Does it self-update to 64-bit?

[jones_supa]

It is a separate download at https://www.google.com/intl/en/chrome/browser/?platform=win64.

Re:Does it self-update to 64-bit?

[SternisheFan]

Question: In Chrome, I just clicked on the triple bars to the right of the search bar, clicked on 'About Google Chrome', and updated from there. Now I'm running Chrome version 37.0.2062.94 m. Is this the 64 bit version?

Re:Does it self-update to 64-bit?

No. I'm puzzled, dazed, confused and stunned that they choose to promote the feature and then don't even provide a small check box to help selecting the build of the customer/product's choosing.

Re:Does it self-update to 64-bit?

[jones_supa]

Now I'm running Chrome version 37.0.2062.94 m. Is this the 64 bit version?

The 64-bit version says "64-bit" in parenthesis after the version number.

If you just updated your 32-bit version, it's likely that you will stay in the 32-bit channel.

Re:Does it self-update to 64-bit?

[SternisheFan]

Now I'm running Chrome version 37.0.2062.94 m. Is this the 64 bit version?

The 64-bit version says "64-bit" in parenthesis after the version number.

If you just updated your 32-bit version, it's likely that you will stay in the 32-bit channel.

Thanks, to you and the above AC. Guess I'll update it again.

Re:Does it self-update to 64-bit?

[SternisheFan]

Just updated from your link, after 1st attempt received a message (loosely) stating 'Chrome cannot install on top of the same version." 2nd attempt worked, now showing, "Version 37.0.2062.94 unknown-m (64-bit)". Thanks again...

Stability improvements?

[IamTheRealMike]

I understand why 64 bit can improve performance on x86 platforms because the 64-bit transition also rolled in other improvements like more registers.

I understand why 64 bit can improve the performance of security mitigations by making guessed addresses more likely to result in a controlled crash rather than arbitrary memory scribbling.

I cannot think of any reason why switching to 64 bit builds should halve the crash rate, unless this is just a side effect of 64 bit hardware being newer and less crappy overall. Can anyone else explain this to me?

Re:Stability improvements?

I cannot think of any reason why switching to 64 bit builds should halve the crash rate, unless this is just a side effect of 64 bit hardware being newer and less crappy overall. Can anyone else explain this to me?

I may be a bit cynical about this, but many things that were crashing in 32-bit builds and stable in 64-bit builds gained stability from the expanded per-process memory range. The same buggy code with incompetent memory management would reach a crashing point when it ran out of new memory to violate, but as a 64-bit program it took enough longer to hit the higher barrier that it would appear completely stable.

Re:Stability improvements?

[cant_get_a_good_nick]

Though I'm sure there are other reasons (maybe better 64 bit tools?) you self answer a bit. Your Point #2 means Chrome crashes early and obviously, making any pointer bugs quicker to be squashed. This means the bugs get fixed fast, fewer make it to Release builds, and you should crash less.

Another reason may be heap size. Even if you don't fill free memory, you can fragment it. Picture what you can put in one 5 gallon bucket, vs what you can put in 5 x 1 gallon buckets. Much less flexible. So if 32 but chrome gets tight on memory becuase of web pages seen and closes, seen and closed and memory fragmented, it may just give up and crash/exit.

Re:Stability improvements?

> So if 32 but chrome gets tight on memory

How? Chrome uses a proper, UNIX-like multiprocess model rather than the more dangerous single shared memory space that Microsoft's attempt at a browser uses. A single web page shouldn't ever get tight on memory. That isn't a reason, and there aren't any really, to use a 64-bit browser.

Re:Stability improvements?

[Bengie]

"Stability" in the context of video rendering can also include not noticing rendering jitter because of increased performance or more "stable" performance.

Just being honest here...

but I cannot fathom how people, and techies specifically, trust a browser that has ties to the company that does nothing but track people for the sake of profit. I just cannot wrap my head around why people willingly are not fighting the trading of privacy for something "free". We all know the tradeoff isn't fair. Free this and free that and we are giving our lives away for what really?

I similarly distrust supermarket loyaly cards, which purport to save you money, but track and sell your preferences to third-party vendors who are also in the game for nothing but profit. One of the things that scares me is the buyers included in these companies are insurance companies, both medical and other, who then proceed to find ways to make your policies more expensive in future based on your current lifestyle. This is starting to happen.

My life is private and what I do should not cause an increase in costs for me. The goal, after all, is socialised medicine anyway, so screw for-profit medical companies.

Re:Just being honest here...

[ledow]

1) If you're in business, likely you don't care about the privacy of searches anonymised under legal agreements because, well, there's just nothing quite that interesting and if your employees complain, you have to wonder what they are Googling in their spare time that they don't want you to know about.

2) Alternatives. I was an Opera user since before 3.something. It peaked a year or two ago, the developers were moved on, and it's now just junk and uses Chromium backend. IE isn't a sensible alternative either (trust no browser that wants you to go to Bing by default, has the Bing toolbar, etc. either). Quite what are we supposed to use and deploy? Firefox? The MSI and GPO integration is still all random-third-parties that we have to trust did it right and didn't add their own junk in.

Sorry, but on the face of it, the privacy "problem" isn't really a problem for most people. I agree that privacy is an issue and I get more than most people that privacy is just something you should have by default, not be made to justify or fight to get. But, honestly, there's little choice.

And when you're a techy working for a business, you'll deploy what's been agreed on, which will be the lesser of most evils. At least Chrome MSI-deploys and has proper GPO and respects Windows Internet Options, and is cross-platform in other respects.

At home, I still use Opera. But only until websites start crapping out on it, because there's no way I want to touch the newer versions anyway (whatever their underlying browser).

Re:Just being honest here...

Thank you for your professional response; it's one of the few I've received here on /. that isn't snarky.

Netflix support?

[cant_get_a_good_nick]

I remember some Chromium build that had Netflix support, a.k.a streaming DRM support. Did this make the cut?

Re:Netflix support?

[Bengie]

You can use Chrome 38 beta in Linux to watch Netflix natively via HTML5 because of the DRM module. Not sure if it's in 37, but it is alive and working in beta.

Chrome 38 is the big one

[kervin]

Encrypted Media Extensions lands in 38. This is what Netflix's using in their new HTML5 player. So hopefully, finally, Netflix on Linux.

Now if they can just get Java working on Linux again we'd be all set.

Re:Chrome 38 is the big one

Actually Chrome 37 works already. On Ubuntu Trusty I had to update the libnss3 library to Utopic's version (from 3.15.4 to 3.16.3) and then spoof my user agent to pretend I'm running Windows, but once done it works, and works well (far better than running through Windows in a VirtualBox VM, which had a smooth picture but crackly sound).

I've used that in the Chrome 37 beta for a couple of weeks and that was the version promoted to stable. There's more info on OMG! Ubuntu!.

I haven't seen whether this means you can remove Silverlight from Windows & Macs now but in theory it should be possible.

Re:Chrome 38 is the big one

If you want Netflix on Linux, you can do that with pipelight and an extension that changes your user agent string to Firefox for Windows.

at first read i was shocked.

[nimbius]

Chromium 37 launches

with 37 protons im sure it did!

Re:at first read i was shocked.

You should work on your jokes a bit more. Chromium 37 has 24 protons and 13 neutrons, and no reason to "launch".

Does chrome still require a root privs sandbox?

[Viol8]

Yes? Then it can carry on fucking right off, its going nowhere near my machines. I'll take the OS security over the supposed security of a browser subsystem thanks.

Re:Does chrome still require a root privs sandbox?

This isn't to argue against you since I agree, but I think you can just unpack the binary tarball, delete the chrome-sandbox binary, and it will just not bother with sandboxing when you run it. But when you install, it will ask for root privs to setuid that binary, since it wants to install it by default. Even worse, I think Firefox are adopting this very sandbox themselves, because they need a stable sandbox to "safely" support.. wait for it.. Google's EME spec. Pretty fucking epic.

Re:Does chrome still require a root privs sandbox?

[Viol8]

The OS doesn't need protection if the browser is running with normal user privs. If the OS is windows it might need extra help, I wouldn't know, but linux does not and I have no interest in googles feeble reasons for requiring root privs. A user app that requires root privs is not going on my systems. Period.

changing the subject of the post

from "chrome" to "chromium" does not make it any better than the "zomg a new chrome" shitspam we see every three hours when a new version is released.

Extension APIs?

[harmonica]

Every news report on Chrome 37 sounds the same, including the phrase "supports various new applications and extension APIs". Everyone's just copying from the press release. What are the new extension APIs? JavaScript APIs?

SideTabs...

...are they back yet? No? Chrome still sucks then

The tabs are slightly sucky

If you go to chrome://flags and enable Stacked Tabs, tabs have a minimum size and one end of the tab bar starts stacking when there are too many to show at once. Unfortunately, this vital feature is Windows-only and will probably be removed in the future in the name of consistency.

Does chrome still require a root privs sandbox?

The point of the sandbox is to protect the OS from the browser itself (e.g. so you can't exploit a bug in the renderer to gain access to the kernel or user files). setuid is necessary to chroot() the sandbox (protects the filesystem) and put it in a PID namespace so it can't kill() other processes.

You can read about it here: https://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
You can inspect the source: https://code.google.com/p/setuid-sandbox/

Willful ignorance is no excuse for spreading FUD.

Finally!

Another nail in the coffin for Firefox and their ignorance of 64-bit architecture.

Dev and beta builds

[Cyfun]

Just curious, but how many regular Slashdaughters aren't already using the beta or dev builds? I would imagine this crowd would be on the bleeding edge, especially since they got native Linux Netflix support working in one of the recent builds.

Better looking fonts on windows?

[bad_fx]

Perhaps I just need to get used to them, but the "better looking fonts" on windows don't actually look better to me, they look worse. I'm not really sure what it is, but there definitely seems to be something slightly off about them.

Re:Better looking fonts on windows?

[jrumney]

Try a Japanese website - new invisible kana support.

Better looking fonts, my arse.

This cued my rant.

[stoploss]

God damn browsers and Web 2.0. They have undone the stability gains we have gotten over *decades* simply to have yet another AJAX-y Web 2.0 site with a 4 MB homepage.

What am I talking about? All this push to inject hardware acceleration into the browser comes at a cost: the damn browser is now moving out of the safe userland and more into game territory where they are communicating with the low-level APIs.

Fucking browsers are the only application I use that can hard lock my machine. I only got relief from Chrome by disabling hardware acceleration. I can perceive how such acceleration may be necessary on phones and tablets, but why the fuck, on a quad-core Haswell with 16 GB of RAM, should hardware acceleration even be necessary (or have noticeable effect) for surfing the goddamn internet?!

It's like it's fucking 1996 all over again where I have to initiate a hardware reset on my machine because the browser completely crashed it. Thanks, guys.

Pair their 64-bit ware w/ mine... apk

For better websurfing: My FREE program for hosts adds speed, security, reliability, + anonymity & does more, more efficiently by FAR vs. addons + fixes DNS' security issues:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects, /. beta for example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk