msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

25 May 12 Yahoo Updates Axis Chrome Extension, Removes Private Key


Yahoo! Axis: A New Way to Search

Red-faced, Yahoo has released a new version of its Axis browser to fix a serious security flaw that would have allowed attackers to build malicious extensions for Web browsers. If you downloaded the Chrome extension immediately after its launch, you should re-install the latest version.

Yahoo originally released the new search and browsing tool on May 23. Available for desktop computers, mobile devices, and as an extension for major Web browsers, Yahoo touted the Axis tool’s predictive search capabilities. PCMag’s Michael Muchmore took a look at Yahoo! Axis recently.

While poring over the source file for the Chrome extension, Australian researcher Nik Cubrilovic noticed Yahoo had accidentally included its private PGP key that was used to digitally sign the code. The Chrome Web browser treats the PGP key as proof the application is legitimate and comes from a trusted source.

“In other words, any of us could write an app and fairly convincingly pretend that it was actually from Yahoo,” wrote Joshua Long on the Sophos Naked Security blog.

What is a Private Key?
Each extension comes with a pair of public and private keys that are unique to the developer. The private key is used to sign the extension, and the browser uses the public key to authenticate the signature. Private keys should always be kept secret to prevent anyone else from forging software.

Cubrilovic cloned the Axis extension for Chrome, re-signed it with Yahoo’s key, and successfully installed the spoofed extension onto Chrome. Malicious developers could easily create their own extensions and use Yahoo’s private key to make Chrome think the packages belonged to Yahoo.

“With access to the private certificate file a malicious attacker is able to create a forged extension that Chrome will authenticate as being from Yahoo!” Cubrilovic wrote on his blog.

Type of Attacks
With the private certificate file, it would be possible to create a fake extension that captures all Web traffic, including passwords, session cookies, and other network activity, Cubrilovic wrote on his blog. Attackers could use DNS spoofing techniques to trick users with Axis already installed to update with the fake version of the extension, he said.

Yahoo worked quickly to resolve the issue and has released a new Chrome plug-in that doesn’t contain the private key. It is also using a new certificate so that the old one can be revoked.

Cubrilovic and other researchers plan to investigate whether the Chrome browser can determine when an extension was signed with a revoked certificate.

Article source: http://securitywatch.pcmag.com/web-browsers/298353-yahoo-updates-axis-chrome-extension-removes-private-key

Tags: , , , , ,

25 May 12 Yahoo Axis private key leaked in Chrome extensions


Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo’s name.

Axis is a new search and browsing tool from Yahoo that was released earlier this week. It is available for desktop computers, as an extension for Google Chrome, Mozilla Firefox, Internet Explorer and Safari, as well as for iOS devices, as a stand-alone app.

However, while looking at the source code for the Google Chrome Axis extension, hacker and security blogger Nik Cubrilovic discovered a serious security flaw – the package included the private cryptographic key used by Yahoo to sign the extension.

“With access to the private certificate file private key a malicious attacker is able to create a forged extension that Chrome will authenticate as being from Yahoo,” Nik Cubrilovic said.

Google Chrome extensions come packed as CRX files, which are essentially digitally signed ZIP-format archives.

Every CRX file contains a public key that’s part of a private-public key pair unique to its creator. The private key is used to sign the extension, while the public key is used by the browser to verify the signature’s authenticity.

Since private keys allow developers to digitally sign new extensions or update their old ones, they should always be kept secret.

In order to prove the implications of the private key leak, Cubrilovic created a proof-of-concept Chrome extension that displays an alert on every visited website and signed it with Yahoo’s private key.

An attacker can push a Yahoo-signed malicious extension to a browser that has the Axis extension installed, by using techniques like DNS spoofing, Cubrilovic said.

Google Chrome automatically checks for extension updates by querying update URLs specified by developers. If attackers can forge the DNS (domain name system) responses received by the browser, they can force it to install a rogue digitally signed extension update from a server under their control.

Yahoo confirmed the security issue. “We worked quickly to resolve the issue and have issued a new Chrome plug-in,” a Yahoo spokeswoman said. “Users who downloaded Yahoo! Axis on Chrome between the hours of 6-9pm Pacific Time on May 23, 2012, are encouraged to uninstall the previous version and reinstall the new version at axis.yahoo.com.”

Article source: http://rss.feedsportal.com/c/270/f/470440/s/1fb2e261/l/0Lnews0Btechworld0N0Csecurity0C33599660Cyahoo0Eaxis0Eprivate0Ekey0Eleaked0Ein0Echrome0Eextensions0C0Dolo0Frss/story01.htm

Tags: , , , , ,

24 May 12 Yahoo leaks private key, allows anyone to build Yahoo-signed Chrome extensions


IDG News Service - Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo’s name.

Axis is a new search and browsing tool from Yahoo that was released on Wednesday. It is available for desktop computers, as an extension for Google Chrome, Mozilla Firefox, Internet Explorer and Safari, as well as for iOS devices, as a stand-alone app.

However, while looking at the source code for the Google Chrome Axis extension, hacker and security blogger Nik Cubrilovic discovered a serious security flaw — the package included the private cryptographic key used by Yahoo to sign the extension.

“With access to the private certificate file [private key] a malicious attacker is able to create a forged extension that Chrome will authenticate as being from Yahoo,” Nik Cubrilovic said in a blog post on Thursday.

Google Chrome extensions come packed as CRX files, which are essentially digitally signed ZIP-format archives.

Every CRX file contains a public key that’s part of a private-public key pair unique to its creator. The private key is used to sign the extension, while the public key is used by the browser to verify the signature’s authenticity.

Since private keys allow developers to digitally sign new extensions or update their old ones, they should always be kept secret.

In order to prove the implications of the private key leak, Cubrilovic created a proof-of-concept Chrome extension that displays an alert on every visited website and signed it with Yahoo’s private key.

An attacker can push a Yahoo-signed malicious extension to a browser that has the Axis extension installed, by using techniques like DNS spoofing, Cubrilovic said.

Google Chrome automatically checks for extension updates by querying update URLs specified by developers. If attackers can forge the DNS (domain name system) responses received by the browser, they can force it to install a rogue digitally signed extension update from a server under their control.

Yahoo confirmed the security issue. “We worked quickly to resolve the issue and have issued a new Chrome plug-in,” a Yahoo spokeswoman said via email. “Users who downloaded Yahoo! Axis on Chrome between the hours of 6-9 p.m. Pacific Time on May 23, 2012, are encouraged to uninstall the previous version and reinstall the new version at axis.yahoo.com.”

Article source: http://www.computerworld.com/s/article/9227453/Yahoo_leaks_private_key_allows_anyone_to_build_Yahoo_signed_Chrome_extensions

Tags: , , , , ,

24 May 12 Yahoo Leaks Private Key, Allows Anyone to Build Yahoo-signed Chrome Extensions


Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo’s name.

Axis is a new search and browsing tool from Yahoo that was released on Wednesday. It is available for desktop computers, as an extension for Google Chrome, Mozilla Firefox, Internet Explorer and Safari, as well as for iOS devices, as a stand-alone app.

However, while looking at the source code for the Google Chrome Axis extension, hacker and security blogger Nik Cubrilovic discovered a serious security flaw — the package included the private cryptographic key used by Yahoo to sign the extension.

“With access to the private certificate file [private key] a malicious attacker is able to create a forged extension that Chrome will authenticate as being from Yahoo,” Nik Cubrilovic said in a blog post on Thursday.

Google Chrome extensions come packed as CRX files, which are essentially digitally signed ZIP-format archives.

Every CRX file contains a public key that’s part of a private-public key pair unique to its creator. The private key is used to sign the extension, while the public key is used by the browser to verify the signature’s authenticity.

Since private keys allow developers to digitally sign new extensions or update their old ones, they should always be kept secret.

In order to prove the implications of the private key leak, Cubrilovic created a proof-of-concept Chrome extension that displays an alert on every visited website and signed it with Yahoo’s private key.

An attacker can push a Yahoo-signed malicious extension to a browser that has the Axis extension installed, by using techniques like DNS spoofing, Cubrilovic said.

Google Chrome automatically checks for extension updates by querying update URLs specified by developers. If attackers can forge the DNS (domain name system) responses received by the browser, they can force it to install a rogue digitally signed extension update from a server under their control.

Yahoo confirmed the security issue. “We worked quickly to resolve the issue and have issued a new Chrome plug-in,” a Yahoo spokeswoman said via email. “Users who downloaded Yahoo! Axis on Chrome between the hours of 6-9 p.m. Pacific Time on May 23, 2012, are encouraged to uninstall the previous version and reinstall the new version at axis.yahoo.com.”

Article source: http://www.pcworld.com/article/256182/yahoo_leaks_private_key_allows_anyone_to_build_yahoosigned_chrome_extensions.html

Tags: , , , , ,

15 Mar 12 Why a small change to Google Chrome could have big implications for Internet users


Earlier this week, a Google employee named William Chan published a post on Google Plus about the way his team was planning to solve some problems that the Chrome browser was having delivering Web addresses.

The issues, and the solution, are highly technical. But they boil down to this: in order to deliver pages faster, Google is going to make it possible for the browser to resolve Web site addresses like www.google.com into IP addresses like 216.239.51.99 that machines on the Internet can read.

Currently, Chrome follows standard industry practices to resolve Web addresses: Chrome sends a request to the underlying operating system which reaches out to another computer on the Internet known as a DNS server. This process gives a computer user control over which DNS server to use.

At this point, even if you have a moderate interest in technology, you will probably be wondering why this is news.

The changes to Chrome matter a lot because they mean Google will be in a position to steer all the traffic from Chrome browsers to Google’s own DNS servers. This could provide Google with vast insight into what is happening on the Web, including on competitors’ sites like Facebook.

Depending on your perspective, this gives Google a great competitive advantage, or raises questions about the applicability of the Sherman Antitrust Act.

There’s also a user privacy issue. Now, I use Google Public DNS and I’m not worried about Google secretly spying on my Internet traffic. But there is very little to stop Google should it decide there is a compelling need to closely inspect unencrypted packets hitting its DNS servers.

The issue was pointed out to me by David Ulevitch, whom I interviewed last month for my post “A Closer Look at Google Public DNS.” Unlike most people on the planet, Ulevitch has skin in this game. He runs a service called OpenDNS, which competes with Google Public DNS. The implications for David are that Chrome will now be able to override his users’ choices. Instead of allowing the operating system to resolve an address via OpenDNS, Chrome would, at least in theory, ensure the address is resolved by Google Public DNS.

“It’s a dangerous combination when you control the browser, search and DNS,” Ulevitch said. “It’s like Microsoft back in the day when it controlled the browser and the desktop operating system and dominated the market for office apps.”

Few people realize how much information a DNS server sees.

There seems to be a belief that all the information we send over the Internet—in the form of emails, search requests, Facebook posts, etc.—is written in invisible ink, because we humans can’t see it. But machines can easily read unencrypted information. A machine attached to a DNS server doing deep packet inspection is the equivalent of a person sitting at the central post office and opening every piece of mail.

This is why it’s worth it for ordinary people to ask questions about what Google is going to do with the information it collects as a result of its giant DNS service, which is now the largest public DNS service in the world. How long does it keep it? Will it be used to target ads? How does it ensure private information will stay that way?

I contacted Google to talk about the implications of the proposed changes. I still haven’t heard back from the company. I will post their response as soon as I do.

Article source: http://www.forbes.com/sites/eliseackerman/2012/03/14/why-a-small-change-to-google-chrome-could-have-big-implications-for-internet-users/?feed=rss_home

Tags: , , ,

15 Mar 12 Why a small change to Google Chrome could have big implications for Internet users


Earlier this week, a Google employee named William Chan published a post on Google Plus about the way his team was planning to solve some problems that the Chrome browser was having delivering Web addresses.

The issues, and the solution, are highly technical. But they boil down to this: in order to deliver pages faster, Google is going to make it possible for the browser to resolve Web site addresses like www.google.com into IP addresses like 216.239.51.99 that machines on the Internet can read.

Currently, Chrome follows standard industry practices to resolve Web addresses: Chrome sends a request to the underlying operating system which reaches out to another computer on the Internet known as a DNS server. This process gives a computer user control over which DNS server to use.

At this point, even if you have a moderate interest in technology, you will probably be wondering why this is news.

The changes to Chrome matter a lot because they mean Google will be in a position to steer all the traffic from Chrome browsers to Google’s own DNS servers. This could provide Google with vast insight into what is happening on the Web, including on competitors’ sites like Facebook.

Depending on your perspective, this gives Google a great competitive advantage, or raises questions about the applicability of the Sherman Antitrust Act.

There’s also a user privacy issue. Now, I use Google Public DNS and I’m not worried about Google secretly spying on my Internet traffic. But there is very little to stop Google should it decide there is a compelling need to closely inspect unencrypted packets hitting its DNS servers.

The issue was pointed out to me by David Ulevitch, whom I interviewed last month for my post “A Closer Look at Google Public DNS.” Unlike most people on the planet, Ulevitch has skin in this game. He runs a service called OpenDNS, which competes with Google Public DNS. The implications for David are that Chrome will now be able to override his users’ choices. Instead of allowing the operating system to resolve an address via OpenDNS, Chrome would, at least in theory, ensure the address is resolved by Google Public DNS.

“It’s a dangerous combination when you control the browser, search and DNS,” Ulevitch said. “It’s like Microsoft back in the day when it controlled the browser and the desktop operating system and dominated the market for office apps.”

Few people realize how much information a DNS server sees.

There seems to be a belief that all the information we send over the Internet—in the form of emails, search requests, Facebook posts, etc.—is written in invisible ink, because we humans can’t see it. But machines can easily read unencrypted information. A machine attached to a DNS server doing deep packet inspection is the equivalent of a person sitting at the central post office and opening every piece of mail.

This is why it’s worth it for ordinary people to ask questions about what Google is going to do with the information it collects as a result of its giant DNS service, which is now the largest public DNS service in the world. How long does it keep it? Will it be used to target ads? How does it ensure private information will stay that way?

I contacted Google to talk about the implications of the proposed changes. I still haven’t heard back from the company. I will post their response as soon as I do.

Article source: http://www.forbes.com/sites/eliseackerman/2012/03/14/why-a-small-change-to-google-chrome-could-have-big-implications-for-internet-users/

Tags: , , ,

25 Jan 12 Google Chrome remixes worth trying out


Once upon a time there was a browser named Firefox — an open source project that many people happily picked up and spun off into their own versions with names like Iceweasel and Pale Moon. Now the same thing has happened with Google Chrome. Its open source incarnation, Chromium, has become the basis for a slew of spinoffs, remixes, and alternative versions.

Naturally, a variant version of a browser needs to be broadly compatible with the original to be useful, but at the same time have enough new features or enhanced functionality to be a compelling alternative. Just as a remix of a song combines something from the original with something new, Chrome spinoffs inherit Chrome’s speed and rendering prowess while striking off in new directions.

[ Also on InfoWorld: 10 must-have Google Chrome add-ons nbsp;Battle of the Web browsers | 13 features that make each Web browser unique | Attack of the mobile Web browsers | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]

When is it worth ditching Chrome for a Chromium-based remix? Some of the spinoffs are little better than novelties. Some have good ideas implemented in an iffy way. But a few point toward some genuinely new directions for both Chrome and other browsers. Here’s a rundown of the ones we think are the most interesting: Chromium, SRWare Iron, Comodo Dragon, RockMelt, CoolNovo, and Chrome itself.

Chromium The first place to start is the one closest to home. The open source core of Chrome, Chromium is what the browser is before Google adds its branding and integration features. These include things like user metrics (the sending of browsing stats back to Google), crash reporting, the built-in Flash player and PDF viewer, multimedia codecs (MP3, AAC), and the auto-updating system. Folks who lambast Google over privacy issues often recommend using Chromium, which lacks the user tracking features they dislike in Chrome.

Browsing in Chromium is virtually the same experience as using Chrome itself, in big part because many of the missing pieces are made up for in other ways. The lack of the internal Flash plug-in isn’t a problem, for instance, because Chromium can make use of whatever copy of Flash is already installed in Windows.

One potential hurdle is that Chromium isn’t distributed in the same manner as Chrome itself. There are automated builds of Chromium in the maze of directories for Google’s Chromium site, and anywhere from four to five builds a day are created automatically from the latest source code. But because Chromium doesn’t have Chrome’s auto-updater, you need to upgrade Chromium manually.

Another problem is Chromium’s inherent instability. If you simply pick a build, there’s no guarantee it will run properly, so you may have to do some research ferreting out a reasonably stable one. Fortunately, some people have done a little of this legwork for you. For instance, the CRportable project repackages reasonably stable Chromium builds in the PortableApps format, so you can run the browser from a USB key or portable hard drive.

A “portable” version of Chromium, the open source core from which Chrome is derived. The privacy settings at the top have been disabled by the user.

SRWare Iron One of the more widely discussed variants of Chrome is SRWare’s Iron, which, according to its creators, removes all the features that raised hackles with privacy advocates. These things — the logging of input in the omnibox, for instance — aren’t just disabled by default, but disabled completely; they cannot be reactivated.

Iron’s emphasis on removing features that allegedly endanger privacy comes at the cost of some functionality. For instance, Iron does not check for updates automatically, as its creators consider the presence of the updater to be another privacy issue. You have to manually install newer versions of the program, as with Chromium. You are, however, allowed to use Iron with the Google Sync feature so that bookmarks, passwords, and preferences can be synced between copies of Iron.

Some of the changes seem wholly gratuitous. If you open the extensions page in Iron and click on the “browse the gallery” link, you’re taken to chrome-plug-ins.info, a compilation of Chrome plug-ins collected by SRware, rather than Google’s own Chrome extensions gallery. You’re allowed to manually access and browse the Chrome Web Store and install plug-ins directly from there, but it hardly seems necessary to send people somewhere else by default.

One way to get around the absence of auto-update is to use the PortableApps version of Iron, which can be updated automatically through the PortableApps launcher (although it doesn’t always provide you with the most up-to-date edition of Iron). The master builds of Iron itself seem to be kept reasonably current, though. The most recent version as of this writing was version 16 (dated December 21, 2011).

Google programmer Evan Martin, who contributes to the Chromium project, has his own odd anecdote about Iron, and he points out that the privacy features in Iron are easily emulated by changing a few settings within Chrome (or Chromium) itself.

Apart from its privacy features, SRWare’s Iron has some odd and gratuitous changes, such as the replacement of the Chrome app store with SRWare’s own.

Comodo Dragon Here’s an interesting concept: A variant of Chrome re-branded by security software outfit Comodo as a safe-browsing tool. Comodo Dragon, as it’s called, is functionally identical to Chrome, but it sports a slightly reworked interface and a few security-related changes under the hood.

On installing Dragon, one of the options you’re given is to use Comodo’s own Secure DNS servers, either with Dragon alone or for your entire system. This feature, Secure DNS, automatically blocks access to websites that have been flagged as untrustworthy by Comodo’s threat-detection network. You can toggle it back off if it creates more problems than it solves. (I ran into no issues myself.)

You can also elect to set up Dragon in a “portable” installation, where the program’s executables and options are all stored in a single directory — handy if you’re using PortableApps or some other self-contained app solution, or if you want to try out Dragon side-by-side with an existing browser.

Cosmetically, Dragon resembles Chrome, but a few key changes have been implemented. Dragon’s wrench menu is accessed by clicking the icon at the upper left-hand corner of the window. In place of the wrench menu is a quick link to Comodo’s Site Inspector service, which can tell you whether a given website is a source of malware. Wedged between that and the omnibox is a button for quickly sharing the current page on one of a number of popular social networks (Facebook, Twitter, and LinkedIn).

Like Iron, Dragon has a bundle of under-the-hood changes that address privacy issues, many of them identical to the changes Iron implements, such as removing the Chrome client ID system, RLZ tracking, and error-reporting mechanisms. Another addition is an option to suppress the HTTP-REFERRER header, essentially an implementation of the Do Not Track policy. That said, regular Chrome users could use Google’s own Keep My Opt-Outs add-on to achieve much the same effect.

Other new options include allowing incognito browsing by default and clearing history and cookies automatically at exit. Dragon also uses its own custom updater, not Google’s, again as a privacy-protection measure.

Among Comodo Dragon’s features is built-in access to Comodo’s secure DNS service for safer browsing.

RockMeltAnother intriguing spin of Chromium into a semi-commercial product is RockMelt, which tightly integrates social networking features — specifically, Facebook — into the browser’s interface. Your affinity for this sort of thing will depend on how heavily you use those systems, and whether or not you care for the way RockMelt has integrated them. (I suspect privacy advocates are already cringing.)

When you first launch RockMelt, you’re obliged to sign in to Facebook (hope you remember your password!), although you can run RockMelt without logging in. On connecting to Facebook, icons appear at the top edge of the browser to let you access your notifications, messages, and friend requests, while the right-hand edge becomes a persistent, expandable Facebook chat panel.

The left edge is reserved for RockMelt Apps, little portals akin to the mobile site versions that some sites (e.g., YouTube) have created for quick consumption of their content. One of the functions enabled by RockMelt Apps is Social Reading, where you can automatically alert other RockMelt users to what articles you’re looking at in real time. Social Reading works on a site-by-site basis, so you don’t have to broadcast all your reading habits to the world at large. Note that if you add a site that doesn’t have a formal RockMelt App built for it, its RSS feed (should one exist) will be used instead.

One very nice RockMelt feature is “quiet mode.” Click the bell icon at the top right of the browser and all your social networking functionality is toggled off with one click. If you’re like me and you’re easily distracted by this feed or that update, this is a godsend of a feature.

RockMelt is still technically in beta, and there are some rough corners. For one, Chrome add-ons don’t work — not just some of them, but all of them. They flat-out refuse to install. Anyone with a clutch of favorite Chrome add-ons will be irked by this, and it’s not clear whether this functionality will be added later on. One can only hope.

Until RockMelt reaches the official release stage, it won’t be clear how much better it is than Chrome plus some Twitter or Facebook-centric add-ons. The RockMelt Apps functionality is handy, but it’s a toss-up whether or not your favorite sites will support it.

RockMelt turns Chrome into a front end for Facebook and adds some more conventional browsing tools as well. nbsp;

CoolNovo CoolNovo is yet another third-party take on Chromium, with some new UI touches and a few built-in convenience features. It was created by programmers from China, and unfortunately for native English speakers, it shows. The CoolNovo website, and some elements of the browser’s own UI, are replete with misspellings and grammar botches.

Many of the obvious new CoolNovo features are UI-related. The way tabs are handled, for instance, received enough of a makeover to warrant its own subsection in the Options menu. This includes little things like when to hide the close button on a tab, how new tabs are opened (foreground or background), and whether double-clicking a tab causes it to close.

Another feature, most likely inspired by the Opera browser, is mouse gestures. Hold down the right mouse button and trace a gesture on the page to activate one of a number of macros such as scrolling to the top or bottom of a page, closing the current tab, or switching tabs. I liked this feature quite a bit, although it’s nothing that can’t also be added to Chrome via a plug-in. Ditto the built-in ad-blocking function, which lets you pick one of a number of pre-defined block lists by geographic territory or language, but again isn’t anything that requires a separate build of Chrome.

If you find yourself dealing with sites that render properly only in Internet Explorer — for instance, an old corporate intranet — CoolNovo has a handy browser-engine switching feature. Click the Chrome icon in the omnibox, and you can toggle between Chrome’s rendering engine and the IE engine. CoolNovo also by default makes a best-guess attempt, via the Cloud Switch feature, to determine if the page you’re on renders better in IE or Chrome — but again, all of this is available elsewhere.

Most of the other new features are good ideas with poor execution. CoolNovo can use its own custom download manager in place of Chrome’s own, but I had nothing but trouble with the CoolNovo manager. It didn’t persistently remember target directories for download, and many download links (e.g., from Sourceforge) didn’t work at all.

CoolNovo’s profusion of under-the-hood changes include gestural controls, integrated support for showing tabs with the IE engine, and ad-blocking functions.

Chrome itself It’s worth talking briefly about Chrome’s own internal variations, where you can often find some variation of functionality without having to jump to an entirely different browser. The stable channel of Chrome is the one most everyone uses and the one that’s installed by default. The beta channel contains features that have been approved for inclusion in the next stable revision of Chrome, but which may still need a little testing. If you’re curious about what’s coming down the pike and want to try it out with minimal risk to your data or to Chrome’s stability, start here.

The dev channel is where things begin to get adventurous. This contains all changes merged in over the previous week, although it is accordingly less stable. Canary build is Chrome’s nightly build. It contains the most bleeding-edge changes, but it is also the least stable of the bunch. On the plus side, you can install Canary side-by-side with any other edition of Chrome. It keeps all its settings and user-profile data in its own folder, so you can use Canary plus any stable, beta, or dev channel build interchangeably.

Chrome, Chromium, or remix With relatively few exceptions, much of what’s available in these remixes of Chrome is available through third-party add-ons for Chrome. If you want additional privacy features, it’s easy enough to do that by taking Chromium and toggling off some of the under-the-hood settings.

Iron does most of that legwork for you, but at the cost of using a version of the browser that’s been rebranded and reworked in some awkward ways. Dragon isn’t bad either, but its most useful feature — the secure DNS function — doesn’t require the program itself.

RockMelt is an interesting idea, but it’s been changed pretty dramatically from Chrome as we know it, and tied so closely with Facebook alone that people who use multiple social networks may find it constraining. And CoolNovo comes with a decent collection of built-in navigation enhancements and twin browsing engines.

All of these Chromium-based remixes will have their users. Although many of their “extras” can be duplicated with a little effort, they make it easy to get certain sets of functionality right off the shelf, without the hassles of maintaining Chromium itself.nbsp;

This story, “Google Chrome remixes worth trying out,” was originally published atnbsp;InfoWorld.com. Follow the latest news innbsp;Web browsers,nbsp;applicationsnbsp;andnbsp;HTML5nbsp;at InfoWorld.com. For the latest business technology news, follownbsp;InfoWorld.com on Twitter.

Read more about applications in InfoWorld’s Applications Channel.

Article source: http://www.computerworld.com.au/article/413386/google_chrome_remixes_worth_trying/?utm_medium=rss&utm_source=taxonomyfeed

Tags: , , ,

04 Jan 12 Chrome Add-on Tells You When You’re Browsing A Site That Supports SOPA


The warning that No SOPA adds to sites whose owners have lobbied for the Stop Online Piracy Act.

The Stop Online Piracy Act, the Internet’s least favorite piece of legislation, may have been tabled in Congress until later this month. But the much-hated bill’s opponents aren’t wasting time in mobilizing anti-SOPA forces to boycott and protest SOPA-supporting companies. Now two coders have released a tool designed to make clear exactly who those pro-SOPA targets include.

No SOPA, an extension program for Google’s Chrome browser, warns users every time they visit a site owned by a company that supports SOPA, throwing up a red bar at the top of the browser that reads “SOPA Supporter! This company is a known supporter of the dangerous ‘Stop Online Piracy Act.’”

The plug-in doesn’t block those SOPA-supporting sites. But the tool’s creators, two Minneapolis programmers named Andy Baird and Tony Webster, have some suggestions about how users ought to proceed. “Boycott? Nasty letter time?” they write in the tool’s description. “You decide.”

No SOPA takes its blacklist from media sources, and Baird and Webster say they’ll continually update it with suggestions from users to the tool’s page on Github, a platform for open source software. As of today, the add-on seems to flag 333 sites as SOPA friendly, from industry groups like the Motion Picture Association of America to the Business Software Alliance, to companies like Apple.com to Nintendo.com, to Newscorp-owned sites like Fox.com and Sky.com.

Angry users have already shifted several companies’ stances on the copyright-enforcing bill, which has been called a censorship tool and an obstacle to improving Internet security. After Microsoft was accused of supporting the bill, it lobbied the BSA to change its tune on the legislation, according to CNet. And GoDaddy, facing a massive backlash and boycott, quickly dropped its support for the bill late last month. (Though that hasn’t kept Baird and Webster from including GoDaddy on its list, perhaps a sign the tool will be slow to update.)

No SOPA isn’t the first browser plug-in to function as a protest tool. Murdoch Block, a Firefox add-on released last summer at the height of Newscorp’s phone hacking scandal, blacklisted all sites owned by the media conglomerate. And late last month, a coder named Tamer Rizk offered another Firefox plug-in designed to circumvent SOPA’s DNS filtering if the law should ever come to pass.

Download the No SOPA Chrome extension here.

Article source: http://www.forbes.com/sites/andygreenberg/2012/01/04/chrome-add-on-tells-you-when-youre-browsing-a-site-that-supports-sopa/

Tags: , , ,