Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports: Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies.

Tuckner said in an email Wednesday that the most recent status of the affected extensions is:

- Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library.
- Of 129 Edge extensions incorporating the library, eight are now inactive.
- Of 71 affected Firefox extensions, two are now inactive.

Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.

OpenAI is close to releasing an AI-powered web browser that will challenge market-dominating Google Chrome, Reuters reported Wednesday. From the report: The browser is slated to launch in the coming weeks, three of the people said, and aims to use artificial intelligence to fundamentally change how consumers browse the web. It will give OpenAI more direct access to a cornerstone of Google's success: user data.

Google has begun rolling out a feature that allows Chrome users on Android to move the browser's address bar to the bottom of the screen. This capability has been available to iOS Chrome users since 2023 and aims to improve accessibility for users with larger devices.

Users can relocate the address bar by pressing and holding on it and selecting the move option, or by adjusting the setting through Chrome's settings menu. The feature addresses usability concerns for users of phones with bigger screens, where reaching the top of the display can prove difficult during one-handed operation.

david.emery writes: Microsoft is making it harder to use Chrome on Windows. The culprit? This time, it's Windows' Family Safety feature. Since early this month, the parental control measure has prevented users from opening Chrome. Strangely, no other apps or browsers appear to be affected.

Redditors first reported the issue on June 3. u/Witty-Discount-2906 posted that Chrome crashed on Windows 11. "Just flashes quickly, unable to open with no error message," they wrote. Another user chimed in with a correct guess. "This may be related to Parental Controls," u/duk242 surmised. "I've had nine students come see the IT Desk in the last hour saying Chrome won't open."

Hackers have stolen hundreds of millions of dollars from cryptocurrency holders and disrupted major retailers by targeting outsourced call centers used by American corporations to reduce costs, WSJ reported Thursday. The attackers exploit low-paid call center workers through bribes and social engineering to bypass two-factor authentication systems protecting bank accounts and online portals.

Coinbase faces potential losses of $400 million after hackers compromised data belonging to 97,000 customers by bribing call center workers in India with payments of $2,500. The criminals also used malicious tools that exploited vulnerabilities in Chrome browser extensions to collect customer data in bulk.

TaskUs, which handled Coinbase support calls, shut down operations at its Indore, India facility and laid off 226 workers. Retail attacks targeted Marks & Spencer and Harrods with hackers impersonating corporate executives to pressure tech support workers into providing network access. The same technique compromised MGM Resorts systems in 2023. Call center employees typically possess sensitive customer information including account balances and recent transactions that criminals use to masquerade as legitimate company representatives.

Veteran columnist Steven J. Vaughan-Nichols declared that Firefox was "dead" to him in a scathing opinion piece Tuesday that cites Mozilla's strategic missteps and the browser's declining technical performance as evidence of terminal decline. Vaughan-Nichols argues that Mozilla has fundamentally betrayed user trust by removing a longstanding promise never to sell personal data from its privacy policy in February, replacing it with a weaker pledge to "protect your personal information."

The veteran technology writer also criticized Mozilla's decision to discontinue Pocket, a popular article-saving service, and Fakespot, which identified fake online reviews, while pursuing what he called a misguided AI strategy. He cited user reports of Firefox running up to 30% slower than Chrome, consuming excessive memory, and failing to properly load major websites. Mozilla has also become financially more vulnerable, he argued, noting CFO Eric Muhlheim's admission that the company depends on Google for 90% of its revenue. According to federal data he cited, Firefox holds just 1.9% of the browser market, leading him to conclude the browser is "done."

Recently the Browser Company (the startup behind the Arc web browser) switched over to building a new AI-powered browser — and its beta has just been released, reports TechCrunch, "though you'll need an invite to try it out."

The Chromium-based browser has a URL/search bar that also "acts as the interface for its in-built AI chatbot" which can "search the web for you, summarize files that you upload, and automatically switch between chat and search functions." The Browser Company's CEO Josh Miller has of late acknowledged how people have been using AI tools for all sorts of tasks, and Dia is a reflection of that. By giving users an AI interface within the browser itself, where a majority of work is done these days, the company is hoping to slide into the user flow and give people an easy way to use AI, cutting out the need to visit the sites for tools like ChatGPT, Perplexity, and Claude...

Users can also ask questions about all the tabs they have open, and the bot can even write up a draft based on the contents of those tabs. To set your preferences, all you have to do is talk to the chatbot to customize its tone of voice, style of writing, and settings for coding. Via an opt-in feature called History, you can allow the browser to use seven days of your browsing history as context to answer queries.
The Browser Company will give all existing Arc members access to the beta immediately, according to the article, "and existing Dia users will be able to send invites to other users."

The article points out that Google is also adding AI-powered features to Chrome...

A dating site launched last week by Belgian artist Dries Depoorter matches potential partners based on their internet browsing histories rather than curated profiles or photos. Browser Dating requires users to download a Chrome or Firefox extension that exports and uploads their recent search data, creating matches based on shared online behaviors and interests rather than traditional dating app metrics.

Less than 1,000 users have signed up since the platform's launch, paying a one-time fee of $10.3 for unlimited matches or using a free tier limited to five connections. Depoorter, known for digital art projects exploring surveillance and technology, says the concept emerged from a 2016 workshop where participants shared a year of search history data. The platform processes browsing data locally using Google's Firebase tools.

Meta's Facebook and Instagram apps "were siphoning people's data through a digital back door for months," writes a Washington Post tech columnist, citing researchers who found no privacy setting could've stopped what Meta and Yandex were doing, since those two companies "circumvented privacy and security protections that Google set up for Android devices.

"But their tactics underscored some privacy vulnerabilities in web browsers or apps. These steps can reduce your risks." Stop using the Chrome browser. Mozilla's Firefox, the Brave browser and DuckDuckGo's browser block many common methods of tracking you from site to site. Chrome, the most popular web browser, does not... For iPhone and Mac folks, Safari also has strong privacy protections. It's not perfect, though. No browser protections are foolproof. The researchers said Firefox on Android devices was partly susceptible to the data harvesting tactics they identified, in addition to Chrome. (DuckDuckGo and Brave largely did block the tactics, the researchers said....)

Delete Meta and Yandex apps on your phone, if you have them. The tactics described by the European researchers showed that Meta and Yandex are unworthy of your trust. (Yandex is not popular in the United States.) It might be wise to delete their apps, which give the companies more latitude to collect information that websites generally cannot easily obtain, including your approximate location, your phone's battery level and what other devices, like an Xbox, are connected to your home WiFi.

Know, too, that even if you don't have Meta apps on your phone, and even if you don't use Facebook or Instagram at all, Meta might still harvest information on your activity across the web.

BrianFagioli writes: Google is flexing its engineering muscles today by announcing a record-breaking score on the Speedometer 3 benchmark with its Chrome browser. If you've felt like the web got snappier lately, this could be why.

According to the search giant, Chrome's latest performance improvements translate to real-world time savings. Believe it or not, that could potentially add up to 58 million hours saved annually for users. That's the equivalent of about 83 human lifetimes not wasted waiting for web pages to load!

"It appears as though Meta (aka: Facebook's parent company) and Yandex have found a way to sidestep the Android Sandbox," writes Slashdot reader TheWho79. Researchers disclose the novel tracking method in a report: We found that native Android apps -- including Facebook, Instagram, and several Yandex apps including Maps and Browser -- silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programmatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users' web activity.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs. This technique circumvents privacy protections like Incognito Mode, cookie deletion, and Android's permission model, with Meta Pixel and Yandex Metrica scripts silently communicating with apps across over 6 million websites combined.

Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse.

An anonymous reader shares a report: Microsoft's changes in response to the Digital Markets Act already included allowing Windows machines in the regions it covers to uninstall Edge and remove Bing results from Windows search, but now the list is growing in some meaningful ways. New features announced Monday for Microsoft Windows users in the European Economic Area (the EU plus Iceland, Liechtenstein, and Norway) include the option to uninstall the Microsoft Store and avoid extra nags or prompts asking them to set Microsoft Edge as the default browser unless they choose to open it.

Additionally, setting a different browser, like Chrome, Firefox, Brave, or something else, will pin it to the taskbar unless the user chooses not to. While setting a different browser default already attaches it to a few link and file types like https and .html, now users in the EEA will see it apply to more types like "read," ftp, and .svg. The default browser changes are live for some users in the beta channel and are set to roll out widely on Windows 10 and Windows 11 in July.

A year ago, the original creator of SerenityOS posted that "for the past two years, I've been almost entirely focused on Ladybird, a new web browser that started as a simple HTML viewer for SerenityOS." So it became a stand-alone project that "aims to render the modern web with good performance, stability and security." And they're also building a new web engine.

"We are building a brand-new browser from scratch, backed by a non-profit..." says Ladybird's official web site, adding that they're driven "by a web standards first approach." They promise it will be truly independent, with "no code from other browsers" (and no "default search engine" deals).

"We are targeting Summer 2026 for a first Alpha version on Linux and macOS. This will be aimed at developers and early adopters." More from the Ladybird FAQ: We currently have 7 paid full-time engineers working on Ladybird. There is also a large community of volunteer contributors... The focus of the Ladybird project is to build a new browser engine from the ground up. We don't use code from Blink, WebKit, Gecko, or any other browser engine...

For historical reasons, the browser uses various libraries from the SerenityOS project, which has a strong culture of writing everything from scratch. Now that Ladybird has forked from SerenityOS, it is no longer bound by this culture, and we will be making use of 3rd party libraries for common functionality (e.g image/audio/video formats, encryption, graphics, etc.) We are already using some of the same 3rd party libraries that other browsers use, but we will never adopt another browser engine instead of building our own...

We don't have anyone actively working on Windows support, and there are considerable changes required to make it work well outside a Unix-like environment. We would like to do Windows eventually, but it's not a priority at the moment.
"Ladybird's founder Andreas Kling has a solid background in WebKit-based C++ development with both Apple and Nokia,," writes software developer/author David Eastman: "You are likely reading this on a browser that is slightly faster because of my work," he wrote on his blog's introduction page. After leaving Apple, clearly burnt out, Kling found himself in need of something to healthily occupy his time. He could have chosen to learn needlepoint, but instead he opted to build his own operating system, called Serenity. Ladybird is a web project spin-off from this, to which Kling now devotes his time...

[B]eyond the extensive open source politics, the main reason for supporting other independent browser projects is to maintain diverse alternatives — to prevent the web platform from being entirely captured by one company. This is where Ladybird comes in. It doesn't have any commercial foundation and it doesn't seem to be waiting to grab a commercial opportunity. It has a range of sponsors, some of which might be strategic (for example, Shopify), but most are goodwill or alignment-led. If you sponsor Ladybird, it will put your logo on its webpage and say thank you. That's it. This might seem uncontroversial, but other nonprofit organisations also give board seats to high-paying sponsors. Ladybird explicitly refuses to do this...

The Acid3 Browser test (which has nothing whatsoever to do with ACID compliance in databases) is an old method of checking compliance with web standards, but vendors can still check how their products do against a battery of tests. They check compliance for the DOM2, CSS3, HTML4 and the other standards that make sure that webpages work in a predictable way. If I point my Chrome browser on my MacBook to http://acid3.acidtests.org/, it gets 94/100. Safari does a bit better, getting to 97/100. Ladybird reportedly passes all 100 tests.
"All the code is hosted on GitHub," says the Ladybird home page. "Clone it, build it, and join our Discord if you want to collaborate on it!"

Wednesday Google security researchers published a preprint demonstrating that 2048-bit RSA encryption "could theoretically be broken by a quantum computer with 1 million noisy qubits running for one week," writes Google's security blog.

"This is a 20-fold decrease in the number of qubits from our previous estimate, published in 2019... " The reduction in physical qubit count comes from two sources: better algorithms and better error correction — whereby qubits used by the algorithm ("logical qubits") are redundantly encoded across many physical qubits, so that errors can be detected and corrected... [Google's researchers found a way to reduce the operations in a 2024 algorithm from 1000x more than previous work to just 2x. And "On the error correction side, the key change is tripling the storage density of idle logical qubits by adding a second layer of error correction."]

Notably, quantum computers with relevant error rates currently have on the order of only 100 to 1000 qubits, and the National Institute of Standards and Technology (NIST) recently released standard PQC algorithms that are expected to be resistant to future large-scale quantum computers. However, this new result does underscore the importance of migrating to these standards in line with NIST recommended timelines.
The article notes that Google started using the standardized version of ML-KEM once it became available, both internally and for encrypting traffic in Chrome...

"The initial public draft of the NIST internal report on the transition to post-quantum cryptography standards states that vulnerable systems should be deprecated after 2030 and disallowed after 2035. Our work highlights the importance of adhering to this recommended timeline."

An anonymous reader quotes a report from PCWorld: Microsoft famously brought its Copilot AI to the Edge browser in Windows. Now Google is doing the same with Chrome. In a list of announcements that spanned dozens of pages, Google allocated just a single line to the announcement: "Gemini is coming to Chrome, so you can ask questions while browsing the web." Google later clarified what Gemini on Chrome can do: "This first version allows you to easily ask Gemini to clarify complex information on any webpage you're reading or summarize information," the company said in a blog post. "In the future, Gemini will be able to work across multiple tabs and navigate websites on your behalf."

Other examples of what Gemini can do involves coming up with personal quizzes based on material in the Web page, or altering what the page suggests, like a recipe. In the future, Google plans to allow Gemini in Chrome to work on multiple tabs, navigate within Web sites, and automate tasks. Google said that you'll be able to either talk or type commands to Gemini. To access it, you can use the Alt+G shortcut in Windows. [...] You'll see Gemini appear in Chrome as early as this week, Google executives said -- on May 21, a representative clarified. However, you'll need to be a Gemini subscriber to take advantage of its features, a requirement that Microsoft does not apply with Copilot for Edge. Otherwise, Google will let those who participate in the Google Chrome Beta, Dev, and Canary programs test it out.

Google is updating its iconic 'G' logo for the first time in 10 years, replacing the four solid color sections with a smooth gradient transition from red to yellow to green to blue. "This modernization feels inline with the Gemini gradient, while AI Mode in Search uses something similar for a shortcut," notes 9to5Google. The update has already rolled out to the Google Search app on iOS and is in beta for Android. From the report: It's a subtle change that you might not immediately notice, especially if the main place you see it is on your homescreen. It will be even less noticeable as a tiny browser favicon. It does not appear that Google is refreshing its main six-letter logo today, while it's unclear whether any other product logos are changing. In theory, some of the company's four-color logos, like Chrome or Maps, could pretty easily start bleeding in their sections.

An anonymous reader shared this report from The Verge: Firefox could be put out of business should a court implement all the [U.S.] Justice Department's proposals to restrict Google's search monopoly, an executive for the browser owner Mozilla testified Friday. "It's very frightening," Mozilla CFO Eric Muhlheim said.

The Department of Justice wants to bar Google from paying to be the default search engine in third-party browsers including Firefox, among a long list of other proposals including a forced sale of Google's own Chrome browser and requiring it to syndicate search results to rivals. The court has already ruled that Google has an illegal monopoly in search, partly thanks to exclusionary deals that make it the default engine on browsers and phones, depriving rivals of places to distribute their search engines and scale up. But while Firefox — whose CFO is testifying as Google presents its defense — competes directly with Chrome, it warns that losing the lucrative default payments from Google could threaten its existence.

Firefox makes up about 90 percent of Mozilla's revenue, according to Muhlheim, the finance chief for the organization's for-profit arm — which in turn helps fund the nonprofit Mozilla Foundation. About 85 percent of that revenue comes from its deal with Google, he added. Losing that revenue all at once would mean Mozilla would have to make "significant cuts across the company," Muhlheim testified, and warned of a "downward spiral" that could happen if the company had to scale back product engineering investments in Firefox, making it less attractive to users. That kind of spiral, he said, could "put Firefox out of business." That could also mean less money for nonprofit efforts like open source web tools and an assessment of how AI can help fight climate change.

Ironically, Muhlheim seemed to suggest that could cement the very market dominance the court seeks to remedy. Firefox's underlying Gecko browser engine is "the only browser engine that is held not by Big Tech but by a nonprofit," he said.

The U.S. government is seeking to break up Google's advertising technology business after a judge ruled the company holds an illegal monopoly over ad tools for publishers, marking the second such antitrust case following a similar request to divest Chrome. The Guardian reports: "We have a defendant who has found ways to defy" the law, US government lawyer Julia Tarver Wood told a federal court in Virginia, as she urged the judge to dismiss Google's assurance that it would change its behavior. "Leaving a recidivist monopolist" intact was not appropriate to solve the issue, she added. [...] The US government specifically alleged that Google controls the market for publishing banner ads on websites, including those of many creators and small news providers.

The hearing in a Virginia courtroom was scheduled to plan out the second phase of the trial, set for September, in which the parties will argue over how to fix the ad market to satisfy the judge's ruling. The plaintiffs argued in the first phase of the trial last year that the vast majority of websites use Google ad software products which, combined, leave no way for publishers to escape Google's advertising technology and pricing.

The district court judge Leonie Brinkema agreed with most of that reasoning, ruling last month that Google built an illegal monopoly over ad software and tools used by publishers, but partially dismissed the argument related to tools used by advertisers. The US government said it would use the trial to recommend that Google should spin off its ad publisher and exchange operations, as Google could not be trusted to change its ways. "Behavioral remedies are not sufficient because you can't prevent Google from finding a new way to dominate," Tarver Wood said.

Google countered that it would recommend that it agree to a binding commitment that it would share information with advertisers and publishers on its ad tech platforms. Google lawyer Karen Dunn did, however, acknowledge the "trust issues" raised in the case and said the company would accept monitoring to guarantee any commitments made to satisfy the judge. Google is also arguing that calls for divestment are not appropriate in this case, which Brinkema swiftly refused as an argument. The judge urged both sides to mediate, stressing that coming to a compromise solution would be cost-effective and more efficient than running a weeks-long trial.

Ruby on Rails creator and Basecamp CTO David Heinemeier Hansson, makes a case for why Google shouldn't be forced to sell Chrome: First, Chrome won the browser war fair and square by building a better surfboard for the internet. This wasn't some opportune acquisition. This was the result of grand investments, great technical prowess, and markets doing what they're supposed to do: rewarding the best. Besides, we have a million alternatives. Firefox still exists, so does Safari, so does the billion Chromium-based browsers like Brave and Edge. And we finally even have new engines on the way with the Ladybird browser.

Look, Google's trillion-dollar business depends on a thriving web that can be searched by Google.com, that can be plastered in AdSense, and that now can feed the wisdom of AI. Thus, Google's incredible work to further the web isn't an act of charity, it's of economic self-interest, and that's why it works. Capitalism doesn't run on benevolence, but incentives.

We want an 800-pound gorilla in the web's corner! Because Apple would love nothing better (despite the admirable work to keep up with Chrome by Team Safari) to see the web's capacity as an application platform diminished. As would every other owner of a proprietary application platform. Microsoft fought the web tooth and nail back in the 90s because they knew that a free, open application platform would undermine lock-in -- and it did!

Legacy search brand Yahoo has been working on its own web browser prototype, and says it would like to buy Google's Chrome if the company is forced by a court to sell it. From a report: The information came out during the fourth day of the Justice Department's remedies trial to rectify Google's search monopoly. The DOJ has -- among other proposals -- requested Judge Amit Mehta break up Google by requiring it sell its Chrome browser, which the agency says is a key distribution channel for its popular search engine that's amassed too much power for anyone else to compete. Yahoo isn't the only company interested in buying Chrome. While DuckDuckGo's CEO said they wouldn't be able to afford it, witnesses from Perplexity and OpenAI both expressed interest in the popular browser on the stand this week. Yahoo obviously isn't worth Chrome's estimated price tag of tens of billions of dollars. So the company is saying that its owner, the hedge fund giant Apollo, will help bankroll the purchase should the opportunity present itself.