Chrome Icon

Chrome

Chrome is a fast, secure, and free web browser, built for the modern web by Google.
23 Stories
All Topics

Addy Osmani Medium

A Netflix web performance case study

Hold on to your seat! This is a deep dive on improving time-to-interactive for Netflix.com on the desktop. Addy Osmani writes on the Dev Channel for the Chromium dev team regarding performance tuning of Netflix.com. They were trying to determine if React was truly necessary for the logged-out homepage to function. Even though React’s initial footprint was just 45kB, removing React, several libraries and the corresponding app code from the client-side reduced the total amount of JavaScript by over 200kB, causing an over-50% reduction in Netflix’s time-to-interactivity for the logged-out homepage. There’s more to this story, so dig in. Or, share your comments on their approach to reducing time-to-interactivity and if you might have done things differently.

read more...

Caroline Haskins motherboard.vice.com

Old school 'sniffing' attacks can still reveal your browsing history

Several major browsers you and I use everyday are capable of leaking our browsing history, and they all know about it. Caroline Haskins at Motherboard writes: Most modern browsers—such as Chrome, Firefox, and Edge … have vulnerabilities that allow hosts of malicious websites to extract hundreds to thousands of URLs in a user’s web history, per new research from the University of California San Diego. In a statement provided to Motherboard via email, senior engineering manager of Firefox security Wennie Leung said that Firefox will “prioritize our review of these bugs based on the threat assessment.” Google spokesperson Ivy Choi told Motherboard in an email that they are aware of the issue and are “evaluating possible solutions.” Ben Adida shared this on Twitter: When first web history sniffing attacks came out, I suggested we had to change the notion of a visited link: a link would be marked visited by origin (edges, not nodes.) That was considered too dramatic a change. Maybe it’s necessary after all. Who’s ready to dig into this research and share how vulnerable we really are and what types of malicious websites could/would extract our browsing history? If you do, let us know so we can link it up.

read more...

EFF Icon EFF

Google Chrome’s users take a back seat to its bottom line

In the documents that define how the Web works, a browser is called a user agent. It’s supposed to be the thing that acts on your behalf in cyberspace. If the massive data collection appetite of Google’s advertising- and tracking-based business model are incentivizing Chrome to act in Google’s best interest instead of yours, that’s a big problem—one that consumers and regulators should not ignore. It’s no surprise that privacy-focused browser alternatives are gaining ground in the quest to be your user agent. This coming week, we’re sitting down with Brave’s CTO for what should turn out to be a fascinating episode of The Changelog. Stay tuned for that.

read more...

Matthew Green blog.cryptographyengineering.com

Why I’m done with Chrome

Like many of you reading this, you’re probably signed into a Google service when browsing the web — Google apps (G Suite), YouTube, Gmail, etc. The line between browser (Chrome) and your signed in services was clear before, and now it’s not. Matthew Green, Cryptographer and Professor at Johns Hopkins University, writes on his personal blog: What changed? A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you. However, and this is important: Google developers claim this will not actually start synchronizing your data to Google — yet. Thankfully I have been using Brave a whole lot more recently and I’ve really been enjoying an internet where display ads aren’t ruining the experience, and where my privacy isn’t being harvested as I use it.

read more...

Gervasio Marchand g3rv4.com

Want a secure browser? Disable your extensions

Gervasio Marchand: While working on Taut (aka BetterSlack) I noticed that a browser extension could do lots and lots of harm. On this article, I explain how the only way to browse safely is to completely avoid them (or to be really really involved in managing them). If you’re thinking, “But open source!” click through and see what Gervasio has to say about that. He also includes some examples of extensions that went rogue or were hacked and how one could abuse the system.

read more...

Paul Kinlan blog.chromium.org

A 10 year retrospective on the open web

On the Chromium Blog, Paul Kinlan shared a look back to the beginning of Chrome in 2008, the early days of the web, on through to today and the future of the “capable web.” 2008-2014 — In just seven years, the web changed drastically. Browsers got significantly faster and more capable, letting developers build richer experiences on the desktop. Users started to consume even more content on mobile, meaning we all had to rethink how our experiences would work across devices and form-factors, even when the user had no connectivity. If you’re looking for some perspective on how far we’ve come with the web and the impact of iteration — you should check this out. BTW — Chrome turned 10, here’s what’s new.

read more...

Gervasio Marchand g3rv4.com

Making Slack better with BetterSlack

Does BetterSlack make Slack better? …there are 2 or 3 things about Slack I think can be made better. That’s why I built BetterSlack. It’s a Chrome extension that injects javascript into your Slack environments to add (or remove) features. Hide certain users, generate hangout links, move reactions to the right, threads on channel by default, hide status emojis … Gervasio has a 3 minute demo to explain things in more detail…

read more...

Sam Thorogood DEV.to

Shipping PWAs as Chrome extensions

Have you considered using a PWA to create a Chrome extension? Sam Thorogood writes on Dev.to: So you’ve built a PWA, created your service worker, and followed all the guides. In my case, that is Emojityper: a simple PWA where you can enter words, and receive emoji. This is perfect for desktop and entering emoji in editors that don’t support them. But once you’ve built this great experience, you’re not limited to distributing it only on “the web”. In this post, I’m going to detail how I shipped Emojityper as a Chrome extension, accessible via a browser action.

read more...

Chrome blog.google

HTTP 'not secure'

Chrome security has reached a milestone — Chrome will now mark http as “not secure”. Nearly two years ago, we announced that Chrome would eventually mark all sites that are not encrypted with HTTPS as “not secure”. This makes it easier to know whether your personal information is safe as it travels across the web, whether you’re checking your bank account or buying concert tickets. Starting today, we’re rolling out these changes to all Chrome users. Also, check out this episode of HTTP203 with Emily Schechter (Product Manager on the Chrome Security team)

read more...

Node.js github.com

An improved debugging experience for Node, enabled by Chrome DevTools

The big question with tools like these is, what can I do with it? Child processes are detected and attached to. You can place breakpoints before the modules are required. You can edit your files within the UI. On Ctrl-S/Cmd-S, DevTools will save the changes to disk. By default, ndb blackboxes all scripts outside current working directory to improve focus. And more.

read more...

Chrome waytab.io

Get a random item you've liked/bookmarked when you open a new browser tab

Waytab connects to your browser bookmark, Github, Twitter, Pocket, Pinterest and Unsplash account to remind you of your stars, likes and bookmarks every time you open a new browser tab. This looks like a good idea, well executed. I’ve long given up on bookmarking, liking, and starring stuff because I never go back and revisit. Waytab changes all that.

read more...

Paul Kinlan paul.kinlan.me

Use `onappinstalled` to know when your PWA gets installed

Paul Kinlan, developer advocate for Chrome and the open web at Google writes: Chrome implemented window.onappinstalled event. It’s triggered when a user installs a progressive web app via the Add to Homescreen API or now more importantly via the manual method of Add to Homescreen. This is a very useful addition because it allows you to see engagement on the prompt vs people who use the system banners or menu buttons to install a progressive web app. Now you can track your PWA’s install engagement based on the method of install — via the prompt or manually via a custom prompt. Read the docs for more details. Also, make sure you subscribe to JS Party to hear discussions about PWAs and the web platform.

read more...

AMP amphtml.wordpress.com

Improving URLs for AMP Pages

The #1 feature for AMP? Fix the URLs. Malte Ubl: Search can take advantage of privacy-preserving preloading and the performance of Google’s servers, while URLs remain as the publisher intended and the primary security context of the web, the origin, remains intact. We’re super excited about getting this work under way and we expect the changes to first reach users in the second half of 2018. Basically, this will ship by the end of 2018.

read more...
0:00 / 0:00