Rachel Shearer an engineer from Google's Accessibility Engineering team discusses how developers can incorporate accessibility best practices when designing their extensions. Rachel also presents ChromeVis, an extension she created for users with low vision.
You can find more information on ChromeVis at https://chrome.google.com/extensions/detail/halnfobaneppemjnonmmhngbfifnafgd
Chrome only: Google Chrome extension Chrome Nanny prevents you from wasting time on distracting web sites, so you can get things done instead of checking Facebook all day long. More »
Integrating the Flash plugin and a pdf reader in Google Chrome has been a controversial move. Some users liked the idea as it allowed them to access contents without having to install the necessary plugins first, others feared the worst, that Google would lack behind in updating the plugins whenever a security update would be issued by Adobe.
But the fear is only one side of the medal. Users who are careless about the installed plugins are benefiting immensely from the internal plugins. They personally do not have to follow the latest security announcements to update their plugins the second a new update is issued, Google does that for them.
Chrome users who prefer not to use the internal plugins can disable them easily.
The Chrome developers have added another powerful weapon to the web browser; Plugin controls that can be used to allow plugins only on whitelist domains, trusted domains that the user added to the browser.
The plugins will simply not work on other websites if configured correctly. That’s beneficial to users who need Flash or another plugin on a handful of sites only.
Google does not stop here, several interesting additions to Chrome’s plugin handling have been announced at the official Chromium Blog.
Google Chrome will protect the users from outdated plugins. It will simply refuse to run them and aid the user in updating the plugins so that they can be used again in the web browser. It is not clear how the plugin database will be maintained, it is however unlikely that all plugins available worldwide are listed in it. It is likely that the most popular plugins are maintained in the database.
Protection from out-of-date plug-ins: Medium-term, Google Chrome will start refusing to run certain out-of-date plug-ins (and help the user update).
A second interesting feature is the ability to warn users of plugins that have been infrequently used in the past. Some plugins are installed by software or the user and never used in the web browser. Chrome will warn the user about those plugins so that they can be deactivated in the plugin manager.
Warning before running infrequently used plug-ins: Some plug-ins are widely installed but typically not required for today’s Internet experience. For most users, any attempt to instantiate such a plug-in is suspicious and Google Chrome will warn on this condition
Those two additions can be very helpful and it is likely that other browser developers will offer those features in their browser eventually as well. Mozilla has already started to inform users about outdated plugins during updates.
Personalizing the web to match the needs and abilities of users is a big part of improving overall web accessibility. While we continue to work hard on making core Google Chrome more accessible, we're really excited about using browser extensions to improve the accessibility of the web for millions of users.
There are already some extensions among the more than 5,000 in the gallery that can benefit users with special needs. Some of these extensions use Chrome APIs and content scripts to alter the browser and manipulate the DOM of pages, offering users almost unlimited flexibility for viewing the web. Other extensions choose to implement altenative workflows, instead of adapting existing web page UIs, to give users faster access to content. These extensions benefit not just users of assistive technologies like screen readers but everyone who prefers access modes like keyboard shortcuts and captions.
If you are interested in making your extensions more accessible, we’ve created a new Accessibility implementation guide in the Chrome Extensions Developer's Guide that gives you an overview of accessibility best practices such as keyboard navigation, color contrast and text magnification. We’ve also open sourced the code behind ChromeVis, a new extension for users with low vision, so that you can use some of its code for manipulating text selection and magnification in your own extensions.
Chrome: Chrome's interface is already minimalist and compact but if you want to shrink it even further you can collapse the page menu into the wrench menu with a simple command-line flag. More »
In our most recent stable release of Google Chrome, we talked about beta-testing Adobe Flash Player integration into Chrome. We're now happy to enable this integration by default in the stable channel of Chrome. To read more about this integration, check out the Chromium blog.
In testing Flash Player integration into Chrome, the Chrome team admittedly spent many, many fun hours with a few of our favorite Flash-based indie games. So as a side project, we teamed up with a few creative folks to build Chrome FastBall, a Flash-based game built on top of the YouTube platform.
In March, we announced that we would be bringing improved support for Adobe Flash Player to Google Chrome. Along with driving the development of a next generation browser plug-in API, this integration will eliminate the need to install Flash Player separately and reduce the security risk of using outdated versions. In the near future, we will extend Chrome’s “sandbox” to web pages with Flash content to further protect users from malicious content.
We have been testing the integration in Google Chrome’s dev and beta channels over the last few months in order to ensure a quality experience for all our users. Over the last week, we have enabled the integration by default in the stable channel of Chrome.
Users who do not wish to use the built-in version of Flash Player in Chrome can disable the integration via the chrome://plugins manager. In this case, Chrome will fall back to the system-installed version of Flash Player, if it exists.
Chrome OS will provide three basic options: signing in to an existing Google account (Apps for domains accounts are supported), create a new account, or browse without signing in.
Take the jump to check out the videos of the different login options!
Last.fm is one of the most popular music portals on the Internet. It offers a wealth of information about bands, musicians, concerts and everything else music related. A popular feature is the ability to play songs directly on the website. Individual songs can be played directly in the web browser. Some songs are offered as 30 second snippets while others are available fully.
A playlist option however is not available on those pages, only the ability to play songs of the artist in the Radio on site.
The Google Chrome extension Last.fm Free Music Player improves the listening experience on Last.fm. It will automatically intercept clicks on play buttons on Last.fm. The page is scanned for music and all songs found on it are displayed in the player’s interface.
This works on all pages containing a play button to play songs.
The music player acts as a playlist on Last.fm. The music plays in the background and continues to play even if the Last.fm page is closed in the web browser.
The player offers basic controls that include controlling the volume, pausing playback, shuffling or repeating songs and scrobbling.
All songs that are played in the music player seem to be full length songs. We tested some songs in Internet Explorer and Chrome without the extension installed and noticed that they were cut after 30 seconds. The same songs were offered as full length songs in the Last.fm Free Music Player.
That alone should be reason enough to use the music player when playing songs on Last.fm.
The ability to play full length songs, the playlist feature and the fact that music can be played in the background make Last.fm Free Music Player an ideal player for Last.fm users. Google Chrome users can download the extension directly from the Google Chrome Extensions gallery.
Bad guys want to install persistent malware on your machine. Once they achieve this, they are free to do a variety of bad things such as steal your banking passwords, abuse your network connection, and rifle through your sensitive files.
Bad guys will install malware via the easiest path available. Traditionally, the easiest attack was to simply get a user to run an untrusted executable. Not all users fall for this. And modern operating systems and e-mail systems make this harder to do and restrict the permissions that the downloads run with -- making it less attractive. Next easiest is to exploit a disclosed vulnerability which is not yet patched by all users. The industry’s response to this is to autoupdate its users with security patches; browsers including Firefox and Chrome have demonstrated success at keeping the majority of their user bases current.
More advanced attacks involve finding undisclosed vulnerabilities in the browser. Despite being harder, there has been a lot of user damage due to exploitation of non-public bugs in browsers. Pleasingly, there’s a trend in modern browsers to integrate sandboxing. IE7 on Vista (and newer combinations) plus Google Chrome already have built-in sandboxes of varying strength. This makes many latent browser bugs incapable of persistently installing malware without a lot of additional effort to find a second bug to break out of the sandbox. Again, attackers favor the easiest attack so the increasing robustness of browsers is causing them to look elsewhere for ways to compromise user machines.
This brings us to the present time. We’re seeing a remarkable swing towards attacks that target pieces of browsing infrastructure such as plug-ins. This may be because browsers are taking the lead on auto-update and sandboxing. Since many plug-ins are ubiquitous, they pose the most significant risk to our user base. To better protect Google Chrome users from the threat of plug-in exploits, we have already announced a couple of initiatives:
- More powerful plug-in controls: Google Chrome now has the ability to disable individual plug-ins (about:plugins) or to operate in a “domain whitelist” mode whereby only trusted domains are permitted to load plug-ins (Options->Content Settings->Plug-ins).
- Autoupdate for Adobe Flash Player: By including Adobe Flash Player -- the most popular plug-in -- with Google Chrome, we can re-use Google Chrome’s powerful autoupdate strategy and minimize the window of risk for patched vulnerabilities.
There are more ways we are attacking the problem:
Globally, Chrome fares better still -- with a 9.4% share. That's a pretty meteoric rise for a relatively young browser -- though when you've got a Google-sized marketing networking and partners galore, it's a little bit easier to pull off.
I know it's not even two years old yet, but frankly I'm amazed that it took this long for Chrome to surpass Safari. What about you?
[via Business Wire]
Over the next few days, I'm going to share screenshots and videos from my compile. My build uses the "plain vanilla" x86-generic hardware overlay, and runs reasonably well on my Gateway LT21 netbook. I'm running from a crappy, generic USB flash drive -- and I'm fairly certain the momentary hiccups I experience would go away if I moved to a faster SD card, flash drive, or SSD.
So without further ado, take the jump and have a look at part 1: the boot process!
It's just one analytics firm's research, but it's a notable milestone: Google's Chrome browser surpassed Safari in U.S. browser market share, according to analysis of 3.6 billion page views by StatCounter. Chrome had already moved past Safari in global browser usage, but just eked ahead of Safari in the U.S. recently to third place, having 8.97 percent to Safari's 8.88. Internet Explorer owns about 52 percent, Firefox holds onto second with 28.5 percent, and other browsers make up the remainder. [Business Wire via Gizmodo] More »
A while back, I'd reported that changes were likely on the way, in the form of a single, unified menu. Google pitches minimalism as a central theme in Chrome, so it certainly makes sense to use as few UI elements as possible.
Take the jump to see the unified menu, which has just landed in the Chromium snapshot builds!
The Download Squad staff loves their Gmail, and so do our readers (according to Sebastian's recent-but-not-at-all-scientific poll). It's an excellent app, and I can't imagine ever changing back to a desktop email client.
But Google wants to deliver a more desktop-like user experience in Gmail, and they're planning to lean on HTML5 to do it. Recently Google added drag-and-drop support via supported browsers, and it's a feature some of my less-technical friends love. Google is now working on reversing the process -- allowing us to drag files out of Gmail messages and drop them onto our local folders.
Apart from making user interaction in Gmail more like our desktop apps, Google also hopes to use HTML5 tech to turn on the afterburners. In a discussion with Technology Review's Erica Naone, Adam de Boor talks about possible performance leaps with the upcoming extension app support in Google Chrome.
Extension apps will further blur the divide between Gmail as a Web app and desktop email with permission to access additional local resources, and Boor hopes that it will eventually lead to Gmail startup times of "less than a second."
That'd be sweet... you know, if I ever closed my Gmail tab.
Stopwatch image by Flickr user Erika_Marshall
As part of our continual work on Google Chrome’s user interface, we’ve been trying to streamline the toolbar, make the Omnibox more approachable, and communicate site security information more clearly. Users on our dev channel may have noticed some of these experiments already:
- When you are typing into the Omnibox, an icon to the left will show how your input will be interpreted - such as a magnifying glass for search queries (), and a globe for URLs (). When you’re not typing, the same icon can be dragged to another document to copy the current page’s URL, or clicked to reveal information about the current site.
- When on a secure (SSL) site, this icon changes to a lock () - previously we displayed the lock icon at the end of the Omnibox, but now it’s closer to the URL and in a more obvious place.
- We’ve added a clearer presentation of Extended Validation (EV) certificate holder names (), which, like the lock, are now at the beginning of the Omnibox.
- We’ve changed the colors and icons used with secure sites to make mixed content more obvious, and avoid confusion about ambiguous colors.
- In some situations, we’ve stopped displaying “http://” and/or a slash after the hostname. This makes the hostname more prominent and the URL more readable, and provides more visual distinction between regular and SSL websites (which keep their “https://” prefix). We’ve also done a lot of work to make sure that copying and pasting of these URLs continue to work as you would expect.
- The bookmark star icon () has joined the other “page actions” at the right-hand side of the Omnibox.
- Stop and Reload have been combined, and Go eliminated, to make things simpler and keep all the navigation-related toolbar buttons together.
A couple small but noteworthy changes happened to Google Chrome this week. Two days ago, the beta channel updated to version 5.0.375.86 -- bringing an assortment of security tweaks and bugfixes. Less than a full day later, that version moved from beta to the stable channel -- and brought one more significant change.
The internal Flash plug-in is now enabled by default in all versions of Google Chrome. It wasn't that long ago (about three months) that internal Flash was just a rumor. In mid-April, Google turned it on by default for dev channel users. After making the jump to the beta channel, the internal Flash plug-in had been disabled for a while -- presumably while some kinks were worked out -- but it could still be enabled via command-line switches.
Google doesn't take pushing features to Chrome stable lightly, so this is a pretty clear indication that the internal Flash plug-in is here to stay. Let's hope they're right about the security benefits. I'm also curious to see if anyone else starts taking a serious look at the new plug-in architecture -- one of Google's other aims was to put something together which was more secure and modern than the old NPAPI plug-in system.
- PDFs are now shown centered.
- [r49830] Unified page/wrench menus into a single item.
- [r50134] Fix a crash when closing tabs (Issue 46289)
- [r50201] Fix a crash when deleting large numbers of bookmarks (Issue 46175)
- (Issue 47419) Attempting to create an application shortcut from the File menu crashes Chrome on Windows
More details about additional changes are available in the svn log of all revisions.
You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.
Google Chrome 5.0.375.86 has been released to the Stable channel on Linux, Mac, and Windows.
-  Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery.
-  Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team.
-  High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team.
-  High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar).
- [$500]  High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE.