Google

The H-Security: Google has added new features to its OAuth 2.0 Playground, which it launched last November. Developers can now switch to using client-side flow, and the system has added support for APIs that use OAuth 2.0 drafts 10 to 25. Google has also added a feature that makes it easy to see all available API operations supported by the user’s current access token. To make it easier to use the Playground for an extended amount of time, developers now have the ability to refresh their access tokens automatically, and clicking HTTP response links will now populate the request URI field. ...

Google has released version 18 of Chrome, the company’s own extended version of the open source Chromium web browser. The new Stable channel release, labeled 18.0.1025.142, fixes several security vulnerabilities, and improves graphics and drawing performance on systems with capable hardware. This is done by adding support for GPU-accelerated rendering of 2D Canvas content on Windows and Mac OS X systems. According to the developers, the GPU acceleration should improve the overall performance of graphics-intensive web applications, making canvas-based animations and games “run faster and feel smoother”. For older systems that can’t make use of of the GPU, Chrome can now display 3D content using the SwiftShader software rasterizer, which Google licensed from TransGaming, Inc. However, the developers note that “a software-backed WebGL implementation is never going to perform as well as one running on a real GPU, but now more users will have access to basic 3D content on the web”. ...

The H-Online: An inconspicuous “s” added to various ​lines of code in its latest nightly builds means that future versions of Firefox will send all search queries to Google in encrypted form. This means that instead of HTTP, the open source browser will use the HTTPS protocol, which encrypts traffic between the web site and browser using SSL. The nightly builds will feed through, over the next few months, until the feature is, most probably, in Firefox 14. ...

The H-Security: Google has released version 17.0.963.83 of its Chrome web browser, a maintenance update that fixes issues with Flash games and closes several security holes. The Stable channel update addresses a total of nine vulnerabilities, six of which are rated as “high severity“. These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to “magic iframe”, as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting. One medium-risk invalid read in the V8 JavaScript engine and two low-risk problems related to WebUI privileges and unpacked extension installation have also been fixed. ...

The H-Online: Google has announced on its Inside Search blog that it is enabling SSL encryption by default on its global search pages. The US site Google.com has been switching users to the secured HTTPS protocol since last year and now, to improve security and privacy for all its users, the company is rolling the behavior out to its international properties such as google.co.uk. ...

SophosLabs: Is Google really extending its online empire, and opening an online pharmacy? Of course not. So don’t believe spammed-out emails like the following: Do you notice how the spammers have changed the “o”s in Google to Cialis and Viagra tablets? Very creative. Part of the spam message reads as follows: We’ve just launched a pharmaceutical interfaces for Google, as well as several new features that will improve the Google experience for the people buying pills and using pharmaceutical interfaces. ...

The H-Security: Google has released a new stable version of its Chrome browser. The update fixes seventeen high severity vulnerabilities and updates the bundled Flash player. Google referred users to Adobe for details of the Flash Player update, and as usual, revealed few details about the seventeen holes that it closed in the release. It did, though, say that the researchers earned between $500 and $3000 for their vulnerability disclosures. ...

At the RSA Conference 2012, former McAfee executives George Kurtz and Dmitri Alperovitch have presented a Remote Access Tool (RAT) that infects Android smartphones (version 2.2). They used an as-yet unpatched bug in Android’s WebKit browser to inject the malware. The researchers say that they bought the vulnerability information, and a range of other tools, on the black market. The finished exploit is based on 20 components that apparently cost a total of $1,400 on the black market. ...

Google is to offer up to a million dollars in rewards for Chrome exploits at the CanSecWest conference. Previously, Google has sponsored the Pwn2Own competition which is held at CanSecWest, but has decided that this year it will directly reward exploits. “We discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors” says Google in a blog post. In previous years, full details have been handed over, but the revised rules make it “an explicit non-requirement in this year’s contest” – a change that Google calls “worrisome”. The organizers revised the rules to make the contest “more fair” and “more of a competition”. ...

Google Operation System Blog: Back in November 2010, a comment from the Google Docs source code revealed some new features that will be available: third party apps, Cloud Print integration and sync. It turns out that the upcoming Google Drive release will add support for third party apps and Google will also include a SDK for developers. This way, you’ll be able to open the files stored in Google Drive using non-Google apps. The Google Docs source code mentions “SDK” several times in connection with Google Drive and the “open with” feature. ...