Category Archives: Chrome

Changes coming to Chromium and Firefox

There’s interesting news from the world of web browser software. And when I say ‘interesting’, I mean possibly extremely annoying, depending on which browsers you use, and how you use them.

First up, there’s been an interesting debate in the Firefox bug list, since 2014, about whether to change the behaviour of the Backspace key.

It’s possible that you weren’t even aware that you could use your keyboard’s Backspace key to navigate to the previous page in Firefox. This functionality has existed in most browsers at one time or another, but it was removed in Google Chrome version 52 in July 2016. It’s a convenient shortcut for doing the most common thing you can do in a web browser, and I have personally used it for years.

The problem is that some users apparently run into trouble when they try to use Backspace to erase the previous character in a text box on a web page, such as in a form, only to find that they have navigated to the previous page instead. This can result in the loss of form data, and I imagine that could be very annoying.

Because of the debate about this, Mozilla software engineers went so far as to track the usage of the Backspace key in Firefox. And while I applaud their methods, I don’t necessarily agree with their analysis. For example, they found that the Backspace key is the most pressed keyboard shortcut in Firefox, with forty million users pressing the key and triggering a ‘previous page’ navigation every month.

By comparison, the next most common keypress is Ctrl-F, which is the browser-universal key combination for searching within the current page. That keypress is used by about sixteen million users per month. Fifteen million users per month use F5 and Ctrl-R to reload the current page.

So far so good, but the Mozilla engineers somehow used this information to conclude that many of the Backspace presses (and subsequent navigation to the previous page) were unintentional. I don’t follow their reasoning, frankly. Isn’t it just as likely that that people frequently use the Backspace key to go to the previous page?

Regardless, Mozilla is changing the behaviour of the Backspace key in Firefox from version 86 onwards. That version is scheduled for release on February 23, 2021. There will be workarounds, so this isn’t likely to be a huge problem for most people, but there will clearly be a bit of fumbling as people get used to the change.


Meanwhile, Google is planning to cut off access to several of its services for Chromium-based web browser software, on March 15, 2021. This won’t affect Google’s own Chrome browser, but any browser built on the Chromium browser engine that isn’t Chrome will lose access on March 15.

The Google services involved include bookmark synchronization, the ‘safe browsing’ feature, search suggestions, spell checking, and others. It’s important to recognize that these functions are not necessary for basic browser use, and their loss likely won’t affect many users. Losing search suggestions and spell checking seem like minor annoyances at worst. Loss of the safe browsing feature is unfortunate, but other safeguards exist. Anyone who uses bookmark sync is going to be annoyed at losing that feature.

At the same time, it’s interesting to note that people who are using a non-Chrome Chromium browser to avoid using Google software never really accompished their goal if they used any of the soon-to-be-disabled features. They might as well have been using Chrome all along.

Google maintains that it was never their intention to make these services available to non-Chrome browsers. Which is why, despite having frequently expressed annoyance at Google for discontinuing software and services that they had strenuously promoted, this change doesn’t bother me.

Related articles

Chrome 81.0.4044.92

A new version of Chrome addresses thirty-two security issues in previous versions.

Details of the vulnerabilities fixed in Chrome 81.0.4044.92 are sketchy, which is normal for newly-discovered and mostly unpatched security bugs. Google has published vulnerability identifiers (CVE numbers), along with links to Google’s internal bug tracking system, and credited the researchers who discovered them.

The links are mostly non-functional, and will remain so until Google decides that it’s safe to publish the vulnerability details. Even the CVE numbers aren’t that helpful: if you search the CVE list at Mitre.org for one of these recent vulnerabilities, you’ll see a placeholder page with no details — for now.

In a perfect world, it would be easy to discover exactly what a software update would change, before it’s installed. Sadly, opportunistic assholes have made this impractical and even dangerous for security-related updates. So, regardless of how one feels about the developer, at some level we have no choice but to trust them with security updates.

Chrome’s ‘three vertical dots’ menu is the place to start if you want to check which version you’re running and install an update. Drill down to Help > About Google Chrome. If an update is available, it will be installed automatically, after which you’ll see a Relaunch button.

Chrome 80.0.3987.162 and 80.0.3987.163

Two Chrome releases this week address at least eight security vulnerabilities and other bugs.

The release notes for Chrome 80.0.3987.162 provide details for some of the security vulnerabilities. A usual, Google holds off publishing vulnerability details until most installs have been updated.

Chrome 80.0.3987.163 appears to roll back a bug fix that was addressed in an earlier version.

You can trust Google to update your installation of Chrome, or do it youself, by navigating its three-vertical-dots menu to Help > About Google Chrome. This will trigger a check for updates, and if a newer version is available, you should see an Update button or link.

Chrome 80.0.3987.149

Version 80.0.3987.149 of Google’s Chrome web browser is a security release. It includes fixes for at least thirteen security vulnerabilities.

Like most modern browsers, and many of Google’s software products, Chrome updates itself reliably, if somewhat unpredictably. This is arguably a good thing, as long as updates don’t break things and do improve security.

Regardless of your viewpoint on automatic updates, keeping your web browser up to date is critical if you use it to do any actual web browsing. Otherwise the risk of a drive-by malware infection is significantly higher.

To check the version of your Chrome browser, navigate its three-vertical-dots menu to Help > About Google Chrome. If there’s a newer version, you’ll see a button or link for installing it.

Chrome 80.0.3987.122

Three more security vulnerabilities are fixed in the latest Chrome, version 80.0.3987.122.

According to the release notes, one of the vulnerabilities fixed in Chrome 80.0.3987.122 is already being exploited ‘in the wild’ so anyone using Chrome should check their version and update immediately.

To determine whether you need to install the new version, navigate Chrome’s menu button () to Help > About Google Chrome. You’ll see the current version, and if a newer one is available, there should be a button that allows you to install it.

Chrome 80.0.3987.116

Sometimes when Google releases a new version of Chrome, the release announcement doesn’t mention any security fixes. That’s intentional:

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Chrome 80.0.3987.116 was announced on February 18, but the initial announcement didn’t include any mention of five security vulnerabilities that were fixed in that version. Those details were added a few days later.

Three of the vulnerabilities addressed in Chrome 80.0.3987.116 were reported to Google by third party security researchers.

To check your current version of Chrome, click its menu button (three vertical dots) and navigate to Help > About Google Chrome. If a newer version is available, you should see a button or link that allows you to install it.

Chrome 80.0.3987.87

The latest release of Google’s Chrome web browser, announced on February 4, includes fifty-six security fixes. As usual, details on all of the related vulnerabilities will not be released until a majority of users are updated with a fix.

The full change log for Chrome 80.0.3987.87 is a whopper, with over sixteen thousand changes in all. A little light reading for anyone with a few hours to spare. But hey, at this point if you don’t trust Google you probably shouldn’t be using Chrome. In the same way that you shouldn’t be using Windows 10 if you don’t trust Microsoft.

Chrome updates itself on its own mysterious schedule, unless you’ve taken extreme (and continuous) measures to prevent it. You can find out which version you’re running by navigating Chrome’s menu (hidden behind the three-vertical-dots menu button at the top right) to Help > About Google Chrome. If a newer version is available, you should see a button or link to install it.

Microsoft news: the good, the bad, and the spiteful

The Good

Windows 7 support ended earlier this month, and with it any hope of fixing newly-discovered security vulnerabilities. Or did it? Microsoft recently discovered a problem with an update, released in Novemeber 2019, that is causing problems with desktop wallpaper on Windows 7 computers. This isn’t a security issue, but it probably affects thousands of users, and Microsoft has now released a special update that fixes the wallpaper problem. You can get the update via Windows Update on Windows 7 computers.

The Bad

Microsoft’s plans for expanding advertising in Windows 10 continue, albeit very slowly. The latest change is in Windows 10’s default rich text editor, Wordpad. When you run Wordpad, you’ll see an advertisement for Microsoft Office. It’s not much, and many users will never see it, but I’m reminded of the proverbial frog in steadily-warming water.

The Spiteful

Microsoft’s shenanigans with Google show no signs of slowing down. Both companies have engaged in questionable behaviour in trying to promote their software and services. The latest shot from Microsoft is particularly annoying: when Office 365 updates itself — a process that is both frequent and difficult to control — it will look for an installation of Google’s Chrome web browser, and change its default search engine to Bing.

Microsoft has a history of inappropriately reverting settings during updates, which is annoying enough, but this is excessive and downright spiteful, in my opinion. Microsoft, please play out your differences with Google in a way that doesn’t annoy millions of users.

Update 2020Feb11: Microsoft relented, and won’t be switching Windows 10 searches to use Bing during Office 365 updates. I guess they realized that they didn’t need yet another public relations disaster.

Security improvements in Chrome

Google is rolling out some changes to the Chrome web browser that will improve security in several ways. The changes are being spread out across several updates, and exactly when they will arrive on your devices depends on some security-related settings.

Warnings about compromised passwords

When you enter a user ID and password on any web site using Chrome, the browser can check whether that combination is on a list of known-compromised IDs and passwords. Chrome started doing this earlier in 2019, but you had to install the Password Checkup extension to use it. A couple of months ago, Google added this feature to passwords stored in Google accounts, protecting anyone who logs into their Google account in Chrome.

What’s new is that this password protection is now built into Chrome itself, and will now protect all Chrome users by default, regardless of whether they are logged into their Google account.

According to Google, “You can control this feature in the Sync and Google Services section of Chrome Settings.” In my installation of Chrome (version 79.0.3945.88), there’s a new option: Warn you if passwords are exposed in a data breach.

Real-time protection against unsafe sites

Google’s Safe Browsing service provides a continuously-updated list of unsafe sites. When you visit a web site or download a file, Chrome checks the address (URL) against the Safe Browsing list. The file it checks is on your computer, and updated every 30 minutes.

Previously, only a local copy of the unsafe URLs list (updated every 30 minutes by Google) was checked. What’s changed is that a new safe URLs list (stored on your computer and updated by Google) is checked, and if the site you’re visiting isn’t listed as safe, Chrome then checks an unsafe URLs list hosted by Google.

This change allows Chrome to use the most up to date information when deciding whether to warn you about potentially unsafe sites.

You can control this behaviour in Chrome’s settings: Sync and Google Services > Make searches and browsing better.

Expanding predictive phishing protection

When you enter a username and password on a web site, Chrome can check whether you are on a suspected phishing site.

Previously, Chrome only performed this check when you entered Google Account credentials on a web site, and only with the Sync feature enabed. What’s new is that Chrome now checks all passwords stored in Chrome’s password manager, and it does so as long as you’re signed into Chrome, even if Sync is not enabled.

It’s not clear whether there are specific Chrome settings that control this behaviour.

Safe to use

In the blog post announcing these changes, Google is careful to explain that the process of checking your passwords is itself completely secure, and even Google can’t determine your password as part of the process. The other checks that involve sending information to Google’s systems are also secure and private. In other words, you don’t need to worry about any of your information or activity being intercepted or misused, even by Google.