"Google has announced that it's currently testing a new feature for Chrome 148 that could speed up day-to-day browsing," reports PC World: [T]he browser can intelligently postpone the loading of certain elements. Why load all images at the start when it can instead load images as you get close to them while scrolling? Chrome and Chromium-based browsers have had built-in lazy loading support for images and iframes since 2019, but this feature would make browsers capable of lazy loading video and audio elements, too. Note, however, that this won't benefit YouTube video embeds — those are already lazy loadable since they're embedded using iframes. Actual video and audio elements are rarer but not uncommon. In addition to Chrome, lazy loading of video and audio elements is also expected to be added to other Chromium-based browsers, including Microsoft Edge and Vivaldi.

BrianFagioli writes: Google says it will finally release Chrome for ARM64 Linux in the second quarter of 2026, bringing the company's full browser to a platform that has existed for years without official support. Until now, Linux users running Arm hardware have largely relied on Chromium builds or unofficial packages if they wanted something close to Chrome. Google says the new build will include the same features found on other platforms, including Google account syncing, Chrome Web Store extensions, built-in translation, Safe Browsing protections, and Google Password Manager.

The timing reflects how ARM hardware is becoming more common across the Linux ecosystem, from developer laptops to AI systems. Google also pointed to NVIDIA's DGX Spark, a compact AI supercomputing device built on the Grace Blackwell architecture, which will support installing Chrome through NVIDIA's package management tools. For many Linux users, the announcement feels like a "finally" moment, as ARM64 Linux systems have been widespread for years despite the absence of an official Chrome build.

darwinmac writes: Mozilla is working on a huge redesign for its Firefox browser, codenamed "Nova," which will bring pastel gradients, a refreshed new tab page, floating "island" UI elements, and more. "From the mockups, it appears Mozilla took some inspiration from Googles Material You (or at least, the dynamic color extraction part of it) because the browser color accent appears influenced by the wallpaper setting," reports Neowin. "Choosing a mint-green desktop background automatically shifts the top navigation bars to match that exact shade."

Mozilla has a habit of redesigning Firefox every few years. Before "Nova," there was the "Proton" redesign in 2021, the "Photon" redesign in 2017, and the "Australis" redesign in 2014. Nova is still in early development, so it might take a year or two before it appears in an official stable Firefox release. Neowin adds: "Not every redesign project ends well for Mozilla, though. You might remember 2012's Firefox Metro, an ambitious attempt to build a custom browser for Windows 8s touch-first interface. The team built it to operate both as a traditional desktop application and as a touch-optimized Metro app. The whole thing was scrapped in 2014 after two years in development due to a dismally low user adoption rate (a preview version of the software had been released a year earlier on the Aurora channel)."

Google is accelerating Chrome's major release cadence from four weeks to two starting with version 153 on September 8th. "...our goal is to ensure developers and users have immediate access to the latest performance improvements, fixes and new capabilities," says Google. "Building on our history of adapting our release process to match the demands of a modern web, Chrome is moving to a two-week release cycle." The company says the "smaller scope" of these releases "minimizes disruption and simplifies post-release debugging." They also cite "recent process enhancements" that will "maintain [Chrome's] high standards for stability." 9to5Google reports: There will still be weekly security updates between milestones. This applies to desktop, Android, and iOS, while there are "no changes to the Dev and the Canary channels": "A Chrome Beta for each version will ship three weeks before the stable release. We recommend developers test with the beta to keep up to date with any upcoming changes that might impact your sites and applications."

The eight-week Extended Stable release schedule for enterprise customers and Chromium embedders will not change. Chromebooks will also have "extended release options": "Our priority is a seamless experience, so the latest Chrome releases will roll out to Chromebooks after dedicated platform testing. We are adapting these channels for the new two-week browser cycle and we will share more details soon regarding milestone updates for managed devices."

An anonymous reader quotes a report from Ars Technica: Google on Friday unveiled its plan for its Chrome browser to secure HTTPS certificates against quantum computer attacks without breaking the Internet. The objective is a tall order. The quantum-resistant cryptographic data needed to transparently publish TLS certificates is roughly 40 times bigger than the classical cryptographic material used today. Today's X.509 certificates are about 64 bytes in size, and comprise six elliptic curve signatures and two EC public keys. This material can be cracked through the quantum-enabled Shor's algorithm. Certificates containing the equivalent quantum-resistant cryptographic material are roughly 2.5 kilobytes. All this data must be transmitted when a browser connects to a site.

To bypass the bottleneck, companies are turning to Merkle Trees, a data structure that uses cryptographic hashes and other math to verify the contents of large amounts of information using a small fraction of material used in more traditional verification processes in public key infrastructure. Merkle Tree Certificates, "replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs," members of Google's Chrome Secure Web and Networking Team wrote Friday. "In this model, a Certification Authority (CA) signs a single 'Tree Head' representing potentially millions of certificates, and the 'certificate' sent to the browser is merely a lightweight proof of inclusion in that tree."

[...] Google is [also] adding cryptographic material from quantum-resistant algorithms such as ML-DSA (PDF). This addition would allow forgeries only if an attacker were to break both classical and post-quantum encryption. The new regime is part of what Google is calling the quantum-resistant root store, which will complement the Chrome Root Store the company formed in 2022. The [Merkle Tree Certificates] MTCs use Merkle Trees to provide quantum-resistant assurances that a certificate has been published without having to add most of the lengthy keys and hashes. Using other techniques to reduce the data sizes, the MTCs will be roughly the same 64-byte length they are now [...]. The new system has already been implemented in Chrome.

This week Apple patched iOS and macOS against what it called "an extremely sophisticated attack against specific targeted individuals."

Security Week reports that the bugs "could be exploited for information exposure, denial-of-service (DoS), arbitrary file write, privilege escalation, network traffic interception, sandbox escape, and code execution." Tracked as CVE-2026-20700, the zero-day flaw is described as a memory corruption issue that could be exploited for arbitrary code execution... The tech giant also noted that the flaw's exploitation is linked to attacks involving CVE-2025-14174 and CVE-2025-43529, two zero-days patched in WebKit in December 2025...

The three zero-day bugs were identified by Apple's security team and Google's Threat Analysis Group and their descriptions suggest that they might have been exploited by commercial spyware vendors... Additional information is available on Apple's security updates page.
Brian Milbier, deputy CISO at Huntress, tells the Register that the dyld/WebKit patch "closes a door that has been unlocked for over a decade."

Thanks to Slashdot reader wiredmikey for sharing the article.

The Mozilla executive in charge of Firefox says that while some people just want AI tools that are genuinely useful, "We've heard from many who want nothing to do with AI..."

"Listening to our community, alongside our ongoing commitment to offer choice, led us to build AI controls." Starting with Firefox 148, which rolls out on Feb. 24, you'll find a new AI controls section within the desktop browser settings. It provides a single place to block current and future generative AI features in Firefox... This lets you use Firefox without AI while we continue to build AI features for those who want them...

At launch, AI controls let you manage these features individually:

— Translations, which help you browse the web in your preferred language.
— Alt text in PDFs, which add accessibility descriptions to images in PDF pages.
— AI-enhanced tab grouping, which suggests related tabs and group names.
— Link previews, which show key points before you open a link.
— AI chatbot in the sidebar, which lets you use your chosen chatbot as you browse, including options like Anthropic Claude, ChatGPT, Microsoft Copilot, Google Gemini and Le Chat Mistral.

You can choose to use some of these and not others. If you don't want to use AI features from Firefox at all, you can turn on the Block AI enhancements toggle. When it's toggled on, you won't see pop-ups or reminders to use existing or upcoming AI features. Once you set your AI preferences in Firefox, they stay in place across updates... We believe choice is more important than ever as AI becomes a part of people's browsing experiences. What matters to us is giving people control, no matter how they feel about AI.

If you'd like to try AI controls early, they'll be available first in Firefox Nightly.
Some context from The Register It's a refreshingly unsubtle stance, and one that lands just days after a similar bout of AI skepticism elsewhere in browser land, with Vivaldi's latest release leaning away from generative features entirely. CEO Jon von Tetzchner summed up the mood, telling The Register: "Basically, what we are finding is that people hate AI..." Mozilla's kill switch isn't the end of AI in browsers, but it does suggest the hype has met resistance.
When it comes to AI kill switches in browsers, Jack Wallen writes at ZDNet that "Most browsers already offer this feature. With Edge, you can disable Copilot. With Chrome, you can disable Gemini. With Opera, you can disable Aria...."

Google is rolling out an "auto browse" AI agent in Chrome that can navigate websites, fill out forms, compare prices, and handle tedious online tasks on a user's behalf. Bloomberg reports: The feature, called auto browse, will allow users to ask an assistant powered by Gemini to complete tasks such as shopping for them without leaving Chrome, said Charmaine D'Silva, a director of product. Chrome users will be able to plan a family trip by asking Gemini to open different airline and hotel websites to compare prices, for instance, D'Silva explained. "Our testers have used it for all sorts of things: scheduling appointments, filling out tedious online forms, collecting their tax documents, getting quotes for plumbers and electricians, checking if their bills are paid, filing expense reports, managing their subscriptions, and speeding up renewing their driving licenses -- a ton of time saved," said Parisa Tabriz, vice president of Chrome, in a blog post.

[...] Chrome's auto browse will be available to US AI pro and AI Ultra subscribers and will use Google Password Manager to sign into websites on a user's behalf. As part of the launch, Google is also bringing its image generation tool, Nano Banana, directly into Chrome. The company said that safeguards have been placed to ensure the agentic AI will not be able to make final calls, such as placing an order, without the user's permission. "We're using AI as well as on-device models to protect people from what's really an ever-evolving landscape, whether it's AI-generated scams or just increasingly sophisticated attackers," Tabiz said during the call.

A bug report filed on the Chromium Issue Tracker inadvertently exposed Google's desktop Android interface for the first time, revealing a system codenamed "Aluminum OS" running on existing Chromebook hardware. The report, ostensibly about Chrome Incognito tabs, included screen captures from an HP Elite Dragonfly 13.5 Chromebook running Android 16.

The status bar has been redesigned for large screens -- taller than the tablet version, displaying time with seconds, date, battery, Wi-Fi, a notification bell, keyboard language indicator and a Gemini icon. The taskbar remains identical to the current implementation, though the mouse cursor now features a subtle tail. Chrome's interface includes an Extensions button, a feature currently exclusive to the desktop browser. Window controls mirror ChromeOS, placing minimize, fullscreen, and close buttons at the top-right.

After widespread backlash over its 2022 decision to remove JPEG-XL support, Google has quietly restored the image format in the latest Chrome/Chromium codebase. Phoronix reports: Back in December they merged jxl-rs as a pure Rust-based JPEG-XL image decoder from the official libjxl organization. At the end of December they did more JPEG-XL plumbing with the enums and build flags for the support. Now as of yesterday they wired up the JXL decoder! The jxl-rs-powered JPEG-XL image decoding is gated by the enable_jxl_decoder build flag but it's enabled by default.

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

Mozilla has named Anthony Enzor-DeMeo as its new chief executive, promoting the executive who has spent the past year leading the Firefox browser team and who now plans to make AI central to the company's future.

Enzor-DeMeo announced on Tuesday that an "AI Mode" is coming to Firefox next year. The feature will let users choose from multiple AI models rather than being locked into a single provider. Some options will be open-source models, others will be private "Mozilla-hosted cloud options," and the company also plans to integrate models from major AI companies. Mozilla itself will not train its own large language model.

"We're not incentivized to push one model or the other," Enzor-DeMeo told The Verge. Firefox currently has about 200 million monthly users, a fraction of Chrome's roughly 4 billion, though Enzor-DeMeo insists mobile usage is growing at a decent clip.

He takes over from interim CEO Laura Chambers, who led the company through a major antitrust case and what Mozilla describes as "double-digit mobile growth" in Firefox. Chambers is returning to the Mozilla board of directors. The new CEO has outlined three priorities: ensuring all products give users control over AI features including the ability to turn them off, building a business model around transparent monetization, and expanding Firefox into a broader ecosystem of trusted software. Mozilla VPN integration is planned for the browser next year.

Phoebe Gates, Bill Gates' youngest daughter, has raised $30 million for the AI shopping app she built in her Stanford dorm room with classmate Sophia Kianni. The app is called Phia and is pitched as a way to simplify price comparison and secondhand shopping. "Its AI-powered search engine -- available as an app and as a browser extension for Chrome and Safari -- pulls listings from more than 40,000 retail and resale sites so users can compare prices, surface real-time deals, and determine whether an item's cost is typical, high or fair," reports the San Francisco Chronicle. The app has reached 750,000 downloads in eight months and is valued at $180 million. From the report: Gates told Elle that when she first floated the idea to her parents, they urged her to keep it as a side project -- advice she followed by enrolling in Stanford's night program after moving to New York and finishing her degree in 2024. "They were like, 'Okay, you can do this as a side thing, but you need to stay in school.' I don't think people would expect that from my family, to be honest," she said.

Her father dropped out of Harvard University in 1975 to launch Microsoft. Kianni even paused her degree temporarily "to learn, as quickly as possible, as much as we could about the industry that we would be operating in," she told Vogue. Bill Gates has not invested in the company, though he has publicly supported its mission.

Google's Chrome team has built an experimental browser called Disco that takes a query or prompt, opens a cluster of related tabs, and then generates a custom application tailored to whatever task the user is trying to accomplish. The browser launched Thursday as an experiment in Google's Search Labs.

GenTabs, the core feature powering Disco, are information-rich pages created by Google's Gemini AI models -- ask for travel tips and the system builds a planner app; ask for study help and it creates a flashcard system. Disco -- named partly for fun and partly as shorthand for "discovery" -- started as a hackathon project inside Google before catching the team's imagination.

Parisa Tabriz, who leads the Chrome team, said that Disco is not intended as a general-purpose browser and is not an attempt to cannibalize Chrome. The experiment aims to test what happens when users move from simply having tabs to generating personalized, curated applications on demand. The capability relies on features in the recently launched Gemini 3, which can create one-off interactive interfaces and build miniature apps on the fly rather than just returning text or images.

Stanford researchers spent much of the past year building an AI bot called Artemis that scans networks for software vulnerabilities, and when they pitted it against ten professional penetration testers on the university's own engineering network, the bot outperformed nine of them. The experiment offers a window into how rapidly AI hacking tools have improved after years of underwhelming performance.

"We thought it would probably be below average," said Justin Lin, a Stanford cybersecurity researcher. Artemis found bugs at a fraction of human cost -- just under $60 per hour compared to the $2,000 to $2,500 per day that professional pen testers typically charge. But its performance wasn't flawless. About 18% of its bug reports were false positives, and it completely missed an obvious vulnerability on a webpage that most human testers caught. In one case, Artemis found a bug on an outdated page that didn't render in standard browsers; it used a command-line tool called Curl instead of Chrome or Firefox.

Dan Boneh, a Stanford computer science professor who advised the researchers, noted that vast amounts of software shipped without being vetted by LLMs could now be at risk. "We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," said Jacob Klein, head of threat intelligence at Anthropic.

"The internet is being increasingly polluted by AI generated text, images and video," argues the site for a new browser extension called Slop Evader. It promises to use Google's search API "to only return content published before Nov 30th, 2022" — the day ChatGPT launched — "so you can be sure that it was written or produced by the human hand."

404 Media calls it "a scorched earth approach that virtually guarantees your searches will be slop-free." Slop Evader was created by artist and researcher Tega Brain, who says she was motivated by the growing dismay over the tech industry's unrelenting, aggressive rollout of so-called "generative AI" — despite widespread criticism and the wider public's distaste for it. "This sowing of mistrust in our relationship with media is a huge thing, a huge effect of this synthetic media moment we're in," Brain told 404 Media, describing how tools like Sora 2 have short-circuited our ability to determine reality within a sea of artificial online junk. "I've been thinking about ways to refuse it, and the simplest, dumbest way to do that is to only search before 2022...."

Currently, Slop Evader can be used to search pre-GPT archives of seven different sites where slop has become commonplace, including YouTube, Reddit, Stack Exchange, and the parenting site MumsNet. The obvious downside to this, from a user perspective, is that you won't be able to find anything time-sensitive or current — including this very website, which did not exist in 2022. The experience is simultaneously refreshing and harrowing, allowing you to browse freely without having to constantly question reality, but always knowing that this freedom will be forever locked in time — nostalgia for a human-centric world wide web that no longer exists.

Of course, the tool's limitations are part of its provocation. Brain says she has plans to add support for more sites, and release a new version that uses DuckDuckGo's search indexing instead of Google's. But the real goal, she says, is prompting people to question how they can collectively refuse the dystopian, inhuman version of the internet that Silicon Valley's AI-pushers have forced on us... With enough cultural pushback, Brain suggests, we could start to see alternative search engines like DuckDuckGo adding options to filter out search results suspected of having synthetic content (DuckDuckGo added the ability to filter out AI images in search earlier this year)... But no matter what form AI slop-refusal takes, it will need to be a group effort.

"By my count, Linux has over 11% of the desktop market," writes ZDNet's Steven Vaughan-Nichols: In StatCounter's latest US numbers, which cover through October, Linux shows up as only 3.49%. But if you look closer, "unknown" accounts for 4.21%. Allow me to make an educated guess here: I suspect those unknown desktops are actually running Linux. What else could it be? FreeBSD? Unix? OS/2? Unlikely. In addition, ChromeOS comes in at 3.67%, which strikes me as much too low. Leaving that aside, ChromeOS is a Linux variant. It just uses the Chrome web browser for its interface rather than KDE Plasma, Cinnamon, or another Linux desktop environment. Put all these together, and you get a Linux desktop market share of 11.37%...

If you want to look at the broader world of end-user operating systems, including phones and tablets, Linux comes out even better. In the US, where we love our Apple iPhones, Android — yes, another Linux distro — boasts 41.71% of the market share, according to StatCounter's latest numbers. Globally, however, Android rules with 72.55% of the market. Yes, that's right, if you widen the Linux end-user operating system metric to include PC, tablets, and smartphones, you can make a reasonable argument that Linux, and not Windows, is already the top dog operating system...

If you add Chrome OS (1.7%) and Android (15.8%), 23.3% of all people accessing the U.S. government's websites are Linux users. The Linux kernel's user-facing footprint is much larger than the "desktop Linux" label suggests.
The article lists reasons more people might be switching to Linux, including broader hardware support and "the increased viability of gaming via Steam and Proton" — but also the rise of Digital Sovereignty initiatives. (One EU group has even created EU OS.")

And finally, "not everyone is thrilled with Windows 11 being turned into an AI-agentic operating system."

"Three years ago, Google removed JPEG XL support from Chrome, stating there wasn't enough interest at the time," writes the blog Windows Report. "That position has now changed." In a recent note to developers, a Chrome team representative confirmed that work has restarted to bring JPEG XL to Chromium and said Google "would ship it in Chrome" once long-term maintenance and the usual launch requirements are met.

The team explained that other platforms moved ahead. Safari supports JPEG XL, and Windows 11 users can add native support through an image extension from Microsoft Store. The format is also confirmed for use in PDF documents. There has been continuous demand from developers and users who ask for its return.

Before Google ships the feature in Chrome, the company wants the integration to be secure and supported over time. A developer has submitted new code that reintroduces JPEG XL to Chromium. This version is marked as feature complete. The developer said it also "includes animation support," which earlier implementations did not offer.

Microsoft's Copilot AI assistant in Windows 11 fails to replicate the capabilities shown in the company's TV advertisements. The Verge tested Copilot Vision over a week using the same prompts featured in ads airing during NFL games. When asked to identify a HyperX QuadCast 2S microphone visible in a YouTube video -- a task successfully completed in Microsoft's ad -- Copilot gave multiple incorrect answers. The assistant identified the microphone as a first-generation HyperX QuadCast, then as a Shure SM7b on two other occasions. Copilot couldn't identify the Saturn V rocket from a PowerPoint presentation despite the words "Saturn V" appearing on screen. When asked about a cave image from Microsoft's ad, Copilot gave inconsistent responses.

About a third of the time it provided directions to find the photo in File Explorer. On two occasions it explained how to launch Google Chrome. Four times it offered advice about booking flights to Belize. The cave is Rio Secreto in Playa del Carmen, Mexico. Microsoft spokesperson Blake Manfre said "Copilot Actions on Windows, which can take actions on local files, is not yet available." He described it as "an opt-in experimental feature that will be coming soon to Windows Insiders in Copilot Labs, starting with a narrow set of use cases while we optimize model performance and learn." Copilot cannot toggle basic Windows settings like dark mode. When asked to analyze a benchmark table in Google Sheets, it "constantly misread clear-as-day scores both in the spreadsheet and in the on-page review."

Android's security team published a blog post this week about their experience using Rust. Its title? "Move fast and fix things." Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.

The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one... Data shows that Rust code requires fewer revisions. This trend has been consistent since 2023. Rust changes of a similar size need about 20% fewer revisions than their C++ counterparts... In a self-reported survey from 2022, Google software engineers reported that Rust is both easier to review and more likely to be correct. The hard data on rollback rates and review times validates those impressions.

Historically, security improvements often came at a cost. More security meant more process, slower performance, or delayed features, forcing trade-offs between security and other product goals. The shift to Rust is different: we are significantly improving security and key development efficiency and product stability metrics.

With Rust support now mature for building Android system services and libraries, we are focused on bringing its security and productivity advantages elsewhere. Android's 6.12 Linux kernel is our first kernel with Rust support enabled and our first production Rust driver. More exciting projects are underway, such as our ongoing collaboration with Arm and Collabora on a Rust-based kernel-mode GPU driver. [They've also been deploying Rust in firmware for years, and Rust "is ensuring memory safety from the ground up in several security-critical Google applications," including Chromium's parsers for PNG, JSON, and web fonts.]
2025 was the first year more lines of Rust code were added to Android than lines of C++ code...