Chromium Blog
News and developments from the open source browser project
Pwnium 2: results and wrap-up
Wednesday, October 10, 2012
As part of our ongoing effort to reward exceptional
vulnerability research
in the security community, we hosted the
Pwnium 2
competition at
Hack in the Box 2012
in Kuala Lumpur yesterday.
We’re happy to confirm that we received a valid exploit from
returning pwner
, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the
IPC layer
to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook.
One of Chrome’s most effective security defenses is our
fast response time
and ability to update users with critical patches, quickly. These bugs were no exception. We started analyzing the exploit as soon as it was submitted, and in fewer than 10 hours after Pwnium 2 concluded we were updating users with a
freshly patched
version of Chrome.
We’d like to thank Pinkie Pie for his hard work in assembling another great Pwnium submission. We’ll post an in-depth look at the bugs used and subsequent mitigations once other platforms have been patched.
Posted by Chris Evans, Software Engineer
Pwnium 2 begins
Tuesday, October 9, 2012
Security is one of Chrome’s
core principles
, and we work closely with the security community to continually make the web safer for users. In that spirit, we're hosting
Pwnium 2
at
Hack in the Box 2012
in Kuala Lumpur this week.
Participants will be able to
demonstrate their pwns
against Chrome at 9 a.m. Wednesday local time (1 a.m. GMT for folks keeping track). We’ll be actively analyzing any submissions we receive, and will announce successful exploits and prizes during
our talk
at 5 p.m, Thursday (9 a.m. GMT) on the evolution of Chrome’s
vulnerability rewards program
.
Stay tuned!
Posted by Chris Evans, Software Engineer
Get a front row seat with GDL Presents
Monday, October 8, 2012
Calling designers, web developers, and the creatively curious! Next week marks the launch of
Google Developers Live Presents,
a new series of exclusive programming from
GDL
.
Presents
kicks off this month with
Design Ignites the Web
, a family of episodes that takes you on a journey from back-end to front-end, showing you how to create compelling projects in the browser. The series will feature exclusive interviews with the developers behind select
Chrome Experiments
,
Chrome WebLab
,
Movi.Kanti.Revo
, and DevArt.
So, what’s coming up?
Make Web Magic: The Minds Behind the Most Popular Chrome Experiments |
Tuesday, October 9 - Part 1, 1:00 PM PDT
|
20:00 UTC
[Event page]
| Part II, 2:00 PM PDT
|
21:00 UTC
[Event page]
|
Part III, 3:00 PM PDT
|
22:00 UTC
[Event page]
Using the latest open web technologies, the developers creating some of the most inspired Chrome Experiments showcase their latest web experiments and discuss how they are making the web faster, more fun, and open in this 3-episode hangout.
Host:
Paul Irish
,
Developer Advocate, Chrome
Guests: Hakim:
Google+
,
Website
| Michael Deal:
Google+
,
Website
| Mark Danks:
Google+
,
Website
All the Web’s a Stage: Building a 3D Space in the Browser
|
Thursday, October 11 - 10:30 AM PDT | 17:30 UTC
[Event page]
Meet the designers and creative team behind a new sensory Chrome experiment,
Movi.Kanti.Revo
, in a live, design-focused Q&A. Learn how Cirque du Soleil and Subatomic Systems worked to translate the wonder of Cirque into an environment built entirely with markup and CSS.
Host:
Pete LePage
,
Developer Advocate
Guests:
Gillian Ferrabee,
Creative Director, Images & Special Projects,
Cirque du Soleil | Nicole McDonald,
Director/Creative Director,
Subatomic Systems
Van Gogh Meets Alan Turing: The Browser Becomes a Canvas with DevArt
|
Friday, October 19 - 10:00 AM PDT
|
17:00 UTC
[Event page]
How can art and daily life be joined together? Host Ido Green chats with creators Uri Shaked and Tom Teman about tackling this question with their “Music Room” – a case study in the power of Android – and with Emmanuel Witzthum on his project “Dissolving Realities,” which aims to connect the virtual environment of the Internet using Google Street View.
Host:
Ido Green
,
Developer Advocate
Guests: Uri Shaked, Tom Teman, and
Emmanuel Witzthum
Push the Limits: Building Extraordinary Experiences with Chrome
|
Week of October 29
[Event page]
The experiments in
Chrome Web Lab
are pushing the limits of what developers can build in a browser. Explore the design and technical mastery that went into making extraordinary experiences, directly from the experiments’ home, the London Science Museum.
Hosts:
Pete LePage
,
Developer Advocate
|
Paul Kinlan
,
Developer Advocate
Guests:
Tellart
&
B-Reel
representatives for
Universal Orchestra, Sketchbot, Teleporter, LabTag, DataTracer
If you can’t make the live show, you’ll still be able to see recordings of these and past sessions on our
YouTube channel
. For more information on our monthly schedule, add
+Google Developers
to your circles and follow
@googledevs
on Twitter.
Posted by Peter Lubbers, Program Manager
Teaming up on Web Platform Docs
Monday, October 8, 2012
Cross-posted on the
Google Developers Blog
When you want to build something for the web, it's surprisingly difficult to find out how you can implement your vision across all browsers and operating systems. You often need to search across various websites and blogs to learn how certain technologies can be used. It's kind of like a scavenger hunt, except it's not any fun.
This scavenger hunt is soon coming to an end. Google along with the W3C and several
leading internet and technology companies
just
announced
the alpha release of
Web Platform Docs
. Web Platform Docs is a community-driven site that aims to become the comprehensive and authoritative source for web developer documentation.
The founding members of Web Platforms Docs have all already provided a lot of content for the site to help get this effort off to a strong start. However, collectively, we’ve barely scratched the surface. We decided that it would be better to open up Web Platform Docs to the community as early as possible, so that everyone--including you--can help
expand and refine
the documentation, and ultimately define the direction of the site.
If you have more questions about Web Platform Docs, you can find us on
Twitter
.
Posted by Alex Komoroske, Product Manager
Supporting new media experiences on the web
Tuesday, October 2, 2012
In recent years, video has taken a central role on the web. Developers are using the latest web technologies to make it easier for users to access, watch, and create video content. Today’s
Chrome Beta
update includes more tools for developers to take video engagement to the next level.
Chrome now includes the
PeerConnection API
, which allows developers to create web apps with real-time audio and video calling without the need for a plug-in. Together, PeerConnection and the
getUserMedia API
represent the next steps in
WebRTC
, a new standard which aims to allow high quality video, audio, and data communications on the web. Check out this funky video chat
demo
to see how the PeerConnection API can be combined with other web technologies to create fun new video chat experiences. To start the video chat demo, send the url to a friend.
Today’s Chrome Beta update also includes
track
support for HTML5 video. Track support provides an easy, standard way to add subtitles, captions, descriptions, chapters, and metadata to videos. It can be used to make videos accessible, split videos into sections, and create new unique video experiences. Track provides developers with a unified, programmatic mechanism for doing all these things in the HTML DOM and Javascript. In the following
demo
, track is used to enhance a video of a bike ride with metadata including a Google Map showing the biker’s route and Google Street View from the biker’s location.
Last but not least, we’ve added the
MediaSource API
. It provides a video playback solution that adapts video quality based on changing computer and network conditions to prevent excessive buffering and startup delays for videos -- in other words, your video will play silky smooth for users with no annoying stutters. Watch how smooth this
demo video
plays despite fluctuations in your network speed.
To get your hands on all this tasty video goodness, download
Chrome Beta
.
Posted by Justin Uberti, Software Engineer and Trained Video Professional
Enabling new classes of applications with Pointer Lock
Tuesday, September 25, 2012
Moving the web forward includes enabling
new classes of applications
. Today’s
Chrome Stable release
advances this effort with the inclusion of the
Pointer Lock JavaScript API
(often called Mouse Lock). Now, 3D applications such as first-person games can allow users to control their perspective naturally with the mouse, without moving outside the window or bumping into the edge of their screen. Try it out for yourself in this 3D,
first-person shooter demo
created by our friends at Mozilla.
While games are fun, these capabilities also empower other types of applications such as medical and scientific visualization, training, simulation, modeling, authoring packages, and more. We're excited to see recent web platform technologies such as
WebGL
,
Web Audio
,
Fullscreen
,
WebSockets
,
Gamepad
, and
Pointer Lock
combine to be greater than the sum of their parts. Game developers have an excellent platform on which they can deploy rich games with all the benefits of the instant-on, auto-updating, linkable, shareable, and searchable web.
As always, Chrome will automatically update itself to include these latest enhancements. If you haven’t tried Chrome yet,
give it a spin
!
Posted by Vincent Scheib, Software Engineer often overheard singing, "And we’re out of Beta. We’re releasing on time."
Announcing Movi.Kanti.Revo, A New Chrome Experiment
Wednesday, September 19, 2012
Earlier this year at Google I/O, we gave developers a
sneak peek at Movi.Kanti.Revo
, a new sensory Chrome experiment crafted by Cirque du Soleil and developed by Subatomic Systems that brings the magic of Cirque du Soleil to the web through modern web technologies. The full experiment, which allows users to follow a mysterious character through a beautiful world of Cirque du Soleil performances, was launched today at the
Big Tent event
in New York City.
The experiment was created using just HTML5, and the environment is built entirely with markup and CSS. Like set pieces on stage, divs, images and other elements are positioned in a 3D space using CSS. To create movement,
CSS animations
and
3D transforms
were applied making the elements appear closer and further away. Everything is positioned and scaled individually to create a highly realistic interactive environment. In addition, the experiment uses HTML5 <audio> to play music and sounds.
Movi.Kanti.Revo breaks with the tradition of keyboard or mouse navigation; instead users navigate through an interactive Cirque du Soleil world with their gestures. To accomplish this, the experiment asks users for permission to access their web cam using the new
getUserMedia
API. With this new API, the experiment renders the camera output to a small <video> element on the page. A facial detection JavaScript library then looks for movement and applies a CSS 3D transform to the elements on the page, making environment move with the user.
Because this experience was built using just markup, it works in the browser across all devices. The experiment takes advantage of the rich capabilities possible on mobile devices, like the
accelerometer
to navigate through the world.
To learn more about how this experiment was built, check out the new
technical case study
or join us for a special Google Developers Live
Behind The Divs
event on September 20th at
8:30am PDT /15:30 UTC
where we’ll be talking to the engineers behind the project.
Head over to Movi.Kanti.Revo at
www.movikantirevo.com
to check things out, and be sure to open Chrome’s
developer tools
to see what’s going on behind the <div>s!
Pete LePage, Developer Advocate
Labels
$200K
1
10th birthday
4
abusive ads
1
abusive notifications
2
accessibility
3
ad blockers
1
ad blocking
2
advanced capabilities
1
android
2
anti abuse
1
anti-deception
1
background periodic sync
1
badging
1
benchmarks
1
beta
83
better ads standards
1
billing
1
birthday
4
blink
2
browser
2
browser interoperability
1
bundles
1
capabilities
6
capable web
1
cds
1
cds18
2
cds2018
1
chrome
35
chrome 81
1
chrome 83
2
chrome 84
2
chrome ads
1
chrome apps
5
Chrome dev
1
chrome dev summit
1
chrome dev summit 2018
1
chrome dev summit 2019
1
chrome developer
1
Chrome Developer Center
1
chrome developer summit
1
chrome devtools
1
Chrome extension
1
chrome extensions
3
Chrome Frame
1
Chrome lite
1
Chrome on Android
2
chrome on ios
1
Chrome on Mac
1
Chrome OS
1
chrome privacy
4
chrome releases
1
chrome security
10
chrome web store
32
chromedevtools
1
chromeframe
3
chromeos
4
chromeos.dev
1
chromium
9
cloud print
1
coalition
1
coalition for better ads
1
contact picker
1
content indexing
1
cookies
1
core web vitals
2
csrf
1
css
1
cumulative layout shift
1
custom tabs
1
dart
8
dashboard
1
Data Saver
3
Data saver desktop extension
1
day 2
1
deceptive installation
1
declarative net request api
1
design
2
developer dashboard
1
Developer Program Policy
2
developer website
1
devtools
13
digital event
1
discoverability
1
DNS-over-HTTPS
4
DoH
4
emoji
1
emscriptem
1
enterprise
1
extensions
27
Fast badging
1
faster web
1
features
1
feedback
2
field data
1
first input delay
1
Follow
1
fonts
1
form controls
1
frameworks
1
fugu
2
fund
1
funding
1
gdd
1
google earth
1
google event
1
google io 2019
1
google web developer
1
googlechrome
12
harmful ads
1
html5
11
HTTP/3
1
HTTPS
4
iframes
1
images
1
incognito
1
insecure forms
1
intent to explain
1
ios
1
ios Chrome
1
issue tracker
3
jank
1
javascript
5
lab data
1
labelling
1
largest contentful paint
1
launch
1
lazy-loading
1
lighthouse
2
linux
2
Lite Mode
2
Lite pages
1
loading interventions
1
loading optimizations
1
lock icon
1
long-tail
1
mac
1
manifest v3
2
metrics
2
microsoft edge
1
mixed forms
1
mobile
2
na
1
native client
8
native file system
1
New Features
5
notifications
1
octane
1
open web
4
origin trials
2
pagespeed insights
1
pagespeedinsights
1
passwords
1
payment handler
1
payment request
1
payments
2
performance
20
performance tools
1
permission UI
1
permissions
1
play store
1
portals
3
prefetching
1
privacy
2
privacy sandbox
4
private prefetch proxy
1
profile guided optimization
1
progressive web apps
2
Project Strobe
1
protection
1
pwa
1
QUIC
1
quieter permissions
1
releases
3
removals
1
rlz
1
root program
1
safe browsing
2
Secure DNS
2
security
36
site isolation
1
slow loading
1
sms receiver
1
spam policy
1
spdy
2
spectre
1
speed
4
ssl
2
store listing
1
strobe
2
subscription pages
1
suspicious site reporter extension
1
TCP
1
the fast and the curious
23
TLS
1
tools
1
tracing
1
transparency
1
trusted web activities
1
twa
2
user agent string
1
user data policy
1
v8
6
video
2
wasm
1
web
1
web apps
1
web assembly
2
web developers
1
web intents
1
web packaging
1
web payments
1
web platform
1
web request api
1
web vitals
1
web.dev
1
web.dev live
1
webapi
1
webassembly
1
webaudio
3
webgl
7
webkit
5
WebM
1
webmaster
1
webp
5
webrtc
6
websockets
5
webtiming
1
writable-files
1
yerba beuna center for the arts
1
Archive
2025
Jul
Jun
May
Jan
2024
Dec
Aug
Jun
May
Apr
Mar
Feb
2023
Nov
Oct
Sep
Aug
Jun
May
Apr
Feb
2022
Dec
Sep
Aug
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Feed
Follow @ChromiumDev
Give us feedback in our
Product Forums
.
