Saturday, May 25, 2013

[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update

The Chrome team is happy to announce the promotion of Chrome 29 to the the Dev channel. Chrome 29.0.1516.3 is now available for Chrome Frame, Linux, and Windows (but not Windows 8). This build has a large number of bug fixes and other new items. Full details about what changes are in this build are available in the SVN revision log.

Known Issue:


Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/dev-channel-update_24.html

[Gd] Chrome Beta for Android Update

| More

Chrome Releases: Chrome Beta for Android Update

The Chrome team is excited to announce the promotion of Chrome 28 to the Beta channel. Chrome for Android 28.0.1500.21 contains a number of new improvements including:
  • Google Translate: When you come across a page written in a language that isn't in the same language as your phone or tablet, look for the translation bar
  • Fullscreen on tablets: Simply scroll the page to dismiss the toolbar
  • Support for fullscreen API 
  • New graph showing your estimated bandwidth savings when you use the experimental data compression feature
  • Mobile friendly error pages
A partial list of changes in this build is available in the SVN revision log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Jason Kersey
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/chrome-beta-for-android-update_23.html

[Gd] Stable Channel Update for Chrome OS

| More

Chrome Releases: Stable Channel Update for Chrome OS

The Stable channel has been updated to 27.0.1453.103 (Platform version: 3912.79.0) for all Chrome OS devices. This build contains a number of new features, bug fixes and security improvements. 
Machines will be receiving updates over then next several days.

Release Highlights:


  • Panel windows for chat and more
  • New Launcher positioning mode
  • Per App list of open tabs & windows
  • Horizontal three finger scrub moves between tabs
  • New folder hierarchy on file manager
  • Autocomplete in Drive search
  • Memory management optimization
  • Enhanced support for common wireless touchpads/mice
  • Updated Chrome Office Viewer extension
  • Pepper Flash updated to 11.7.700.202-r2
  • GTalk plugin updated to 3.15.2.0

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Josafat Garcia
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/stable-channel-update-for-chrome-os.html

[Gd] Beta Channel Update

| More

Chrome Releases: Beta Channel Update

The Beta channel has been updated to 28.0.1500.20 for Windows, Mac, Linux, and Chrome Frame. Full details about what changes are in this build are available in the SVN revision log.

For more information about features coming to Chrome, check out the Chrome Blog.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/beta-channel-update_23.html

[Gd] Stable Channel Update

| More

Chrome Releases: Stable Channel Update

The Stable channel has been updated to 27.0.1453.94 only for Windows. This release fixes a GPU-related crash. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/stable-channel-update.html

Friday, May 24, 2013

[Gd] News Ltd’s Traderoo Powered by Google App Engine

| More

Cloud Platform Blog: News Ltd’s Traderoo Powered by Google App Engine

(Cross-posted on the Official Google Australia Blog)



Today’s guest blogger is Joshua Lowcock, Head of Commercial Platforms and Products for News Limited, an Australian media company. Joshua describes how his company used Google App Engine in Australia.



News Limited is one of Australia’s largest media companies, spanning newspapers, magazines, online, and subscription TV. We publish over 140 online and printed newspapers in major Australian cities including Sydney, Melbourne, Brisbane, Adelaide, and Perth, as well as in suburban areas.



Classified advertising is a key revenue stream across all our markets, but traditionally booking and billing classifieds had been a manual and time-consuming process. We wanted to implement a solution that would allow customers to serve themselves by placing ads online.



Google App Engine has enabled customers to do just that. We chose Google App Engine as the application because it is easy to build, easy to maintain and simple to scale as the user base and data storage grows. Functionalities within the Google App Engine environment, such as Google BigQuery, have also been useful. We can do an in-depth analysis of our ads and item pricing, as well as provide an internal reporting tool, all using BigQuery.



The end result is a self-service, production booking and billing system - www.traderoo.com.au - which we have developed on Google App Engine. It’s proving to be a real winner for both our business and our customers. It’s fundamentally changed the way customers engage with our company, creating a more usable experience and superb responsiveness. It’s easy to use, and gives more control over ad content, as well as the ability to publish ads online immediately. Online ads are free, while print ads are optional and require a small fee, but complement online ads by extending the advertiser’s reach.



When customers book ads using the Traderoo website, they get automatic email notification from the platform that tells them how their advertisement is performing. Traderoo is optimised for PC, laptop, smartphone and tablet, so the browser and ad placement remain consistent, no matter what device our customers are using.



The real advantage for us is that our classified business has achieved faster time to market, lower costs and less overheads in the form of call centre time and manual data entry. The site has been a huge success, and we look forward to continuing to use Google App Engine as we develop Traderoo further.



-Contributed by Joshua Lowcock, Head of Commercial Platforms and Products for News Limited
URL: http://googlecloudplatform.blogspot.com/2013/05/news-ltds-traderoo-powered-by-google.html

[Gd] Rich Notifications in Chrome

| More

Chromium Blog: Rich Notifications in Chrome

App notifications send immediate alerts to users about important events as they happen. Chrome and Chrome OS already support basic web notifications, but rich notifications for Chrome packaged apps and extensions can enable users to act directly on these notifications and show rich content like lists and images. For those in beta channel, notifications now live in a center that is outside the browser, which allows them to receive notifications even when the browser is not open. Rich notifications are available in the latest beta channel builds on Windows, dev channel builds on ChromeOS, and will be coming to Mac OS X and Linux soon.

You can trigger a rich notification by calling the create method under the chrome.notifications module:

chrome.notifications.create(
 ‘id1’,{   
     type: ‘basic’,
     iconUrl: ‘image1.png’,
     title: ‘Althe Frazon’,
     message: ‘Lorem ipsum’,
     buttons: [{ title: ‘Call’,
                 iconUrl: ‘call.png’},
               { title: ‘Send Email’,
                 iconUrl: ‘email.png’}],
     priority: 0},
 function() { /* Error checking goes here */}

);


Rich notifications include full-bleed icons and space to convey a headline and short message. Additionally, they enable you to create action buttons and respond to clicks right within your app, empowering your users to do anything they could do within the app’s UI itself.

Apart from the basic notification type shown above, you can use other formats like image to show a preview of an image within the notification or list to coalesce multiple notifications from your app into a single one. For example, a mail app could show multiple unread emails within a single notification using the list type. You can also specify different priorities for notifications that determine how long they stay on the screen before moving into the notification center where they continue to live until dismissed by the app or user. 

The notification center holds all current notifications and can be pulled up at any time from the launcher on ChromeOS or the system tray on Windows. Users can view and clear all of their notifications in the center, and also access settings to control which apps, extensions and websites can send them notifications. 

Notification Center on Windows  
Notification Center on ChromeOS

You can get started with rich notifications in your app or extension by trying out the Notify Test App and taking a look at the documentation on the Chrome developer site. We’d love your feedback so feel free to ask a question on Stack Overflow, start a discussion on our mailing list, or file a bug on our issue tracker. Posted by Justin DeWitt, Software Engineer and Notifications Knight

URL: http://blog.chromium.org/2013/05/rich-notifications-in-chrome.html

[Gd] Chrome 28 Beta: A more immersive web, everywhere

| More

Chromium Blog: Chrome 28 Beta: A more immersive web, everywhere

Today’s Beta channel release introduces several new developer features and a major under-the-hood performance improvement. Unless otherwise noted, changes apply to desktop versions of Chrome and Chrome for Android. We’ll be rolling out the update over the next few hours.

Fullscreen API on Chrome for Android

The Fullscreen API on Chrome for Android allows you to programmatically hide the browser UI and OS status bar. Just like on desktop, you can tell any piece of content to enter fullscreen mode by calling its webkitRequestFullScreen() function. The prefixed version will eventually be replaced by requestFullscreen(). Here you can see the Fullscreen API used in a zombie-inspired Chrome Experiment:


Faster page loads

Starting in today’s Beta, your apps get a free speed boost from Blink’s new threaded HTML parser. It has two under-the-hood performance benefits: (1) reduced jankiness by moving work off the main JavaScript thread, and (2) improved page loading speed through pipelining. Compared to the normal HTML parser, it loads DOM content about 10% faster and reduces the maximum stop time due to parsing by 40%.

Experimental new media features in Chrome for Android

In today's Beta, WebGL joins Web Audio and WebRTC as an option in about:flags in Chrome for Android. Used together or independently, these three features will allow you to create rich, powerful web experiences that work across device form factors. We’re still actively improving the implementations, but we invite you to start experimenting. To see them in action, watch the mobile web demo in the Google I/O 2013 keynote.

Deprecated features

The prefixed version of the Content Security Policy HTTP header is now deprecated, so please use Content-Security-Policy instead of X-WebKit-CSP. The prefixed version will still work for now, but future releases may not support it.

For Chrome Extensions, HTML-based notifications have been deprecated in favor of the new Rich Notifications Chrome API. Extensions developers who are using HTML notifications in their apps or extensions should migrate to the newer Rich Notifications API, as support for the existing createHTMLNotification() feature will stop working in a future release of Chrome.

Other developer features in this release
Visit chromestatus.com for a complete overview of Chrome’s developer features, and circle +Google Chrome Developers for more frequent updates.

For general information about what’s going on in Chromium and Blink, watch the recordings of the fireside chats with the Blink team and the Chrome team at Google I/O 2013.

Posted by Alexandre Elias, Software Engineer and Screen Space Conservationist
URL: http://blog.chromium.org/2013/05/chrome-28-beta-more-immersive-web.html

Thursday, May 23, 2013

[Gd] Adobe Typekit improves the Rosario typeface family

| More

Google Fonts Blog: Adobe Typekit improves the Rosario typeface family

Since 2010, Google Fonts been collaborating with the Adobe Typekit team to create better web font technology. And now that many fonts first published by Google Fonts are also available in Adobe Edge Web Fonts, we’re extending that collaboration beyond just software to fonts themselves.

Together with Adobe, we want to improve the quality of open source fonts available to everyone publishing on the web. As a first step, the Typekit team has optimized Rosario, a humanist sans serif based on the classic proportions of Garamond’s type.

To start the process, Typekit reached out to the foundry, Omnibus Type, to request up to date copies of the font source files. Here are some examples of the possible optimizations that the Adobe team might make to a web font:

  • Convert and/or clean up outlines, for design fidelity and file size efficiency
  • Re-componentize source fonts, for file size efficiency
  • Remove/reassign glyphs with incorrect Unicode code points, for semantic value
  • Add common missing glyphs (non-breaking space, soft hyphen)
  • Set vertical metrics values according to best practices
  • Set underline and strike-through values, for design consistency
  • Contribute PostScript hints and (if a typeface was designed for small sizes like paragraph text) TrueType instructions (also called hinting), which consist of instructions to the rasterizer embedded in the font file itself

After making some of these improvements, Typekit sent their version back to the foundry to review and release on the Omnibus Type homepage. The updated Rosario family is now available in Typekit, Adobe Edge Web Fonts and Google Fonts.

Together with the Typekit team, we’re looking forward to more quality improvements in the future!

Posted by Dave Crossland, Font Consultant

URL: http://googlewebfonts.blogspot.com/2013/05/typekit-improves-rosario.html

[Gd] Reducing Google App Engine High Replication Datastore prices by up to 25%

| More

Cloud Platform Blog: Reducing Google App Engine High Replication Datastore prices by up to 25%

Since its inception in 2011, Google App Engines High Replication Datastore (HRD) has grown and currently processes over 4.5 trillion transactions per month with 99.95% uptime. In addition, HRD serves as the basis of Cloud Datastore, that we announced last week at Google I/O.



We are always evaluating opportunities to create more value for you and today we are reducing Datastore prices by up to 25%. This price change impacts both App Engines HRD and Cloud Datastore.



Below is a breakdown of the new pricing:



Storage




ResourceOld Unit CostNew Unit Cost
Stored Data (Datastore)$0.24 / GB / Month$0.18 / GB / Month


Operations






Operation Old Cost New Cost
Write $0.10 per 100k operations $0.09 per 100k operations
Read $0.07 per 100k operations $0.06 per 100k operations
Small $0.01 per 100k operations unchanged


If you are unfamiliar with Datastore you can learn more about App Engine HRD and Cloud Datastore.



- Posted by Peter Magnusson, Engineering Director
URL: http://googlecloudplatform.blogspot.com/2013/05/reducing-app-engine-datastore-pricing-by-up-to-25-percent.html

[Gd] GDC’13: Learn how to build games on Google Cloud Platform

| More

Cloud Platform Blog: GDC’13: Learn how to build games on Google Cloud Platform

At the Game Developers Conference last month, we held a day of sessions showing developers how to take advantage of Google Cloud Platform to build all kinds of different games. We invited some of our top developers to share their stories and best practices, including LeanPlum, who is building a powerful mobile optimization platform, EA, who is building some really amazing games, and Staq, who is creating a unique game management platform. Check out the videos of the sessions below and let us know what you think.



Intro to Google Cloud Platform - PaaS, IaaS, Storage, Analytics (48:18 min)



Google Cloud Platform has everything needed to build highly scalable applications.  Launch an app without system administrators, while having the ultimate flexibility of root on a virtual machine.  Get high performance asset hosting, and analyze terabyte-sized data to optimize games.









Connect Mobile Apps to the Cloud Without Breaking a Sweat (43:50 min)



Google Cloud Endpoints makes it easy to build OAuth 2-protected, RESTful APIs and instantly generate client libraries for Android, iOS, and JavaScript. See how you can use this feature to trivially connect your Android, iOS, and mobile browser applications to powerful backends built on App Engine.









Create Amazingly Scalable Games on Google Cloud Platform (40:35 min)



Quickly deliver compelling game experiences by leveraging the scalability of Google App Engine combined with the unlimited flexibility of virtual machines on Google Compute Engine. From 1 to 100,000 cores, learn how to unleash your next great game on Google Cloud Platform.









Understanding Your Players Using Near Real-time Data Analytics (41:20 min)



The volume of data generated by games can be immense and the insights one can derive from them invaluable. Learn how to analyze player behavior, virality, segment users, and understand retention in near real-time using //staq and Google BigQuery.











How EA Builds Mobile Game Servers on Google App Engine (44:23 min)



Electronic Arts presents an overview of how Google App Engine propels the production of back-end servers required for connected, social games on mobile, with real-world applications of the platform's services and built-in automatic scaling.











- Posted by Ryan Boyd, Developer Advocate
URL: http://googlecloudplatform.blogspot.com/2013/05/gdc-13-learn-how-to-build-games-on-google-cloud-platform.html

[Gd] Admin Console Update

| More

Chrome Releases: Admin Console Update


The Admin console has been updated. This update expands automatic enrollment to all devices, as long as the device is already listed in the Admin console device list.

Known issues are available here. Enterprise customers can report an issue by contacting support.

Lawrence Lui
Google Chrome

URL: http://googlechromereleases.blogspot.com/2013/05/admin-console-update.html

Wednesday, May 22, 2013

[Gd] Dev Channel Update for Chrome OS

| More

Chrome Releases: Dev Channel Update for Chrome OS

The Dev channel has been updated to 28.0.1500.20 (Platform versions: 4100.17.0) for all platforms except Google Chromebook Pixel. This build contains a number of stability improvements.

Release Highlights:

  • Fixed several audio level issues (240455, 239128)
  • Creation of recovery images using imageburner is now fixed (239330)
  • Fixed layout issues with File Manager (239155238702)

Known Issues:
  • On Acer C7 Chromebooks, docked mode has been disabled when connecting to an external monitor.
  • Users connecting via slower 3G connections may be unable to login when creating a new user. Workaround: login as guest or as an existing user. (239139)
  • Logging in via a captive portal access point does not show a login screen. Workaround: Connect to a different network or login as guest. (237214)
If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Danielle Drew
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/dev-channel-update-for-chrome-os_22.html

[Gd] Chrome for Android Update

| More

Chrome Releases: Chrome for Android Update

The Chrome team is excited to announce the promotion of Chrome 27 to the Stable channel. Chrome for Android 27.0.1453.90 contains a number of improvments including:
  • Fullscreen on phones - Scroll down the page and the toolbar will disappear.
  • Simpler searching - Searching from the omnibox will keep your search query visible in the omnibox, making it easier to edit, and show more on your search result page.
  • Client-side certificate support - You can now access sites that require you to use a certificate and Chrome will allow you to select an installed certificate
  • Tab history on tablets - Long press the browser back button to view your tab history
  • And a ton of stability and performance fixes
A partial list of changes in this build is available in the SVN revision log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Jason Kersey
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/chrome-for-android-update.html

[Gd] How Scalr helped grandcentrix build the Eurovision app to support 125 million viewers

| More

Cloud Platform Blog: How Scalr helped grandcentrix build the Eurovision app to support 125 million viewers

Today’s guest post is from Thomas Orozco, Solutions Engineer at Scalr, which provides cloud management services and integrates with Google Cloud Platform. Thomas shares Scalr’s experience working with another Google partner, grandcentrix, to deliver the Eurovision companion app.



Eurovision is a song contest where each European country sends one singer to compete in a televised competition (similar to American Idol for our American readers). It is the one of the most watched non-sporting TV events in the world, with an estimated 125 million live viewers every year!





This year, Eurovision created a second screen application that included singer biographies, real-time updates, contest voting and results. The “smartmrs” backend for the Eurovision companion app, developed by grandcentrix, was powered by Google Cloud Platform. grandcentrix leveraged Google Compute Engine for VMs and used our product at Scalr for orchestration.



Capacity planning without a target

Initially, Eurovision didn’t know how much traffic its companion app would receive, so they decided to work with Scalr and Compute Engine because of its flexibility. grandcentrix needed infrastructure that could scale up and down quickly, with instances that would instantly start serving user requests. Without knowing expected traffic levels, the objective was to take the backend service to a point where it could scale horizontally - that is, where adding twice the capacity would result in twice the throughput.



We had the following components running on Google Compute Engine:

  • Nginx as a load balancer

  • Apache running the app’s PHP code

  • Redis as a datastore for most queries

  • MySQL as a datastore for relationally heavy queries



Scalr was used as a control panel to launch instances and orchestrate the pieces together through automated configuration and DNS management.



How Compute Engine helped us get there

The network

Google Compute Engine has a high performance network - packets move consistently and quickly. To take full advantage of this we went for Compute Engine’s largest compute offering and tuned our network settings a bit to accommodate more connections (think net.ipv4.tcp_tw_reuse, net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait, and net.nf_conntrack_max, among others).



The elasticity, provisioning times, and billing

During the first Eurovision semifinal voting phase, traffic went up by a factor of 5. We were able to quickly spin up extra capacity in just a few minutes and handle the traffic that we were receiving.



During the finals, we were extra careful and decided to spin up 2x capacity just before the voting. We kept those instances up for 30 minutes, and shut them down as soon as the voting phase ended. Compute Engine’s sub hour billing was greatly appreciated by the grandcentrix team and saved them approximately 50% of what it would have cost on other providers.



The (complete) flexibility

Google Compute Engine gives us full access to the instances, so we can understand what’s happening under the hood and optimize it. Here’s an example: DNS resolution.



Here, we connected to the DB instances by pointing the app to a Scalr-managed hostname that lists their IP addresses and gets updated when we add or remove DB servers.



Having low-level (socket) access let us understand the need for and implement randomization logic to distribute traffic evenly across our database servers and get consistent performance throughout the show.



Ready for showtime!

In the end, the infrastructure was ready for the Eurovision finals on Saturday. Google Cloud Platform, grandcentrix and Scalr were able to deliver 50,000 RPS, with 99% of the requests completed within 35ms at the app server layer.



The traffic was higher than expected when voting started, but significantly lower than expected during the results phase (turns out people watch a TV show on TV!), and grandcentrix was able to shut down a large part of the cluster to save on cost and take advantage of Compute Engine’s sub-hour billing!



In the end, Google Cloud Platform provided the technology, pricing, and robustness that grandcentrix and Scalr needed to deliver a high performance solution for Eurovision.



- Contributed by Thomas Orozco, Solutions Engineer, Scalr



- Posted by Brian Goldfarb, Head of Marketing
URL: http://googlecloudplatform.blogspot.com/2013/05/how-scalr-helped-scale-eurovision-with-compute-engine.html

[Gd] Transitioning to Google Wallet Merchant Center

| More

Android Developers Blog: Transitioning to Google Wallet Merchant Center

Posted by Mark Thomas, Product Manager, Google Wallet


A key focus of Google Wallet is to simplify commerce for merchants and shoppers; for over a year now, consumers on Google Play have been using Wallet to make their purchases, to the benefit of the entire ecosystem. Helping merchants benefit from the growing consumer adoption of mobile commerce is where we believe we can make the most impact. And that’s why today we're focusing our efforts on the new Google Wallet Merchant Center and retiring Google Checkout over the next six months.



Most Google Play apps developers will seamlessly transition to the Wallet Merchant Center, which provides new reporting and analytics features and much more. A small number of Google Play developers, however, will see some changes:




  • Developers using Google Checkout on their website to sell physical goods or services will no longer be able to use Checkout after November 20, 2013. We have provided some discounted migration options to help with this change. If you are a U.S. merchant selling physical goods and services who does have payment processing, you can apply for Google Wallet Instant Buy, which offers a fast buying experience to Google Wallet shoppers.

  • Developers who use the Google Checkout for the Notifications and/or Order Reports API(s) will need to migrate to replacement APIs, made available through Google Play, before November 20, 2013. Watch for announcements on the new APIs soon.



If you sell apps or in-app products in Google Play, you’ll soon have access to the new Wallet Merchant Center. Watch for an email notifying you that that it’s now available to you. We expect to transition all merchants to the Wallet Merchant Center over the next several weeks.



We invite you to join us for our live merchant webinar on May 23, 2013 at 10AM PDT to learn more and ask any outstanding questions. As always, feel free to contact us at any time during this transition. Finally, be sure to check out the exciting updates launched last week at Google I/O (including Instant Buy and Wallet Objects) and stay tuned for more great developer features coming soon!

URL: http://android-developers.blogspot.com/2013/05/transitioning-to-google-wallet-merchant.html

Tuesday, May 21, 2013

[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update

The Dev channel has been updated to 28.0.1500.20 for Chrome Frame, Mac, Linux, and Windows

This build addresses some known regressions and stability issues. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how.

If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/05/dev-channel-update_21.html

[Gd] Stable Channel Release

| More

Chrome Releases: Stable Channel Release

The Chrome team is excited to announce the promotion of Chrome 27 to the Stable Channel. Chrome 27.0.1453.93 for Windows, Mac, Linux, and Chrome Frame contains number of new items including:
    Security fixes and rewards:
    Please see the Chromium security page for more information. (Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.)


    This automatic update includes security fixes. We’d like to highlight the following fixes for various reasons (crediting external researchers, issuing rewards, or highlighting particularly interesting issues):


    • [$1000] [235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek.
    • [$500] [235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler.
    • [$1500] [230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity.
    • [$1000] [230117] High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity.
    • [$1000] [227350] High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva.
    • [$2000] [226696] High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux.
    • [$1000] [222000] High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani.
    • [$1000] [196393] High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul).
    • [$3133.7] [188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG.
    • [$1000] [177620] High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva.
    • [$1000] [176692] High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne.
    • [$500] [176137] Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov.
    • [171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich.


    In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:

    • [241595] High CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives.


    Many of the above bugs were detected using AddressSanitizer.


    This build also contains a new Adobe Flash build. You can find more information here.

    Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

    Karen Grunberg
    Google Chrome
    URL: http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html

    [Gd] Beta Channel Update for Chrome OS

    | More

    Chrome Releases: Beta Channel Update for Chrome OS

    The Beta channel has been updated to 27.0.1453.103 (Platform version: 3912.79.0) for all Chrome OS devices. This build contains a number of bug fixes and stability improvements.

    Release Highlights:
    • Pepper Flash updated to 11.7.700.202
    • Stability Fixes

    If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

    Josafat Garcia
    Google Chrome
    URL: http://googlechromereleases.blogspot.com/2013/05/beta-channel-update-for-chrome-os_20.html

    [Gd] Beta Channel Update

    | More

    Chrome Releases: Beta Channel Update


    The Beta channel has been updated to 27.0.1453.93 for Windows, Mac, Linux, and Chrome Frame. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

    Karen Grunberg
    Google Chrome
    URL: http://googlechromereleases.blogspot.com/2013/05/beta-channel-update_20.html

    [Gd] Testing Chromium: SyzyASAN, a lightweight heap error detector

    | More

    Chromium Blog: Testing Chromium: SyzyASAN, a lightweight heap error detector

    AddressSanitizer (ASAN) is a tool for finding memory problems and has been used to find thousands of memory errors in Chromium over the last two years. These kinds of errors will typically lead to heap or data corruption and subsequent crashes in random, unrelated code, which make them quite challenging to find and fix without tools like ASAN. However, ASAN is built using LLVM/Clang and is limited to Mac and Linux builds of Chromium. To address the lack of coverage for Windows-only code, we built SyzyASAN.

    SyzyASAN is built on top of the Syzygy toolchain and is an instrumentation-based clone of ASAN for detecting heap errors. It consists of three parts:
    • An instrumenter that injects instrumentation into binaries produced by the Microsoft Visual Studio toolchain.
    • A run-time library that replaces malloc, free, et al.
    • An RPC-based logging server that receives information about detected errors. This lets us get information safely out of sandboxed processes, like Chromium’s renderer.
    SyzyASAN operates nearly identically to ASAN, finding errors in the same manner and producing similar reports. SyzyASAN finds some of the hardest-to-locate memory bugs like use-after-free, buffer overruns, and underruns. Focusing on very common memory errors allows SyzyASAN to be relatively efficient.

    Although Chrome with SyzyASAN is very usable, the penalties in speed - 4.7x on CPU intensive operations - and memory - a 25% increase plus a fixed 256MB increase in each process - are noticeable so we’ll confine these releases to our Canary channel for now. We’ve been releasing SyzyASAN-instrumented builds to the Windows Canary channel one day each week recently. One day with a little slowdown on the Canary channel gives us plenty of great data. In the last three weeks, we’ve found 150 new bugs in Chromium, several of which could lead to security vulnerabilities.

    We’ve put together some instructions for instrumenting your local build and debugging issues. Try it out and help us squash more memory bugs. The Syzygy source code and binaries can be downloaded from our code site, and instructions for how to use it are on our wiki. If you have any questions, suggestions or contributions, feel free to contact syzygy-team@chromium.org. If you’re using Syzygy or SyzyASAN with your project we’d love to hear about it!

    Posted by Chris Hamilton, Sanitation Engineer
    URL: http://blog.chromium.org/2013/05/testing-chromium-syzyasan-lightweight.html

    Sunday, May 19, 2013

    [Gd] Chrome Beta for Android

    | More

    Chrome Releases: Chrome Beta for Android

    Chrome Beta for Android has been updated to 27.0.1453.90. This release contains a few new fixes including:
    • 237253: Changing device orientation when trying to use 'Paste' on phone, makes the page unresponsive
    • 237256: Half white background in tab-switcher
    • 241237: "Google: <url>" displayed in the omnibox for yellow padlock URLs
    • 237115: Dark overlay displayed after switching tabs
    • Fix for some top crashes
    A partial list of changes in this build is available in the SVN revision log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

    Jason Kersey
    Google Chrome
    URL: http://googlechromereleases.blogspot.com/2013/05/chrome-beta-for-android_19.html

    [Gd] Google I/O 2013: For the developers

    | More

    Google Developers Blog: Google I/O 2013: For the developers

    Author PhotoBy Scott Knaster, Google Developers Blog Editor


    “Google I/O is an annual developer conference featuring highly technical, in-depth sessions, and showcasing the latest from Google's product teams and partners.”
       – official description


    Google I/O 2013 has just ended, and even more than usual, this one was for you, our developers. This year, we focused on providing new tools and services you’ve been asking for, plus a few surprises that we hope inspired and delighted you.



    Although we put developer announcements first this year, we didn’t skimp on the cool stuff for everyone: we refreshed the look of the Google+ stream, launched expanded Hangouts, totally revamped Google+ photos, announced Google Play Music All Access, showed off conversational search, and demoed some amazing Chrome Experiments.

    Of course, Google I/O isn’t just about announcements. It’s our chance to share what’s new with you in those highly technical, in-depth sessions and for you to meet and interact with our engineers and other Googlers, in person and via the Internet. Once again this year, all sessions were recorded and are being posted to Google Developers Live (GDL) for you to peruse whenever it’s convenient for you.

    We love putting on Google I/O, and that’s one reason we created GDL. With GDL, we don’t have to pack all our presentations into a 3-day conference. You’ll find new programs on GDL every week, from the same people who present at Google I/O. Just like during I/O, you can watch live or see recordings whenever you want. You can subscribe to the Google Developers channel on YouTube to be notified when new programs are posted.

    Whether you came to San Francisco, participated in I/O Extended, or watched our live streams, we thank you for your attention and dedication. Here’s to Google I/O 2014!

    URL: http://googledevelopers.blogspot.com/2013/05/google-io-2013-for-developers.html