Will Chrome, the world's most popular browser, ever kill third-party cookies? Apple and Mozilla both killed off the user-tracking technology in 2020. Google, the world's largest advertising company, originally said it wouldn't kill third-party cookies until 2022. Then in 2021, it delayed the change until 2023. In 2022, it delayed everything again, until 2024. It's 2024 now, and guess what? Another delay. Now Google says it won't turn off third-party cookies until 2025, five years after the competition.
A new blog post cites UK regulations as the reason for the delay, saying, "We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem." The post comes as part of the quarterly reports the company is producing with the UK’s Competition and Markets Authority (CMA).
Interestingly, the UK’s CMA isn't concerned about user privacy but instead is worried about other web advertisers that compete with Google. The UK wants to make sure that Google isn't making changes to Chrome to prop up its advertising business at the expense of competitors. While other browser vendors shut down third-party cookies without a second thought, Google said it wouldn't turn off the user-tracking feature until it built an alternative advertising feature directly into Chrome, so it can track user interests to serve them relevant ads. The new advertising system, called the Topics API and "Privacy Sandbox," launched in Chrome in 2023. Google AdSense is already compatible.
Le plan de Google pour retirer les cookies tiers de son navigateur Chrome peine à se concrétiser. Présenté en 2020, il est en train de glisser en 2025.
Lancée par Île-de-France Mobilités en avril 2024, Transport Public Paris 2024 est « l'application officielle pour se déplacer pendant les Jeux olympiques ». Elle permettra notamment d'utiliser son smartphone (iPhone ou Android) pour valider son titre de transport dans le métro.
Mateusz Jurczyk, un nom qui ne vous dit peut-être rien, mais retenez-le bien, car le bonhomme est fort. Ce chercheur en sécurité bien intentionné bosse pour Google Project Zero, une équipe de choc qui traque les failles dans tous les recoins depuis des années déjà. Et pendant quasi 2 ans, de mai 2022 à décembre 2023, il s’est lancé le défi d’ausculter un des organes les plus vitaux de Windows : sa base de registre.
Pour ceux qui débarquent, le registre, c’est un peu le cerveau de Windows. Une méga base de données qui stocke tous les réglages, options et préférences du système et des applis, organisés de manière hiérarchique avec des clés, des sous-clés et des valeurs. Bref, un truc super sensible et stratégique. Si un pirate arrive à mettre ses mains là dedans, bonjour les dégâts !
Mais notre Mateusz, c’est pas le genre à se dégonfler. Armé de ses outils et de ses connaissances en reverse engineering, il a plongé dans les millions de lignes de code de ce monolithe vieux de 30 ans et croyez-moi, il a frappé fort : pas moins de 50 failles critiques déterrées, dont 39 qui permettent une élévation de privilèges ! En gros, la totale pour passer de simple clampin à admin suprême sur une machine.
La force de son taf, c’est d’avoir exploré des endroits de la base de registres que personne n’avait vu avant. Des trucs bien planqués comme la récupération des transactions avortées, le chargement de ruches extraites ou les bails de virtualisation du registre (une fonctionnalité qui permet aux vieilles applis de tourner sans broncher sur les Windows récents). Bref, un vrai boulot de fourmi avec une grosse dose de persévérance.
Et le plus flippant, c’est que la moitié de ces failles seraient plutôt faciles à exploiter notamment via des techniques de corruption de mémoire ou de cassage des garanties de sécurité comme les ACL (les listes qui contrôlent qui a le droit de faire quoi dans le registre). Pour vous donner une idée, Mateusz a même créé des exploits de démo pour deux vulnérabilités, montrant comment détourner le registre à son avantage.
Heureusement, c’est un White Hat avec un grand cœur et toutes ses trouvailles ont été balancées en temps et en heure à Microsoft via le programme de divulgation responsable de Project Zero. Les ingés de Redmond ont évidemment remédié au boxon en patchant, avec des délais moyens de correction de 80 jours. Vous pouvez donc souffler !
Mais l’histoire est loin d’être finie. Il a tellement kiffé son voyage dans les méandres du registre, qu’il prévoit d’en faire une série de posts de blog pour partager son savoir. Au menu, des analyses bien poussées des bugs, des techniques d’exploit et plein de tips pour mieux protéger nos bécanes, comme :
regedit.exe /e sauvegarde.reg
J’ai hâte de dévorer tout ça !
On Thursday, Meta unveiled early versions of its Llama 3 open-weights AI model that can be used to power text composition, code generation, or chatbots. It also announced that its Meta AI Assistant is now available on a website and is going to be integrated into its major social media apps, intensifying the company's efforts to position its products against other AI assistants like OpenAI's ChatGPT, Microsoft's Copilot, and Google's Gemini.
Like its predecessor, Llama 2, Llama 3 is notable for being a freely available, open-weights large language model (LLM) provided by a major AI company. Llama 3 technically does not quality as "open source" because that term has a specific meaning in software (as we have mentioned in other coverage), and the industry has not yet settled on terminology for AI model releases that ship either code or weights with restrictions (you can read Llama 3's license here) or that ship without providing training data. We typically call these releases "open weights" instead.
At the moment, Llama 3 is available in two parameter sizes: 8 billion (8B) and 70 billion (70B), both of which are available as free downloads through Meta's website with a sign-up. Llama 3 comes in two versions: pre-trained (basically the raw, next-token-prediction model) and instruction-tuned (fine-tuned to follow user instructions). Each has a 8,192 token context limit.
Google CEO Sundar Pichai promised more layoffs at Google this year, and the company is delivering. Business Insider was the first to report the latest cuts are to "several teams" in Google's real estate and finance departments. The report adds: "One current employee said the changes were 'pretty large-scale' and that some roles are being moved abroad."
CNBC has a copy of the memo that Google and Alphabet CFO Ruth Porat sent out to employees about the layoffs. Porat blames AI for the layoffs, saying, “The tech sector is in the midst of a tremendous platform shift with Al. As a company, this means we have the opportunity to make more helpful products for billions of users and provide faster solutions to our customers, but it also means we collectively have to make tough decisions, including how and where we work to align with our highest priority areas.” It's not clear how or if AI is actually taking over roles in real estate and finance.
Google has been making cuts across a ton of departments since 2022, when Pichai declared Google was not productive enough. There was a big set of 12,000 layoffs in January 2023, and an almost uncountable number of smaller cuts since then. Google's cuts are aligned with a massive wave of layoffs across the tech industry.
Après Stadia, Podcasts et One VPN, Google se prépare à faire le ménage dans Google Keep, son logiciel de prise de notes. L'application ne devrait pas être complètement supprimée, mais Google Tasks devrait récupérer une partie de ses fonctions.
Google Maps is making itself friendlier for electric vehicles. A couple of years ago it added the option to select different powertrain types when calculating a route—gas, hybrid, electric, and so on. Lower-energy routes with fewer hills are helpful for electric vehicles, but mostly what EV drivers on unfamiliar terrain really want to know about are the chargers: Where are they, how fast are they, and do they work? Soon, that critical information will be available to Google Maps users via a new update.
Live charger status is usually available from the onboard navigation system built into an EV. Better yet, those native nav systems invariably talk to the powertrain, so they know how much state of charge is currently in the battery and how much to expect upon arrival. Add in real-time status on chargers—how many are working, how many are available—and it's not hard to see why plenty of EV drivers stick with the built-in system.
But for some EVs, that built-in system is Google Maps, including EVs from Ford, Honda, General Motors, Volvo, Polestar, and soon even Porsche. These will be the first devices to receive the update, Google says, which will roll out globally in the coming months. After the connected cars, smartphones will be next.
[Deal du jour] Après une première Pixel Watch loin d'être parfaite, Google apporte des nouveautés bienvenues à cette seconde itération. La Pixel Watch 2 corrige les erreurs de son ainée et devient un modèle bien plus intéressant, surtout en promotion.
YouTube poursuit ses efforts pour contrer les outils bloquant les publicités. La plateforme annonce un durcissement de sa politique vis-à-vis de certaines applications tierces.
Si vous faites partie du milliard d'utilisateurs de Chrome sur PC Windows, sachez qu'une nouvelle mise à jour cruciale vient d'être publiée. Il est fortement recommandé de mettre à jour votre navigateur dès que possible.
L’article Chrome : une mise à jour urgente déployée pour contrer de graves failles de sécurité est apparu en premier sur Toms Guide.
Faille de sécurité Chrome
full
Faille de sécurité Chrome
thumbnail
Some weeks in AI news are eerily quiet, but during others, getting a grip on the week's events feels like trying to hold back the tide. This week has seen three notable large language model (LLM) releases: Google Gemini Pro 1.5 hit general availability with a free tier, OpenAI shipped a new version of GPT-4 Turbo, and Mistral released a new openly licensed LLM, Mixtral 8x22B. All three of those launches happened within 24 hours starting on Tuesday.
With the help of software engineer and independent AI researcher Simon Willison (who also wrote about this week's hectic LLM launches on his own blog), we'll briefly cover each of the three major events in roughly chronological order, then dig into some additional AI happenings this week.
(credit: Google)
On Tuesday morning Pacific time, Google announced that its Gemini 1.5 Pro model (which we first covered in February) is now available in 180-plus countries, excluding Europe, via the Gemini API in a public preview. This is Google's most powerful public LLM so far, and it's available in a free tier that permits up to 50 requests a day.
Epic Games has filed a proposed injunction that would stop Google from restricting third-party app distribution outside Google Play Store on Android devices after proving that Google had an illegal monopoly in markets for Android app distribution.
Epic is suggesting that competition on the Android mobile platform would be opened up if the court orders Google to allow third-party app stores to be distributed for six years in the Google Play Store and blocks Google from entering any agreements with device makers that would stop them from pre-loading third-party app stores. This would benefit both mobile developers and users, Epic argued in a wide-sweeping proposal that would greatly limit Google's control over the Android app ecosystem.
US District Court Judge James Donato will ultimately decide the terms of the injunction. Google has until May 3 to respond to Epic's filing.
Another day, another dead Google product. The Google One VPN service we complained about last week is headed to the chopping block. Google's support documents haven't been updated yet, but Android Authority reported on an email going out to Google One users informing them of the shutdown. 9to5Google also got confirmation of the shutdown from Google.
The Google One VPN launched in 2020 as a bonus feature for paying Google One subscribers. Google One is Google's cloud storage subscription plan that allows users to buy extra storage for Gmail, Drive, and Google Photos. In 2020, the plan was exclusive to the expensive 2TB tier for $10 a month, but later, it was brought down to all Google One tiers, including the entry-level $2-per-month option.
By our count, Google has three VPN products, though "products" might be too strong a word since they are all essentially the same thing—VPN market segments? There's the general Google One VPN for Android, iOS, Windows, and Mac—this is the one that's dying. There's also the "Pixel VPN by Google One," which came with Pixel phones (the "Google One" branding here makes no sense since you didn't have to subscribe to Google One) and the Google Fi VPN that's exclusive to Google Fi Android and iOS customers.
[Deal du jour] Les Pixel 8 et 8 Pro de Google sont des smartphones premium, proposés à des prix élevés à leur lancement, surtout le modèle Pro. Avec cette double réduction, il devient bien plus intéressant.
Pratiquement quatre ans après avoir ajouté un VPN à son abonnement Google One, l'entreprise américaine fait machine arrière. La société prévoit de stopper ce service courant 2024.
Depuis le 11 avril 2024, Google propose aux propriétaires d'un smartphone Pixel d'installer Android 15 bêta, sa future grande mise à jour qui sera dévoilée le 14 mai. Pour l'instant, le nombre de nouveautés est très limité.