Enlarge / Mozilla's current logo for Firefox. (credit: Mozilla )

Companies like Google, Mozilla, and Microsoft have versions of their web browsers on Apple's iOS and iPadOS App Stores, but these versions come with a big caveat: The App Store rules require them to use Safari's WebKit rendering engine rather than the engines those browsers use in other operating systems.

But that could be changing. According to The Register, Google and Mozilla have recently been spotted working on versions of Chromium and Firefox that use their normal Blink and Gecko rendering engines, respectively.

Apple hasn't announced any rule changes. The correlated activity from Google and Mozilla could suggest that they're expecting Apple to drop its restrictions on third-party browser engines in the near future, or the companies could simply be hedging their bets. Regulatory pressure from multiple governments is pushing Apple in the direction of loosening many of its App Store restrictions, including (begrudgingly) accepting third-party payment services and sideloading of apps and third-party app stores .

Enlarge (credit: Getty Images )

Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender.

Variston IT bills itself as a provider of tailor-made Information security solutions, including technology for embedded SCADA (supervisory control and data acquisition) and Internet of Things integrators, custom security patches for proprietary systems, tools for data discovery, security training, and the development of secure protocols for embedded devices. According to a report from Google’s Threat Analysis Group, Variston sells another product not mentioned on its website: software frameworks that provide everything a customer needs to surreptitiously install malware on devices they want to spy on.

Researchers Clement Lecigne and Benoit Sevens said the exploit frameworks were used to exploit n-day vulnerabilities, which are those that have been patched recently enough that some targets haven't yet installed them. Evidence suggests, they added, that the frameworks were also used when the vulnerabilities were zero-days. The researchers are disclosing their findings in an attempt to disrupt the market for spyware, which they said is booming and poses a threat to various groups.

• 

  Pick a wallpaper, and Chrome will automatically color the browser to match. [credit: Ron Amadeo ]

It looks like the beginning of Google's color-changing "Material You" design language is finally coming to Chrome, at least in the canary builds. Redditor Leopeva64-2 spotted new flags in the latest nightly builds that will automatically recolor the Chrome UI based on what wallpaper you pick, just like Android.

If you want to try this yourself right now, you'll need to grab yourself a copy of Chrome Canary and turn on two flags (paste these into the address bar): "chrome://flags/#customize-chrome-color-extraction," and "chrome://flags/#ntp-comprehensive-theming." Once those are turned on, picking a Chrome wallpaper from the "customize" button in the bottom right of the new tab page will also change the color of the tab bar. One more flag at "chrome://flags/#ntp-comprehensive-theming" will also apply these colors to the new tab page search bar.

Material You launched in 2021 with Android 12 . In addition to a new set of guidelines for the sizes and shapes of UI components, Material You also came with an automatic color system. Android can automatically snatch colors from your wallpaper and apply that to the UI, with lots of algorithm magic to ensure zero contrast problems. It works great if you're into a colorful UI, and it gives Android a unique look.

Enlarge / Please don't do this. (credit: Getty Images)

Big Tech wants to kill the password, with "Passkeys" being the hot, new password replacement standard on the block. Passkeys are backed by Google, Apple, Microsoft, and the FIDO Alliance, so expect to see them everywhere soon. iOS picked up the standard in version 16, and now Google is launching passkey betas on Chrome and Android.

The passkey argument is that passwords are old and insecure. Computer passwords were originally conceived as an easy-to-remember secret for humans to type into a text box. As the need for greater security arose, password managers arrived, making it easy to save and recall your passwords. Now, instead of some human-memorable phrase, the ideal way to use a password is to have a computer generate some wild string of characters and never reuse that password anywhere else. The password manager revolution is all a hack, though, built on top of that original text box. We don't really need the text box anymore, and that's where the Passkey standard comes in.

The Passkey standard just trades cryptographic keys with the website directly. There's no need for a human to tell a password manager to generate, store, and recall a secret—that will all happen automatically, with way better secrets than what the old text box supported, and with uniqueness enforced. The downside is that, while every browser in the world supports showing that old text box, passkey support will need to be added to every web browser, every password manager, and every website. It's going to be a long journey.