Hi everyone! We've just released Chrome Dev 103 (103.0.5060.13) for Android. It's now available on Google Play.
You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.
If you find a new issue, please let us know by filing a bug.
Krishna Govind
Google Chrome
The Dev channel has been updated to 103.0.5060.13 for Windows, Mac and Linux.
A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Prudhvikumar Bommana
Posted by Monika Janota
How do we empower women in tech and equip them with the skills to help them become true leaders? One way is learning from others' successes and failures. Web GDEs—Debbie O'Brien, Julia Miocene, and Glafira Zhur—discuss the value of one to one mentoring and the impact it has made on their own professional and personal development.
A 2019 study showed that only 25% of keynote speakers at tech events are women, meanwhile 70% of female speakers mentioned being the only woman on a conference panel. One way of changing that is by running programs and workshops with the aim of empowering women and providing them with the relevant soft skills training, including public speaking, content creation, and leadership. Among such programs are the Women Developer Academy (WDA) and the Road to GDE, both run by Google's developer communities.
With more than 1000 graduates around the world, WDA is a program run by Women Techmakers for professional IT practitioners. To equip women in tech with speaking and presentation skills, along with confidence and courage, training sessions, workshops, and mentoring meetings are organized. Road to GDE, on the other hand, is a three-month mentoring program created to support people from historically underrepresented groups in tech on their path to becoming experts. What makes both programs special is the fact that they're based on a unique connection between mentor and mentee, direct knowledge sharing, and an individualized approach.
Julia Miocene
Some Web GDE community members have had a chance to be part of the mentoring programs for women as both mentors and mentees. Frontend developers Julia Miocene and Glafira Zhur are relatively new to the GDE program. They became Google Developers Experts in October 2021 and January 2022 respectively, after graduating from the first edition of both the Women Developer Academy and the Road to GDE; whilst Debbie O'Brien has been a member of the community and an active mentor for both programs for several years. They have all shared their experiences with the programs in order to encourage other women in tech to believe in themselves, take a chance, and to become true leaders.
Although all three share an interest in frontend development, each has followed a very different path. Glafira Zhur, now a team leader with 12 years of professional experience, originally planned to become a musician, but decided to follow her other passion instead. A technology fan thanks to her father, she was able to reinstall Windows at the age of 11. Julia Miocene, after more than ten years in product design, was really passionate about CSS. She became a GDE because she wanted to work with Chrome and DevTools. Debbie is a Developer Advocate working in the frontend area, with a strong passion for user experience and performance. For her, mentoring is a way of giving back to the community, helping other people achieve their dreams, and become the programmers they want to be. At one point while learning JavaScript, she was so discouraged she wanted to give it up, but her mentor convinced her she could be successful. Now she's returning the favor.
Debbie O'Brien
As GDEs, Debbie, Glafira, and Julia all mention that the most valuable part of becoming experts is the chance to meet people with similar interests in technology, to network, and to provide early feedback for the web team. Mentoring, on the other hand, enables them to create, it boosts their confidence and empowers them to share their skills and knowledge—regardless of whether they're a mentor or a mentee.
A huge part of being a mentee in Google's programs is learning how to share knowledge with other developers and help them in the most effective way. Many WDA and Road to GDE participants become mentors themselves. According to Julia, it's important to remember that a mentor is not a teacher—they are much more. The aim of mentoring, she says, is to create something together, whether it's an idea, a lasting connection, a piece of knowledge, or a plan for the future.
Glafira mentioned that she learned to perceive social media in a new way—as a hub for sharing knowledge, no matter how small the piece of advice might seem. It's because, she says, even the shortest Tweet may help someone who's stuck on a technical issue that they might not be able to resolve without such content being available online. Every piece of knowledge is valuable. Glafira adds that, "Social media is now my tool, I can use it to inspire people, invite them to join the activities I organize. It's not only about sharing rough knowledge, but also my energy."
Working with mentors who have successfully built an audience for their own channels allows the participants to learn more about the technical aspects of content creation—how to choose topics that might be interesting for readers, set up the lighting in the studio, or prepare an engaging conference speech.
From the other side of the mentor—mentee relationship, Debbie O'Brien says the best thing about mentoring is seeing the mentees grow and succeed: "We see in them something they can't see in themselves, we believe in them, and help guide them to achieve their goals. The funny thing is that sometimes the advice we give them is also useful for ourselves, so as mentors we end up learning a lot from the experience too."
Glafira Zhur
Both Glafira and Julia state that they're willing to mentor other women on their way to success. Asked what is the most important learning from a mentorship program, they mention confidence—believing in yourself is something they want for every female developer out there.
Both Glafira and Julia mentioned that during the programs they met many inspiring people from their local developer communities. Being able to ask others for help, share insights and doubts, and get feedback was a valuable lesson for both women.
Mentors may become role models for the programs' participants. Julia mentioned how important it was for her to see someone else succeed and follow in their footsteps, to map out exactly where you want to be professionally, and how you can get there. This means learning not just from someone else's failures, but also from their victories and achievements.
Networking within the developer community is also a great opportunity to grow your audience by visiting other contributors' podcasts and YouTube channels. Glafira recalls that during the Academy, she received multiple invites and had an opportunity to share her knowledge on different channels.
Overall, what's even more important than growing your audience is finding your own voice. As Debbie states: "We need more women speaking at conferences, sharing knowledge online, and being part of the community. So I encourage you all to be brave and follow your dreams. I believe in you, so now it's time to start believing in yourself."
Building for everyone requires vision, and constant revision. Every product we create requires continually trying new things, examining data and learning from both our successes and failures to do better every day. Our work on Diversity, Equity and Inclusion (DEI) is no different. Google first published its Diversity Annual Report in 2014 and since then we’ve built on what we’ve learned to increasingly make Google a place that is truly for everyone. Last year, for the first time, the data in the report was broken down across Google’s business regions. With this year’s report we now have the opportunity to report on progress for the business region that encompasses Europe, the Middle East and Africa which we call EMEA.
I’ve led Google’s DEI programs in EMEA since 2019. I’m often asked what DEI looks like in such a diverse region. How can one approach work from Paris to Lagos and from Milan to Tel Aviv? It’s not simple, but we are committed to finding ways to make progress. Each country has different rules governing what data we can collect and what policies are permissible. Our DEI data isn’t perfect, but it’s essential for us to measure our progress as it helps keep us honest about where we are at and where we want to be.
The data shows that we have increased the overall representation of women in our workforce from 32.7% to 33.8%. That might sound small, but in an organization the size of Google in EMEA (over 25,000 employees and interns) this represents a significant shift.
We continue to make progress in the hiring of women in EMEA with an overall increase of 14%. Specifically, women made up 28% of our tech hires, 49.2% of our non-tech hires and 47.1% of our Leadership hires. This is an increase year on year of 27% for non-tech and 64% for leadership hires with tech hires staying the same.
Our focus on increasing representation of women in leadership roles across EMEA is showing promising results. We saw a significant gain of 10% in the representation of women in leadership roles which now stands at 29.7%. It’s good to see progress, but there is more to do here.
We know efforts to develop talent from under-represented groups need to start early. We have amplified our efforts to support gender equity in a number of countries in Africa, sponsoring and providing content for the Our Girls, Our Future conference for young women interested in the tech industry. Across Sub-Saharan Africa, we partnered with the Graca Machel Trust to provide digital skills training for more than 5,000 women entrepreneurs.
We also grew Mind the Gap, an initiative we started in Israel in 2008 that encourages women and girls to pursue STEM careers. Mind the Gap transitioned to a virtual platform at the beginning of the pandemic. In 2021, the program reached more than 60,000 students in Israel and expanded to Romania and Ghana.
Last year, for the first time, we were able to report race data for our business region in the Diversity Annual Report, thanks to almost three quarters of Googlers in EMEA voluntarily providing this information.
We see White+* continue to account for the highest representation in EMEA (78.1% versus 80.4% last year). Representation of Asian+* Googlers shows the largest increase (from 10.9% to 12.1%), followed by MENA+* (from 7.3% to 7.8%), Black+* (from 2.8% to 3.2%), Latinx+ (from 3.8% to 3.9%) and Indigenous+ (no change at 0.3%).
Where we need to make better progress is in the speed at which things are changing. For example, there has been an increase in representation of MENA+ leaders (from 4.5% to 5.8%) and an increase in representation of Black+ leaders (from 3.3% to 3.8%) across EMEA - but we need to see more progress here. And representation for all racial categories except Black+ and White+ are lower in leadership than in the overall population.
Growing leadership is one of the key planks of our racial equity plans in EMEA. Here’s how we’re focusing our efforts:
It’s not just about supporting racial equity in our workforce — it’s also important to support the wider community. Black founders in EMEA received $63 million in ‘follow-on’ funding after they participated in our Black Founders Fund, with 95% of participants reporting a positive impact on their startup’s ability to fundraise. We announced a second fund earlier this year.
Our recruiting teams and local HR teams work closely with our Disability Alliance group to progress our commitments to communities with disabilities, ensuring that our hiring process is accessible and our culture and managers are prepared to support and lead Googlers with disabilities.
Our talent engagement team in EMEA hosted its first ever Disability Conference (DisCo for short) for nearly 2000 students, new graduates and industry professionals with disabilities. The conference created a space for people with disabilities and allies to connect and engage with each other and Google.
We’re also fostering new connections with disability communities around the globe. Last year, our London, Dublin, Munich, Zurich, Wroclaw and Nairobi offices celebrated #PurpleLightUp, a global campaign that celebrates every employee with a disability around the world. Leaders from each office also held conversations with our employee resource group (ERG) for Googlers with disabilities.
We have incredibly active Pride and Trans employee resource groups at Google. These groups play a critical role in promoting belonging and inclusion within the LGBTQ+ community - from creating thoughtful programming for Trans Awareness week to leading Pride events activations across 26 countries, from Poland to South Africa.
Google is also a founding member of We Are Open, an alliance of businesses and other organizations in Hungary that promotes diversity and inclusion at the workplace, focusing on LGBTQ+ inclusion. In line with Google’s vision to be helpful for all, including our LGBTQ+ communities and its allies, we were excited to partner with Open for Business in creating a report on LGBTQ+ inclusion in Central and Eastern Europe that was released last year.
In addition, to aid small business recovery during the pandemic, we launched a global campaign to help support and celebrate LGBTQ+ friendly spaces - from a LGBTQ+ bookstore in Sweden, to Rainbow Square in Copenhagen. Google also officially supported the Ja Für Alle campaign in the referendum for Equal Marriage rights in Switzerland.
It’s up to every one of us to contribute to building a more inclusive, equitable, and representative workplace, region and world where everyone feels they belong. We have a responsibility to relentlessly represent and support the rich diversity of talent in our region and to make Google a place where everyone can thrive. This work is not a one-off effort. It requires thoughtful and committed, ongoing systemic action. Only by committing to doing this work together can we make meaningful and long lasting change.
If you’d like to find out more, please take a look at this year’s Diversity Annual Report.
To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.
This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021, and details campaigns targeting Android users with five distinct 0-day vulnerabilities:
We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below. Consistent with findings from CitizenLab, we assess government-backed actors purchasing these exploits are located (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.
The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem. Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.
Seven of the nine 0-days TAG discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.
All three campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. The campaigns were limited — in each case, we assess the number of targets was in the tens of users. Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website. If the link was not active, the user was redirected directly to a legitimate website. We've seen this technique used against journalists and other unidentified targets, and alerted those users when possible.
We assess that these campaigns delivered ALIEN, a simple Android malware in charge of loading PREDATOR, an Android implant described by CitizenLab in December 2021. ALIEN lives inside multiple privileged processes and receives commands from PREDATOR over IPC. These commands include recording audio, adding CA certificates, and hiding apps.
The first campaign, detected in August 2021, used Chrome on a Samsung Galaxy S21 and the web server immediately replied with a HTTP redirect (302) pointing to the following intent URL. This URL abused a logic flaw and forced Chrome to load another URL in the Samsung Browser without user interaction or warnings.
We did not capture the subsequent stages, but assess the attackers did not have exploits for the current version of Chrome (91.0.4472) at that time, but instead used n-day exploits targeting Samsung Browser, which was running an older and vulnerable version of Chromium.
We assess with high confidence this vulnerability was sold by an exploit broker and probably abused by more than one surveillance vendor.
More technical details about this vulnerability are available in this RCA by Maddie Stone.
Related IOCs
In September 2021, TAG detected a campaign where the exploit chain was delivered to a fully up-to-date Samsung Galaxy S10 running the latest version of Chrome. We recovered the exploit used to escape the Chrome Sandbox, but not the initial RCE exploit.
The sandbox escape was loaded directly as an ELF binary embedding libchrome.so and a custom libmojo_bridge.so was used to ease the communication with the Mojo IPCs. This means the renderer exploit did not enable MojoJS bindings like we often see in public exploits.
Analysis of the exploit identified two different vulnerabilities in Chrome:
After escaping the sandbox, the exploit downloaded another exploit in /data/data/com.android.chrome/p.so to elevate privileges and install the implant. We haven’t retrieved a copy of the exploit.
Related IOCs
In October 2021, we detected a full chain exploit from an up-to-date Samsung phone running the latest version of Chrome.
The chain included two 0-day exploits:
Of note, CVE-2021-1048 was fixed in the Linux kernel in September 2020, over a year before this campaign. The commit was not flagged as a security issue and therefore the patch was not backported in most Android kernels. At the time of the exploit, all Samsung kernels were vulnerable; LTS kernels running on Pixel phones were recent enough and included the fix for this bug. Unfortunately, this is not the first time we have seen this happen with exploits in the wild; the 2019 Bad Binder vulnerability is another example. In both cases, the fix was not flagged as a security issue and thus not backported to all (or any) Android kernels. Attackers are actively looking for and profiting from such slowly-fixed vulnerabilities.
Related IOCs
We’d be remiss if we did not acknowledge the quick response and patching of these vulnerabilities by Google’s Chrome and Android teams. We would also like to thank Project Zero for their technical assistance in helping analyze these bugs. TAG continues to track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors. We remain committed to updating the community as we uncover these campaigns.
Tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes cooperation among threat intelligence teams, network defenders, academic researchers and technology platforms. We look forward to continuing our work in this space and advancing the safety and security of our users around the world.
Welcome to the latest edition of “My Path to Google,” where we talk to Googlers, interns, apprentices and alumni about how they got to Google, what their roles are like and even some tips on how to prepare for interviews.
Today’s post is all about Gordon Kuo, a Taiwan-based engineer on the Pixel Mobile Wireless Team. He shares what makes Google Taiwan a unique place for engineers to work and advice for anyone interested in applying to Google.
What’s your role at Google?
I’m an engineering lead on the Pixel Mobile Wireless team. Our goal is to help connect people across the world with Google Pixel phones. We solve hardware and software challenges and work with different teams to improve functionality and performance. We talk about everything from design and bug fixes to performance optimization, which makes every day feel different. I love that no matter what we’re working on, it’s always interesting and helpful.
How did you land in your current role?
After completing my PhD in Computer Networking, I started my career at a Taiwanese integrated circuit (IC) design company. After that, I worked on modems at a technology company in China for several years. During that time, I had a few friends and former colleagues at Google, and when we spoke about their jobs and the company culture, everyone shared really positive experiences. Getting the chance to build a career around work that I enjoy was one of the biggest draws. So I applied and interviewed — and now, two years in, I’m leading a team.
What was your application and interview experience like?
Above everything, my recruiter was really supportive, which helped make the process feel much more straightforward. I actually applied and interviewed for another engineering position at first, but I didn’t end up getting it. I was disappointed at the time, but it wasn’t long before my recruiter shared another position that was even more aligned with my skills and career goals. Finding the right fit doesn’t always happen right away, and I appreciated that my recruiter was so committed to setting me up for success.
What have you learned about leadership since joining Google?
Google is a place where people truly listen and communicate openly. Because of this, I’ve learned to never assume anything. Instead, I put in the time to better understand my team and others we work with. It’s important to stay on the same page when you’re leading a team or project, and that requires respect and regular communication.
What makes Google Taiwan such a special place to work?
Taiwan is home to world-class integrated circuit design companies and is known for its thriving manufacturing industry. There’s a lot of exciting product development work happening here too, and it’s one of our largest sites in Asia. In fact, Taiwan is our largest hardware hub outside of the U.S. — with an engineering team that is uniquely skilled in both software and hardware integration. We collaborate with other functions and teams worldwide, and have opportunities to lead important projects from start to finish. From working on widely used products to building and leading a team, I’ve had growth opportunities here that I couldn’t have imagined just a few years ago. I’m continually inspired by the work we do.
On a more personal note, Taiwan is a relatively small island, easy to get around and nestled between the beach and the mountains — it’s a pretty nice place to work!
You recently participated in a live-streamed event about career opportunities at Google Taiwan. Can you tell us more about that?
The event was aimed at helping potential candidates learn more about technical career opportunities at Google Taiwan and what it’s like to work with us. I really enjoyed the conversation! If anyone is interested, they can watch the recording.
What advice do you have for aspiring Googlers?
Work closely with your recruiter! My recruiter guided me through Google’s interview process, shared tips about how to answer leadership-based questions and gave me insight into what the technical interview would be like. I hadn’t experienced this kind of interview support and care before, and it went a long way in helping me prepare. If you’re applying for an engineering role, I recommend doing programming exercises to practice your coding abilities. I also revisited my textbooks to review material, brushed up on my skills and searched for tips online from previous interviewees. Going through an interview process can be nerve-wracking, but the best thing you can do is just go for it.
Editor’s note: Today, Melonie Parker sent the below email to Google’s employees around the world.
Building for everyone requires vision, and constant revision. We’re continually iterating, examining data-driven outcomes, and learning from both our successes and failures. Our focused efforts in diversity, equity and inclusion are no different.
As we prepared to report on how our DEI work is progressing, we found ourselves once again in the midst of a particularly painful time. I’m personally grappling with the recent hate crimes targeting Black and AAPI communities because of their identitiesTo me, it seems, our wounds are never fully allowed to heal. They're reopened over and over again by these senseless acts. This signals the seriousness of the work we have to do to advance equity and understanding across differences. At Google, I'm inspired by the work we continue to do: We’ve resolved to do better every day and to contribute to a world that is equitable, safe and just."
Since we shared our first Diversity Annual Report in 2014, we’ve built on what we’ve learned to increasingly make Google a place that better represents and embraces the diversity of our world. Our 2022 Diversity Annual Report, released today, shows the positive progress we’re making. We’re encouraged by what the data is telling us: it shows we’re on the right track.
Some highlights:
Behind all these stats are programs and strategies that are helping us make real progress. In 2021, we focused on building belonging through learning opportunities like the Racial Equity Learning Platform, and by offering career development and mentoring programs like our Noogler onboarding for Black+ employees at all levels. We also tripled our Retention and Progression team so every organization within Google has someone dedicated to supporting employees from underrepresented communities.
As we move to hybrid work, we want Googlers entering physical spaces to feel valued and respected so they can do their best work. The Diversity Annual Report notes how we’re making our workspaces more inclusive and accessible across all Google sites — especially notable today as we celebrate Global Accessibility Awareness Day.
A broad industry focus on representation and access is also important to us. That’s why we continue to invest in communities and efforts such as the Latino Founders Fund, awarding non-dilutive funding, paired with deep mentorship from Google experts, to help Latinx founders retain ownership of their companies. And in 2021, Grow with Google launched a series of Asian-owned small and medium business workshops in partnership with the U.S. Pan Asian American Chamber of Commerce.
We’re also thinking long-term about representation, as we build pathways into tech and digital skills for people from underrepresented communities. Also in 2021, we expanded Mind the Gap, an initiative that encourages women and girls to pursue STEM careers. Additionally, we expanded support for Native American and Indigenous job-seekers in the U.S. and Canada.
I see our 2022 Diversity Annual Report as a powerful reflection of how we are reaching critical “near stars” on our journey toward the North Star of building an inclusive workplace at Google.
I hope you will check out this year’s Diversity Annual Report to share in our progress and what we’ve learned.
Thank you,
Melonie
Editor’s note: Today is Global Accessibility Awareness Day, and we’ll be sharing more on how we’re partnering with people with disabilitiesand what we’re doing to make education more accessible.
The heart of our mission at Google is making the world’s information truly accessible. But the reality is we can only realize this mission with the help of the community. This year at I/O, we announced one more step in the right direction, thanks to feedback and help from our users: We’re making it easier for braille readers to use Android. Available in our next Android 13 Beta in a few weeks, we are beginning to build out-of-the-box support for braille displays in Talkback, our screen reader within Android.
A refreshable braille display is an electro-mechanical device that creates braille patterns by raising rounded pins through holes in a flat surface. Braille-literate computer users use the braille display to touch-read braille dots representing text. With the display, you can also type out braille. These devices help people with deafblindness access mobile phones and people with blindness use their phones silently. Previously, people connected their Android devices to braille displays using the BrailleBack app, which required a separate download from the Play Store, or used a virtual keyboard within Talkback instead of a physical device.
With this new update, there are no additional downloads necessary to use most braille displays. People can use braille displays to access many of the same features available with Talkback. For instance, you can use display buttons to navigate your screen and then do activities like compose an email, make a phone call, send a text message or read a book.
There are also new shortcuts that make it easier to use braille displays with Talkback. Now there are shortcuts for navigating so it’s easier to scroll and move to the next character, word or line. There are also shortcuts for settings and for editing, like jumping to the end of documents or selecting, copying and pasting.
You can sign up for the Android beta program to try out Talkback 13 in the next beta release.
We are grateful to the community for their ongoing feedback that makes features like these possible. This is just the first step forward in developing this integration, and we can’t wait to do even more to expand the feature and to create even more related capabilities.
