YouTube released its annual End Of Year Trends report, which includes four lists across 12 different countries: Trending Topics, Top Creators, Top Songs and Top Songs on…
Google Cloud customers can now use Imagen 3 and Veo to create images and videos for their businesses. Starting next week, all Google Cloud customers will be able to acce…
The Stable channel has been updated to 131.0.6778.108/.109 for Windows, Mac and 131.0.6778.108 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$8000][379009132] High CVE-2024-12053: Type Confusion in V8. Reported by gal1ium and chluo on 2024-11-14
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
[381909656] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Open source software is the foundation of machine learning. It accelerates innovation through an ethos of flexibility and collaboration. This philosophy drives the open development of JAX, our high-performance array computing library, as well as OpenXLA, the compiler and runtime infrastructure it relies on.
Today we're excited to highlight how this commitment to openness, together with JAX and OpenXLA's modular designs, enables seamless integration of AWS Trainium and Trainium2 chips accelerators into the JAX ecosystem. Users get more portability, more choice, and faster progress.
JAX is a Python library for high-performance, large-scale numerical computing and machine learning. Its unique compiler-oriented design makes numerical computation familiar and portable while also accelerator-friendly and scalable. It combines a NumPy-like API with composable transformations for automatic differentiation, vectorization, parallelization, and more. Under the hood, JAX leverages the XLA compiler to optimize and scale computations over a broad set of backends.
This abstraction layer is key to its portability: JAX presents a consistent interface while XLA optimizes performance, whether you're running on CPUs, GPUs, TPUs, or something new.
In fact, OpenXLA infrastructure is designed to be modular and extensible to new platforms. By developing a PJRT plugin and leveraging existing XLA compiler components, JAX code can target new platforms, even when scaling from a single device to thousands.
We are excited to announce that AWS Trainium is the latest platform to embrace JAX and OpenXLA. With the JAX Neuron plugin, AWS Trainium and Inferentia can be used as native JAX devices.
This new backend demonstrates how abstraction and modularity make JAX and OpenXLA especially extensible and amenable to collaboration, even on new hardware. We're thrilled to have diverse hardware partners like AMD, Arm, Intel, Nvidia, and AWS taking advantage of JAX's portability and performance. If you're interested in bringing new platforms into the JAX and OpenXLA ecosystem, please reach out!
A multi-platform ecosystem fosters open collaboration in advancing AI infrastructure. Our goal is to drive continuous development of open standards and to accelerate progress. And if you're a machine learning developer or numerical computing user, we're excited for you to try JAX on any platform you choose.
By Matthew Johnson - Principal Scientist, with additional contributors: Aditi Joshi, Fenghui Zhang, Roy Frostig, and Carlos Araya
Face control on Chromebooks uses facial gestures and machine learning to let people with motor impairments control their devices without having to use their hands.
As the Google Career Certificate program reaches 1 million graduates globally, we’re sharing an overview of its impact.
From a powerful new AI-flood forecasting initiative to help from AI in advancing quantum computers.
At Google Play, we’re committed to providing a safe and secure environment for your business to thrive. That’s why we continually invest in reinforcing user trust, protecting your business, and safeguarding the ecosystem. This includes actively combating bad actors who try to deceive users or spread malware, and giving you tools to combat abuse.
Our tools like the Play Integrity API helps protect your business from revenue loss and enhance user safety. You can use the Play Integrity API to detect suspicious activity and decide how to respond to abuse, such as fraud, bots, cheating, or data theft. In fact, apps that use Play Integrity features have seen 80% less unauthorized usage on average compared to other apps. Today, we’re sharing how we’re enhancing the Play Integrity API for everyone.
Starting today, we’re changing the technology that powers the Play Integrity API on all devices running Android 13 (API level 33) and above to make it faster, more reliable, and more private for users. Developers already using Play Integrity API can opt-in to start using the new verdicts today; all API integrations will automatically transition to the new verdicts in May 2025. The improved verdicts will require, and make greater use of, hardware-backed security signals using Android Platform Key Attestation, making it significantly harder and more costly for attackers to bypass. We’ll also be adjusting verdicts when we detect security threats across Android SDK versions, such as when there is evidence of excessive activity or key compromise, without requiring any developer work. And now, Play Integrity API will have the same level of reliability and support across all Android form factors.
The transition to the new verdicts will reduce the device signals that need to be collected and evaluated on Google servers by ~90% and our testing indicates verdict latency can improve by up to ~80%.
Play Integrity API offers enhanced security signals, like the optional “meets-strong-integrity” and “meets-basic-integrity” responses in the device recognition verdict, to help you decide how much you trust the environment your app is running in. Now, we’re updating the “meets-strong-integrity” response to require a security update within the last year on devices running Android 13 and above. This update gives apps with higher security needs, like banking and finance apps, governments, and enterprise apps, more ways to tailor their level of protection for sensitive features, like transferring money. When the strong label isn’t available for the user, we recommend that you have a fallback option. Learn more about our recommended API practices.
We’re also making it easier for you to adjust your app's behavior based on the user’s Android SDK version with a new device attributes field. For example, your app could respond differently to the legacy “meets-strong-integrity” definition on devices running Android 12 and lower than to the enhanced definition on devices running Android 13 and higher. The FAQ includes some example code for using the new device attributes field.
We’re simplifying and standardizing all verdict content across apps, games, SDKs, and more, so that what you see will be more consistent and predictable. For apps installed by Google Play, you can get enhanced verdicts with optional signals such as the improved “meets-strong-integrity” device verdict and the recently launched app access risk verdict (which helps you detect and and respond to apps that can capture the screen or control the device, so you can protect your users from scams or malicious activity). For apps installed out of Google Play and all other API requests, you’ll receive a verdict with information about the device, account license, and app, but without the extra security signals.
Starting today, all new integrations will automatically receive the improved verdicts. Developers who already use the Play Integrity API can opt-in to the new verdicts now, or wait until it automatically updates for them in May 2025. For more information, see the Play Integrity API documentation. With these ongoing enhancements, the Play Integrity API is becoming an even more essential tool for safeguarding your apps and users.
Posted by Prabhat Sharma – Director, Trust and Safety, Play, Android, and Chrome