Google released another version of Chrome a few days ago, and it includes fixes for four security vulnerabilities. The change log is mercifully brief, but there’s also not much there of interest. The announcement for Chrome 76.0.3809.100 gives credit to non-Google security researchers for discovering two of the vulnerabilities.
Check your version of Chrome by navigating its ‘three dot’ menu to Help > About Google Chrome. If an update is available, you can install it from there.
On Tuesday, Google released another new version of Chrome: 76.0.3809.87. The announcement highlights sixteen vulnerabilities, discovered by security researchers not employed by Google, that are addressed in the new version. There are forty-three security fixes in all.
Google has chosen not to highlight any other changes in Chrome 76.0.3809.87, so if you want to know whether anything important changed, your only option is to read the thirteen thousand, five hundred and forty-three entries in the full change log. Good luck with that.
Chrome, uh, finds a way to keep itself updated, and fighting against that is a never-ending and ultimately pointless exercise. What you can do is check your version and thereby trigger an immediate update, by navigating Chrome’s ‘three vertical dots’ menu (at the top right) to Help > About Google Chrome. That way you don’t have to wait for Chrome to update itself, which happens “over the coming days/weeks” according to Google.
Earlier this month Mozilla released a new version of its (still free, and still pretty good) email client, Thunderbird. The new version (60.8) includes fixes for ten security issues in earlier versions.
If you use Thunderbird, you can check which version you’re running by clicking its 
(‘hamburger’) menu button, and navigate to Help > About Mozilla Thunderbird. If a newer version is available, you should see a prompt to install it.
If you still use Java, and particularly if Java is enabled in Internet Explorer, it’s important to keep it up to date. Security vulnerabilities in Java are still a somewhat popular target for malicious hackers and malware purveyors.
If you’re not sure whether Java is even installed on your computer, look for a Java entry in the Windows Control Panel. If you see one, Java is installed. The Java Control Panel has an Update tab that allows you to check for pending updates and install the latest version.
You can check whether Java is enabled in Internet Explorer by using that browser to visit Oracle’s Verify Java Version page.
Oracle issues quarterly updates for a wide range of software products, and that includes Java. The July 2019 update describes ten security vulnerabilities that are addressed in the latest version of Java, 8 update 221.
Two security fixes for Chrome were released earlier this week in the form of Chrome version 75.0.3770.142.
The change log for Chrome 75.0.3770.142 lists one hundred and twenty-eight changes in all, but other than the two fixes for security vulnerabilities, none of them are particularly interesting.
By default, Chrome will update itself in the days following a new release. You can encourage it by navigating its ‘three dot’ menu to Help > About Google Chrome, where an option to update will be shown if one is available.
There are at least twenty-one fixes for security issues in the latest Firefox, version 68.0. If Firefox is your browser of choice, and it prompts you to install this update, you should let it proceed. If Firefox’s automatic version checking is disabled, you can always wake it up by navigating the ‘hamburger’ menu to Help > About Mozilla Firefox.
Other changes in Firefox 68.0 include the spread of “Dark mode in reader view” into the surrounding browser interface. Blecch. Well, it’s not for me, anyway.
Extension management, via the about:addons page, is improved in the new Firefox. It’s now easier to report security and performance issues with extensions and themes. It’s also easier to get detailed information about extensions. And there’s a new section that provides extension recommendations.
The release notes page for Firefox 68.0 has more information.
Microsoft’s Security Update Guide provides the raw material for understanding each month’s pile of patches, but it’s not exactly easy to use in its current form. I use the almost-hidden Download link to the far right of the Security Updates heading about halfway down the page. The downloaded file is an Excel spreadsheet, which I find much easier to navigate that the SUG site. Your mileage may vary.
This month, Microsoft has issued sixty-seven updates and associated bulletins. The updates address seventy-eight vulnerabilities in Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server.
The vulnerabilities range from Moderate to Critical in severity, and they can lead to one or more of the usual horrors, including Denial of Service, Elevation of Privilege, Remote Code Execution, Information Disclosure, Spoofing, and Security Feature Bypass. Brrrrr.
Release Notes for July 2019 Security Updates
By far the easiest way to install all these updates is to let Windows Update do the work. Of course to some extent that means trusting Microsoft not to hose your computer, so there’s that. My current thinking is that I’m willing to trust Microsoft to do this, as long as they at least give me a way to roll back any faulty updates.
Adobe released some security updates to coincide with Microsoft’s patch cycle, but none for the ubiquitous Flash Player or Acrobat Reader.
Over the last few days, two new versions of Firefox were released, each addressing a single security vulnerability.
Firefox 67.0.3 fixes a critical flaw in the way Javascript objects are handled that can allow exploitable crashes. Targeted attacks in the wild are actively abusing this flaw.
Firefox 67.0.4‘s fix is for an as yet unexploited flaw that could potentially result in executing arbitrary code on the user’s computer.
Both vulnerabilities were reported to Mozilla by non-Mozilla security researchers.
You can wait for Firefox to update itself, or nudge it along by visiting Help > About Mozilla Firefox in its menu, found by clicking the 
(hamburger) button in the toolbar.
The latest release of Thunderbird, Mozilla’s email client, is version 60.7.1. The new version addresses four security vulnerabilities.
Check your Thunderbird version by clicking its ‘hamburger’ menu icon at the top right, and navigating to Help > About Mozilla Thunderbird. If you’re not running the latest version, you’ll be prompted to update.
The latest Chrome release features a fix for one security vulnerability. There are about forty-five actual changes listed in the full change log, none of which are particularly noteworthy.
There’s not much of interest in the release announcement for Chrome 75.0.3770.90, although it does point out that the vulnerability was discovered and reported by a non-Google researcher.
Unless you’ve gone to the trouble of disabling Google’s persistent automatic update processes, your installation of Chrome will likely update itself over the next few days.
You can check your version and trigger any pending updates by navigating Chrome’s menu (the ‘three-vertical-dots’ button at the top right) to Help > About Google Chrome.
boot13