Announced on March 3rd, Chrome 80.0.3987.132 includes fixes for four security vulnerabilities in earlier versions.
Check Chrome’s version by clicking its three-vertical-dots menu button and navigating to Help > About Google Chrome. Unless Chrome has updated itself, you’ll see an update button for installing the new version.
A new software tool from CogSci Apps called Hook lets you link together web sites, emails, documents, and many other resoures, making it a simple matter to find those resources again later. Open one resource, then use Hook to open any or all of the related resources.
Here’s an exerpt from the Hook web site:
Hook for macOS
Find without searching.
Instantly access the information you need, without searching. Whether it’s in the Finder, email, on the web, in the cloud, a version-control system, … almost anywhere.
Currently available only for Mac, a Windows version is in the early planning stages.
If you have a Mac and want to try Hook, you can download the free version from the Hook Download page.
Paid versions of Hook include more features. You can see how the different versions compare on the Hook Buy page.
JRC is a CogSci Apps affiliate. If you purchase a paid version of Hook within 30 days after visiting the Hook Buy page using any Hook Buy page link on this page, Jeff Rivett Consulting will receive 15% of the purchase price.
Three more security vulnerabilities are fixed in the latest Chrome, version 80.0.3987.122.
According to the release notes, one of the vulnerabilities fixed in Chrome 80.0.3987.122 is already being exploited ‘in the wild’ so anyone using Chrome should check their version and update immediately.
To determine whether you need to install the new version, navigate Chrome’s menu button (
) to Help > About Google Chrome. You’ll see the current version, and if a newer one is available, there should be a button that allows you to install it.
Sometimes when Google releases a new version of Chrome, the release announcement doesn’t mention any security fixes. That’s intentional:
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Chrome 80.0.3987.116 was announced on February 18, but the initial announcement didn’t include any mention of five security vulnerabilities that were fixed in that version. Those details were added a few days later.
Three of the vulnerabilities addressed in Chrome 80.0.3987.116 were reported to Google by third party security researchers.
To check your current version of Chrome, click its menu button (three vertical dots) and navigate to Help > About Google Chrome. If a newer version is available, you should see a button or link that allows you to install it.
Released on February 11, Thunderbird 68.5.0 adds support for new authentication techniques, fixes a few minor bugs, and addresses seven security vulnerabilities.
Update Thunderbird by navigating its ‘hamburger’ menu (at the top right) to Help > About Thunderbird. If there’s a newer version available, you should see a button or link that allows you to install it.
There’s another new version of Firefox: 73.0. Despite the major version bump, there are no big changes. However, it’s an important update, because it addresses several security vulnerabilities. There are also fixes for a few long-standing annoyances.
According to the security advisory for Firefox 73.0, six security bugs are addressed in the new version. None of them are flagged as having Critical impact, but they all look nasty.
Firefox’s page zoom feature is very handy for viewing web sites with unfortunate font size choices. It’s not new: Firefox has had this feature for years. What is new is that you can now set a global zoom level, which seems likely to be useful for folks with impaired vision.
To zoom the page you’re looking at, hold down the Ctrl key and move your mouse’s scroll wheel up and down. To change the global zoom level, click Firefox’s menu button, and select Options. In the General section, change the Default Zoom setting.
Firefox now shows web page background images with a border when Windows is configured to use high contrast mode. Previously, background images were disabled in high contrast mode.
Firefox will now only prompt to save login credentials if at least one form element has been changed.
To see which version of Firefox you’re using, navigate its menu to Help > About Firefox. If a newer version is available, you should see a button or link to install the update.
Yesterday’s crop of updates includes the usual pile from Microsoft, as well as a few from Adobe, for Flash and Reader.
Analysis of Microsoft’s Security Update Guide for February 2020 reveals that there are thirty-eight updates, addressing one hundred and one security issues in Internet Explorer, Edge (both the old and new versions), Flash embedded in Internet Explorer, Office, and Windows. Thirteeen of the updates have been flagged as Critical.
To install Microsoft updates, go to Windows Update in the Control Panel for older versions of Windows, and in Settings > Update & Security for Windows 10. Alternatively, for Windows 10, you can just wait for the updates to be installed automatically.
The latest version of Flash, 32.0.0.330, fixes a single security vulnerability in earlier versions.
Update Flash on pre-Windows 10 computers by heading to the Windows Control Panel and running the Flash applet. On the Updates tab, check the version and click the Check Now button. Click the link to the Player Download Center. Make sure to disable any checkboxes for installing additional software, then click the big Install Now button. Follow the prompts. You may have to restart your web browser for the update to finish.
Adobe Reader 2020.006.20034, also released this Patch Tuesday, includes fixes for seventeen security vulnerabilities in earlier versions.
Recent versions of Reader typically update themselves, but you can check your version and force an update by navigating Reader’s menu to Help > Check for Updates...
The hits just keep on coming for Microsoft. I suppose it’s inevitable that a company as large as Microsoft will make mistakes, but when their products reach into our lives as thoroughly as Microsoft’s, those mistakes can lead to major disasters.
A huge proportion of Windows 10 users worldwide lost the ability to search their own computers recently. According to Microsoft, the problem stemmed from a glitch on a Microsoft server. Exactly why local search should be affected by some mysterious remote Microsoft server is yet to be explained.
In reality, search in Windows has been variously broken since Vista. I discovered a particularly horrible search bug in that garbage dump of an O/S soon after it was released, and was eventually able to convince Microsoft that it was a real problem; a fix soon followed. But even that didn’t fix all of Windows search’s problems; getting it to find all your files in all their locations was — and continues to be — a never-ending, and ultimately ineffective, exercise.
That’s why most people who need a search function that’s actually useful have long since switched to third party software, such as the excellent, fast, accurate, and free Fileseek. There’s also the blazingly fast (and also free) Everything. Both of these work perfectly out of the box, requiring no special setup to be useful, unlike Windows’ built-in search.
Still, many people assume that the Windows search feature is adequate, and never switch to anything else. Those people discovered the recent problem the hard way, when the already basically worthless search stopped working completely. Those people are understandably angry.
Malicious folks have discovered yet another way to fool Windows into executing code that it shouldn’t. The new technique takes advantage of the fact that Windows implicitly trusts drivers. A driver is a small piece of software that connects Windows with hardware, allowing that hardware to be used by the O/S.
In this case, a specific driver that contains a serious security vulnerability — but is neverthless trusted by Windows — was used by hackers to deploy ransomware to affected systems.
There’s no word from Microsoft on how they intend to deal with this glaring hole in Windows security.
Decisions made by Microsoft years ago are poised to create massive problems for many business and educational customers worldwide. When the person who owns the generic corp.com domain sells it, the new owner will be able to gather credentials and other supposedly private data from Windows computers that assume they are communicating with internal systems.
The problem stems from an ill-considered decision to use corp.com as a default setting and in documentation provided by Microsoft. Server administrators who didn’t change that default are now faced with a huge task that involves bringing down entire networks and possibly creating new problems.
Microsoft has known about this problem for years, and their advice to customers is basically “you shouldn’t have used the defaults”. Thanks for nothing, Microsoft.
The latest release of Google’s Chrome web browser, announced on February 4, includes fifty-six security fixes. As usual, details on all of the related vulnerabilities will not be released until a majority of users are updated with a fix.
The full change log for Chrome 80.0.3987.87 is a whopper, with over sixteen thousand changes in all. A little light reading for anyone with a few hours to spare. But hey, at this point if you don’t trust Google you probably shouldn’t be using Chrome. In the same way that you shouldn’t be using Windows 10 if you don’t trust Microsoft.
Chrome updates itself on its own mysterious schedule, unless you’ve taken extreme (and continuous) measures to prevent it. You can find out which version you’re running by navigating Chrome’s menu (hidden behind the three-vertical-dots menu button at the top right) to Help > About Google Chrome. If a newer version is available, you should see a button or link to install it.
Windows 7 support ended earlier this month, and with it any hope of fixing newly-discovered security vulnerabilities. Or did it? Microsoft recently discovered a problem with an update, released in Novemeber 2019, that is causing problems with desktop wallpaper on Windows 7 computers. This isn’t a security issue, but it probably affects thousands of users, and Microsoft has now released a special update that fixes the wallpaper problem. You can get the update via Windows Update on Windows 7 computers.
Microsoft’s plans for expanding advertising in Windows 10 continue, albeit very slowly. The latest change is in Windows 10’s default rich text editor, Wordpad. When you run Wordpad, you’ll see an advertisement for Microsoft Office. It’s not much, and many users will never see it, but I’m reminded of the proverbial frog in steadily-warming water.
Microsoft’s shenanigans with Google show no signs of slowing down. Both companies have engaged in questionable behaviour in trying to promote their software and services. The latest shot from Microsoft is particularly annoying: when Office 365 updates itself — a process that is both frequent and difficult to control — it will look for an installation of Google’s Chrome web browser, and change its default search engine to Bing.
Microsoft has a history of inappropriately reverting settings during updates, which is annoying enough, but this is excessive and downright spiteful, in my opinion. Microsoft, please play out your differences with Google in a way that doesn’t annoy millions of users.
Update 2020Feb11: Microsoft relented, and won’t be switching Windows 10 searches to use Bing during Office 365 updates. I guess they realized that they didn’t need yet another public relations disaster.
boot13