Category Archives: Chrome

Chrome, Google, Opera, Patches and updates, Security

Opera 35.0.2066.82

Leave a comment

The Opera web browser is based on Google’s Chromium ‘engine’ – the same core software that powers the Chrome browser. Aside: the Chromium browser engine is not to be confused with the other ‘Chromium’ – Google’s operating system, ChromiumOS. What is it with big corporations and confusing names?

Anyway… when Chrome gets a security fix, an Opera release with the same fix will soon follow. Opera 35.0.2066.82, announced on February 23, contains the same updated version of Chromium as Chrome 48.0.2564.116, which was released on February 18.

The Chromium security issue addressed in the latest versions of Opera and Chrome is CVE-2016-1629. The bug potentially allows attackers to bypass Same Origin Policy (SOP) measures that normally prevent scripts on other hosts from running.

If you use Chrome or Opera, or any other web browser based on the Chromium engine, you should update it as soon as possible. Chrome and Opera have self-updating features which can be triggered by navigating to their respective ‘About’ pages.

Chrome, Edge, Firefox, Internet Explorer, Java

End in sight for Java browser plugin

Leave a comment

Oracle is finally throwing in the towel for Java browser plugins. A never-ending source of security problems, the Java plugin will be phased out in the near future. Browser software developers like Mozilla and Google made this move inevitable when they started removing plugin functionality in recent months.

This will cause headaches for organizations that use a lot of browser-based Java. They’ll be faced with a decision. Many will presumably stall for time, and continue to use existing Java applets in increasingly-outdated browsers. Others may decide to switch to another platform entirely, which is likely to be very costly. The best alternative is to – where possible – change browser-based Java applets to use the Java Web Start technology. According to a white paper from Oracle (PDF): “The conversion of an applet to a Java Web Start application provides the ability to launch and update the resulting application without relying on a web browser… Desktop shortcuts can also launch the application, providing the user with the same experience as that of a native application.”

Regular users will only notice the loss of the Java browser plugin if they happen to use one or more Java applets. Site operators have been aware that this change is coming for a while, and have been scaling back their use of Java applets, but they may still be found on some banking and financial sites, web site builders, and so on. One Java applet-based service that I find extremely useful is Berkley’s ICSI Netalyzer, which analyzes your network connection and reports on any issues it finds. I’m hoping that Netalyzer’s developers will convert it to use Java Web Start, or do something else to keep the service online.

Duo Security has additional related information.

Chrome, Google, Patches and updates

Chrome 48.0.2564.97 released

Leave a comment

There don’t seem to be any security fixes in the latest version of the Chrome browser, 48.0.2564.97.

The announcement doesn’t include any details to speak of. The full change log lists sixty-eight changes, most of which are minor bug fixes. A few of the changes are related to stability and performance.

There’s also a related post on the Chrome blog. Most of that post is about new features related to mobile users, so it may not be of much interest.

On most computers, Chrome will silently update itself to the new version.

Adobe, Chrome, Edge, Firefox, Flash, Internet Explorer, Patches and updates, Security

More Flash updates

Leave a comment

The latest version of Flash is 20.0.0.286, for most browsers. Microsoft Edge and Internet Explorer on newer versions of Windows are apparently still stuck at Flash 20.0.0.272.

Sadly, the information on the Adobe site related to these updates is inconsistent, confusing, or just missing.

The About Flash page doesn’t seem to agree with the announcement page. The former shows “Internet Explorer (embedded – Windows 8.x) – ActiveX 20.0.0.286”, while the latter shows “Flash Player 20 for Internet Explorer on Windows 8.1: 20.0.0.272”.

The Flash runtime announcement says “Security update details can be found here: Security Bulletin (APSB16-01)”. But the APSB16-01 bulletin is for the previous Flash updates. The linked URL is also wrong; it points to an even older bulletin: APSB15-32. And to top it off, the security bulletin that should exist (APSB16-02) for this update currently generates an error.

Hopefully Adobe will fix this mess ASAP.

Meanwhile, although the announcement doesn’t mention any security fixes in the new versions, it’s safe to assume they exist, so you should update Flash in any browser where it’s enabled.

As usual, Internet Explorer on new versions of Windows will receive these updates via Windows Update, and Chrome will get its new Flash automatically.

Update 2016Feb02: I reported the announcement and bulletin problems (noted above) to the author of the announcement. He replied that the About page would be fixed, and that he had fixed the link to the bulletin on the announcement page. Unfortunately, that link now goes to the bulletin for the previous Flash release. The author claims that bulletin still applies, but it really doesn’t, since it recommends the previous version of Flash.

Update 2016Feb04: According to the author of the announcement, there were effectively no changes in this Flash update. Certainly there were no security fixes. A link to the previous security bulletin was included simply because it was the most recent bulletin. The link text will be changed to make this more clear.

Chrome, Google, Patches and updates

Chrome 47.0.2526.111 released

Leave a comment

A few minor bug fixes prompted the release of Chrome 47.0.2526.111 on January 13. None of the fixes are related to security. In most cases, Chrome will update itself automatically to the new version.

The change log has all the technical details, and since there are relatively few changes, the log probably won’t crash your browser when you try to look at it. You can also view the changes in the log in an easier to read format.

Chrome, Google, Things that are bad

Disappointment: Google decides not to add a sidebar to Chrome

Leave a comment

Chrome is a pretty good browser. I recommend it with few reservations. I even use it myself. But my use of Chrome is limited to a few sites that just work better in Chrome than in Firefox – at least for me.

The main reason I don’t use Chrome for most of my browsing, despite the fact that I really don’t want to use Firefox either, is the lack of a sidebar. No feature is more frequently requested for Chrome. And yet Google has resisted adding one.

Why is a sidebar such a big deal? Like many other people, I use the sidebar to show my bookmarks, in a nested tree format. This is an extremely efficient way to manage a lot of bookmarks. There’s just not enough room in the horizontal toolbar to do this; I can add folders and subfolders to the toolbar to create a drop-down menu effect, but I want the bookmarks I’m currently working with to stay on the screen and not disappear when I click one.

And I’m not the only one. Just look at the comments and votes for this bug in Chrome’s bug tracking system, and in this post in the Chrome support forum.

If you look at that bug, you’ll see that Google started the work to add a sidebar. But they must have run into a big problem, because today the bug was updated to the status ‘WON’T FIX’. That means we are unlikely to ever see a sidebar in Chrome. The update provides very little explanation, and points to the general Chrome FAQ. Presumably what they are referring to is the word ‘simplicity’ in the second point.

And so concludes another chapter in my love-hate relationship with Google. I think Google is terrific, and I depend on their services, but this is a huge disappointment.

Update: the WebKit-based Opera browser also doesn’t include a useful bookmark sidebar, but I’ve just discovered a sidebar extension called V7 Bookmarks, and so far I’m loving it. It looks like Opera will be my new main browser when I finally can’t stand Firefox’s bloat and instability any more.