Category Archives: Chrome

Chrome 69.0.3497.92: two security fixes

The latest Chrome, released on September 11, fixes a pair of security vulnerabilities in the browser. The release announcement for Chrome 69.0.3497.92 does not mention any other changes. There’s a mercifully brief change log, and all the changes appear to be relatively minor.

If Google’s planned “roll out over the coming days/weeks” isn’t fast enough for you, click Chrome’s ‘three dots’ menu button, and select Help > About Google Chrome. If you’re not already up to date, this will usually prompt Chrome to update itself.

Chrome 69.0.3497.81: forty security fixes

The release announcement for Chrome 69.0.3497.81 says the new version “contains a number of fixes and improvements.” Google hasn’t bothered to highlight any of those, which means it’s up to us users to figure out what has changed by reading the change log. Oh well, sounds easy enough. Until you notice that the change log has 15890 entries. Yeesh.

Google does provide useful information about the forty security fixes in Chrome 69.0.3497.81. They range from Low to High in terms of Severity.

As with most Google desktop software, Chrome will silently update itself in the background when it gets around to it. It’s possible to disable Google’s automatic update software, but doing that can cause other problems, so it’s not recommended. If you want to encourage Chrome to update itself — not a bad idea considering the security fixes — you can point the browser to chrome://settings/help.

Update 2018Sep07: If you’re using Chrome 69.0.3497.81, you may have noticed something different in the address bar: some common subdomains — particularly www. — are no longer displayed. It looks like this change was not particularly well tested, and it’s causing problems for some users and sites. Here’s the associated bug report.

Chrome 68.0.3440.75: security fixes, address bar changes

The latest version of Chrome includes fixes for forty-two security vulnerabilities. It’s also the first version that will display Not Secure in the address bar for all non-encrypted web pages. When that indicator appears, traffic to and from the viewed page is not being encrypted.

Viewing a non-encrypted web page is not particularly risky, as long as no private information is being transmitted. That means user names, passwords, email addresses, credit card numbers, and so on. However, as discussed here previously, unencrypted sites open up a world of possibilities for intercepting and modifying web traffic.

The release announcement for Chrome 68.0.3440.75 provides additional details regarding the security issues addressed.

The simplest way to update Chrome is also the best way to determine which version you’re running: click the three-vertical-dots icon at the top right, then select Help > About Google Chrome. If your browser isn’t already up to date, this will usually trigger an update.

Chrome 67.0.3396.79 fixes a single security bug

The latest version of Chrome includes a fix for a single security vulnerability with High severity.

The change log for Chrome 67.0.3396.79 includes a few dozen changes, but none that Google considered worth highlighting in the release announcement, aside from the single vulnerability.

To check your Chrome version, click the vertical-ellipses icon at the top right of its window, then select Help > About Google Chrome. If an update is available, it will usually start downloading automatically.

Chrome 67.0.3396.62: security fixes

Yesterday’s release of Google Chrome brings its current version number to 67.0.3396.62. The new version is mostly about security fixes: there are thirty-four in all, none of which are flagged with Critical severity.

The change log for Chrome 67.0.3396.62 is a monster, listing 10855 changes in all. Don’t try viewing that page with an older computer or browser.

Google hasn’t seen fit to highlight any of the changes in Chrome 67.0.3396.62 in the release announcement, other than mentioning that Site Isolation may or may not be enabled. Site Isolation is a new security feature that’s being rolled out in stages.

As usual, the new Chrome version “will roll out over the coming days/weeks.” If that’s too vague for you (it is for me), an update can usually be triggered by navigating Chrome’s menu (the vertical ellipses icon at the top right) to Help > About Google Chrome.

Chrome 66.0.3359.170

The latest version of Chrome fixes four security bugs. The Chrome 66.0.3359.170 release notes and change log have additional details.

Check your version of Chrome by clicking that three-dot (vertical ellipses?) icon at the top right, and selecting Help > About Google Chrome from the menu.

Of course, while keeping Chrome up to date is a good way to protect yourself from browser-based malware, you should also be careful when using extensions. Even Google-approved extensions obtained from the Chrome Web Store may contain malware. Recently, as many as 100,000 computers running Chrome were infected with malware hidden in seven different extensions from the Chrome Web Store.

Patch Tuesday for May 2018

Spring has sprung, and with it, a load of updates from Microsoft and Adobe.

This month from Microsoft: sixty-seven updates, fixing sixty-nine security vulnerabilities in Windows, Internet Explorer, Office, Edge, .NET, Flash, and various development tools. Seventeen of the vulnerabilities addressed are flagged as Critical and can lead to remote code execution.

The details are as usual buried in Microsoft’s Security Update Guide. You may find it easier to examine that information in spreadsheet form, which you can obtain by clicking little Download link partway down the page on the right. Just above that there’s a link to the release notes for this month’s updates, but don’t expect much useful information there.

Update 2018May11: If you were looking for something to motivate your patching endeavours, consider this: two of the vulnerabilities addressed in this month’s updates are being actively exploited on the web.

Adobe logoAs you might have guessed from Microsoft’s Flash updates, Adobe released a new version of Flash today. Flash 29.0.0.171 addresses a single critical vulnerability in previous versions. You can find release notes for Flash 29 on the Adobe web site.

You can get Flash from Windows Update if you run a Microsoft browser, via Chrome’s internal updater, or from the official Flash download page. If you use the Flash download page, make sure to disable any optional installs, as they are generally not useful.

Chrome 66.0.3359.139

Say what you will about Google, they do a great job of fixing security issues in their flagship browser software, Chrome.

Google recently released Chrome 66.0.3359.139, which includes fixes for three security vulnerabilities. The complete list of changes can be found in the change log.

As usual, Google says the new version “will roll out over the coming days/weeks”. Unless you’ve disabled all of Google’s automatic updating mechanisms, Chrome will update itself, but it’s difficult to predict exactly when that will happen. However, you can usually trigger an update by running Chrome, clicking its menu button (the three dot icon at the top right), and selecting Help > About Google Chrome.

Chrome 66.0.3359.117 released

The latest version of Google Chrome includes sixty-two security fixes, and a limited trial of a new feature called Site Isolation that should help to reduce the risk from Spectre-related vulnerabilities.

The change log for Chrome 66.0.3359.117 is another whopper, listing over ten thousand changes in total.

Check your version of Chrome by clicking the three-vertical-dots menu button at the top right, and selecting Help > About Google Chrome. Doing that will usually trigger an update if one is pending.