Category Archives: Google

Chrome 64.0.3282.167

A single security bug was fixed in Chrome 64.0.3282.167, released by Google on February 13.

The new version will find its way to your desktop automatically, unless you’re diligent about killing Google’s pesky auto-update processes. If that describes you, or you just don’t want to wait, you can usually encourage Chrome to update itself by navigating to > Help > About Google Chrome.

There’s additional information in the full change log for Chrome 64.0.3282.167.

Chrome 64.0.3282.140 released

There are about twenty changes in Chrome 64.0.3282.140. One of the changes is a fix for a security issue, and the rest are minor tweaks and other bug fixes.

As usual, the release announcement says that the new version “will roll out over the coming days/weeks”. Since this release includes a security fix, it’s a good idea to check what version you’re running by navigating to the About Chrome page ( > Help > About Google Chrome).

Chrome 64.0.3282.119 released

The latest version of Chrome is 64.0.3282.119. The new version, released earlier this week, fixes fifty-three security issues, and includes additional mitigations for the Spectre/Meltdown vulnerabilities.

The full change log lists ten thousand changes in the new version. There might be some interesting stuff in there, but I’m going to assume that if there was anything worth pointing out, Google would have done that in the release announcement.

More rug-pulling by Google

“Hey, look here! We’ve got a great service that you need to be using. Okay, cool, now that you’ve been using the service for a while, we’re going to shut it down. Because of reasons.” — Google’s secret motto

Okay, it’s not like YouTube is shutting down, but Google has changed the rules for monetising video, and that change is going to affect a lot of creators. Specifically, starting in February, you’ll need 1000 subscribers and 4000 hours of watch time (time people spent watching your videos) in order to make money from them.

Google’s explanation? “In 2018, a major focus for everyone at YouTube is protecting our creator ecosystem and ensuring your revenue is more stable.” What does that even mean?

It seems clear that this change is a reaction to recent events, including several major advertisers pulling ads from YouTube in 2017 because of extremist content. There’s less money to go around, so Google is saving money by cutting off people who arguably need it most.

Full disclosure: my own YouTube account will be affected by this change. I’m currently in the YouTube Partner Program, which allows me to monetise my videos. Not that I’ve made much money from those ads. Google seems to make a lot more money selling ads than it hands out to people hosting those ads on their videos and web sites. In any case, I will no longer me able to earn money from ads on my videos after February.

Google, your search engine is amazing, and I use a lot of your (free) services, so I shouldn’t really complain. But dammit, this is getting annoying.

Related links

Ars Technica: YouTube raises subscriber, view threshold for Partner Program monetisation
Futurism: YouTube Cracks Down on Eligibility Requirements for Which Video Channels Can be Monetized

Chrome 63.0.3239.108

Two security vulnerabilities, one of which has a High risk rating, are addressed in Chrome 63.0.3239.108. The log lists a few additional changes, none of which are particularly interesting.

There’s no easy way to disable automatic updates in Chrome. Generally, if there’s an update available, it will find its way to your computer within a few days via Google’s Update Service.

You can usually trigger an update by navigating to the About Chrome page ( > Help > About Google Chrome).

Chrome 63.0.3239.84

The change log for Chrome 63.0.3239.84 has ten thousand entries. I’d like to read it, and I might even find something interesting buried there, but instead I’ll assume Google would point out any notable changes in the release notes.

Alas, while the release notes do point out that the new Chrome includes fixes for thirty-seven security vulnerabilities, none of the other changes are discussed. In a way I suppose that’s a good thing: as long as Google isn’t making large changes or adding new features, while they continue to fix vulnerabilities and other bugs, the outcome is almost always going to be a better browser.

Chrome typically updates itself within a few hours or days of a new release, although in the release notes, Google says “This will roll out over the coming days/weeks.” Given the number of security fixes in this version, it’s a good idea to check the version you’re running, and hopefully trigger an update, by clicking Chrome’s menu button (three vertical dots at the top right), then choosing Help > About Google Chrome.

KRACK Wi-Fi vulnerability: what you need to know

Last week, security researchers identified a series of vulnerabilities affecting almost all Wi-Fi devices, from computers to refrigerators. The vulnerability could allow attackers to intercept wireless communications and potentially steal credentials and other sensitive information. The vulnerabilities are collectively referred to as KRACK.

The good news is that computers running Windows and Linux already have patches available. Microsoft included fixes in the October 2017 Patch Tuesday updates.

Apple says that fixes are ready for MacOS, but there’s no word on exactly when they will actually be made available.

The bad news is that mobile devices, particularly those that run Google’s Android operating system, are vulnerable, and in some cases, might stay that way indefinitely. That’s because even though Google has prepared fixes for Android, those fixes won’t get to devices made by other vendors until those vendors make them available. Some vendors are better than others at pushing updates to their devices. Worse, some devices running older O/S versions may never get updates at all, rendering them permanently insecure.

There are mitigating factors. First, because of the responsible way in which these vulnerabilities were reported, Microsoft and other major players have had time to develop fixes, while details of the vulnerabilities were kept relatively secret until recently. That means we have a head start on the bad guys this time.

Second, exploiting these vulnerabilities requires close proximity. Attacks based on these vulnerabilities can’t be executed over the Internet.

Use caution with unpatched devices

If you use a public Wi-Fi access point with an unpatched device, you’re exposed. So until patches for your device become available, you might want to disable its Wi-Fi when you’re not at home. Most devices have settings that prevent automatically connecting to Wi-Fi networks it finds in the vicinity.

IoT devices may remain vulnerable forever

‘Internet of Things’ (IoT) devices, including thermostats, cars, appliances, and basically anything that can have a computer stuffed into it, often connect to the Internet using Wi-Fi. There are no security standards for IoT devices yet, and many are extremely unlikely to ever be patched.

Recommendation: identify all of your IoT devices that have the ability to connect to the Internet. For each, make sure that you’re using a wired connection, or disable networking completely, if possible. As for devices that connect to the Internet via Wi-Fi and cannot or won’t be patched or disabled, consider taking them to the nearest landfill.

References

Chrome 62.0.3202.62: thirty-five security fixes

If you want to test your web browser’s performance and memory management, just point it to the full change log for Chrome 62.0.3202.62. It’s a behemoth, documenting over ten thousand distinct changes.

Given the number of changes in Chrome 62.0.3202.62, I decided to skip reading the log and trust that Google would point out anything interesting in the release announcement.

The announcement for Chrome 62.0.3202.62 documents thirty-five fixes for security vulnerabilities, so clearly this is an important update. As for the other changes, Google says only this:

Chrome 62.0.3202.62 contains a number of fixes and improvements — a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 62.

Chrome usually updates itself within a few days of a new release. You can trigger an update by navigating to the About page: click the three-vertical-dots menu button, then Help > About Google Chrome.