Category Archives: Google

Chrome, Google, Patches and updates

Chrome 49.0.2623.110

Leave a comment

At what point does an update qualify as pointless? The full change log for Chrome 49.0.2623.110 contains six items, two of which involve merely changing the version number. Another publishes a small change in dependencies. One is literally about compatibility with Windows NT4. There’s nothing here that justifies all the data movement associated with mass-updating a popular piece of software like Chrome.

But hey, I guess I shouldn’t complain. I’d rather be at the “too many updates” end of that particular spectrum.

What you really need to know about the new Chrome version is that none of the issues addressed relate to security.

Chrome, Google, Patches and updates, Security

Chrome 49.0.2623.108

Leave a comment

Earlier this week, Google announced another new version of Chrome.

Version 49.0.2623.108 addresses five security issues, so if you use Chrome, you should make sure it’s up to date. Click the browser’s ‘hamburger’ menu at the top right, then select Help > About Google Chrome. If you’re not running the latest version, Chrome will start the update process automatically.

The full log lists about sixty changes in the new version, but nothing particularly interesting.

Chrome, Google, Patches and updates, Security

Chrome 49.0.2623.75

Leave a comment

There are fixes for at least twenty-six security issues in the latest version of Chrome, 49.0.2623.75.

The release announcement lists the most important security fixes, while making it clear that the full details may not be made available until the majority of users have had a chance to update.

The full change log for Chrome 49 seems to go on forever. I tried to find the end of it, but gave up after a few pages. At least it doesn’t try to load in one page, since that would probably crash most browsers. Presumably if Google had made any really interesting changes in Chrome 49, they would have been mentioned in the announcement.

Chrome, Google, Opera, Patches and updates, Security

Opera 35.0.2066.82

Leave a comment

The Opera web browser is based on Google’s Chromium ‘engine’ – the same core software that powers the Chrome browser. Aside: the Chromium browser engine is not to be confused with the other ‘Chromium’ – Google’s operating system, ChromiumOS. What is it with big corporations and confusing names?

Anyway… when Chrome gets a security fix, an Opera release with the same fix will soon follow. Opera 35.0.2066.82, announced on February 23, contains the same updated version of Chromium as Chrome 48.0.2564.116, which was released on February 18.

The Chromium security issue addressed in the latest versions of Opera and Chrome is CVE-2016-1629. The bug potentially allows attackers to bypass Same Origin Policy (SOP) measures that normally prevent scripts on other hosts from running.

If you use Chrome or Opera, or any other web browser based on the Chromium engine, you should update it as soon as possible. Chrome and Opera have self-updating features which can be triggered by navigating to their respective ‘About’ pages.

Android, Apple, Cloud, Google, Hardware, Internet crime, Linux, Mac, Malware, Microsoft, Mobile, Privacy, Security

Security and privacy roundup for January 2016

Leave a comment

Your devices are talking about you

You already know that your web browser is tracking your activity. You are probably also aware of ‘The Internet of Things‘ – the increasing prevalence of devices that are connected to the Internet – and you recognize that any such device can also track your activities. Bruce Schneier reveals the next step in this evolution: enabling devices to share information about you. Of course, since the goal of all this surveillance is merely better-targeted advertising, most people are unlikely to care. Still, if privacy and control are important to you, this will not be welcome news.

Brian Krebs reminded us that ransomware can affect files in your cloud storage space as well as on your physical computer and network-connected devices.

A summary of software vulnerabilities over at VentureBeat shows Mac OS X topping the list for 2015. Microsoft’s security efforts seem to be paying off, as the highest-ranked version of Windows on the 2015 list is Windows 8.1 at number 10, and fewer than half the vulnerabilities as OS X.

Serious vulnerabilities were discovered in OpenSSH (a very commonly-used secure terminal client), OpenSSL (the ubiquitous security library), and Trend Micro antivirus software.

Vulnerabilities in the Linux kernel (affecting Android phones and Linux PCs) remain unpatched on many affected devices.

Google produced more patches for vulnerabilities affecting Android devices, but as always, the patches are finding their way to devices very slowly.

The very weak hashing functions MD5 and SHA1 are still being used in HTTPS encryption in some contexts.

It’s official: your smart TV can become infected with malware.

Network devices made by Juniper and Fortinet were found to contain serious vulnerabilities, including an NSA-developed back-door function and a hard-coded back-door password (more).

The free-to-use deep search tool Shodan made the news when researchers showed that it can be used to find household cameras, including baby-cams. Note that the problem here is not Shodan, which is just a useful search tool. The problem is the failure to properly secure Internet-connected devices.

There were more serious corporate security breaches in January, at Time Warner and Linode. As usual in these cases, the login credentials of subscribers were obtained by the attackers.

Amazon’s security practices were (unwillingly) tested by a customer, and found seriously deficient.

More malicious apps were found in the Google Play store. Google removed those apps, but not until they were downloaded millions of times by unsuspecting Android device users.

LG fixed a critical security hole affecting as many as ten million of its mobile devices.

Google, Internet

Google clamps down on misleading ‘download’ buttons

Leave a comment

We’ve all run into this: you’re trying to find some software, and when you finally get to a download page, you’re faced with multiple DOWNLOAD buttons. It’s like a really bad game, in which clicking the right button gets you the software, and clicking the wrong one infects your computer with malware.

Google is aware of this problem, and in keeping with its goal of using its vast resources to help protect users, will now detect these misleading buttons and warn users. Increasingly, when you navigate to a page with these deceptive buttons, Google will warn you: ‘Deceptive Content Ahead’. A welcome improvement.