boot13The latest version of Google’s web browser is another batch of security fixes. Version 42.0.2311.135 addresses five vulnerabilities, including at least one reported by non-Google security researchers.
Category Archives: Google
Google extends Chrome support for Windows XP
Recognizing that millions of people are still using Windows XP, Google has extended support for that O/S in their web browser. That means they will continue to develop fixes for security issues in Chrome running on Windows XP. Anyone still using Windows XP is strongly encouraged to stop using Internet Explorer, which is no longer supported by Microsoft, and use Google Chrome instead.
Malvertising shows no sign of slowing down
Nasty malware, hidden inside a phony ad that appeared on the Huffington Post web site, was exposed to thousands of users earlier this week. The Flash-based ad was delivered via Google’s Doubleclick advertising network. And this wasn’t even the largest malvertising exposure this week.
Google had better get to work on fixing this, or it will start eating into their primary revenue source.
45 security issues fixed in Chrome 42.0.2311.90
The latest version of Chrome includes fixes for forty-five security vulnerabilities. According to the announcement, version 42.0.2311.90 also has improvements in stability and performance.
Starting with this version of Chrome, the old NPAPI technology used for plugins (including Java and Silverlight) is disabled by default. If any of your Chrome plugins still use this technology, you’ll need to enable them when the browser warns you.
Google clamping down on malicious Chrome extensions
If you use Google’s web browser Chrome, and you’ve noticed that some extensions are causing problems, take heart. Google recently discovered that about 200 Chrome extensions are injecting ads in deceptive ways, often leading users to malware. These extensions have been killed by Google, and measures taken to prevent this type of abuse in the future. Note that Google doesn’t explicitly bar ad-injection extensions; however, such extensions are subject to certain limitations.
If you suspect that your installation of Chrome is running one or more of these rogue extensions, your best bet is to uninstall Chrome completely and reinstall it.
Update 2015Apr09: Google’s efforts to identify and remove problematic extensions are ongoing. More announcements of this type are expected. For example: the extension ‘Webpage Screenshot’ was found to be collecting user data inappropriately, and was also killed.
Chrome 41.0.2272.118 fixes four vulnerabilities
The latest version of Google’s web browser is 41.0.2272.118. Four security issues, including at least one (CVE-2015-1233) flagged as critical, were addressed in this version. At least one of the vulnerabilities (CVE-2015-1234) came to light during the recent Pwn2Own contest.
Chrome 41.0.2272.101 released
On March 19, Google announced version 41.0.2272.101 of its Chrome web browser. The announcement doesn’t describe any changes, and only says that a ‘partial list of changes is available in the log’. The log is derived from the Git version control system used by Google to manage Chrome’s source code. As such, it’s difficult to parse for significant changes. It appears that only minor changes were made in Chrome 41.0.2272.101.
Domain registration information leaked by Google
If you’ve registered domains using the Google Apps for Work service, there’s a good chance your registration (WHOIS) information is now available to unscrupulous persons.
Apparently a software defect in Google Apps started leaking the registration info (names, phone numbers, physical addresses, e-mail addresses, etc.) in mid-2013. The defect was recently discovered by a security researcher. Google acted quickly to stop the leaking, but for many, the damage has already been done.
If your information was leaked, you’ll likely start seeing an increase in spam to associated email addresses. The information may also be used in spear phishing attacks.
Note that while domain registration information is public, most domain registrars (including Google Apps) allow for this information to be hidden or only accessible indirectly. This likely encouraged many registrants to use accurate information, making the leak that much worse.
Chrome 41.0.2272.89 released
A new version of Chrome was announced by Google yesterday.
Unfortunately, the update announcement provides no information on what was changed and only points to the change log, which is not very useful for regular users.
Parsing the change log for version 41.0.2272.89 doesn’t reveal any changes worth noting. There don’t seem to be any security fixes.
Chrome 41.0.2272.76 fixes 51 security issues
A new version of Chrome was released on Tuesday. Version 41.0.2272.76 includes fixes for at least 51 security vulnerabilities, as well as a number of other fixes related to stability and performance.