Category Archives: Google

Chrome 67.0.3396.79 fixes a single security bug

The latest version of Chrome includes a fix for a single security vulnerability with High severity.

The change log for Chrome 67.0.3396.79 includes a few dozen changes, but none that Google considered worth highlighting in the release announcement, aside from the single vulnerability.

To check your Chrome version, click the vertical-ellipses icon at the top right of its window, then select Help > About Google Chrome. If an update is available, it will usually start downloading automatically.

Chrome 67.0.3396.62: security fixes

Yesterday’s release of Google Chrome brings its current version number to 67.0.3396.62. The new version is mostly about security fixes: there are thirty-four in all, none of which are flagged with Critical severity.

The change log for Chrome 67.0.3396.62 is a monster, listing 10855 changes in all. Don’t try viewing that page with an older computer or browser.

Google hasn’t seen fit to highlight any of the changes in Chrome 67.0.3396.62 in the release announcement, other than mentioning that Site Isolation may or may not be enabled. Site Isolation is a new security feature that’s being rolled out in stages.

As usual, the new Chrome version “will roll out over the coming days/weeks.” If that’s too vague for you (it is for me), an update can usually be triggered by navigating Chrome’s menu (the vertical ellipses icon at the top right) to Help > About Google Chrome.

More CPU flaws discovered

Microsoft and Google just announced a new CPU speculative execution flaw that’s similar to Spectre and Meltdown: Speculative Store Bypass.

As with Spectre and Meltdown, almost all CPU chips made in the last ten years are affected by this issue.

The Verge: Google and Microsoft disclose new CPU flaw, and the fix can slow machines down.

Bruce Schneier thinks there are more speculative execution flaws coming. And he’s probably right.

Spectre update

Intel has decided not to produce Spectre microcode updates for some of the oldest of their affected CPUs, leaving most Core 2 chips without any hope of a Spectre fix. As for first generation CPUs, some will get updates, and some will not. Microcode updates for all CPUs from generation 2 through generation 8 have already been released.

Not sure whether your computer is affected by Spectre? If you’re running Windows, Gibson Research’s free InSpectre tool will tell you what you need to know. Looking for a Spectre BIOS update for your computer? PCWorld’s guide is a good starting point.

Intel has produced new microcode for most Spectre-affected CPUs, but some manufacturers have yet to provide corresponding BIOS updates for all affected motherboards. They may have decided not to bother developing updates for older motherboards. That’s a potential problem for millions of computers running older CPUs that are new enough to be vulnerable to Spectre. If the manufacturer hasn’t released a BIOS update with Spectre fixes for your motherboard, consider contacting them to find out when that’s going to happen.

Update 2018May24: I contacted Asus about a particular desktop PC I happen to own, and was told that “details on whether or not there will be a Spectre BIOS update for the <model> is [sic] currently not available.” That doesn’t sound very encouraging. It feels like they’re waiting to see how many complaints they get before committing resources to developing patches.

Chrome 66.0.3359.170

The latest version of Chrome fixes four security bugs. The Chrome 66.0.3359.170 release notes and change log have additional details.

Check your version of Chrome by clicking that three-dot (vertical ellipses?) icon at the top right, and selecting Help > About Google Chrome from the menu.

Of course, while keeping Chrome up to date is a good way to protect yourself from browser-based malware, you should also be careful when using extensions. Even Google-approved extensions obtained from the Chrome Web Store may contain malware. Recently, as many as 100,000 computers running Chrome were infected with malware hidden in seven different extensions from the Chrome Web Store.

Chrome 66.0.3359.139

Say what you will about Google, they do a great job of fixing security issues in their flagship browser software, Chrome.

Google recently released Chrome 66.0.3359.139, which includes fixes for three security vulnerabilities. The complete list of changes can be found in the change log.

As usual, Google says the new version “will roll out over the coming days/weeks”. Unless you’ve disabled all of Google’s automatic updating mechanisms, Chrome will update itself, but it’s difficult to predict exactly when that will happen. However, you can usually trigger an update by running Chrome, clicking its menu button (the three dot icon at the top right), and selecting Help > About Google Chrome.

Latest Google rug-pulling is a victory for censorship

Normally when Google cancels a service, it’s annoying and baffling, but we grumble and find an alternative. Google’s latest rug-pull is much worse: it effectively hands a massive win to those who wish to prevent access to things they don’t like.

Until the feature was disabled recently by Google, it was possible to use Google’s App Engine to make web sites and other online resources available to users who would normally be blocked due to state- and corporate-sponsored censorship. The method used was referred to as domain fronting.

Google says they never meant for domain fronting to be possible with App Engine, but they also allowed it to happen for years, without any indication that it was a problem or would be stopped. So people started to rely on the service to get around censorship.

There’s a lot of hate directed towards Google these days, and a lot of it is misguided. From my perspective, enticing users with new services, only to kill those services once they are widely used, is their most infuriating habit.

Chrome 66.0.3359.117 released

The latest version of Google Chrome includes sixty-two security fixes, and a limited trial of a new feature called Site Isolation that should help to reduce the risk from Spectre-related vulnerabilities.

The change log for Chrome 66.0.3359.117 is another whopper, listing over ten thousand changes in total.

Check your version of Chrome by clicking the three-vertical-dots menu button at the top right, and selecting Help > About Google Chrome. Doing that will usually trigger an update if one is pending.

Chrome 64.0.3282.167

A single security bug was fixed in Chrome 64.0.3282.167, released by Google on February 13.

The new version will find its way to your desktop automatically, unless you’re diligent about killing Google’s pesky auto-update processes. If that describes you, or you just don’t want to wait, you can usually encourage Chrome to update itself by navigating to > Help > About Google Chrome.

There’s additional information in the full change log for Chrome 64.0.3282.167.