The release notes for Vivaldi 1.1.453.59 aren’t exactly overflowing with information. The current version is only referenced in the page URL, while previous versions are listed below, in a series of rather confusingly-titled and somewhat redundant sections that all look like this:
Changelog since 1.1, the fourth release.
Parsing what information is available, I concluded that this version was released to fix one security vulnerability: [Security] Address bar spoofing using HTTP status code 204/205.
It’s a security update, so if Vivaldi is your browser of choice, you should navigate to Help > Check for Updates... on the Vivaldi menu.
50.0.2661.102 is the latest version of Chrome, and it includes fixes for five security issues, as well as about thirty other minor changes. See the full change log for details.
The Flash zero-day vulnerability we reported a couple of days ago has been fixed. Anyone who uses Flash in a web browser should make sure they’re running version 21.0.0.242.
As usual, Internet Explorer in Windows 8.1 and 10 will receive the new version via Windows Update, and Google Chrome will update itself automatically.
The latest version of Opera improves the recently-added ad blocking and video detaching features. The new version doesn’t seem to include any new security fixes. See the change log for additional details.
Maybe the Flash developers didn’t make the deadline for Patch Tuesday, so they felt left out. Anyway, according to a security advisory published today, Adobe is working on an emergency update for Flash, to address one specific vulnerability, CVE-2016-4117.
That vulnerability is so new, it doesn’t appear in the vulnerability databases. Adobe refers to it as critical, and indeed, exploits have already been observed in the wild (which makes this a good example of a zero-day vulnerability). Adobe expects to publish a new version of Flash that addresses this vulnerability as early as May 12.
Interestingly, the advisory states that the vulnerability exists in Adobe Flash Player 21.0.0.226 and earlier, while the most recent published versions are 21.0.0.213 and 21.0.0.216. Now I’m thinking that Adobe delayed the Flash update scheduled for Patch Tuesday (which presumably would have been version 21.0.0.226) to give them time to fix CVE-2016-4117.
This month, besides the usual pile ‘o patches from Microsoft, we have updates for Adobe Reader/Acrobat, but (big surprise) not for Flash.
There are sixteen Microsoft updates, addressing thirty-seven vulnerabilities in Windows, Internet Explorer, Office, Edge, and .NET. There’s also Microsoft Security Advisory 3155527. At least one of the vulnerabilities (CVE-2016-0189) is being actively exploited. This flaw could allow an attacker to execute malicious code if an unpatched computer visits a malicious or compromised web site.
The Adobe Reader update addresses over ninety vulnerabilities, which must set some kind of record. And not the good kind. If you use Reader in any context, you should update it to address these critical security issues.
A serious security vulnerability is addressed in the latest release of WordPress, version 4.5.2. Anyone who manages a WordPress site is strongly advised to update to the new version immediately, or – if auto-updates are enabled – at least log in and make sure that the update was actually installed.
The minimum Windows system requirement is Windows 7. Anyone using Opera on Windows XP or Vista will have to stick with earlier versions.
Opera now has a native (built-in) ad blocker.
Videos can now be popped out into their own window for viewing convenience.
The new version also includes a variety of bug fixes and performance improvements. You can see a list of all the changes on the official Opera 37 change log. Note: somewhat confusingly, that log shows changes in beta and developer versions going back to February 2016. Opera routinely makes major new versions available to developers and beta testers, and Opera 37 has been available in those forms for a few months.
I’m beginning to detect a weird kind of consistency to the way Mozilla assigns version numbers to Firefox.
If Mozilla staffers don’t want to formally announce a new version, they give it a minor revision number, like 46.0.1, which was released on Tuesday. If, on the other hand, Mozilla decides to announce a new version of Firefox, they give it a major revision number, like last week’s Firefox 46.0.
This sounds silly, but it seems to fit what we know. For example, despite the major difference in revision numbers between 46.0 and 46.0.1, both versions consist of a few bug fixes.
The release notes for Firefox 46.0.1 list six changes, all bug fixes for minor issues that aren’t particularly interesting. None of the fixes seem related to security.
Now that it’s officially released, Vivaldi is seeing frequent updates. The developers appear to be listening to user feedback and are fixing reported issues and enhancing functionality at a steady pace.
Another new version of Vivaldi was released earlier today: 1.1.453.52. This new version updates the Chromium browser engine, which includes several security fixes. Some Linux installation issues were resolved, and the developer tools improved.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13