boot13There’s another new version of Chrome. The announcement for version 45.0.2454.93 is again light on details, and the log lists several minor bug fixes. It doesn’t appear that this version addresses any security vulnerabilities.
Category Archives: Patches and updates
Opera 32 released
A new version of the Opera web browser was released earlier today. Version 32.0.1948.25 improves synchronization and security, and adds animated backgrounds. The bookmark tab now has a tree view, which makes it much more useful, in my opinion.
When Opera first switched from their proprietary browser engine software to the generic WebKit engine, I was concerned that Opera would become just another Chrome clone. It’s taken a while, but Opera is now well ahead of Chrome, in that it has several options for displaying a list of bookmarks in a sidebar. The included bookmark tab doesn’t appear on every page, but even if that’s a deal breaker, you can always enable the extensions sidebar and install a bookmark extension like Bookmarks by the Side.
After using the new Opera for a while this morning, I’m impressed by its speed. I’ll try using it as my main browser, and if I like it, it’ll be goodbye to Firefox, which has become bloated and unstable recently.
Update: I apparently missed the release of Opera 31 on August 4.
Patch Tuesday for September 2015
There’s another big crop of updates from Microsoft this month, including some fixes for Windows 10. Twelve updates were made available earlier today, and of those, five are flagged as Critical. Fifty-six separate vulnerabilities are addressed, affecting all supported versions of Windows, Microsoft Office, and SharePoint.
Adobe announced a new version of Shockwave Player today as well. Version 12.2.0.162 addresses two security vulnerabilities.
Chrome 45.0.2454.85 fixes 29 security bugs
The newest version of Chrome is 45.0.2454.85. At least 29 security vulnerabilities were fixed in this release, and there are hints of bigger changes to come in later releases of version 45 in the associated announcement.
The change log for this version is enormous. The first reader who wants to risk a migraine to review the whole thing, and reports back to me everything that changed in this version, will win a six-pack of their favourite beer (offer expires with the next release of Chrome).
Update 2015Sep04: We now have at least a partial answer to the question. Yesterday Google published a post on the Chrome blog that explains some of the changes in Chrome 45. It’s all about performance. If you have Chrome configured to load open pages from its last session, it will now start more quickly. Chrome will now use idle time to free up memory it’s no longer using. And the expected change that prevents Flash content from auto-playing is now in effect.
Security roundup for August 2015
Last month in security and privacy news…
A weakness was discovered in the open BitTorrent protocol, rendering torrent software vulnerable to being used to initiate DDoS attacks. The BitTorrent protocol flaw was quickly updated, and patches for affected software were developed and distributed.
Malvertising continued to spread, most recently affecting popular sites like weather.com, drudgereport.com, wunderground.com, and eBay. Anyone visiting those sites with an unpatched browser may have inadvertently caused their computer to be compromised. Needless to say, the malicious ads were built with Flash.
It was a bad month for Android, as one of the updates released by Google that were intended to fix the Stagefright flaw turned out to be faulty, leaving some devices still vulnerable, and forcing Google back to the drawing board. Security researchers also discovered a flaw in Android’s Admin program that allows apps to break out of the security ‘sandbox’ and access data that should be inaccessible. Two flaws in fingerprint handling were also found in many Android devices, leaving both stored fingerprints and the fingerprint scanner itself vulnerable. And finally, new research exposed the predictability of Android lock patterns, making this particular form of security much less effective.
Lenovo’s hapless blundering continued, with the discovery that many of their PCs were using a little-known BIOS technology to ensure that their flawed, insecure crapware gets installed even when the operating system is reinstalled from scratch. Will these bozos ever learn?
Jeff Atwood reported on a new danger: compromised routers. If an attacker gains control of your router, there’s almost no limit to the damage they can inflict. Worse, there are no tools for detecting infected routers. If your router is compromised, no amount of malware scanning on your network’s computers will help. You’re vulnerable until you realize that the router is the problem and replace it or re-flash its firmware.
Mozilla offered more details on planned changes to Firefox that are expected to improve the browser’s security, stability, and performance. These changes are likely to benefit Firefox users, but will come at a cost: many existing browser add-ons will become obsolete. Add-on developers will be forced to make big changes or retire their software. Certain types of add-ons may not even be possible with the changes Mozilla plans.
In privacy news, the Electronic Freedom Foundation (EFF) released version 1.0 of Privacy Badger, a Chrome and Firefox add-on that blocks tracking mechanisms used on the web. The add-on initially doesn’t block anything, but learns as you browse, detecting cookies that are used on more than one site and blocking them.
And in other EFF news, a new malware campaign uses spearphishing techniques to get targets to visit what is supposed to be an EFF web site but is in fact a source of virulent malware.
Google announced upcoming changes to Chrome that will prevent extension developers from using deceptive practices to trick users into installing their software. Specifically, the ‘inline installation’ process will no longer work for extensions that are associated with these deceptive techniques. This is a good example of a software maker (Google) backing away from a feature that improved usability at the cost of security.
Google also firmed up plans to prevent most Flash media from being displayed by default in Chrome. Flash media won’t be blocked, but users will be required to click on each embedded video before it will play. Google’s official reason for doing this is to improve Chrome’s performance, but the change should reduce the spread of malvertising as well. Of course, Google’s own advertising network still allows Flash-based ads, and those ads will still auto-play. Google’s advice to advertisers is to switch from Flash-based ads to HTML5-based ads, or move to Google’s ad network.
And finally, Ars Technica posted a useful overview and instructions for encrypting your desktop, laptop and mobile devices. Be warned, total device encryption is not for the faint-hearted and comes with certain risks. For example, if you forget to tell your IT person that your hard drive is encrypted and they try to recover your computer from a failure, you may lose everything, even if your data is backed up.
Barely-documented updates for Windows 10
Anyone running the release version of Windows 10 (build 10240) may have noticed a few updates being installed in the last day or two. Clearly Microsoft is moving ahead with its plans to eschew the monthly Patch Tuesday update cycle for Windows 10. Unfortunately, there’s also not much information available about these updates.
Here’s what Microsoft is giving us:
- KB3081449 – OOBE Update for Windows 10
- KB3081452 – compatibility update for upgrading to Windows 10
- KB3081448 – Cumulative Update for Windows 10
As you can see, these Knowledge Base articles are rather light on details. So that’s how it’s going to be, Microsoft?
WinBeta has a bit more information.
Firefox 40.0.3 released
There’s another new version of Firefox. Version 40.0.3 was released yesterday, with the usual total lack of a proper announcement. The release notes make it clear that this is a minor bug fix release, although at least two security vulnerabilities were also fixed.
Security updates for QuickTime on Windows 7 and Vista
I don’t usually post about Apple software, but the QuickTime Player is installed on many Windows computers, so it falls into a kind of grey area.
Apple recently released an update for QuickTime to address at least nine vulnerabilities it exposes on Windows 7 and Vista computers. Anyone who uses QuickTime on Windows 7 or Vista should install the new version of QuickTime as soon as possible.
I no longer have QuickTime installed on my main computer. Downloaded QuickTime media files play in a combination of VLC and Windows Media Player. There’s no QuickTime player plugin in my my main web browser, either, but I don’t really mind not being able to see QuickTime media embedded in web pages. If I really need to see that content, I can always download it.
If you’re not sure whether you have QuickTime installed, or want to find out how QuickTime media is played on your computer, you can try playing these QuickTime sample media files.
Chrome 44.0.2403.157 released
The latest version of Google’s web browser is 44.0.2403.157. The announcement is again light on details, but the change log shows that this version fixes a few minor bugs, some related to Windows 10. It doesn’t look like there are any fixes for security vulnerabilities.
Shockwave 12.1.9.160 released
There’s a new version of Adobe’s Shockwave Player. It’s not clear when the new version appeared, since there was no official announcement. There’s nothing at all on the release notes page, other than the fact that the most recent version of Shockwave is 12.1.9.160.
You can download the new version from the main Shockwave page, which also shows the most recent version as 12.1.9.160. You can check what version of Shockwave is installed (if any) on your computer at the Shockwave Help page.