There are about twenty changes in Chrome 64.0.3282.140. One of the changes is a fix for a security issue, and the rest are minor tweaks and other bug fixes.
As usual, the release announcement says that the new version “will roll out over the coming days/weeks”. Since this release includes a security fix, it’s a good idea to check what version you’re running by navigating to the About Chrome page ( > Help > About Google Chrome).
On February 1, Adobe published a security advisory about a critical vulnerability (CVE-2018-4878) in Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of an affected system.
An exploit for CVE-2018-4878 already exists, and is being used in targeted attacks against Windows users. So far, attacks based on this vulnerability have been delivered via Office documents with malicious Flash content as email attachments.
Adobe plans to address this vulnerability next week. Meanwhile, use extreme caution when deciding whether to open email attachments, especially if they appear to be Office documents.
Flash is gradually disappearing from use, but it’s still used enough to make it a tempting target for malicious hackers.
Vivaldi 1.14 includes improvements for several existing features: vertical reading for Reader Mode, Markdown support in Notes, rearrangeable panels, and re-orderable search engines. Several dozen bugs are also addressed in the new version. There are no new security fixes in Vivaldi 1.14.
Somewhere along the line — possibly in this release — Vivaldi’s weird bookmark editor (the one in the bookmark sidebar) was finally made usable. It’s still weird, but at least now it works in a way that makes sense.
If you were diligent and installed firmware updates on your Windows computers, you should install the new Microsoft updates as soon as possible. Of course doing that will leave your computer exposed to Spectre V2. There’s no solution, other than to be vigilant and extremely careful about visiting shady web sites, installing downloaded software, and clicking links in email.
I guess I’m lucky that no firmware updates are even available for my computers. If they were available and I had installed them, I might be suffering random reboots and even data loss.
Black-hat hackers who are working on malware that exploits the Spectre and Meltdown vulnerabilities are no doubt enjoying this mess, and I have no doubt that we’ll start seeing real-world examples of their handiwork before long.
The latest version of Chrome is 64.0.3282.119. The new version, released earlier this week, fixes fifty-three security issues, and includes additional mitigations for the Spectre/Meltdown vulnerabilities.
The full change log lists ten thousand changes in the new version. There might be some interesting stuff in there, but I’m going to assume that if there was anything worth pointing out, Google would have done that in the release announcement.
Earlier this week Mozilla released Firefox 58.0. The new version makes significant improvements its graphics engine and Javascript handling, which should translate into faster page rendering, especially on sites that use a lot of Javascript. Mozilla says we can expect further performance improvements in Firefox in the coming weeks.
Note that Firefox 58.0 user profiles are not compatible with earlier versions of Firefox, so if you don’t like 58.0 and decide to downgrade, you’ll have to create a new profile.
The latest version of Opera contains changes meant to mitigate the Spectre and Meltdown CPU vulnerabilities. Effectively, it’s now more difficult to exploit the vulnerabilities using Javascript running in Opera. Similar changes have already been made in the other major browsers.
A Vivaldi update described as ‘minor’ includes mitigations for the Spectre and Meltdown vulnerabilities. The changes are intended to make exploiting Spectre and Meltdown much more difficult in the context of Vivaldi itself. Other browser makers have released — or are working on — similar updates.
Released as part of Oracle’s January 2018 Critical Patch Update, Java 8 Update 161 fixes twenty-one security vulnerabilities in previous versions.
You’re much less likely to be affected by Java vulnerabilities these days, as most web browsers no longer support Java. The only mainstream browser that still runs Java code is Internet Explorer. If you use Internet Explorer with Java enabled, you should update Java as soon as possible, via the Java Control Panel applet, or by visiting the official Java download page.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.