Two security vulnerabilities, one of which has a High risk rating, are addressed in Chrome 63.0.3239.108. The log lists a few additional changes, none of which are particularly interesting.
There’s no easy way to disable automatic updates in Chrome. Generally, if there’s an update available, it will find its way to your computer within a few days via Google’s Update Service.
You can usually trigger an update by navigating to the About Chrome page (
> Help > About Google Chrome).
Opera just updated itself on my main computer, and now I’m running version 49.0.2725.47, which Opera itself says is the latest version. Which is odd, because the change log for Opera 49 shows the most recent set of changes is for version 49.0.2725.56.
Version confusion aside, the changes listed for Opera 49.0.2725.56 appear to be minor bug fixes. Which is weird, because the new version announcement mainly talks about improvements to Opera’s built-in VPN (Virtual Private Network) feature. The updated VPN service is apparently faster and better; it’s also now hosted on Opera’s own servers instead of SurfEasy’s.
If you use Opera’s built-in VPN, version 49.0.2725.56 may be worth exploring. Otherwise it’s unlikely to be of much interest.
Vivaldi’s new version announcements seem to be getting worse. Version 1.13.1008.36 was released a few days ago as another ‘Minor update to Vivaldi 1.13’, but details are scant: the new version number is never actually mentioned, and there’s no reference to any release notes.
The announcement does at least provide a brief list of the new version’s changes, which consist of a few bug fixes and an update to the Chromium engine that includes security fixes.
Given that there are security fixes in this release, Vivaldi users should probably upgrade as soon as possible. You can do that by clicking the browser’s ‘V’ menu at the top left, then Help > Check for Updates.
It wasn’t Russia, or China, or any other nation-state. The motive wasn’t political. The IoT-based Mirai botnet was created by three young American men as a tool for crippling Minecraft servers and related services.
Of course, once Mirai’s authors realized the unprecedented power of their creation, they started using it for other things: as a tool for gaining customers for an anti-DDoS service; to kick Brian Krebs’ web site off the Internet as revenge for outing the authors of vDOS; and later as a lucrative click fraud engine.
Last week, in a courtroom in Alaska, Mirai’s creators all pleaded guilty to charges related to Mirai, including conspiracy to violate the Computer Fraud and Abuse Act (CFAA). FBI agents had tracked the botnet’s activities to the trio.
While I’m happy that these assholes have been caught, and are likely to spend significant time behind bars, Mirai is a sobering reminder of the fragility of the Internet. The earliest version of the Internet was ARPANET, which was literally designed to withstand nuclear attack. But even nukes can’t compare with the power of smart, young people with plenty of spare time. Not long after the Internet was born, a college student named Robert Morris brought the nascent network to its knees with a simple software worm.
Meanwhile, because the Mirai authors shared the botnet’s source code (in a futile attempt to confuse investigators), Mirai clones are popping up regularly, and doing a lot of damage.
Still, it’s encouraging to see that the FBI and other agencies are getting better at tracking the perpetrators of these malicious schemes. Other recent arrests include the person behind an attack on Deutsche Telekom that used a Mirai variant; and the operator of the Kelihos botnet. Hopefully these arrests will provide a sufficient deterrent for those similarly inclined.
Adobe released a new version of Flash to coincide with yesterday’s Microsoft updates. Flash 28.0.0.126 fixes a few minor issues and one security vulnerability.
As usual, Chrome will update itself with the latest Flash, and Microsoft browsers will receive updates via Windows Update.
If you still use Flash, and in particular if you use a web browser that is configured to play Flash content, you should install the new version as soon as possible. Better still, stop using Flash altogether. Flash is being phased out in some browsers, including Firefox. Many web sites that formerly used Flash have switched to HTML5.
Today, Microsoft published twenty-four updates, addressing thirty-three vulnerabilities in Flash player (for Microsoft browsers), Office, Internet Explorer, Edge, and Windows.
As usual, Microsoft’s announcement is little more than a pointer to the Security Update Guide (SUG). If you’re looking for details about any of these updates, that’s your only official option. The SUG’s user interface is somewhat headache-inducing, but there’s useful information to be had there.
Windows 10 gets these updates whether you want them or not; Windows 7 and 8.1 can be configured for automatic or manual updates. I personally don’t like the idea of updates being installed on my computers at Microsoft’s whim, so I’m sticking with manual updates. And avoiding Windows 10 completely. And gradually switching to Linux.
According to the release notes, Firefox 57.0.2 fixes two bugs, neither of which is related to security. And yet there’s also a security advisory for Firefox 57.0.2, which lists two vulnerabilities fixed in the new version.
In the past, Mozilla linked to relevant security advisories on Firefox release notes pages, so presumably someone simply forgot. Fixes for security bugs are a lot more important than fixes for obscure non-security-related bugs, so hopefully this isn’t the new normal for Firefox release notes.
Since this update includes security fixes, it’s a good idea to make sure your Firefox installation is up to date. You can do that by clicking its menu button at the top right (three horizontal lines, sometimes referred to as a ‘hamburger’ button), then choosing Help > About.
The change log for Chrome 63.0.3239.84 has ten thousand entries. I’d like to read it, and I might even find something interesting buried there, but instead I’ll assume Google would point out any notable changes in the release notes.
Alas, while the release notes do point out that the new Chrome includes fixes for thirty-seven security vulnerabilities, none of the other changes are discussed. In a way I suppose that’s a good thing: as long as Google isn’t making large changes or adding new features, while they continue to fix vulnerabilities and other bugs, the outcome is almost always going to be a better browser.
Chrome typically updates itself within a few hours or days of a new release, although in the release notes, Google says “This will roll out over the coming days/weeks.” Given the number of security fixes in this version, it’s a good idea to check the version you’re running, and hopefully trigger an update, by clicking Chrome’s menu button (three vertical dots at the top right), then choosing Help > About Google Chrome.
It’s been two weeks since the release of Firefox 57, the first version of a new generation for the browser dubbed Quantum, and it’s clearly faster, cleaner, and lighter than its predecessors.
Firefox 57.0.1, released on November 29, addresses a few minor problems in 57.0. The release notes mention security fixes, but the linked Security Advisories page shows fixes that were already in Firefox 57.0. So there’s no particular urgency about this update, unless you’re affected by one of the issues the new version fixes.
A new version of alternative web browser Vivaldi improves window and tab handling, and includes a new window management sidebar panel. Download management is also improved: downloads can now be resumed after interruption. Bookmark handling is slightly improved, although in my opinion there’s still more work to be done in that area.
A variety of bugs were fixed in Vivaldi 1.13 as well. This Vivaldi blog post lists all the significant changes in Vivaldi 1.13.
Vivaldi remains an excellent alternative to the more popular browsers. Although it has some quirks, it also has features not found in other browsers, such as tab stacking. If you’re looking for a different browser, Vivaldi is worth checking out.
boot13