Browsers

Chrome 20 closes 23 security holes

Published: June 27, 2012 Reading time: 1 min

Google has closed a total of 23 vulnerabilities with the release of Chrome 20. Of those vulnerabilities, 14 are rated critical, enabling attackers to execute code in the browser’s sandbox, among other things. Integer overflow vulnerabilities in the code for processing PDF files and Matroska containers (.mkv) have also been fixed. Chrome 20 also includes the latest version of Adobe’s Flash Player on Linux, using the new cross-platform Pepper API. In testing at The H, it was confirmed that the Flash Player support also works on 64-bit Linux systems. ...

Continue Reading

Opera 12 has been released

Published: June 14, 2012 Reading time: 2 min

Norwegian company Opera Software has released Opera 12.00 just a few minutes ago. Opera users who start the browser on their system should see update notifications displayed to them in the next couple of hours. Those who do not want to wait that long can run a manual check for updates with a click on Opera > Help > Check for Updates. The update should then be picked up by the browser and downloaded automatically to the local system. ...

Continue Reading

Firefox 13 Final is available for download [Link]

Published: June 3, 2012 Reading time: 1 min

Mozilla Firefox 13 is available for download on Mozilla FTP servers. Visual changes in this version is flatten buttons in toolbar, smooth scroll enabled by default, New Home Screen and a new look for New Tab page. Download: Firefox Setup 13.0.exe [Mirror] MD5: 89bc2ab1a1fa1e2d989d1c551f2a6ddf Size: 15.8MB

Continue Reading

Facebook and Opera: Facebook Browser Is Imminent

Published: May 27, 2012 Reading time: 2 min

Mashable: Are you ready for a Facebook browser that integrates the social networking behemoth into your online life more than ever? That’s exactly what could be on the way soon, according to one report. A Friday Pocket-lint report cites a “trusted source” that Facebook wants to buy Opera Software — manufacturers of the Opera web browser, which claims more than 200 million users worldwide. The Facebook browser would include default menu bar plugins, further permeating Facebook into users’ general web experience, according to the report. ...

Continue Reading

Google releases security update for Chrome 19

Published: May 25, 2012 Reading time: 2 min

H-Online: Google has announced an update to the stable version of Chrome, which brings the browser version to 19.0.1084.52 on Windows, Mac OS X and Linux. The update is a pure security update that does not include any new features – it closes nine vulnerabilities with a Common Vulnerability Scoring System (CVSS) rating of “High” and fixes two problems labelled “Critical” as well as two “Medium” level issues. Many of the vulnerabilities are due to bugs in Chrome’s memory handling, such as out-of-bounds reads and use-after-free conditions, and Google points out that several of them were detected with their AddressSanitizer tool. Other bugs were fixed in Chrome’s PDF handling code and its V8 JavaScript rendering engine. ...

Continue Reading

Chrome 19 released with tab syncing

Published: May 17, 2012 Reading time: 3 min

The H-Online: Google has announced that Chrome 19 is the new stable version of its open source based web browser. As usual, the browser sees a number of security fixes: this time there are seven high-severity fixes specifically for Chrome including various use-after-free and out-of-bounds errors. Two fixes with a wider impact than Chrome are also mentioned – a workaround for a Linux NVIDIA driver bug and an “off-by-one out-of-bounds” write in libxml. In all, $7500 was paid out in rewards to security researchers, and Google notes it has also paid out $9000 to researchers to stamp out bugs before they reached its stable channel. ...

Continue Reading

Chrome 18 update closes high-risk security holes

Published: May 1, 2012 Reading time: 1 min

The H-Online: Google has released a new update to the stable 18.x branch of its Chrome web browser to close a number of security holes found in the application. The update, labelled 18.0.1025.168, addresses a total of five vulnerabilities, three of which are rated as “high severity” by the company. These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer. As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of “miaubiz”, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. Two medium risk problems related to IPC validation and a race condition in sandbox IPC have also been corrected. ...

Continue Reading

Mozilla to auto-upgrade Firefox 3.6 users to version 12

Published: April 30, 2012 Reading time: 2 min

H-Online: Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread. According to Keybl, Firefox 3.6.x users with updates enabled should start being upgraded in early May – the specific date has yet to be confirmed. The 3.6.x branch of Firefox, the first release of which arrived in January 2010, reached its end of life last week on 24 April; the last update to the 3.6 series was version 3.6.28 from early March. ...

Continue Reading

Security improvements in Opera 12 beta

Published: April 26, 2012 Reading time: 2 min

The H-Online: A beta of version 12 of the Opera web browser has been released with privacy and security-focused improvements. Code-named “Wahoo”, the Opera 12.00 beta now runs plugins out-of-process and includes optimizations for better SSL handling. Running plugins in their own process not only improves the smoothness and stability of the browser but can limit the damage some plugin exploits can do. Privacy is enhanced with support for the “Do Not Track” (DNT) header, which is used to tell web sites that the browser user wishes to opt-out of online behavioral tracking. ...

Continue Reading

Google Chrome fixes seven high-risk vulnerabilities

Published: April 6, 2012 Reading time: 2 min

The H-Online: Google has announced updates to the Stable and Beta channels of their Chrome browser, fixing several bugs and twelve security vulnerabilities. Seven of the twelve security fixes were classed as high-risk problems and Google paid a total of $6000 to the researchers who discovered the bugs. The update also includes a new version of the bundled Flash Player. Adobe have revised the Flash Player advisory from the end of March to include fixes for a Chrome/Flash only pair of memory corruption issues listed as CVE-2012-0724 and CVE-2012-0725. Given that these issues only affect Chrome and Chrome manages its own update, it is unlikely that Adobe will be reissuing or updating the advisory or patches for other browsers and platforms. ...

Continue Reading