msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

10 May 12 Apple patches Safari, blocks outdated Flash Player


Computerworld -

Apple on Wednesday patched four security vulnerabilities in Safari and blocked outdated versions of Adobe’s Flash Player from running in its browser.

The Flash blocking move was similar to one Apple made last month when it stopped the Java plug-in from launching automatically.

Safari 5.1.7, which runs on OS X 10.6 and 10.7 — Snow Leopard and Lion, respectively — as well as on Windows XP, Vista and Windows 7, was released alongside another update for Lion that included a slightly-older version of the browser. Lion users must download and install both updates to push Safari to version 5.1.7.

The four security flaws fixed were the same ones patched Tuesday in iOS 5.1.1 for the iPhone, iPad and iPod Touch. All were labeled as bugs in WebKit, the open-source rendering engine that powers Safari as well as Google’s Chrome.

In fact, one of the vulnerabilities was first revealed by a researcher at the “Pwnium” hacking contest Google hosted last March. The researcher, Sergey Glazunov, was awarded $60,000 for pairing the flaw with another bug to bring down Chrome.

Glazunov was credited by Apple with reporting a second WebKit vulnerability, while another was attributed to a pair of engineers on the Chrome security team.

Along with the four patches, Apple also yanked Adobe’s Flash Player from Safari if the plug-in was older than version 10.1.102.64, which released in November 2010. Since then, Adobe has shipped Flash Player 11 for the Mac. It has also continued to maintain the older version 10, which now stands at version 10.3.183.19.

“This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory,” Apple’s advisory stated Wednesday. “This update presents the option to install an updated version of Flash Player from the Adobe website.”

Apple stopped bundling Flash Player with OS X in the fall of 2010, but users have been free to download and install the plug-in on their own. Microsoft last distributed Flash with the nearly-11-year-old Windows XP. Neither Windows Vista or Windows 7 included a preinstalled version of Adobe’s software.

Blocking Flash was the second such move by Apple in a month: On April 12, the company issued an OS X update that disabled automatic execution of Java applets by the Java browser plug-in. Apple took the step because of Flashback, a malware family that used a Java vulnerability to infect hundreds of thousands of Macs in a spree that still continues.

“As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days,” Apple said at the time.

Java Web Start is an Oracle technology that lets users single-click launch a Java app from within a browser without first downloading the app to the machine.

And Apple wasn’t the only browser maker to recently block Adobe software. On Friday, Mozilla added the Adobe Reader plug-in to its Firefox blocklist, citing compatibility problems that resulted in blank pages appearing when users clicked on a link to a PDF document.

Mozilla maintains a blocklist for extensions or plug-ins that cause significant security or performance issues in Firefox. The browser automatically queries the blocklist and notifies users before disabling the targeted plug-in.

According to Mozilla, it’s working with Adobe on a fix to Reader but will keep the plug-in on its blocklist until one is available.

Safari 5.1.7 can be downloaded from Apple’s website. Mac users will be notified of the new version automatically by OS X’s Software Update, while Windows users already running Safari will be alerted by a separate tool bundled with the browser.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

  • Apple patches Safari, blocks outdated Flash Player
  • Is Apple’s OS X Mountain Lion on early-release track?
  • Half of all Macs will lack access to security updates by summer
  • Flashback gang could be making $10K a day off infected Macs
  • Snow Leopard users most prone to Flashback infection
  • Does the iPad cannibalize Apple’s laptops?
  • New iPad owners pay big ‘halo’ dividends for Apple
  • Why is Apple CEO slamming laptop/tablet hybrids?
  • Macs contribute record-low 13% to Apple’s revenue
  • Update: Apple’s WWDC sells out in 2 hours

More in Apple Update

Read more about Mac OS in Computerworld’s Mac OS Topic Center.

Article source: http://www.computerworld.com/s/article/9227038/Apple_patches_Safari_blocks_outdated_Flash_Player

Tags: , , , , ,

10 Apr 12 Google Chrome 18 Fixes Flash and Canvas2D


Among the “big fix” items in the new Chrome 18.0.1025.151 release is a Flash player security update, that only Google Chrome is receiving. Google Chrome is the only browser that directly integrates Adobe Flash.

“The Chrome update includes fixes to two memory corruption vulnerabilities that were specific to Adobe Flash Player integrated with Google Chrome,” Wiebke Lips, Senior Manager of Corporate Communications at Adobe, told eSecurityPlanet. “In other words, these vulnerabilities do not impact Flash Player for any other browser or platform.”

The Flash player flaws were additional vulnerabilities that were initially fixed in an Adobe Flash Player 11.2.202.228 update issued at the end of March. That update ushered in silent updates for Windows users of Flash Player on Firefox and Internet Explorer. Google’s Chrome browser has provided silent updates for the integrated browser and flash solution since its initial release.

While security is always a top concern in Google Chrome updates, so too are bug fixes. In Chrome 18.0.1025.151, Google is fixing a Canvas 2D drawing bug related to GPU acceleration. Canvas 2D is an HTML5 element that enables interactive content to run in a browser. As part of the initial Chrome 18 release, Google debuted GPU hardware based acceleration for Canvas 2D in an effort to enable more complex and detailed HTML5 games on Chrome.

Read the full story at eSecurityPlanet:
Google Patches Chrome 18 for Flash Flaws

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

Article source: http://www.internetnews.com/security/google-chrome-18-fixes-flash-and-canvas2d.html

Tags: , , , , ,

08 Apr 12 Google Chrome update fixes 12 security bugs


Google has updated its Chrome Web browser and fixed 12 security vulnerabilities, several of which could be exploited to gain unauthorized access to your system.

Released April 5, Chrome version 18.0.125.151 addresses seven high-risk, user-after-free bugs that could permit an attacker to run arbitrary code on infected computers. In accordance with its bug bounty hunting program, Google paid researchers $6,000 for reporting the bugs, Dennis Fisher from Kaspersky Lab reported.

This is Google’s second Chrome update in about a week; on March 29, the company released Chrome 18.0.1025.142, which tackled nine security glitches and included the newest version of Adobe Flash Player. The new Chrome, released today, contains another, updated Flash Player, Fisher said.

Chrome should install itself automatically, but if you want to see if you’re using the most up-to-date version, click on the wrench icon in the top right corner of our browser, and then select “About Google Chrome.” If your browser hasn’t yet updated itself, an “Update Now” tab will prompt you to do so.

© 2012 SecurityNewsDaily. All rights reserved

Article source: http://www.msnbc.msn.com/id/46976509/ns/technology_and_science-security/

Tags: , , , , ,

07 Apr 12 Google Chrome update fixes 12 security bugs


Google has updated its Chrome Web browser and fixed 12 security vulnerabilities, several of which could be exploited to gain unauthorized access to your system.

Released April 5, Chrome version 18.0.125.151 addresses seven high-risk, user-after-free bugs that could permit an attacker to run arbitrary code on infected computers. In accordance with its bug bounty hunting program, Google paid researchers $6,000 for reporting the bugs, Dennis Fisher from Kaspersky Lab reported.

This is Google’s second Chrome update in about a week; on March 29, the company released Chrome 18.0.1025.142, which tackled nine security glitches and included the newest version of Adobe Flash Player. The new Chrome, released today, contains another, updated Flash Player, Fisher said.

Chrome should install itself automatically, but if you want to see if you’re using the most up-to-date version, click on the wrench icon in the top right corner of our browser, and then select “About Google Chrome.” If your browser hasn’t yet updated itself, an “Update Now” tab will prompt you to do so.

© 2012 SecurityNewsDaily. All rights reserved

Article source: http://www.msnbc.msn.com/id/46976509/ns/technology_and_science-security/

Tags: , , , , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

06 Apr 12 Google patches 12 Chrome vulnerabilities


Google patches 12 Chrome vulnerabilities

PanARMENIAN.Net – Google on Thursday, April 5, patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser, InfoWorld reports.

Most of the vulnerabilities – eight of the dozen – were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

Google has paid more than $216,000 in bug bounties this year.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM’s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6 percent of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3 percent since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Article source: http://www.panarmenian.net/eng/news/101965/

Tags: , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

31 Mar 12 Google Chrome 18 has its fair share of fixes


Google has just rolled out their latest version of the Chrome Web browser, bumping up the version number to 18. Of course, since this is the latest version of the extremely popular Web browser, you can be sure that there will be plenty of fixes introduced to the final release, giving you an extremely pleasant user experience. It seems that up to 9 security glitches were fixed and included in the updated Adobe Flash Player, delivering the capability for the software to update itself automatically. “Silent updates“, we call those. Out of the 9 bugs which were addressed in Chrome version 18, three of them have been rated as high-priority, which means an attacker brilliant enough is capable of exploiting those flaws in order to gain control of a particular infected system. Good money fixes such holes, as Google actually forked out $12,000 to independent researchers in order to identify and report such bugs. Have you updated to Chrome 18.0.1025.142 yet? Perhaps you might want to do so, where it will also come with the latest version of Adobe Flash Player.

Related articles:
Better graphics on Chrome
Google Chrome for Windows 8 Metro UI also in development
Google Chrome browser exploited, hacker gets $60,000 reward

Seen at: msnbc.msn  
Add a Comment nbsp

chrome 

Article source: http://www.ubergizmo.com/2012/03/google-chrome-18-has-its-fair-share-of-fixes/

Tags: , ,

30 Mar 12 Google Chrome 18 released with nine security fixes


Google has released Chrome 18 to its Stable channel complete with several new features and fixes for nine security vulnerabilities.

Officially named version18.0.1025.142, the new version of Google’s open source browser offers improved graphics performance on both new and older hardware as well as closing numerous security holes, including three high-severity ones.

“Today’s web brings beautiful, rich experiences right into your browser,” wrote Vangelis Kokkevis, Google‘s “Chrome Graphics Olympian,” in a blog post on Wednesday announcing the new release. “With Chrome’s most recent Stable channel release, we’ve sped up graphics and drawing performance for users on capable hardware, and enabled fancier 3D content for other users on older computers.”

An extra £5,000 awarded

Included among the security fixes incorporated into the stable version of Chrome 18 are measures being taken to address the exploits submitted in the recent Pwnium competition, Google blogger Karen Grunberg noted in a separate post.

Teenage researcher “PinkiePie“ is among those credited for uncovering the vulnerabilities, which included five medium-severity and one low-severity bug along with the three high-severity problems.

Specifics about the individual vulnerabilities are being withheld until the majority of users are updated, but in the meantime Google has awarded an extra $8,000 (£5,000) to researchers involved during the development cycle to help make sure the bugs didn’t make it through to the stable version, Grunberg said.

Also included in the stable Chrome 18 is the new Adobe Flash Player 11.2, she added.

A new software rasteriser

As for the graphics improvements included in Chrome 18, two key changes have been added to enable them, as we already saw back in February, when the software’s beta version was released.

First, there’s the fact that the browser has enabled GPU-accelerated Canvas2D on capable Windows and Mac computers, “which should make Web applications like games perform even better than a pure software implementation,” wrote developers John Bauman and Brian Salomon, in another blog post.

Then, too, there’s TransGaming’s SwiftShader, a software rasteriser that gives users with older hardware configurations access to basic 3D content on the Web.

Chrome 18 is now available as a free download for Windows, Linux, and Mac OS X, but users already running Chrome can upgrade using the browser’s automatic update function.

Article source: http://rss.feedsportal.com/c/270/f/470440/s/1deefc31/l/0Lnews0Btechworld0N0Capplications0C33480A430Cgoogle0Echrome0E180Ereleased0Ewith0Enine0Esecurity0Efixes0C0Dolo0Frss/story01.htm

Tags: , , ,

30 Mar 12 Google releases Chrome 18, fixes 9 bugs


Google has released the newest version of its Chrome Web browser, and in the process fixed nine security glitches and folded in the updated Adobe Flash Player that allows users to set the software to update automatically.

Of the nine bugs addressed in Chrome version 18, three were rated high-priority, meaning an attacker could exploit the flaws to gain control of an infected system. Google paid independent researchers a total of $12,000 to identify and report the bugs.

In Chrome 18 — the full title is 18.0.1025.142 — Google also included the newest version of Adobe Flash Player, which enables users to receive automatic silent software updates.

Along with the security upgrades, Google Chrome 18 is built to enable faster and sharper graphics. If you’re already using Chrome, click on the wrench icon in the top right corner of your browser and select “About Google Chrome.”

© 2012 SecurityNewsDaily. All rights reserved

Article source: http://www.msnbc.msn.com/id/46896361/ns/technology_and_science-security/

Tags: , ,