Posts Tagged ‘Security’

Google has pushed out an update to its Chrome browser, taking its stable version to 4.1.249.1059.

The latest release closes seven security holes, 4 of which were rated as high,  with the other 3 rated as medium.

A full list of security holes that were fixed can be seen in the release notes.

The browser will automatically update itself for Windows Chrome users, or can be downloaded from the Chrome website.

Tags: , , , , , , Categories: Chrome Comments Off on Google Chrome 4.1.249.1059 released

Mozilla have pushed out an urgent Firefox 3.6 update, which closes a critical security issue.

It’s the only change for Firefox 3.6.3, which closes a hole that could potentially allow remote code execution after a user visits a site with the infected code.

Full details for Firefox 3.6.3 can read in the release notes, including more detailed information about the fixed security issue.

Firefox 3.6.x users will receive a notification from the browser when it is ready to be updated, or  it can be downloaded directly from the Firefox website.

Tags: , , , , , Categories: Firefox Comments Off on Firefox 3.6.3 released

Google has pushed out a small update to Google Chrome, taking it to version 4.1.249.1045 on Windows.

The update fixes a crash bug, and adds a new option to disable the new translate feature. This release also closes a security hole which was rated as low and would crash the browser upon receiving a bad FTP response.

Information on these two crash bugs can be read in issues 38857 and 38845.

The update will be pushed out to Windows Chrome users automatically, or alternatively, you can download the browser from the Google Chrome website.

After day 1 of Pwn2Own, web browsers appear to have taken a big hit, but Google’s Chrome appears to have come out unscathed.

It didn’t take long, with Safari 4 on Mac OS X Snow Leopard the first victim thanks to the work of Charlie Miller. Millers set up a remote exploit at a web site through which a conference organisers MacBook was taken control after surfing to it.

Internet Explorer 8 on Windows 7 was next, with a similar exploit allowing Peter Vreugdenhil to take control of an organisers laptop once they browsed to a website with the infected code.

Firefox 3 was also exploited on Windows 7 using a memory corruption vulnerability, with another exploit that allows a remote attacker access to a users PC.

Both Opera and Google Chrome were not hacked, with Charlie Miller stating “there are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.”

All systems were patched and updated to their latest versions, with the exploits used to remain a secret until browser makers can update their browsers.

Tags: , , , , , Categories: Chrome, Firefox, Internet Explorer, Safari Comments Off on Safari, Firefox, and IE hacked at Pwn2Own

Google has pushed out Chrome 4.1.249.1036 to Windows users, which adds several privacy features and closes several security holes.

Users now also have the option to translate pages using Google Translate if the page they are visiting isn’t in their native language. A great time saver for many.

This latest release closes 9 security holes, 5 of which are rated high, 3 medium, and one low. More details on these security issues can read on the Google Chrome Blog.

The update will automatically be pushed out for Windows users, while users can download the browser from the Google Chrome website.

Tags: , , , , , , Categories: Chrome Comments Off on Google Chrome 4.1.249.1036 released

Microsoft has announced that it has discovered a new zero-day exploit in Internet Explorer.

The vulnerability is being exploited in the wild, and allows remote malicious code to install itself on a users system.

Currently, it appears only Internet Explorer 6 and 7 are affected while Internet Explorer 8 is safe this time around.

No word from Microsoft on when we will see a patch, but users are urged to upgrade to Internet Explorer 8 to protect them from the current vulnerability.

Tags: , , Categories: Internet Explorer Comments Off on New zero-day exploit found in Internet Explorer

Mozilla appears to have let it’s guard down, with a Firefox add-on that included a Trojan that could allow remote access to a users PC.

Two add-ons were affected; Master Filer which was infected with a password-stealing Trojan called Win32.LdPinch.gen, and Sothink Web Video Downloader which was infected with a backdoor Trojan called Win32.Bifrose.32.Bifrose.

Mozilla has issued a statement:

“If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.”

Mozilla believe only 4,600 people are infected after downloading these add-ons.

How these add-ons made it online is unknown, as Mozilla scans all add-ons for viruses before they are approved. Mozilla now plans on using two different malware detection tools to try and stop this issue from reoccurring in the future.

Tags: , , , , Categories: Firefox Comments Off on Firefox add-on included Trojan virus

Microsoft’s Internet Explorer is again at risk, just days after the company closed another serious security flaw in its web browser.

A new security advisory was posted by Microsoft last Wednesday, notifying users of a potential flaw in Internet Explorer which could allow third-parties access to data.

“Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location” said the advisory from Microsoft.

At this stage, there are no reported attacks using this vulnerability, but it is bound to be only a matter of time.

A patch is expected in a few days, on Tuesday 9th February 2010.

Tags: , , , , , , Categories: Internet Explorer Comments Off on Internet Explorer 6,7 and 8 at risk again