Google Chrome updated to 24.0.1312.52

Posted by:
Date: Friday, January 11th, 2013, 07:43
Category: News, Software

google-chrome-logo

If you love Google Chrome, it’s your lucky day.

Late Thursday, Google released version 24.0.1312.52 of its Chrome web browser. The update, a 46.8 megabyte download, adds the following fixes and changes:

- [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.

- [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyenger, both of Facebook.

- [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.

- [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).

- [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).

- [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).

- [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).

- [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.

- [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).

- [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).

- [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).

- [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).

- [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).

- [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).

- [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).

- [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).

- [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.

- [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).

- [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.

- [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).

Google Chrome 24.0.1312.52 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Mozilla releases Firefox 18.0 update

Posted by:
Date: Wednesday, January 9th, 2013, 07:31
Category: News, Software

elfirefox

You can’t knock a solid update.

On Tuesday, Mozilla.org released version 18.0 of its Firefox web browser. The new version, a 38.4 megabyte download and adds the following fixes and changes:

New:
- Faster JavaScript performance via IonMonkey compiler.

- Support for Retina Display on OS X 10.7 and up.

- Preliminary support for WebRTC.

Changed:
- Experience better image quality with our new HTML scaling algorithm.

- Performance improvements around tab switching.

Developer:
- Support for new DOM property window.devicePixelRatio.

- Improvement in startup time through smart handling of signed extension certificates.

HTML 5:
- Support for W3C touch events implemented, taking the place of MozTouch events.

Fixed:
- Disable insecure content loading on HTTPS pages (62178).

- Improved responsiveness for users on proxies (769764).

Firefox 18.0 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

iOS 6 security bug in wild, reenables JavaScript under Safari without input from user

Posted by:
Date: Monday, December 24th, 2012, 08:57
Category: News, security, Software

This is the reason bug fixes were invented.

Per AppleInsider the Safari web browser in Apple’s iOS 6 platform has a potentially serious JavaScript bug that could have major security and privacy implications.

The new “Smart App Banner” feature in iOS 6 is designed to allow developers the ability to promote App Store software within Safari. The Smart App Banner detects whether a user has a specific application installed, and invites them to view the software on the App Store or open it on their iOS device.

But for users who choose to turn off JavaScript in the Safari Web browser, the appearance of a Smart App Banner on a website will automatically and permanently turn JavaScript back on without notifying the user.

iOS device owners can test this issue by opening the Settings application and choosing Safari, then turning off JavaScript. Then simply launch the Safari browser and visit a website with a Smart App Banner.

Users can then go back into the Settings application to verify that the JavaScript setting switch has been flipped back to the “on” position without warning. Accordingly, JavaScript features on websites will begin working again.

The issue has reportedly existed since the release of iOS 6 months ago, though it has not been widely reported. In addition, people familiar with the latest beta of iOS 6.1 said the problem also remains in Apple’s pre-release test software on the iPhone.

Peter Eckersley, technology products director with digital rights advocacy group the Electronic Frontier Foundation, said he would characterize such an issue as a “serious privacy and security vulnerability.”

Neither Eckersley nor the EFF had heard of the bug in iOS 6, nor had they independently tested to confirm that they were able to replicate the issue. But Eckersley said that if the problem is in fact real, it’s something that Apple should work to address as quickly as possible.

“It is a security issue, it is a privacy issue, and it is a trust issue,” Eckersley said. “Can you trust the UI to do what you told it to do? It’s certainly a bug that needs to be fixed urgently.”

But Lysa Myers, a virus hunter at security firm Intego, said she doesn’t see the bug as a major concern for the vast majority of iOS device owners.

“While this issue is certainly not an ideal situation, by itself it actually isn’t that large a problem,” said Myers. “At the moment it doesn’t pose a threat, but we’ll continue to monitor it to make sure it doesn’t become more exploitable. There’s also the fact that few people actually disable JavaScript completely as it can partially, or totally, disable the majority of websites.”

Stay tuned for additional details as they become available.

Google Chrome updated to 23.0.1271.101

Posted by:
Date: Tuesday, December 18th, 2012, 07:22
Category: News, Software

google-chrome-logo

Hey, an update’s an update.

Late Monday, Google released version 23.0.1271.101 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- This build contains the fix to a bug with sound distortion with microphone input: 157613.

Google Chrome 23.0.1271.101 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 23.0.1271.97

Posted by:
Date: Wednesday, December 12th, 2012, 08:05
Category: News, Software

google-chrome-logo

Hey, an update’s an update.

Late Tuesday, Google released version 23.0.1271.97 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- Some texts in a Website Settings popup are trimmed (Issue: 159156).

- Some plugins stopped working (Issue: 159896).

- Fixed a known crash (Issue:161854).

Google Chrome 23.0.1271.97 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Mozilla releases Firefox 17.0.1 update

Posted by:
Date: Monday, December 3rd, 2012, 08:57
Category: News, Software

elfirefox

Hey, an update’s an update…

Over the weekend, Mozilla.org released version 17.0.1 of its Firefox web browser. The new version, a 34.1 megabyte download and adds the following fixes and changes:

Fixed:
- Font rendering issue in Firefox 17.0 (bug 814101).

- 17.0.1: Reverted user agent change causing some website incompatibilities.

- Over twenty performance improvements, including fixes around the New Tab page.

- 17.0.1: Leaving Private Browsing with Social API enabled should reset social components (814554).

- Pointer lock doesn’t work in web apps (769150).

- Page scrolling on sites with fixed headers (780345).

- Known Issues Unresolved If you try to start Firefox using a locked profile, it will crash (see 573369).

Unresolved:
- For some users, scrolling in the main GMail window will be slower than usual (see 579260).

- Unresolved Windows: The use of Microsoft’s System Restore functionality shortly after updating Firefox may prevent future updates (see 730285).

New:
- First revision of the Social API and support for Facebook Messenger.

- Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user’s permission (see blog post)

Changed:
- Updated Awesome Bar experience with larger icons.

- Mac OS X 10.5 is no longer supported.

Developer:
- JavaScript Maps and Sets are now iterable.

- SVG FillPaint and StrokePaint implemented.

- Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use.

- New Markup panel in the Page Inspector allows easy editing of the DOM.

HTML 5:
- Sandbox attribute for iframes implemented, enabling increased security.

Firefox 17.0.1 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 23.0.1271.95

Posted by:
Date: Friday, November 30th, 2012, 08:54
Category: News, Software

google-chrome-logo

You can’t knock a bug fix.

Late Monday, Google released a beta of version Google Chrome updated to 23.0.1271.95 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- [161564] High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Jüri Aedla).

- [$7331] [162835] High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie.

Google Chrome 23.0.1271.95 requires an Intel-based Mac with Mac OS X 10.5 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 23.0.1271.91

Posted by:
Date: Tuesday, November 27th, 2012, 07:11
Category: News, Software

google-chrome-logo

You can’t knock a bug fix.

Late Monday, Google released a beta of version Google Chrome updated to 23.0.1271.91 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- No audio from Flash content when speaker configuration is set to Quadraphonic (Issue: 159924).

- Aw, Snap renderer crash on Windows Server 2003 (Issue: 160559).

Google Chrome 23.0.1271.91 requires an Intel-based Mac with Mac OS X 10.5 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Mozilla releases Firefox 17.0 update

Posted by:
Date: Wednesday, November 21st, 2012, 09:35
Category: News, Software

elfirefox

The Firefox version number just keeps getting pushed higher…

Late Wednesday, Mozilla.org released version 17.0 of its Firefox web browser. The new version, a 33.3 megabyte download and adds the following fixes and changes:

What’s new:
- FIXED – 16.0.2: Security fixes can be found here

- FIXED – 16.0.1: Vulnerability outlined here.

- NEW – Firefox on Mac OS X now has preliminary VoiceOver support turned on by default.

- NEW – Initial web app support (Windows/Mac/Linux).

- NEW – Acholi and Kazakh localizations added.

- CHANGED – Improvements around JavaScript responsiveness through incremental garbage collection.

- DEVELOPER – New Developer Toolbar with buttons for quick access to tools, error count for the Web Console, and a new command line for quick keyboard access.

- DEVELOPER – CSS3 Animations, Transitions, Transforms and Gradients unprefixed in Firefox 16.

- DEVELOPER – Recently opened files list in Scratchpad implemented.

- FIXED – Debugger breakpoints do not catch on page reload (783393).

- FIXED – No longer supporting MD5 as a hash algorithm in digital signatures (650355).

- FIXED – Opus support by default (772341).

- FIXED – Reverse animation direction has been implemented (655920).

- FIXED – Per tab reporting in about:memory (687724).

- FIXED – User Agent strings for pre-release Firefox versions now show only major version (728831).

Known Issues:
- UNRESOLVED – If you try to start Firefox using a locked profile, it will crash (see 573369).

- UNRESOLVED – For some users, scrolling in the main GMail window will be slower than usual (see 579260).

- UNRESOLVED – Windows: The use of Microsoft’s System Restore functionality shortly after updating Firefox may prevent future updates (see 730285).

- UNRESOLVED – Pointer lock doesn’t work in web apps (see 769150).

Firefox 17.0 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Opera 12.11.1659 public beta goes live, now available for download

Posted by:
Date: Friday, November 16th, 2012, 06:14
Category: News, Software

operalogo

On Monday, Opera Software released a public beta of version 12.11.1659 of its web browser. The new version, a 19.1 megabyte download via MacUpdate, boasts the following fixes and changes:
- CT-3634 Switch with foreignobject is not rendered

- CORE-49240 Some jQuery functions not working correctly in Opera 12.10.

- CORE-49235 Complicated transitions don’t always start or complete, leaving behind a messed up layout.

- CORE-49175 Crash if SVG foreignObject is display:list-item.

- DSK-377538 Opera uses 100%+ cpu on google chat.

- DSK-376755 alt + space does not bring up system menu.

Opera 12.11.1659 is available for free and requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.