If you're an update laggard, buck up: Chrome zero-days are being exploited in the wild Patch Google Chrome with the latest updates – if you don't, you're vulnerable to a zero-day that is actively being exploited, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned. Criminals are targeting users of Chrome with outdated installations, CISA said in an advisory note urging folk to update their …
My hierarchy of commonly-installed browsers:
Firefox (with uBlock Origin, etc.) for most browsing
Edge for more relaxed browsing restrictions and Chrome compatibility
Chrome for when dipshit Web developers have explicitly coded their crap to Chrome exclusively
It's ironic that Edge is more secure than Chrome, don'cha think?
Since Edge uses Chromium and as such V8, you are most certainly vulnerable. MS has already released updates.
Modern Edge is just a fancy Chromium wrapper—a shittier Vivaldi, if you will. Legacy nor modern Edge bring anything new to the table, and frankly I don't see why anyone uses them other that they come standard with the workstation editions of Windows 10... If I have to use Windows I use 10 Enterprise LTSC so I don't even have any version of Edge installed :)
I would at least have more respect for your flippant attitude if you were using legacy Chromium, which uses an independent rendering engine, meaning not Chromium or IE. Don't recall what it used for JS etc., though...
For me at work it's:
Edge v44 (aka Legacy Edge, corp. IT rolls software out slowly)
IE11 for sites that don't work because my Edge install is too new/too old.
Chrome used on a lab computer for a "temporary" workaround to an internal tool that doesn't work on Edge or current IE (another corp. group is working on that one)
Chrome is also on my work laptop after a frantic download to connect to a google meet.
At home:
Firefox (with a handfull of privacy extensions)
Chrome (only for gmail and related activity, and paying my Centurylink bill, since their shitty website wasn't working with FF)
This affects all Chromium browsers, there have been a number of updates applied to Vivaldi and Edge over the last few days.
What I find disappointing is that Chromium browsers don't always seem to update automatically, you have to go in to Help About to trigger the update in Edge which is pants really but I guess people get upset when Microsoft stuff auto updates. Vivaldi seems to check for updates on start up and then offer to apply whilst Firefox seems to be a bit more random. Don't know about Google Chrome as I don't use Google stuff if at all possible, but the fact that people are being told to update is not a good sign.
Regardless of the scanty information – easily explained by Google, quite responsibly, not wanting to hand every script kiddie on the internet information on how to pwn slow-to-update folk...
But not so much responsibly when reporting vulnerabilities in non-Google products: https://www.theregister.com/2020/11/03/google_project_zero_github_flaw_deadline/
Sigh.
The github issue was disclosed to them 104 days ago: 90 days plus the 14-day grace period. That's how responsible disclosure policies work.
github themselves disclosed technical details about the Github Actions vulnerabilities.
Google have disclosed the Chrome issue discussed in the article. They just haven't released technical details.
Are these details really that hard to understand?
Github disclosed some details about the vulnerabilities, Google disclosed more details and provided example exploit code. Also, as someone else has mentioned, Google Project Zero treats a vulnerability being exploited in the wild the same as one past the 90 day time period, except obviously if it is a Google product. And yes, releasing the technical details on a vulnerability without a fix, and which Google themselves agrees is very difficult to fix, but not releasing the technical details on a vulnerability with a fix does qualify as a double standard.
"... Chrome zero-days are being exploited in the wild
So we can expect to see full details of these vulnerabilities made public in seven days time... because that's "responsible disclosure", right?
To get this update to relaunch the browser! WTF!! I've never had trouble updating Chrome before! I couldn't get it to relaunch after downloading the update, so I restarted the PC and started all over again, to finally get it updated. Weird! The other odd thing, was I cleaned all my files, and yet Chrome remember where I left off even after cleaning and restarting! That has never happened before either?! Maybe the previous version was tracking every page I had open and sending that information back to the browser once connected to the web again? I don't know - makes no sense.
Also Chrome didn't tell me it was time to update like it usually does before; I only knew to check after reading this article!
Session storage by default keeps state if the browser does not shut down cleanly, which it sounds like happened!! And what do you mean clean, and what files! Did you take a duster to them!
I feel like you might need to learn a bit more about how your browser works! Turning it (the computer) off and on again isn't a great solution because it results in never learning the cause of things!!
Only workable alternatives are the aged Gecko with the bastards that are Mozilla tanking it into the floor every patch, and WebKit aka that thing Blink forked from.
Servo looks interesting but it isn't stable or feature-complete yet.
Everything else is not worth anyone's time if you care about spec conformity.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
