Home > Blogs > VMware Go Blog > Tag Archives: Google Chrome

Tag Archives: Google Chrome

This Week in Patching – 1/25/2013

By: Jason Miller, Manager of Research and Development at VMware

After an eventful past couple of weeks in patch management, this week was relatively quiet.  Here is a quick recap in the happenings of patch management this week.

On Monday, a new version of Audacity was released.  Audacity 2.0.3 is a non-security update fixing numerous issues.

On Tuesday, Google released new security updates for their Chrome and Chrome Frame browsers.  Google Chrome / Chrome Frame version 24.0.1312.56 fixes three high, and two medium vulnerabilities.

On Wednesday, Core FTP released a new version with version 2.2.  This version was originally released on January 17th, but the details were provided on Wednesday.  This new version is a non-security update.

Last up for this week are new versions of MozyHome and MozyPro released today.  MozyHome and MozyPro version 2.18.3.247 are both non-security updates.

Happy Patching!

– Jason Miller

Interested in a free 30 day trial of VMware Go Pro for patch management, IT management, virtualization and more? Click here.

This Week in Patching – 11/30/2012

By: Jason Miller, Manager, Research and Development

This week was highlighted yet again by browser updates addressing security vulnerabilities.  Google released updates for their Chrome and Chrome Frame browsers addressing multiple vulnerabilities.  On Monday, Google Chrome 23.0.1271.91 was released and it addresses seven vulnerabilities.  On Thursday, a second update was provided with Google Chrome version 23.0.1271.95.  The latest version addresses two security vulnerabilities.

A little background and history on Google’s responsible vulnerability initiative:

In November 2010 Google implemented a vulnerability reward program to enable security researchers the ability to gain financial rewards for responsibly disclosing vulnerability information to Google.  A responsible vulnerability disclosure is when a vulnerability is submitted to the vendor and the source code is not made publicly available until a fix has been made in the affected software.

One of the vulnerabilities fixed in the latest version of Google Chrome is credited to the hacker known as “Pinkie Pie.”  This vulnerability netted Pinkie Pie a cool $7,331.  This is not the first time Pinkie Pie has received a reward in the vulnerability reward program.  Back in March, Pinkie Pie received $60,000 for a vulnerability in Google Chrome during the Pwnium contest.  In October, the Pwnium 2 contest was held and Pinkie Pie received another $60,000 for winning the contest.  I would say netting $127,331 on vulnerabilities found and responsibly disclosed makes 2012 a great year for both Google and Pinkie Pie!

Back to this week’s patches:

On Wednesday, the Wireshark Foundation released a security update for their Wireshark product.  Wireshark 1.8.4 addresses 11 vulnerabilities and Wireshark 1.6.12 addresses six vulnerabilities.

On Thursday, Apple released a new version of their iTunes software with version 11.  This new version includes many new features and possibly addresses vulnerabilities.  The product release notes contains a link to their security updates section but no vulnerabilities have been announced.  Apple can be a bit slow on releasing vulnerability information, so I will be watching out during the next week for any announcements.

Today, FileZilla has released yet another update for the FileZilla Client.  FileZilla Client 3.6.0.2 is a non-security update addressing two issues.

Happy Patching!

– Jason Miller

P.S. Want to learn more about VMware Go Pro? Click here.

Also, check out  a 30-day free trial of VMware Go Pro!

This Week in Patching – 11/9/2012

By: Jason Miller, Manager, Research and Development

It has been a busy week for patch releases.  Here is a quick recap of the happenings in patch management.

Tuesday

Adobe released a new security bulletin for Adobe Flash Player and Adobe Air.  APSB12-24 addresses seven vulnerabilities and the following versions address these issues:

  • Adobe Flash Player 11.5.502.110
  • Adobe Flash Player 10.3.183.43
  • Adobe Air 3.4.0.600

It is important to note that the vulnerabilities also affect the Adobe Flash Player 10 product line as well.  In the ‘Priority and Ratings,’ ‘Affected Software Versions,’ and ‘ Summary’ on the Adobe security bulletin page do not list Adobe Flash Player 10 as an affected product.  The CVE filed on behalf of the vulnerabilities state that Adobe Flash Player 10 is indeed affected by the vulnerabilities.  In addition, the Adobe Security Bulletin page has Adobe Flash Player 10 affected in the ‘Solution’ area.

With the Adobe Flash Player release, I also saw a coordinated release effort from Google and Microsoft to address vulnerable Adobe Flash Player programs embedded in their browsers.  Google Chrome / Chrome Frame version 23.0.1271.64 fixes 14 vulnerabilities and includes the latest version of the Adobe Flash Player.  This new version of the Google browser includes a new ‘Do Not Track’ feature that sends a request to a website asking it to not track information.  On the Microsoft side, Microsoft Security Advisory 2755801 was updated to include the latest version of Adobe Flash Player for Microsoft Internet Explorer 10.

Opera also released a new version of their browser for the first time since June of this year.  Opera 12.10 addresses six vulnerabilities.  In the release notes, you will need to scroll down to the beta section to see that this release actually fixed security vulnerabilities.  They are noted in the beta section for version 12.10.

Wednesday

HP released their first update since June of this year for their System Management Homepage product.  HP System Management Homepage 7.1.2 appears to be a security update and is rated as “Recommended” from HP.    The release notes for this newer version states “Improved security features.”  Vulnerability information for HP System Management Homepage releases typically take a few weeks after the product release, so I will be watching the national vulnerability database for more information.

Thursday

Apple joined the busy patching week with a new release of Apple QuickTime.  Apple QuickTime 7.7.3 is a security update addressing nine vulnerabilities. One of the vulnerabilities fixed with this release is remarkably from 2011 (CVE-2011-1374).

Friday

AOL Instant Messenger 1.2.0.2 has been released to the mainstream.  This product typically does not have release notes associated with each version.  I will be waiting to see if a CVE is released that would mark this release as a security bulletin.

Other News

Next Tuesday marks the November 2012 edition of Patch Tuesday.  Microsoft is set to release six bulletins addressing 13 vulnerabilities.  This Patch Tuesday will be highlighted by the first security bulletin releases for the new Microsoft Windows 8 and Server 2012 operating systems.

There are reports of a Zero-day vulnerability in Adobe Reader.  No confirmation or information has been released yet by Adobe.  There is a chance that Adobe could be releasing an update for Adobe Reader on Patch Tuesday.

I will be back next Tuesday to talk in detail on all of the activities for the November 2012 Patch Tuesday.

Happy Patching!

– Jason Miller

P.S. Also, check out  a 30-day free trial of VMware Go Pro!