Google Releases Chrome 29

Google has released a new major version, 29.0.1547.57, of its Chrome browser for all platforms: Mac OS X, Linux, Windows, and Chrome Frame.  The new version incorporates some additional features:

• Your profile can be reset to its original state
• Suggestions offered when you type into the “Omnibox” will weight your recent activity more heavily
• There are several new APIs for applications and extensions

This release also includes fixes for 25 security vulnerabilities, including at least five rated by Google as High severity.

More information on the changes is available via the Release Announcement.

Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can.   Windows and Mac users can get the new version via the built-in update mechanism; Linux users should check their distribution’s repositories for the new version.  If you need to get a complete installation package, you can download it here.

 

Mozilla Updates Firefox, Thunderbird

Last week, the Mozilla organization released a new version, 23.0, of its Firefox browser, for all platforms (Linux, Windows, and Mac OS X).   The new version fixes 13 identified security vulnerabilities.  Mozilla rates four of these as being of Critical severity, and seven as High severity.

In addition, the new version introduces some new and changed capabilities.  It incorporates mixed content blocking, to protect against eavesdropping and “man-in-the-middle” attacks on secure pages.  It also incorporates a new Options panel for the Web Developer Toolbox.

This version also removes the JavaScript options from the Preferences page, and resets all values to the defaults.  (The controls under about:config  still work, but they are for experts.)  The rationale is that, because JavaScript is so widely used, turning it off breaks an unacceptable number of Web pages.  The suggested alternative, for those concerned about JavaScript-based exploits, is to use the NoScript extension, which allows more selective control.  Although my initial reaction to the Preferences change was negative, on reflection I think this approach, with NoScript, really is the better way to go.   I have been using NoScript myself for several years, and recommend it.

For further information on these changes, please see the Firefox Release Notes.  You can obtain the new version using the built-in update mechanism, or download a complete installation package.

Mozilla also released a new version, 17.0.8, of its Thunderbird E-mail client for Linux, Windows, and Mac OS X.  This is a security release, which fixes eight identified vulnerabilities; Mozilla rates two of these as Critical, and six as High severity.  For more information, see the Thunderbird Release Notes.

As with Firefox, you can obtain the new version via the built-in update mechanism, or download a complete installation package.

Because of the security content of these releases, I recommend that you upgrade your systems if you have not already done so.

Microsoft Patch Tuesday Preview, August 2013

Thursday, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for August 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, August 13, 2013.   This month there are eight bulletins in all; three of these have a maximum security rating of Critical; the other five are rated Important.  Seven of the bulletins affect Windows and its components; the eighth affects Exchange Server.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version	Critical	Important	Moderate
Windows XP+SP3	2	2	—
Windows Vista	1	3	—
Windows Server 2003	1	2	1
Windows Server 2008	—	4	1
Windows 7	1	3	—
Windows Server 2008 R2	—	4	1
Windows 8	1	3	—
Windows RT	1	2	—
Windows Server 2012	—	4	1
Windows Server Core	—	3	—

The remaining bulletin, which affects Exchange Server, is rated Critical.

Microsoft says that five of the Windows bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.