Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Browser News

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Browser News
Expert Contributor 31st Oct, 2013 17:47
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
Google's Chrome web browser automatically blocks malicious threats

Keep moving fellas
By Dave Neal
Thu Oct 31 2013, 15:39

SOFTWARE DEVELOPER Google has added an extra element of security to its Chrome web browser with the ability to shield users from malicious downloads.
Under the headline "Don't mess with my browser" Google offers a view of the Canary build of Chrome, saying that it will act as a bouncer and protect web searchers from snakes.
"In some ways, it's safer than ever to be online - especially if you use Chrome. With continued security research and seamless automatic updates, your browsing experience is always getting better and more secure," it said in a blog post.
"But recently you may have noticed something seems amiss. Online criminals have been increasing their use of malicious software that can silently hijack your browser settings. This has become a top issue in the Chrome help forums; we're listening and are here to help."
How Google is helping is by getting on a white horse and roaming all around the internet landscape lassoing and corralling bad actors. Google knows that these ne'er do wells pull many tricks, even going so far as to make it impossible to remove their malware. Chrome can fix this with a rollback to default settings feature.

More to read at :-
http://www.theinquirer.net/inquirer/news/2304226/g...

Mozilla’s Lightbeam add-on lets you see who is tracking you

And the results can be scary
By Dave Neal

SOFTWARE FIRM Mozilla has released an add-on for its Firefox web browser that lets users keep an eye on who is tracking them and from where.
Lightbeam, otherwise known as Collusion, maps information about visited websites and their third party hangers-on.
"Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the web," said Mozilla in its accompanying information. "It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers."
Once installed you access the feature through an icon at the bottom right of your Firefox web browser screen. Clicking that takes you to a graph that showed us, with six different tabs open, that tracking or associated websites outnumbered the ones we knew about by a good four to one.
Unsurprisingly they are mostly ad networks and errata. Mozilla said that the feature is all about giving people as much information about their web use and who tracks it as possible.
"We recognise the importance of transparency and our mission is all about empowering users - both with tools and with information," it said. "The Ford Foundation is supporting Mozilla to develop the Collusion add-on so it will enable users to not only see who is tracking them across the web, but also to turn that tracking off when they want to."
Mozilla said that it could share the information that it gets on people and tracking with "researchers, journalists, and others" to better understand how data is tracked on the web. You can opt out of being part of this research pool, and Mozilla said that it would not be included until a full version is released.
Mozilla reminded us, at a time when the eyes are turned on information snarfing governments, that not all tracking is bad - but most is.
"Many services rely on user data to provide relevant content and enhance your online experience. But most tracking happens without users' consent and without their knowledge," it said.
"That's not okay. It should be you who decides when, how and if you want to be tracked. Collusion will be a powerful tool to help you do that."
Information about which websites you're looking at and how many associated trackers they have, can be presented in graph, list and clock formats. µ

http://www.theinquirer.net/inquirer/news/2303101/m...

--

mogs RE: Browser News
Expert Contributor 1st Nov, 2013 15:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Nov, 2013 15:48
Chrome gains factory reset button
Summary: Google's browser gains the ability to return to a default state with a single click.

Chris Duckett
By Chris Duckett | November 1, 2013 -- 04:32 GMT

The future is slightly brighter for IT support folk that regularly have to deal with the myriad extensions and customisations that users make their browser experiences, with Google announcing that its Chrome browser can be reset to a "factory-fresh" state with a single click of a button.

According to its help page, when clicked, the new "Reset browser settings" button will return the default search engine, and any saved search engines to their original defaults; homepage button and any pinned tabs will be removed; startup and new tab tabs cleared; cookies, site data, and content settings will be cleared; and extensions and themes disabled.

Citing the difficultly in finding and disabling some pieces of malware, once installed in a browser, Google's vice president of engineering, Linus Upson said online criminals have increasingly using malware to hijack browser settings.

"These malicious programs disguise themselves so you won't know they're there and they may change your homepage or inject ads into the sites you browse," Upson wrote in a blog post.

"Worse, they block your ability to change your settings back and make themselves hard to uninstall, keeping you trapped in an undesired state."

In addition to the new reset feature, Google will be rolling out a malware download blocking feature shortly, it is current available in Chrome's bleeding-edge Canary release channel.

Upson said that the search giant is currently adding 10,000 new URLs per day to its Google Safe Browsing service, that is used by Chrome, Firefox, and Safari browsers to warn users of potentially unsafe websites.

http://www.zdnet.com/chrome-gains-factory-reset-bu...

Thursday, October 31, 2013

Don’t mess with my browser!

Read more at :-
http://chrome.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 1st Nov, 2013 16:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Nov, 2013 16:19
November 1st, 2013, 08:53 GMT · By Bogdan Popa
Internet Explorer Remains the Number One Browser Worldwide in October 2013

Microsoft keeps working on Internet Explorer, so the newly-launched Windows 8.1 OS update comes with a revamped version of the browser supposed to provide an enhanced experience in both the Modern UI and on the traditional desktop.

Statistics provided by market researcher Net Applications for the month of October 2013 show that Microsoft’s efforts seem to be paying off, as Internet Explorer remains the number one browser worldwide for the time being.

Internet Explorer 8 is currently installed on 21.75 percent of computers worldwide, followed by Internet Explorer 10 which has been found on 18.94 percent of these machines.

Firefox 24 is the only non-IE browser on the podium with a market share of 12.79 percent, while Chrome 30 comes next with 10.45 percent.

Internet Explorer 9 is fifth with 9.49 percent, while Internet Explorer 6 remains incredibly popular six months before its retirement date.

The interesting thing is that Internet Explorer 10, the default Windows 8 browser offered with both Modern and desktop versions, has started losing users, as more people worldwide are now making the move to Windows 8.1.

Microsoft’s refreshed modern platform comes by default with Internet Explorer 11, which is said to be better optimized for the touch, while also delivering a faster and more secure browsing experience to users.

“Internet Explorer 11 on Windows 8.1 brings the same hardware-accelerated pan and zoom technology to mouse, keyboard and touchpad in addition to touch. This allows sites to take advantage of the smooth panning and zooming across all input types,” Microsoft said.

“Internet Explorer 11 builds on the modern, fast, fluid experience that’s perfect for touch, even for today’s Web that isn’t necessarily designed for touch. With hardware accelerated direct manipulation, pages stick to your finger while panning and zooming for a fluid and natural experience.”

While Internet Explorer 11 is currently the default browser in Windows 8.1, Microsoft also plans to release it as an optional download for Windows 7 users before the end of the year.

http://news.softpedia.com/news/Internet-Explorer-R...

Check Your Browser
Qualys BrowserCheck will perform a security analysis of your browser and its plugins to identify any security issues. Learn More >

> Launch a quick scan now or install our safe plugin to begin a comprehensive scan.

Improve your browser's security today.
Click the "Install Plugin" button to enable fast, safe scanning of your browser and OS.
Find vulnerabilities at the click of a button.
Scan your browser and view all security issues in an easy-to-understand detailed list.
Take charge of any issues found.
Follow recommended steps to resolve each vulnerability found.

https://browsercheck.qualys.com/

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 1st Nov, 2013 21:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 1st, 2013, 17:21 GMT · By Bogdan Popa
IE6, Not IE10, Gained More Users Last Month

IE6 is currently the sixth most popular browser on the market
You might be thinking that a browser which is almost 12 years old is no longer the best choice for those looking to surf the Internet securely, but it turns out that more people actually deploy Internet Explorer 6.

While it’s hard to imagine how come someone could use Internet Explorer 6 to browse the Internet these days, figures provided by market researcher Net Applications for the month of October show that Microsoft’s ancient browser has actually increased its market share in the latest 30 days.

IE6 is now installed on 4.93 percent of computers worldwide, up from 4.87 percent the month before. Don’t forget that IE6 is set to be retired next year in April together with Windows XP.

For the sake of comparison, Internet Explorer 10, the default browser available in Windows 8, has lost users last month, dropping from 19.43 percent to 18.94 percent. Of course, the reason is that more people are making the move to Windows 8.1, but again, it’s hard to understand how come that IE6 lives on in a market so full of modern browsers.

http://news.softpedia.com/news/IE6-Not-IE10-Gained...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 2nd Nov, 2013 11:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox's plugin-blocker slams into beta - but don't jump for joy, Flash haters
Malware, you shall not pass (unless it's in a .swf)
By Neil McAllister, 1st November 2013

With its latest beta release, the Mozilla Foundation has taken a step further toward making click-to-run the default behavior for all plugins in Firefox.

"Outdated plugins are a big source of security vulnerabilities so this feature will ensure users are safe and Firefox runs smoothly," the Firefox team said in a blog post on Thursday.

Under the new system, instead of automatically running plugins when a page opens, Firefox will replace that content with boxes warning the user that the required plugins may be vulnerable to exploits. The content will only be displayed if the user explicitly activates the plugins – each a potential infection vector for malware.

The one exception to this new policy is Adobe's Flash Player plugin, which Mozilla has determined is used by too many websites to fall under the manual activation requirement. But Firefox users will only be able to dodge the click-to-run warning if the version of the Flash plugin they have installed is the latest one.

"Users with older versions of Flash that are known to be insecure will see the click-to-activate user interface and will be prompted to upgrade to the latest version," Mozilla's Benjamin Smedberg wrote in September. "Our security and plugin teams work closely with Adobe to make sure that Firefox users are protected from instability or security issues in the Flash plugin."

This isn't the first time Mozilla has implemented such security measures. With the release of Firefox 24 in September, Mozilla marked all versions of the Oracle Java plugin as "unsafe," including the latest build – a decision that was eventually rescinded amid widespread uproar from the Java-using community.

Mozilla isn't alone in being concerned about the potential security threats posed by plugins, either. Google's approach to locking down Flash in its Chrome browser is to bundle the plugin inside the browser itself and update it automatically, so that users can't run an old version of the plugin even if they want to.

Mozilla has been testing its click-to-play plugin system in its experimental Firefox builds since January. With its release into the beta channel on Friday, the technology moves a major step closer to becoming part of the mainstream Firefox product.

The latest mainstream version of the browser, Firefox 25, was released on Tuesday with a smattering of new features, most notably support for the Web Audio API and blocking of insecure content on encrypted web pages.

If all goes according to plan, Firefox 26 is expected to move from beta into public release status with click-to-run plugins enabled by default during the week of December 10.

http://www.theregister.co.uk/2013/11/01/firefox_pl...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 2nd Nov, 2013 11:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google teaches Chrome Canary to sing when it sniffs dodgy downloads

Bleeding-edge browser shoots down malware on sightsmell
By Jack Clark, 1st November 2013

Google has equipped its experimental "Canary" distribution of the Chrome web browser with a malware-spotting capability to protect users from malicious downloads.

The security upgrade was announced by Google on Thursday and means the browser will scan downloaded executable files for the presence of viruses and Trojans, and notify punters if it finds any.

"In the current Canary build of Chrome, we’ll automatically block downloads of malware that we detect," the advertising giant said. "If you see this message in the download tray at the bottom of your screen, you can click 'Dismiss' knowing Chrome is working to keep you safe. "

Canary is the bleeding-edge version of the Chrome browser and receives nightly updates. Google cautions users that it's "not for the faint of heart" as it can be "prone to breakage".

This vulture has been using Chrome Canary as one of his three primary browsers for several months and can testify that it can break in confusing and infuriating ways from time to time.

That said, it tends to be extremely fast and seems to have a mildly smaller memory footprint than stock Chrome.

Along with the malware-sniffing feature, Google has also added a "reset browser settings" button into stock Chrome tht lets you roll the browser back to its original state in case you catch a dash of browser-distorting malware.

http://www.theregister.co.uk/2013/11/01/google_can...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 2nd Nov, 2013 17:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
More about :-
'Canary' Chrome chirps when it smells malware
Google expands on work since 2011 to keep attack code off personal computers

By Gregg Keizer
November 2, 2013 09:17 AM ET

Computerworld - Google on Thursday expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.

Chrome's current "Canary" build -- the label for very-early versions of the browser, earlier than even Chrome's Dev channel -- will post a warning at the bottom of the window when it detects an attempted download of malicious code.

Features added to the Canary build usually, although not always, eventually make it into the Dev channel -- the roughest-edged of the three distributed to users -- and from there into the Beta and Stable channels. Google did not spell out a timetable for the expanded malware blocking.

Chrome has included malware blocking for more than two years, since version 12 launched in June 2011, and the functionality was extended in February 2012 with Chrome 17.

Chrome is now at version 30.

Canary's blocking, however, is more aggressive on two fronts: It is more assertive in its alerts and detects more malware forms, including threats that pose as legitimate software and monkey with the browser's settings.

"Content.exe is malicious, and Chrome has blocked it," the message in Canary reads. The sole visible option is to click the "Dismiss" button, which makes the warning vanish. The only additional option, and that only after another click, is to "Learn more," which leads to yet another warning.

Canary warning
The Canary very-early build of Chrome displays this warning if it suspects a to-be-downloaded file is dangerous.
In Canary, there is no way for the user to contradict the malware blocking.

That's different than in the current Stable build of Chrome, which relies on a message that says, "This file is malicious. Are you sure you want to continue?" and gives the user a choice between tossing the downloaded file or saving it anyway.

As it has for some time, Chrome will show such warnings on select file extensions, primarily ".exe," which in Windows denotes an executable file, and ".msi," an installation package for Windows applications. Canary's expansion, said Google, also warns when the user tries to download some less obvious threats, including payloads masquerading as legitimate software -- it cited screen savers and video plug-ins in a Thursday blog -- that hijack browser settings to silently change the home page or insert ads into websites to monetize the malware.

Browser hijacking is old-school malware -- it's been around for years and was one of the first ways attackers funded their work -- associated with rogue toolbars and "adware," a malware label that's fallen out of favor.

In the Thursday blog, Linus Upson, a Google vice president of engineering, claimed that browser hijacking remained one of the most popular complaints by Chrome users on its support forums. Previously, Google also added a "Reset browser settings" option in the browser's settings panel so users can restore Chrome to its original state after a hijack.

Google's malware blocking is part of its Safe Browsing API (application programming interface) and service, which Chrome, Apple's Safari and Mozilla's Firefox all access to warn customers of potentially dangerous websites before they reach them.

In Chrome's case, the malware warning stems not only from the Safe Browsing "blacklist" of dodgy websites, but according to NSS Labs, a security software testing company, also from the Content Agnostic Malware Protection (CAMP) technology that Google has baked into its implementation of Safe Browsing.

CAMP is a reputational technology, similar to Microsoft's SmartScreen Application Reputation (App Rep), which was first added to Internet Explorer in version 9 (IE9) in March 2011. Both CAMP and App Rep use a combination of whitelists, blacklists and algorithms to create a ranking of the probability that a download is legitimate software. Files that don't meet a set legitimacy bar trigger a warning.

Since Google started using CAMP, NSS Labs said in a report issued last week (download PDF), Chrome's ability to spot and block malware has increased dramatically: From a 70% blocking rate in 2012 to 83% in 2013.

Users can try out the Canary build of Chrome by downloading it from Google's website.

http://www.computerworld.com/s/article/9243768/_Ca...

Chrome Release Channels
http://www.chromium.org/getting-involved/dev-chann...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 6th Nov, 2013 11:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 6th Nov, 2013 11:24
Google preps Chrome password-blab bug fix
A password to view your passwords
By Richard Chirgwin, 6th November 2013

A few months after the bug was discovered, Google's decided it should experiment with a fix for its Chrome password exposure bug feature.

As El Reg noted back in August:

“If the victim, shall we say, is using Chrome, surf over to chrome://settings/passwords, click on a starred-out saved website password and click on "Show"; rinse and repeat down the list. Voila, you can see his or her passwords in plain text.”

While it only works if someone can access someone else's machine, it's easy enough to imagine that your average workplace probably has a sufficient combination of naively-trustful users and occasionally malicious workmates to make it a serious issue (not to mention kids seeking Dad's online shopping password stash).

François Beaufort of Google France has now posted this code for review.

Right now, the code for the experimental flag has only been added to the latest Mac build of the Chrome browser, but the idea is straightforward:

“Once you've enabled the chrome://flags/#enable-password-manager-reauthenti cation flag, the user who's trying to reveal a plain text password in chrome://settings/passwords will be prompted to reauthenticate with the User Mac OS password.”

The authentication window is open for one minute.

Presumably if the fix is welcomed and successful, it will be implemented in other versions of Chrome. ®

http://www.theregister.co.uk/2013/11/06/google_pre...


Google clamps down on password security in Chrome 'Canary'
Read more here :-
http://www.computerworld.com/s/article/9243810/Goo...


--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 6th Nov, 2013 11:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google is whipping Apps support away from IE9

IE nein

By Dave Neal
Wed Nov 06 2013, 10:10

ONLINE ADVERTISING BROKER Google is pulling Apps support for Microsoft's Internet Explorer 9 (IE9) web browser.
The firm said that it will not support the older IE9 because IE10 came out last year, and that is a long enough transition period.
"We support the latest version of Google Chrome (which automatically updates whenever it detects that a new version of the browser is available) as well as the current and prior major release of Firefox, Internet Explorer and Safari on a rolling basis," it said.
"Each time a new version of one of these browsers is released, we begin supporting the update and stop supporting the third-oldest version."
Google will no longer test anything for the IE9 browser and will start telling users that it is time to begin moving to an alternative soon.
"Google's test plans have been adjusted to now stop all testing and engineering work related to Internet Explorer 9 (IE9), as Internet Explorer 11 (IE11) was released on 17 October 2013," it added.
"End users who access Gmail and other Google Apps services from an unsupported browser will be notified within the next few weeks through an in-product notification message or an interstitial pages with information about modern browsers and how to upgrade to them."
Users of Apps for business, education, and government will be affected. In additional information Google recommended that some users might be well advised to double up.
"Organizations that depend on old versions of Internet Explorer may want to consider a dual browser strategy," it said. µ

http://www.theinquirer.net/inquirer/news/2305226/g...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 7th Nov, 2013 14:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 7th, 2013, 06:44 GMT · By Bogdan Popa
Mozilla Firefox for Windows 8.1 Features Revealed

Firefox for Windows 8.1 is expected to hit the market in early 2014, with Mozilla still working on the Metro port of the famous browser.

According to Mozilla’s Brian Bondy, one of the main features of the upcoming application is the support for a single profile across the Modern UI and the desktop, which pretty much means that consumers will have the possibility to use the same settings, including bookmarks and cookies, regardless of the browser version they launch.

On the other hand, the plug-ins available in the desktop version of Firefox won’t work in the Modern UI, as Microsoft has implemented a set of restrictions that block them from running.

“The opposite argument is also true for touch. Most of the time when using touch you'll want to use the Metro browser, but there are special cases where you'll want to switch, like if you need an addon or plugin to take effect,” Bondy explained.

And still, Mozilla believes that in case you’re using a keyboard and a mouse, there’s no need to launch the Modern version of the browser, as the touch-based flavor will be mostly aimed at tablet users.

“If you're using a keyboard and mouse, and since we will be having a shared profile, there is no reason you'd want to use the Metro browser. If you really want to you can, but surely you don't need to use both Desktop and Metro at the same time,” the blog post also reads.

Another change of the upcoming browser concerns the way links are managed in an already running session. The company says that, in case the Metro browser is already open and you click on a link in either the Modern UI or on the desktop, the page will load in the running browser.

On the other hand, if you’re not yet running Firefox, but you’ve configured it to be your default browser, the link will be launched in the environment you are currently in.

http://news.softpedia.com/news/Mozilla-Firefox-for...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 7th Nov, 2013 18:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 7th, 2013, 16:00 GMT · By Bogdan Popa
Internet Explorer 11 for Windows 7 Now Available for Download

Microsoft has just released the stable version of Internet Explorer 11 for Windows 7, thus giving consumers of the world’s number one operating system the chance to use the default Windows 8.1 browser too.

Internet Explorer 11 for Windows 7 is now available for download in 95 languages, the company said, with users who have already installed the IE11 Developer and Release previews to be the first to get the stable build via Windows update.

“With this final release, IE11 brings the same leading standards support--with improved performance, security, privacy, and reliability that consumers enjoy on Windows 8.1—to Windows 7 customers,” the company said.

Microsoft explains that Internet Explorer 11 is 30 percent faster than the other browsers on the market, as several tests performed on the web confirmed the dramatic speed boost that its new version brings.

While also claiming that Windows 7 users are provided with the exact same goodies as Windows 8.1 adopters, Microsoft explains that IE11 also excels when it comes to JavaScript performance.

“On Windows 7, IE11 is 9% faster than IE10, which is nearly 30% faster than the nearest competitive browser,” it says.

“The opportunities continue for HTML5 to make both websites and applications better. Those opportunities are exciting for everyone on the Web. Like IE11 on Windows 8.1, this release brings high performance HTML5 development to Windows 7.”

Last but not least, Microsoft claims that web applications are loaded faster in Internet Explorer, regardless of whether you are running Windows 8.1 or Windows 7. Common activities are also performed faster, while form editing controls improvements to preserve formatting make copy-pasting from Office quicker.

The new release will be soon delivered via Windows Update to all computers, but you can download Internet Explorer 11 for Windows 7 right now manually.

http://news.softpedia.com/news/Internet-Explorer-1...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 8th Nov, 2013 17:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 8th, 2013, 08:36 GMT · By Bogdan Popa
Internet Explorer 11 for Windows 7 Blurry Font Issues

Microsoft recently released the new Internet Explorer 11 for Windows 7, thus making the latest version of its in-house browser available to more users of the world’s number one operating system.

While there’s no doubt that IE11 is one of the fastest and most stable IE versions released so far, it continues to have a terrible bug that’s affecting the browsing experience on lots of computers.

The blurry font issues that have been reported by users ever since Internet Explorer 9 hit the shelves appear to exist in IE11 as well, with some links and parts of text becoming pretty hard to read due to this problem.

As you can see in the screenshot we attached in this article, the bug only affects Internet Explorer 11 on Windows 7, as all the other browsers, in this case Mozilla Firefox, seem to render the text correctly.

In most cases, the glitches were caused by the ClearType font setting integrated into Windows 7, but we’ve tried different configurations and the same rendering issue remains.

At this point, there are several workarounds available on the market, some of which involve messing with system files and reinstalling fonts, but this clearly isn’t the type of thing a beginner would be able to do.

Experienced users, on the other hand, prefer to simply switch to another browser that works better, as Microsoft’s instructions posted on the Community forums don’t seem to make any difference.

See/read more at :-
http://news.softpedia.com/news/Internet-Explorer-1...

Google’s Chrome web browser will block extensions

More secure, more shiny
By Dave Neal
Fri Nov 08 2013, 09:52

SOFTWARE DEVELOPER Google is shoring up the security of its Chrome web browser and will soon start blocking extensions.
The firm said that Chrome will block extensions that are not downloaded from its Chrome store, beginning next January.
Google said the move is necessary because of the number of malicious software developers and the number of people who install extensions developed elsewhere than at Google. It said that bad extensions lead to too many problems and complaints.
"Extensions are a great way to enhance the browsing experience; whether users want to quickly post to social networks or to stay up to date with their favorite sports teams. Many services bundle useful companion extensions, which causes Chrome to ask whether you want to install them (or not)," said Chrome engineering director Erik Kay.
"However, bad actors have abused this mechanism, bypassing the prompt to silently install malicious extensions that override browser settings and alter the user experience in undesired ways, such as replacing the New Tab Page without approval. In fact, this is a leading cause of complaints from our Windows users."
From January then, Chrome will block any extension that does not come directly from the Google Chrome store, and developers that maintain Chrome software extensions elsewhere are encouraged to move them as soon as possible.
Users are not expected to be affected, and Kay said that Google will support local extensions development.
"Protecting our users is a key priority, and we believe this change will help those whose browser has been compromised by unwanted extensions," he added. µ

http://www.theinquirer.net/inquirer/news/2305774/g...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 11th Nov, 2013 22:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Monday, November 11, 2013

Track down those noisy tabs
Have you ever shuffled through your tabs to figure out where that sound or music is coming from? We hear you! With today’s latest Chrome Beta release, you can now visually scan your tabs for a speaker icon to quickly find the offender. Chrome will also indicate which tabs are currently using your webcam or are being cast to your TV.

And for those who use Windows 8 you’ll notice that Chrome looks different in “Metro” mode. We’ve made it possible to manage multiple Chrome windows and quickly get to your favorite Chrome Apps with an integrated app launcher. If you use a Chromebook the change may look familiar — with a common interface we’ll be able to bring great experiences to both even more quickly!

Finally, while Safe Browsing warns you before you visit malicious websites or download malicious files, Chrome Beta will now automatically block malware files. If you see this message in the download tray at the bottom of your screen, you can click “Dismiss” knowing that Chrome is working to keep you safe.

Download Chrome Beta to give these latest enhancements a test drive.

Yuri Wiitala, Software Engineer and Tenacious Tab Tracker

http://chrome.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 12th Nov, 2013 17:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The shape of things to come ?
Article dated 23/10/13
Chrome for the slurp-weary: Cookie-binning Aviator browser arrives
Chromium-based software promises ad- and track-blocking

By John Leyden,

Security developers have released a stripped-down privacy-friendly browser, Aviator, based on the open source browser core Chromium as used by Google Chrome.

WhiteHat Security's Aviator browser has built-in functionality designed to block ads and tracking by default. In addition, Flash and Java are click-to-play, a configuration that WhiteHat argues greatly reduces the risk of drive-by downloads, which are a common method for malware distribution.

Each tab is sandboxed to help prevent one program from making changes to others, or to a computing environment. In addition, Aviator always operates in private mode. The technology strips out referring URLs across domains to protect its users' privacy. The default search engine for the new browser is ‪DuckDuckGo‬, the privacy-friendly web search tool.

WhiteHat has been carrying out in-house tests of the browser, prior to releasing a Mac OS X version to the public this week.

In a blog post, WhiteHat Security's director of product management Robert Hansen argues that major vendors (suc as Google, Mozilla and Microsoft) could all enhance their browsers' privacy protection features. But, he says, they are reluctant to make these changes because it would hurt their market share and business model to introduce built-in ad blocking, for example.

"Not a single browser vendor offers ad blocking, instead relying on optional third-party plugins, because this breaks their business model and how they make money,” said Hansen. “Current incentives between the user and browser vendor are misaligned. People simply aren’t safe online when their browser vendor profits from ads.”

He continued: "WhiteHat Security has no interest or stake in the online advertising industry, so we can offer a browser free of ulterior motives. What you see is what you get. We aren’t interested in tracking you or your browsing history, or in letting anyone else have that information either.

A more detailed explanation of how WhiteHat Aviator differs from its older sibling, Google Chrome, can be found here courtesy of WhiteHat.

"Because the BSD license of Chromium allows us, we made many very particular changes to the code and configuration to enhance security and privacy," says the company's marketing bumpf. These changes extend to disabling third-party cookies and other functions that supposedly resolve navigation errors or predict URLs – functions which leak data to Google, as the post by Jeremiah Grossman, WhiteHat Security's CTO, explains.

Browser configurations always involve a trade-off between privacy and convenience. WhiteHat Aviator has gone for the most strict privacy option and while this would be welcomed by the most privacy-conscious it's not for everyone, because it would make sites that use cookies hard to use, for example.

Early reactions to the release of the browser software was mostly positive apart from some quibbles from security researchers about why ‪Aviator‬ isn't open source or released as a configuration guide, rather than as a software build.

WhiteHat Aviator, with only a Mac OS X version currently available, can be downloaded here as a 48MB download. ®

http://www.theregister.co.uk/2013/10/23/privacycon...



--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 13th Nov, 2013 15:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 13th, 2013, 10:44 GMT · By Bogdan Popa
Internet Explorer 11.0.1 Released for Windows 8.1 Users

One of the updates released by Microsoft on Patch Tuesday brought several improvements for Internet Explorer 11, while also disabling Enhanced Protected Mode on all computers.

But as Neowin points out, the KB2888505 update bumps the Internet Explorer 11 version to 11.0.1 on Windows 8.1 devices, as Microsoft implemented a series of improvements in the latest build of its browser.

The company says in the description of the MS13-088 bulletin that the new IE11 release fixes a number of bugs, including those affecting HTTP connections, ActiveX controls and XMLHttpRequest objects.

The Internet Explorer 11 patch is being delivered via Windows Update and only seems to be aimed at Windows 8.1 computers. We’ve deployed all available patches on several Windows 7 machines and Internet Explorer 11 sticks to the same build number as before.

This particular version was released last week, so you can still download Internet Explorer 11 for Windows 7 manually.

http://news.softpedia.com/news/Internet-Explorer-1...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 14th Nov, 2013 16:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Researchers hack Internet Explorer 11 and Chrome at Mobile Pwn2Own
Previously unknown vulnerabilities in the two browsers were exploited to fully compromise Windows 8.1 and Android mobile devices

By Lucian Constantin | 14 November 13

Security researchers have compromised Microsoft Surface RT, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.
The exploits were demonstrated during the Mobile Pwn2Own hacking contest that ran Wednesday and Thursday at the PacSec Applied Security Conference in Tokyo.
Researchers Abdul Aziz Hariri and Matt Molinyawe from Hewlett-Packard's Zero Day Initiative (ZDI) team, which organized the contest, demonstrated an Internet Explorer 11 exploit on a Microsoft Surface RT device running Windows 8.1.
"Exploiting a bug in IE is difficult in general because of the protections and security controls they've implemented," Hariri said. The vulnerability was exploited twice in order to leak a memory address and then gain remote code execution, "which gave us full control over the whole machine," he said.
The vulnerability was reported to Microsoft so the company can protect users, Molinyawe said.
Another researcher who uses the pseudonym Pinkie Pie compromised Nexus 4 and Samsung Galaxy S4 devices by exploiting a vulnerability in Chrome.
Achieving remote code execution through a Chrome vulnerability is considered very difficult because of the application sandbox that separates the browser's processes from the operating system.
There have been only a handful of Chrome sandbox escape exploits demonstrated over the years and most of them were presented by researchers at hacking contests. Pinkie Pie hacked Chrome's sandbox two times before in 2012 as part of Google's Pwnium contests.


Read more: http://www.pcadvisor.co.uk/news/mobile-phone/34891...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 14th Nov, 2013 23:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable gets another update !


THURSDAY, NOVEMBER 14, 2013

Stable Channel Update
Chrome has been updated to 31.0.1650.57 for Windows, Mac, Linux and Chrome Frame.

Security fixes and rewards:


Congratulations to Pinkie Pie, for reclaiming his title with another impressive exploit!


[Ka-po-po-po-pow!!! $50,000] [319117] [319477] Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

A full list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

http://googlechromereleases.blogspot.co.uk/

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 15th Nov, 2013 12:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft: One of the Patch Tuesday vulnerabilities not actually patched
Summary: One of the Internet Explorer vulnerabilities supposedly fixed in Tuesday's cumulative update was not in fact fixed.

Larry Seltzer
By Larry Seltzer for Zero Day | November 14, 2013 -- 22:01 GMT

Microsoft today issued an update to one of this week's Patch Tuesday bulletins to note that one of the vulnerabilities listed in it as being fixed was not, in fact, fixed.

The bulletin was MS13-080: Cumulative Security Update for Internet Explorer. It originally disclosed 10 vulnerabilities. One of them, CVE-2013-3871, is an "Internet Explorer Memory Corruption Vulnerability." The vulnerability was credited to Simon Zuckerbraun working with HP's Zero Day Initiative.

Symantec has a little more explanation in their description of the bug:

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 6, 7, 8, 9, and 10 are affected.
Microsoft says that including CVE-2013-3871 in the bulletin was a documentation error. It is scheduled to be addressed in a future security update, the date of which was not specified.

http://www.zdnet.com/microsoft-one-of-the-patch-tu...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 20th Nov, 2013 22:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 20th, 2013, 19:59 GMT · By Ionut Ilascu
(Re)Discover Opera Browser

Opera Web Browser 18 by Opera Software
Version reviewed: Opera Web Browser 18 18.0.1284.49
The new Opera web browser aims at delivering improved web experience and faster browsing.

Some of the old features have been preserved, but the developer is constantly adding new ones.

Download Opera Web Browser 18 Features:

Speed up on slow networks with Off-Road mode
Improved Speed Dial
Discover feature brings to the table news across the world
Stash feature allows storing web pages for later
Flexible search allows adding multiple providers
Address bar doubles as a search bar
Mouse gesture navigation

Despite the slew of innovations that Opera Software has brought to its web browser along the years, some of them implemented in other browsers as well, the product has never managed to rise in popularity.

Nevertheless, it has always enjoyed a cohesive community that would always recognize its merits in shaping the web and browsing.

At the beginning of the year, the company took an (un)expected turn and ditched its Presto layout engine in favor of the more popular WebKit that already powered Apple’s Safari and Google’s Chrome.

At that time, the developer assured that Opera browser would return to its former days of glory, with versatility and a distinct set of features that made it so appealing to its users, but it would take some time for things to get back on track.

The current revision features the same flexibility during installation (you can create a portable copy) and runs on Blink open-source engine, a fork from WebKit, developed, among others, by Opera Software and Google.

The highlights include camera and microphone support for websites using getUserMedia and WebRTC APIs (you can try some demos here).

http://www.softpedia.com/reviews/windows/Opera-Web...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 20th Nov, 2013 22:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox reveals new look: rounded rectangles
'Australis' design upgrade now available in nightlies

By Simon Sharwood, 20th November 2013

The Mozilla foundation has released 'Australis', the new design for its flagship Firefox browser.

Australis is only visible in Firefox nightlies for now and Mozilla isn't saying which release of the browser it will land in. It is, however, destined to become the design standard for all versions of Firefox on all platforms.

Mozilla says the Australis represents “A streamlining and simplification of the basic browser interface.” The first sign of that change is rounded rectangles as the new shape for browser tabs. Illustrated below, the rounded rectangular tabs have new mouse-over properties that sublimate unused tabs and highlight the tab you're using.

Tabs are also higher up the page, saving a few pixels for showing web pages. The browser does its best to get out of the way with a few enhancements that reduce the amount of screen space occupied by its interface. A Forward or Back button, for example, will only appear if there's a page to go forward or back to. Adding a bookmark requires only a single click. Download progress bars either float over a page or appear in place of a download button.

A new customisation mode to make selecting controls for the toolbar is another addition.

Mozilla says the new design represents foundations on which it will build future enhancements such as alternative page layouts, a new help bubble feature and a better start page.

Firefox nightlies can be had here or if you'd like to see Australis without installing it, there's a video demo here. ®
http://www.theregister.co.uk/2013/11/20/firefox_re...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 21st Nov, 2013 08:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 21st, 2013, 02:31 GMT · By Bogdan Popa
Internet Explorer 11 Fails to Correctly Render Yahoo Homepage

The issue is said to be affecting both Windows 7 and Windows 8.1
Internet Explorer 11 is also available on Windows 7 computers, but it turns out that some of the users who installed it are experiencing issues when trying to view the Yahoo homepage.

Some reports posted on Microsoft’s support forums indicate that IE11 incorrectly renders the homepage and shows the newsfeed as blanks after the first five stories.

“I click on the right arrow, it advances incrementally, but there are no images. IF I use compatibility view, it works fine, but the page shrinks. I have tried resetting, deleting cache, etc. to no avail,” one user explained.

The issue also seems to be experienced on Windows 8.1 devices too, with some users confirming that similar problems have also been spotted on the Modern version of the browser too.

Microsoft is still investigating reports at this point, so there are no workarounds available for the time being.

http://news.softpedia.com/news/Internet-Explorer-1...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 22nd Nov, 2013 13:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Browser extension creates 'disposable' data for privacy
Abine's DoNotTrackMe extension is designed to prevent collection of a user's personal data

By Jeremy Kirk | 22 November 13
A Boston-based company, Abine, is beefing its anti-tracking browser extension to let users shield their real credit card details, email addresses and phone numbers during web transactions.

The new features are being added to "DoNotTrackMe," an extension for Firefox, Internet Explorer, Chrome, and Safari that blocks tracking technologies used by advertising and social networks and data collectors.

The latest capabilities, which were already in Abine's MaskMe password management tool, allow users to give out a one-time use credit card number to e-commerce vendors, along with a disposable email address and phone number.

Data collection is a brisk business these days. Companies sell personal data, share it with ad networks and business partners or transfer it to new companies if they're acquired, said Rob Shavell, Abine's co-founder.

Read more: http://www.pcadvisor.co.uk/news/security/3490576/b...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 22nd Nov, 2013 21:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 22nd, 2013, 14:40 GMT · By Bogdan Popa
Tor Browser Bundle 3.0 RC 1 Now Available for Download

If you’re really planning to stay anonymous while browsing the web, keeping your Tor Browser Bundle fully up to date is the first thing you need to do, so new versions are essential for you.

A new build was officially launched, and although it’s not a stable release, it still lets you have a glimpse into the feature lineup of the upcoming Tor Browser Bundle 3.0.

The first release candidate of the next stable build comes with important security updates for Firefox, so all users still running the preview version should update as soon as possible.

“Unfortunately, we have decided to remove the PDF.JS addon from this bundle, as the version available for Firefox 17 has stopped receiving updates. Built-in PDF support should return when we transition to Firefox 24 in the coming weeks,” the developing team said.

At the same time, it also fixes some found bugs and updates the built-in utilities, with the same group behind the app saying that it should now work faster and smoother on Windows, so go ahead and download Tor Browser Bundle 3.0 RC 1 right away.

http://news.softpedia.com/news/Tor-Browser-Bundle-...


November 22nd, 2013, 12:41 GMT · By Bogdan Popa
Opera 19 Update Brings Windows 8.1 Improvements

Opera 19 is now supposed to work better on Windows 8.1
Opera 19 has just received a new update that comes to fix several bugs and performance issues reported by developers in the previous builds.

The long list of changes includes improvements specifically aimed at Windows 8.1 devices, as it was reported that the browser detects Microsoft’s new operating system as Windows 8 in the opera://about page.

At the same time, the developing team has addressed bugs causing the “Save as…” feature to double or triple downloaded files extension of *.tar.bz2 files and glitches found in the way text was handled when pasting in the address bar.

Starting with build number 19.0.1326.0, the developer version of Opera also overrides Win 8.1 scaling when HiDPI support is off, so make sure you deploy the update if you’ve already made the move to Microsoft’s latest OS version.

http://news.softpedia.com/news/Opera-19-Update-Bri...

--
Was this reply relevant?
+0
-0
mogs RE: Browser News
Expert Contributor 23rd Nov, 2013 13:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 23rd, 2013, 07:37 GMT · By Bogdan Popa
Firefox 26 Beta 7 Now Available for Download

Mozilla has just unveiled a new beta version of Firefox, so Windows, Linux, and Mac OS X users running this particular pre-release build are recommended to update as soon as possible.

As it usually happens with beta versions, this new release is mostly supposed to fix bugs and improve the performance of the existing features, which means that you won’t see any new options or visual changes.

And still, Firefox 26 beta 7 most likely addresses issues causing crashes and unexpected freezes, so a more or less obvious performance improvement should be noticed after deploying the update.

Firefox 26 stable is expected to be announced in December or in early January, with the upcoming version to also include a build specifically aimed at Windows 8.1 users who want to browse the web from the Modern UI.

Download Firefox 26 beta 7 for Windows

http://news.softpedia.com/news/Firefox-26-Beta-7-N...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability