Tag Archives: Google Chrome

Patch Tuesday, May 2024 Edition

May 14, 2024

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Look-Alike Domains and Visual Confusion

March 8, 2018

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using.

For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name:

https://www.са.com/

Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian.

Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain):

Microsoft Patch Tuesday, February 2018 Edition

February 13, 2018

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users.

Attackers Exploiting Unpatched Flaw in Flash

February 2, 2018

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses.

Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

Adobe to Patch Hacking Team’s Flash Zero-Day

July 7, 2015

Adobe Systems Inc. said today it plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks. The flaw was disclosed publicly over the weekend after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that’s long been accused of helping repressive regimes spy on dissident groups.

Critical Updates for Windows, Flash, Java

April 14, 2015

Get your patch chops on people, because chances are you’re running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month. And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication.

The Mad, Mad Dash to Update Flash

May 15, 2014

An analysis of how quickly different browser users patch Adobe Flash vulnerabilities shows a dramatic variation among browser makers. The data suggest that Google Chrome and Mozilla Firefox users tend to get Flash updates relatively quickly, while many users on Microsoft’s Internet Explorer browser consistently lag behind.

Styx Exploit Pack: Domo Arigato, PC Roboto

July 8, 2013

Not long ago, miscreants who wanted to buy an exploit kit — automated software that helps booby-trap hacked sites to deploy malicious code — had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability “stress-test platforms.”

Critical Updates for Windows, Adobe Flash, Air

March 12, 2013

Microsoft and Adobe each released patches today to plug critical security holes in their products. Microsoft issued seven update bundles to address at least 19 vulnerabilities in Windows and related software. Adobe released the fourth security update in nearly as many weeks for its Flash Player software.

Help Keep Threats at Bay With ‘Click-to-Play’

March 11, 2013

Muzzling buggy and insecure Web browser plugins like Java and Flash goes a long way toward blocking attacks from drive-by downloads and hacked or malicious Web sites. But leaving them entirely unplugged from the browser is not always practical, particularly with Flash, which is used on a majority of sites. Fortunately, there is a relatively simple and effective alternative: Click-to-Play.