Connect with us

Internet

Google Confirms Serious Chrome Security Problem – Here’s How To Fix It

Published

on

Google Chrome’s security lead and engineering director, Justin Schuh, has warned that users of the most popular web browser should update “like right this minute.” Why the urgency? Simply put, there is a zero-day vulnerability for Chrome that the Google Threat Analysis Group has determined is being actively exploited in the wild. What does that all mean? Well, a vulnerability is just a bug or flaw in the code and while they all need to be fixed, not all of them either can be or are being exploited. A zero-day vulnerability is one that threat actors have managed to create an exploit for, a way of doing bad things to your device or data, before the good guys even knew the vulnerability existed. In other words they have zero days in which to issue a fix. The bad news for users of Google Chrome is that this particular zero-day vulnerability, CVE-2019-5786, is already being exploited by the bad guys. Which is why it’s so important to make sure your browser has been updated to the latest patched version that fixes the vulnerability.

The problem explained

Although information regarding CVE-2019-5786 remains scarce currently, Satnam Narang, a senior research engineer at Tenable, says it is a “Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user’s computer.” Some further digging by Catalin Cimpanu over at ZDNet suggests that there are malicious PDF files in the wild that are being used to exploit this vulnerability. “The PDF documents would contact a remote domain with information on the users’ device –such as IP address, OS version, Chrome version, and the path of the PDF file on the user’s computer” Cimpanu says. These could just be used for tracking purposes, but there is also the potential for more malicious behavior. The ‘use-after-free’ vulnerability is a memory corruption flaw that carries the risk of escalated privileges on a machine where a threat actor has modified data in memory through exploiting it. That’s why Google has issued the urgent update warning, as the potential is there for exploits to be crafted that could enable an attacker to remotely run arbitrary code (a remote code execution attack) whilst escaping the browser’s built-in sandbox protection.

What to do next

Luckily this is an easy problem to fix, just make sure you do it as soon as you’ve finished reading this! First, head over to the drop-down menu in Chrome (you’ll find it at the far right of the toolbar – click on the three stacked dots) and select Help|About Google Chrome. You could also type chrome://settings/help in the address bar if you prefer, which takes you to the same dialog box. This will tell you if you have the current version running or if there is an update available. To be safe from this zero-day exploit, make sure that it says you are running version 72.0.3626.121 (Official Build). If not, then Chrome should go and fetch the latest version and update your browser for you automatically.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Internet

Facebook Messenger finally adds quoted replies

Published

on

By

Today Facebook Messenger has added a sorely missing feature – quoted replies. This allows you to reply to a specific message in a conversation, and is incredibly helpful when you’re engaged in chats that have a big range of topics. Using the new feature, the people you’re talking to will now know exactly what you were replying to with that “LOL”, for example.

This has been a feature in WhatsApp, which is also owned by Facebook, for a very long time, and it’s always been sort of a baffling omission in Messenger. So it’s good to finally see it there too.

In order to quote a specific message, long tap on it and you’ll see a new Reply button to the right of the reaction emojis. Tap that, write your reply, and, just like in WhatsApp, the message you’re replying to will appear above your reply. Easy. This potentially means you’ll have less misunderstandings with your friends as to which message was referencing what.

The feature is rolling out now on both iOS and Android.

Continue Reading

Databases

How Opera’s New VPN Feature Further Cements its Position as Nigeria’s Most Preferred Browser

Published

on

By

Opera, one of the world’s most popular mobile web browsers, has announced the inclusion of a useful VPN function. The Norwegian browser maker recently revealed the new VPN feature will be included in the app update for the Android.

View image on Twitter

A VPN is a secure way to send and receive data across the internet. It creates a secure, encrypted tunnel between a user’s device and the VPN server. VPNs help protect users from interception, snooping, and even censorship. Basically, anybody who tries to hack data being sent over a VPN server will see only gibberish.

Most VPNs are neither free nor unlimited. The free ones are more or less limited because they keep a monthly or daily data cap for users.

Now the introduction of a VPN into the Opera Android browser officially cements the browser as the best. The new VPN feature had me comparing mobile browsers to see how each of them stacked up compared with Opera.

Opera, one of the world’s most popular mobile web browsers, has announced the inclusion of a useful VPN function.

For one thing, Opera is the first browser to introduce the feature as an in-app function. The VPN feature is free to use and does not come with any data cap or even log management feature that usually threatens user privacy.

The feature plays nicely with the browser’s other existing user-friendly features. For instance, the browser has always come with several features that make browsing the web extremely fast. Opera also includes a powerful adblocker which helps to make browsing less cluttered.

In Africa, Opera controls 20.72% of the browser market and in Nigeria, it holds a whopping 51.18% market share. And it is features like this that makes Opera the most popular browser in Nigeria and Africa.

Meanwhile, other browsers like Google and Mozilla’s Firefox have talked heavily about adblockers and other features, but they have been quite slow to introduce them.

Google Chrome browser has a nasty reputation for consuming much RAM and takes up too much space. But it is pretty cool and supports advanced features and browsing.

But Opera still has a few things to work on though. For instance, the app frequently bloats users’ browsing experience with disruptive ads which is quite ironic since it is supposed to naturally blocks ads. Getting this fixed will certainly be a plus for users.

Continue Reading

Internet

Samsung confirms the Galaxy S10 5G release date is April 5

Published

on

By

Samsung has confirmed the Galaxy S10 5G release date today. It was initially supposed to release the device by the end of this month. The release had to be delayed due to ongoing discussions between carrier partners and the South Korean government. The company today confirmed that it will release the first 5G-enabled device on April 5 in South Korea.

There will not be any pre-order program for the device, Yonhap News reports. The Galaxy S10 5G is also expected to release in the United States in April. It will initially be exclusive to Verizon in the country. The carrier has confirmed that its mobile 5G network will launch on April 11.

Samsung once again aims for the world’s first title

After launching the world’s first foldable smartphone, the Galaxy Fold, Samsung is now eyeing the title of putting the world’s first 5G smartphone on the market. Verizon is gearing up for the launch of its mobile 5G service on Motorola’s Moto Z3 in Chicago and Minneapolis on April 11. That device doesn’t have an integrated 5G modem like the Galaxy S10 5G. Customers will be required to purchase the 5G Moto Mod if they want to use the phone on a 5G network.

Samsung will comfortably beat it to market when its 5G flagship launches on April 5. The device has already passed the signal verification test from South Korea’s National Radio Research Agency. It was reported yesterday that the South Korean government was hastening the launch of 5G services in the country after Verizon announced the April 11 date. It really wants South Korea to be the first country in the world to have commercial mobile 5G.

Although Samsung hasn’t yet revealed the pricing of the Galaxy S10 5G, industry watchers expect it to cost around 1.5 million won ($1,332) in South Korea. Launch offers include free Galaxy Buds and a wireless charger for the customers who register the phone from April 5-16. Samsung is also offering a 50% discount on one-time screen replacement with the validity of 1 year.

Continue Reading
Advertisement

Trending

Copyright © 2018 Inventrium Magazine

%d bloggers like this: