Chrome 15 goes stable, brings updated New Tab page to the masses

Discussion in 'other software & services' started by Hungry Man, Oct 25, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Awaiting for portable release.
     
  3. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    Nothing earth shattering at first glance but new security fixes are always welcome.

    tnx for the heads-up m8! :thumb:
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Ditto! :)
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Yeah, thanks Hungry. :thumb:

    Aghhhh what's happened to the startpage? .... we fear change ... :eek:

    It's OK really. ;)
     
  6. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Cool, I was waiting on this. Thanks for the update.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    For those interested Chromium has also hit 17.

    The most notable change I can see is that HTTP Pipelining support is being implemented.
     
  8. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    don't much care about security fix since i run it under SB anyway :D
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    One of them addresses BEAST.
     
  10. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,098
    Location:
    Adelaide
    Nice. For those not familiar with BEAST, Steve Gibson explains it thoroughly here.
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    *insert conspiracy theory about Google forcing its search to be used here* :D

    In all seriousness, the scenario that would allow an attack, while it seems to involve a lot..really doesn't involve much at all, minus the attacker controlled location perhaps. All in all, low yes, but also not "crazy unlikely", and therefore, IMHO of course, Google should be a little less nonchalant about it.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's pretty crazy unlikely.

    1) The user would have to set the default search engine to something other than Google (which is the default upon installing.)

    2) The attacker has to be on your network or have control over something on your network

    3) The attack has to trick you into downloading a file


    So you have to be already compromised network-wise, download a file, and have changed your browser settings (something maybe 1/10 users does if even.)
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Oh and if the user has visited an HTTPS site any time that session before the attack it will fail as well.
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    If you think about your typical wired connection, then perhaps. Throw your typically insecure wireless connection into the mix, and you might have some trouble. Besides, let's take some guesses as to how many systems out there have a rootkit/botnet hiding on them. We know that's a pretty high number, so there is your compromised network (along with the possibility of someone hooking into your wireless network). So, the compromised network isn't "crazy unlikely". We also have the search engine, okay, sure, not that many people will bother switching, I get that.

    However, it's a single click to change it, and there are a good number of Bing users (and other search engine users as well..think of the privacy folks here who tout IXQuick and others). So, a single click and already plenty of alternative search engine users..not so "crazy unlikely".

    Not visiting an HTTPS website? Unless you are shopping, or on a government website, using secure search and limited other things, you aren't visiting an HTTPS website. Not "crazy unlikely".

    Let's get to the part of tricking people into downloading something...actually, let's stop before we start, as there is no sense in even attempting to call that "crazy unlikely".

    Do you see why I'm disagreeing a bit here? The most unlikely of these factors is the changing of the default search engine. That's not a scenario I'd be comfortable blowing off if I were Google, especially if it cracks the almighty sandbox that they rely heavily on to deem their browser "un-exploitable".
     
  16. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Oh Bollocks, the first thing I do when I download Chrome is to change the default to Duck Duck Go SSL.
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The scenario really has to be fairly set up. I just don't feel it's very likely at all. Something like 20% people use Chrome. Maybe 5% of Chrome users change their default browser (I'm going by how many people install adblocking extensions) and of those 5% maybe another 1% are on compromised networks. Even if every single one of those unlucky few falls for the socially engineered malware those are some ridiculously low numbers.


    I mean, it constitutes an issue for sure but as the Chromium dev says this isn't some "download this file and win 100 dollars" the user has to be compromised to begin with and they have to have changed the default browser settings.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Do you honestly believe other people do this? lol

    It may seems obvious to you, as obvious as installing adblock, but to 95% of the population it never occurs to them.

    In fact I'd bet that less people change their default search engine than install adblock.
     
  19. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Ermmm ... not in my case ... please tell me changing it to Duck Duck Go SSL wasn't a mistake.

    Firefox is looking more secure than Chrome every second that passes these days ...
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not unless you already believe your network/computer to be compromised and plan on downloading specific malware for this bug.

    Ironic... hilariously so considering that the bug was introduced by Mozilla's devs...
     
  21. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Does this officially qualify me as a browser nerd then? If it does, it is most excellent. ;)
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You're in the top 1% =p
     
  23. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I think I'll be OK.

    *Adopts Charlton Heston voice* "Damn those Mozilla devs ... damn them all to hell ... "

    It's back to Opera then! :eek: o_O
     
  24. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Cool. :cool:
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If you're worried about exploits Opera's the last one I'd go to.

    I wouldn't blame the Mozilla devs, it's an open source project and Chromium team made the decision to use some of that code.

    But to go to Firefox over this would be really funny considering it's their code that introduced the bug.
     
Loading...
Thread Status:
Not open for further replies.