Saturday, April 23, 2011

Adobe Reader 9.4.4 released, 10.0.3/Win on June 14.

According to the security bulletin from Adobe (http://www.adobe.com/support/security/bulletins/apsb11-08.html), the latest available versions are:

Windows
  Adobe Reader 9.4.4 or 10.0.2  (10.0.3 will be available June 14, 2011).

Mac
  Adobe Reader 9.4.4 or 10.0.3

Secbrowsing will be updated shortly accordingly. 

Monday, April 11, 2011

New zero-day for Adobe Flash, update coming soon.

http://www.adobe.com/support/security/advisories/apsa11-02.html

Update, Apr 23, 2011:

Adobe released new versions a few days ago. The latest versions now available are:

Firefox, Safari & IE: 10.2.159.1
Chrome: 10.2.154.27
Android: 10.2.156.12

Secbrowsing will be updated shortly to point to the minimum of the above (10.2.154.27), so if you have anything later than that, you should be ok.

Saturday, March 19, 2011

Allowing out-of-date plugins in Chrome

Here's how to allow Chrome to run outdated plugins all the time (without warnings): You can disable this feature by adding the command line flag --allow-outdated-plugins.

Note: Chrome doesn't force you to use eg Adobe Reader X. Adobe Reader 8 and 9 are supported too, but they need to have all their security updates. Currently, that means Reader 8.2.6 or 9.4.2. If you have eg 9.4.1, you can update to 9.4.2 via Adobe Reader -> Check for updates.


In Windows:
  1. Right click on your "Chrome" icon.
  2. Choose properties
  3. At the end of your target line, place these parameters: --allow-outdated-plugins
  4. It should look like: chrome.exe --allow-outdated-plugins

In Mac OS X:

  1. Open Terminal
  2. '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' --allow-outdated-plugins
On Linux:
  1. From the command line, you can launch
    google-chrome --allow-outdated-plugins

Tuesday, March 8, 2011

Out-of-date plug-in warnings now part of Chrome



Chrome 10: Out-of-date plug-in warnings
As we previously mentioned, we believe that some of the most significant opportunities to increase user security revolve around plugins. We’ve made a number of improvements in this area, including actively encouraging users to update their plug-ins to the most secure version. Chrome now detects when a plug-in is out of date and blocks it with a simple infobar. This infobar helps guide the user towards updating their plug-in with the latest security fixes.


I'm glad to have contributed to the implementation of this feature -- a number of core Chrome engineers helped make it a reality. As for the secbrowsing extension, you don't need to, but you can keep it installed. It will continue to let you know when one of your plugins is out of date, even if you are not using it (In Chrome, the warning only appears when a website you visit requires one of your plugins that is out of date). This might be helpful for example if you use other browsers alongside Chrome, which don't prevent your from using out-of-date plugins.

Thursday, February 17, 2011

New security updates for Java, latest version is 6u24

A number of security vulnerabilities are fixed in this latest version of the Java plug-in:
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

SecBrowsing was updated to point to the latest version (6u24)

Wednesday, February 9, 2011

New security updates for Adobe Reader, Flash and Shockwave player

Secbrowsing was just updated to point to the latest versions of Adobe Reader, Flash and Shockwave:

Adobe Shockwave Player 11.5.9.620 (on Windows, on Mac we cannot identify the full version via JavaScript)
http://www.adobe.com/support/security/bulletins/apsb11-01.html

Adobe Flash Player 10.2.152.26 (on Windows and Mac your Chrome should already have updated you to 10.2.154)
http://www.adobe.com/support/security/bulletins/apsb11-02.html


Adobe Reader 9.4.2 (10.0.0 is also affected but the sandbox should protect you).
http://www.adobe.com/support/security/bulletins/apsb11-03.html

Saturday, February 5, 2011

New security update for RealPlayer

As of yesterday, SecBrowsing was updated to point to version 12.0.1.633 of the RealPlayer plug-in for Windows, which is the latest version released by Real and addresses a security issue in Windows.

Security context: http://service.real.com/realplayer/security/01272011_player/en/