Bugs and Fixes: A Bonanza of Browser Bug Fixes
This month brings us significant browser security updates--or new versions--from Microsoft, Google, and Apple.
Internet Explorer 8, released in March, will appear as a high-priority update if you run Windows Update, but Microsoft says you'll be able to skip it even if you have Automatic Updates set to install applications without asking permission.
Some sites, including those within a company intranet, might not look right in IE 8, even when you use the compatibility mode. But you can always use Add or Remove Programs to uninstall the new version and roll back to IE 7, and IE 8 has several security enhancements.
Chrome users may have received a new version automatically without even realizing it. Google quietly distributed Chrome 2.0, which offers a full-screen mode and an improved new-tab page. The basic look and feel haven't changed. An auto-update released just prior to Chrome 2.0 fixed one critical security flaw that attackers could target with specially crafted images, and another that involves how the browser handles tabs.
If you use automatic updates, you likely have 2.0. To check, click the wrench icon in the upper-right and pick About Chrome.
Not to be left out, Apple issued a Safari update. Version 3 and version 4 beta (offered as the current download) require updates to close three holes in both the Mac and Windows versions. The flaws could allow "arbitrary code execution" if you visit a malicious Web page designed to target them. Run Apple Software Update to make sure you're current.
Microsoft QuickTime Problem
An as-yet-unpatched hole relates to how the Microsoft DirectShow framework for multimedia handles QuickTime content. You could trigger the flaw in Windows XP, 2000, and Server 2003 by opening a poisoned QuickTime file or by visiting a tainted Web site; the problem doesn't involve Apple software. Crooks can exploit the hole in quartz.dll and take control of a vulnerable PC regardless of whether you've installed QuickTime, Microsoft says. Vista, Server 2008, and Windows 7 are not affected.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
browser
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
