Google Safety Center

googleWhether for work, school or personal use, you may be using Google’s products in one form or another, including an Android device, Gmail, Chrome, Google Docs or other applications. Google is committed to keeping the web safe for everyone and understands that it is a shared responsibility. They have put together a website to help you learn what you can do to protect yourself and your family online.

Topics include securing your password, managing your Google account, checking settings, and more to help you to stay secure and private when online. They also show ways to keep the bad guys out of your stuff.

There is a wealth of information included in the Google Safety Center, so it’s well worth while checking out.

Beware Your Chrome Extensions

googleAd vendors can buy Chrome extensions (the plug-ins that enhance the browser’s capability) to send adware and malware-filled updates, according to Ars Technica. Ownership of a Chrome extension can be transferred to another party and users are never informed when an ownership change happens. Malware and adware vendors caught wind of this, and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

To remove the adware, the user must disable the extension:

  • In Chrome on a Mac, select Window > Extensions, then uncheck the box next to “Enabled.”
  • In Chrome on Windows, select Settings > Extensions, then uncheck the box next to “Enabled.”

Read the full story online.

Safer Browsing With Extensions

Did you know that you can make your browser even more secure by installing extensions? Let’s take Firefox as an example and look at some Firefox add-ons that are designed to protect you when browsing the Web:

  • Want to prevent ads from appearing on the sites you visit and that could potentially take you to more dangerous sites? Install Adblock Plus.
  • Need protection against JavaScript, Java and other executable content that could cause cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking) and Clickjacking attempts? Install NoScript.
  • Would you like to know which sites to trust? Install WOT.
  • Want to know in which country the web server resides that you’re connected to? Install Flagfox.
  • Want to preview sites before you click on their links? Install CoolPreviews.
  • Ever wonder if you’re being tracked by Google, eBay or YouTube and want to block them? Install BetterPrivacy or Ghostery.

See the extensions for the top main browsers:

Browsers with Updates

On August 23, 2011, Google released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases page and update to Chrome 13.0.782.215 to help mitigate the risks.

On August 17, 2011 Mozilla Released Firefox 6 and 3.6.20 to address multiple vulnerabilities.  These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information. US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 6 and Firefox 3.6.20 and apply any necessary updates to help mitigate the risks.

NOTE to MIT: IS&T is not yet supporting Firefox 6 and is in the process of testing IS&T supported applications to make sure they are compatible with the newest version of Firefox. If you rely on MIT administrative browser-based software, you are advised to WAIT to upgrade to Firefox 6.

Google Addresses Flaws in Chrome

Google has updated its Chrome browser, bringing the stable build of Chrome to version 11 for Windows, Mac OS X and Linux. The update addresses 27 vulnerabilities. None of the vulnerabilities received a critical rating; 18 were rated high severity. Since last summer, Google has been releasing new versions of Chrome approximately every 6 weeks. If you are using Chrome, your updates will automatically occur behind the scenes.

IS&T does not currently support the Chrome browser, but it can be downloaded for Windows, Mac OS X and Linux from Google’s website.

Two Browser Updates from Last Week

Safari 5 Update:
Last week Apple issued a large update for its Safari web browser. The update fixes a total of 62 security issues in Safari 5 for Mac and Windows, and brings the most current version to 5.0.4. Fifty-six of the flaws could be exploited to allow arbitrary code execution. On the same day, Apple issued an update for its iOS, bringing the most recent version of its mobile operating system to 4.3, which addresses most of the same flaws in the Safari update.

Read the story on Computerworld.com.

Google Chrome 10:
Also last week, Google released Chrome 10 to the stable channel, making the update available to all users. Google Chrome 10 supports password sync and also comes with the latest Flash player (10.2).

Read the story on TechieBuzz.com.

Security Update for Chrome 9

Google has issued a security update for version 9 of its Chrome browser just days after Chrome 9 was released in its stable version.  The fix addresses five vulnerabilities, three of which are rated high priority. Chrome 9.0.597.94 also includes an updated version of Adobe Flash.

Download the most recent version for Windows, Mac OS X and Linux. Users who already have Chrome installed can use the built-in update function.

Read the story on h-online.com.