NEWS - November 12, 2015

Google will retire Chrome support for Windows XP, Vista, OS X 10.6, 10.7, and 10.8 in April 2016

Google today announced it is extending Chrome support for Windows XP until April 2016. The company will also end Chrome support for Windows Vista, OS X 10.6 Snow Leopard, OS X 10.7 Lion, and OS X 10.8 Mountain Lion at the same time.

This means Google will provide regular Chrome updates and security patches for users on these operating systems for five more months. After that, the browser will still work, but it will be stuck on the last version released in April.

Google rightly explained that “such older platforms are missing critical security updates,” “have a greater potential to be infected by viruses and malware,” and “are no longer actively supported by Microsoft and Apple.” If you want to receive the latest Chrome versions and features, the company thus advises you to move to a newer operating system.


Related: Google finally cutting off Chrome updates on Windows XP and Vista
Discussion is locked
Reply to: NEWS - November 12, 2015
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - November 12, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
More bad news for Flash-dependent websites

Recent threat analyses of more than 100 exploit kits and known vulnerabilities found Adobe Flash Player to be the most commonly exploited product. According to the report by Recorded Future, that software provided eight of the top 10 vulnerabilities used by exploit kits in 2015.

The exploit kits represent malware software or crimeware as a service. Users pay per installation of the malware, and push the exploitations through compromised sites or malicious third-party advertising. When victims load the web page or follow a bad link, the exploit code is launched and possibly downloaded.


Flash Flaws Most Common in Exploit Kits: Report
8 of top 10 vulnerabilities used by exploit kits target Adobe Flash Player

- Collapse -
Researchers hack Vizio Smart TVs to access home network

Not only do Vizio's Smart TVs track users' viewing habits by default (and that information is sold to third parties who can then use it to deliver targeted ads to other internet-connected devices that share an IP address or other identifier with the Smart TV), but they are also vulnerable to man-in-the-middle attacks that can result in attackers harvesting data that is sent from the TV to the server that collects it, as well as to attacks that could lead to attackers taking over control of the smart device and/or the entire home network.

Or, at least, they were until recently - after Avast researchers discovered these holes, the company was notified and patched them. The update with the patch will be pushed to all the devices in the next few days, and those TVs who have automatic updating on and are online will update themselves.


Related: Man-in-the-middle attack on Vizio TVs coughs up owners’ viewing habits

- Collapse -
Android Tablets with Pre-Installed Trojan Sold on Amazon

A nasty Trojan that allows malicious actors to remotely control infected devices has been pre-loaded on many types of Android tablets sold on Amazon and other online stores, Cheetah Mobile has warned.

The Chinese mobile security firm has pointed to many online reviews (pdf) from people who have purchased tablets infected with the malware. The dates of these reviews show that the threat has been around for many months.

The Trojan, dubbed “Cloudsota,” allows attackers to take control of infected devices and conduct various activities, including install adware and malware, remove security apps, change the browser homepage, hijack search results, push ads via the boot animation and wallpapers, and open applications. Since the threat has root permissions, it can restore itself after a reboot if the user attempts to remove it from the device.


Related: Rooted, Trojan-infected Android tablets sold on Amazon

- Collapse -

Your other posts are being caught by the spam filter.

- Collapse -
Thanks, Dafydd !

Just now noticed it myself. Sad

- Collapse -
Digitally signed spam campaign spotted delivering malware

We've all heard about digitally signed malware, but have you ever been targeted with a digitally signed spam email?

Someone did, and has shared the signature notice with the public: [...]

The signature is legitimate, and is bound to trick some users into opening the attached signed message. Unfortunately for those who do, the attachement contains a JavaScript posing as a PDF file, and running it will trigger the download and execution of a piece of malware.

Malware researchers Bart Blaze thinks it's likely that it's a Andromeda/Gamarue backdoor variant. But whatever the nature of the malware turns out to be, you can bet it's not harmless.


CNET Forums