Google Chrome – Dataconomy https://dataconomy.ru Bridging the gap between technology and business Thu, 06 Jun 2024 14:00:31 +0000 en-US hourly 1 https://dataconomy.ru/wp-content/uploads/2022/12/DC-logo-emblem_multicolor-75x75.png Google Chrome – Dataconomy https://dataconomy.ru 32 32 Google Chrome update deadline looms https://dataconomy.ru/2024/06/06/google-chrome-update-deadline-2024/ Thu, 06 Jun 2024 12:19:27 +0000 https://dataconomy.ru/?p=53222 Google Chrome update deadline is just hours away, and this critical juncture cannot be ignored by its 2 billion-plus desktop users. May was a turbulent month for Chrome, with a series of four zero-day vulnerabilities and emergency update warnings causing widespread concern. The U.S. government has taken the unusual step of warning federal employees to […]]]>

Google Chrome update deadline is just hours away, and this critical juncture cannot be ignored by its 2 billion-plus desktop users.

May was a turbulent month for Chrome, with a series of four zero-day vulnerabilities and emergency update warnings causing widespread concern. The U.S. government has taken the unusual step of warning federal employees to install May’s emergency updates or cease using Chrome altogether.

The urgency of these updates cannot be overstated, and with June 3 having passed, the second critical update must be applied by June 6.

Google Chrome update deadline
The Google Chrome update deadline is just hours away, requiring immediate action (Image credit)

The urgency behind the Google Chrome update deadline

The security vulnerabilities discovered in Google Chrome during May have prompted swift action from both Google and cybersecurity authorities. Four zero-day vulnerabilities within a span of ten days is an alarming situation, highlighting the importance of keeping software up to date. The U.S. government, through its Cybersecurity and Infrastructure Security Agency (CISA), has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signifying their critical nature.

CISA’s directive for federal employees to update Chrome by June 3 and June 6 underscores the gravity of the situation. Failure to apply these updates could leave systems vulnerable to exploitation. Given the widespread use of Chrome, this directive extends beyond federal agencies to all users. Chrome’s automatic update feature simplifies the process, but users must remember to restart their browsers to complete the update installation.


Google killing cookies and here is why


Of course, the Google Chrome update deadline from CISA only applies to those working in US federal agencies.

In addition to the direct warnings from the government, the broader cybersecurity community has echoed the need for immediate updates. Google’s emergency patches address severe vulnerabilities that could allow remote attackers to execute arbitrary code, compromising user systems. This potential for exploitation is not theoretical; these vulnerabilities are actively being used in the wild, necessitating prompt action from all Chrome users.

Implications of manifest v2 and v3 changes

As Chrome users rush to meet the Google Chrome update deadline, another significant change is taking place. June 3 marked the beginning of Google’s phase-out of Manifest V2 extensions, making way for the more modern Manifest V3. This shift has far-reaching implications, particularly for developers and enterprises relying on specific browser extensions. Notably, ad blockers, which many users depend on, are facing significant challenges adapting to the new system.

Manifest V3, announced back in 2019, aims to enhance security and privacy, but its implementation has been controversial. Developers argue that it limits the functionality of extensions, particularly those used for content filtering. Despite these concerns, Google is pushing forward with the transition, emphasizing the improved security framework of Manifest V3. Users need to be aware that while some extensions may face temporary disruptions, the overarching goal is to provide a more secure browsing experience.

This transition is a critical point for users who might consider delaying their updates to avoid potential issues with extensions. However, the security risks associated with the unpatched vulnerabilities far outweigh the inconvenience of adjusting to new extension frameworks. Users must prioritize applying the emergency updates to protect their systems from active threats.

Recent security breaches highlight the need for updates

The urgency of meeting the Google Chrome update deadline is further underscored by recent high-profile security incidents. On June 3, reports emerged of a bitcoin trader losing $1 million due to the theft of Chrome security cookies. This incident involved a malicious plugin that exfiltrated session cookies, allowing attackers to bypass login and two-factor authentication protections. While this particular attack wasn’t directly tied to the zero-day vulnerabilities, it serves as a stark reminder of the risks posed by outdated software.

Chrome users must be vigilant about the plugins and extensions they install. Each installation carries potential security risks, and users should only download extensions from reputable sources. Google’s ongoing efforts to improve browser security, including initiatives like Device Bound Session Credentials (DBSC), aim to mitigate these risks. DBSC, expected to be rolled out soon, will bind authentication sessions to specific devices, making it much harder for attackers to exploit stolen cookies.

Google Chrome update deadline
Google is developing Device Bound Session Credentials (DBSC) for enhanced security (Image credit)

Despite these future improvements, the immediate focus must remain on addressing the current vulnerabilities. The Google Chrome update deadline is not just a procedural matter; it’s a critical step in safeguarding user data and maintaining the integrity of systems. The repercussions of failing to update can be severe, as evidenced by the recent theft incident.

Technical details of the vulnerabilities

Understanding the technical aspects of the vulnerabilities leading to the Google Chrome update deadline can provide further insight into why these updates are crucial. The first vulnerability, CVE-2024-4761, is a “use-after-free” issue in the Visuals component of Chrome, reported on May 9. This type of vulnerability occurs when a program continues to use a pointer after it has been freed, leading to potential heap corruption and allowing attackers to execute arbitrary code.

The second critical update addresses a memory issue within Chrome’s V8 JavaScript engine, identified as CVE-2024-4762. This “out-of-bounds write” vulnerability occurs when a program writes data outside the bounds of allocated memory, which can lead to code execution or system crashes. Both vulnerabilities are severe, and their exploitation in the wild highlights the immediate need for updates.

CISA has provided clear guidance on these vulnerabilities, emphasizing that federal agencies must apply the mitigations or discontinue using the affected software if updates are not possible. This directive serves as a stark warning to all users about the potential consequences of ignoring these updates. Applying the updates ensures that all known security fixes are implemented, protecting systems from exploitation.

How to update Chrome

To update Google Chrome:

  1. Open Chrome: Launch the Google Chrome browser on your computer.
  2. Click More: In the top right corner, click on the three vertical dots (More).
  3. Go to Help: From the drop-down menu, hover over “Help” and then click on “About Google Chrome.”
  4. Update (if available): Chrome will automatically check for updates. If an update is available, click on the “Update” button.
  5. Relaunch: After the update is installed, click on the “Relaunch” button to restart Chrome and apply the changes.

If you don’t see the “Update” button, it means you’re already using the latest version of Chrome.


Featured image credit: Gerd Altmann/Pixabay

]]>
Gemini Nano: Google Chrome gets a tiny AI assistant https://dataconomy.ru/2024/05/15/gemini-pro-1-5-vs-gemini-nano-chrome/ Wed, 15 May 2024 08:43:47 +0000 https://dataconomy.ru/?p=52042 Remember the days when web browsing meant simply navigating text and images? The internet since then has evolved tremendously, transforming into a dynamic platform for communication, entertainment, and commerce. Google Chrome, the dominant web browser, has been at the forefront of this transformation, constantly innovating to enhance the user experience. Now, with the introduction of […]]]>

Remember the days when web browsing meant simply navigating text and images? The internet since then has evolved tremendously, transforming into a dynamic platform for communication, entertainment, and commerce. Google Chrome, the dominant web browser, has been at the forefront of this transformation, constantly innovating to enhance the user experience.

Now, with the introduction of Gemini Nano, Chrome is set to take another leap by integrating a lightweight AI assistant directly within the browser.

This development signifies a significant shift in how users interact with Chrome. Gemini Nano, the smallest version of Google’s Generative AI models, promises to empower users with on-device AI capabilities. While the specifics of its functionalities are still emerging, Google has hinted at exciting possibilities.

What is Gemini Nano?

So, what exactly is Gemini Nano? It’s the smallest version of Google’s Generative AI models, designed to operate directly on your computer. Unlike traditional AI that relies on remote servers, Gemini Nano processes information locally.

This translates to faster response times and potentially enhances user privacy by keeping your data on your device.

Gemini Pro 1.5 vs Gemini Nano Chrome
The most impressive part of Gemini Nano’s Chrome integration is the new “Help Me Write” feature (Image credit)

Compared to its larger counterparts like Gemini Pro 1.5, Nano is a lightweight model. This translates to lower computational demands, making it suitable for running on devices with limited processing power.

On-device processing offers a few advantages. First, it can lead to faster response times since data doesn’t need to travel to and from remote servers. Second, it has the potential to improve user privacy by keeping your data and browsing activity on your device.

Gemini Pro 1.5 vs Gemini Nano

While both Gemini Nano and Gemini Pro 1.5 are Generative AI models from Google, they cater to different needs:

  • Focus: Gemini Pro 1.5 is a powerful AI model designed for cloud-based tasks requiring significant processing power. It likely offers a wider range of functionalities compared to the more limited feature set anticipated for Gemini Nano.

  • Processing power: Due to its larger size and focus on cloud processing, Gemini Pro 1.5 likely delivers more complex outputs and handles computationally expensive tasks better than Gemini Nano.

  • Applications: Given its on-device processing and potentially limited features, Gemini Nano might be suitable for real-time tasks like content creation assistance within Chrome. On the other hand, Gemini Pro 1.5, with its broader functionalities, might be more suited for applications that require high processing power or access to vast amounts of data stored in the cloud.

Here’s a table summarizing the key differences between Gemini Nano and Gemini Pro 1.5:

Feature Gemini Nano Gemini Pro 1.5
Processing location On-Device Cloud-Based
Model size Lightweight Larger
Data transfer Minimal Potentially High
Focus Real-time tasks, potentially limited functionalities Broader functionalities, computationally expensive tasks

How will Gemini Nano power Google Chrome?

Beyond the technical aspects, Gemini Nano’s integration with Chrome opens doors for a more interactive and personalized browsing experience. Here are a few potential applications:

  • Content creation made easy: Struggling to craft the perfect caption for your Instagram post? Gemini Nano could analyze the photo and suggest relevant and engaging captions. Similarly, it might help you write comprehensive product reviews by summarizing key features and user experiences.
  • Enhanced writing tools: Imagine having a real-time grammar and style checker readily available while composing emails or writing online documents. Gemini Nano could analyze your writing, identify areas for improvement, and suggest alternative phrasing or sentence structures.
  • Streamlined research and learning: Researching a complex topic online can be overwhelming. Gemini Nano might act as a virtual research assistant, summarizing key points from various sources and presenting them in an easily digestible format.

These are just a few examples of how Gemini Nano could transform the way we interact with Chrome. As developers explore the potential of this on-device AI model, we can expect even more innovative features and functionalities to emerge in the future.

While the technology is in its early stages, it holds the potential to transform how we interact with the web. As development progresses and users experiment with its capabilities, the future of web browsing promises to be more exciting than ever.


Featured image credit: Google

]]>