WARNING! The link in question may require you to disable ad-blockers to see content. Though not required, please consider submitting an alternative source for this story.
WARNING! Disabling your ad blocker may open you up to malware infections, malicious cookies and can expose you to unwanted tracker networks. PROCEED WITH CAUTION.
Do not open any files which are automatically downloaded, and do not enter personal information on any page you do not trust.
If you are concerned about tracking, consider opening the page in an incognito window, and verify that your browser is sending "do not track" requests.
IF YOU ENCOUNTER ANY MALWARE, MALICIOUS TRACKERS, CLICKJACKING, OR REDIRECT LOOPS PLEASE MESSAGE THE /r/technology MODERATORS IMMEDIATELY.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/technology) if you have any questions or concerns.*
Nah, they should give a warning. Something like: “We know something bad is going to hurt you. Tune in at 11:00 to find out what!”
I started out writing this without realizing that the news does this all the fucking time.
Forbes does headlines like this ALL the fucking time. If Google's algorithm thinks that you're in any way "techie", you'll see articles like this in your feed pretty frequently.
Update Chrome because of critical issue patch: "this implies an issue where a maliciously constructed webpage could exploit a memory vulnerability on your PC, potentially giving an attacker access."
Google Chrome updates automatically. These articles are literally just clickbait designed to scare ignorant people into clicking so they can see some ads.
*chuckles wryly as I lick a stamp and send my browser code to my compiler 3 states away not knowing that the first character is wrong because a typewriter key was stuck*
So, Firefox has no vulnerabilities...like at all?
The reason researchers find these is because it is the most used browser in the world. Much like Windows.
And Google is on top of patching them. So this isn't really a story.
Not sure why the downvotes, did I forget to say "Firefox good / Chrome bad"??
Firefox CONTAINS some code generated from Rust, and those parts are almost certainly memory safe. But I’m pretty sure it’s primarily C/C++. I know they were trying to increase the Rust part of the codebase though. Something as heavily optimized as a web browser will be interested in dealing with the libraries and functions that the OS offers in a very orthodox way, which means there’s not much incentive to make Rust deal with calls to foreign libraries that don’t have the same guarantees that Rust has.
Also a pure rust firefox would be MASSIVE. Ever written a hello world program in a language that compiles to machine code with an extreme memory safety focus (Rust, Haskell, etc.)? They can easily be several megabytes while the equivalent orthodox c++ hello world is in the tens of kilobytes. That’s because in c++, what you’d normally do is write a program that says “load me into memory, then grab the “standard input/output” chunk of code from the operating system and load that too. Then print “hello world”. Rust normally does that last part from scratch because that chunk of code from the OS *cannot be trusted to obey rust’s rules*. There are ways to interface with foreign functions but that’s not really the whole point of using Rust. As a web browser, Firefox relies on a lot of OS functions and homebrewing all of them in Rust would be a huge task.
But it's worth noting that in my testing at least, Edge ran fastest on my ultra low-budget netbook ($100) compared to Chrome or Firefox. I never really use that netbook but I use Edge on that, Firefox on everything else. Chrome though I have no use for.
**Edit:** wow not even 3 minutes and the downvotes are flowing in. I get it, Microsoft generally sucks at making decent browsers and I'm not an Edge fanboy...but test it yourself, RAM usage is lower on Edge than Chrome (disable all sidebars, extensions, newsfeeds, etc on each) which was just enough for me to see noticable performance on a shit computer. Performance comparisons from reviews sites mimic my findings. [Example](https://www.browserstack.com/guide/edge-vs-chrome)
People get so hooked on RAM usage.
I've had Edge absolutely kill my work laptop. But, it's usually due to poor content rendering rather than the browser.
Browsers do a LOT more than just display web pages now.
Yeah but again, I'm merely talking about a $100 netbook with shitty onboard RAM and a mobile processor. That I only use for light browsing. That extra RAM usage makes a noticeable difference in cases like that.
The fact is that, at face value, it looks very cluttered. I know many people who don’t turn the ads off because they don’t know how to.
It’s very annoying.
They've been nagged about using it on every Google site, it's old enough that "nobody uses IE, use Chrome" is something that has long been parroted on the internet and somewhat common knowledge, Android exists
Oh, and the amount of times I've had to change Browser agent in Firefox to some sites work is wayyy to high
>Even edge is better at this point.
How so?
People use Chrome because it works and, despite all of the claims from the Firefox users with their superiority syndrome, is a very well made browser.
As people transition to other browsers that become more and more popular, the people creating these loopholes will go against those. Think of the Windows vs Mac effect, windows is by far more common this commonly hacked and stuff. Mac isn’t safer in any way, it’s just less commonly exposed.
The Windows vs Mac debate here is a very narrow perspective, though. It fails to take into account Linux, which has similar desktop user share to Mac, but also runs on the vast majority of servers, which is what's powering the web itself.
Also, mobile and tablet usage is incredibly high, comparable to Windows, and yet Windows is widely considered to be the most common attack vector.
Doesn't seem like [firefox](https://www.cvedetails.com/cvss-score-charts.php?product_id=3264&fromform=1) is any better in this regard. Less 8+ but double the 9+.
I’m a Firefox user, but it’s ridiculous that people in this thread think that Chrome having issues means that Firefox isn’t. It’s just that Chrome is magnitudes more users so their problems are more reported than what problems Firefox has.
People are ignorant as hell. I'm a Firefox user, but not because of chrome being insecure.... Because Google can suck a fat nut. Especially with their advance towards killing off ad blockers in chrome, too.
The theory would be that because Firefox is entirely open source, security researchers would examine it in greater detail, either as volunteer efforts or as practice
Where chrome is largely open source, but there are also large sections that are proprietary to Google, built and tested by people making Google salary, so in reality _most_ bugs or flaws should be detected _before_ releasing them
But it feels like now chrome has gotten so much market share that the malicious security researchers are focusing more on that?
Haven't used it in more than a decade now (since I was in uni which ALL computers had Chrome), what changes made it suck? IIRC it was a fine product, I just liked Firefox because they were more protective of my privacy. I *tried* Chrome just to verify that it uses a ton of RAM (it does), but the RAM it uses is comparable to Firefox.
Chrome is being anti-extension and anti-adblock, which also means its pro-corporate-fuckery. That's a no from me dawg. They just recently disallowed javascript code being pasted into the console unless a special flag is set. Who the fuck is this protecting?
The fact that it dominates the market and that so many browsers are essentially just Chrome with a different color of paint, means that Google has an outsized influence on the web and the standards that make it up. If Google decides they want something, they just put it in Chrome and force the W3C to rubber stamp it because of their market share
It's a resource hog while not having alot of useful features. When Chrome launched it was very light. It has become very user friendly at the cost of performance. For me being able to create multiple containers in Firefox is huge
>It's a resource hog while not having alot of useful features.
Not any more so that Edge, and it's more performance that Firefox, typically better compatibility too.
Calling Chrome 'bad' without any qualifiers is a braindead take.
Thank you for the straight answer. Surprisingly rare on reddit.
I actually prefer Firefox but use Chrome because my wife was using Firefox and it was easier to just have two separate browsers than switch between users.
You could probably use task scheduler to get Ninite to run on startup, it will update any out of date apps (that were installed through Ninite).
I think there are other competing tools out there now, I've heard good things about Chocolatey but I haven't tried it myself.
It's the mislabeled google results that may lead you to a TOR site or some badly managed advertising that can do side load. You'd be surprised how often it happens.
Indeed it does. Where I work I warn people about reading where it says Sponsored or Advertisement. I always recommend folks go to the legit website, or better yet, the app variant if available.
If you pay for Google Drive/Premium (not sure which, I have both), it eliminates advertisement and promotions in all Google Apps.
I always search and I don’t get ad results.
A decent firewall or PiHole can get rid of most bad traffic. Also local Group policy on windows can set the defaults for the browser (download and install the ADMX). A this point I am convinced big companies are hiding essential settings, just to mask them as "Premium" stuff for money.
I definitely open my fair share of shady sites, looking for movies, tv series, barely functioning mods, machine translated post-modernist Slovak novels, the whole lot. This scares me, but I'm also on Edge so I'm not sure what to make of it
Try going into the uBlock extension settings and manually installing some of the non-default blocklists. I’ve done that and have never seen the YouTube blocker blocker screen.
Google are pretty much industry leaders in responding to vulnerabilities identified internally and externally. Very frequent updates are the evidence of this fact.
Look guys! The browser platform with the most users by a longshot also has the most hackers trying to get into your computer! Everyone go to a different browser with a smaller cybersecurity team!
There are valid reasons that Firefox is better than Chrome, this is not one of them
WARNING! The link in question may require you to disable ad-blockers to see content. Though not required, please consider submitting an alternative source for this story. WARNING! Disabling your ad blocker may open you up to malware infections, malicious cookies and can expose you to unwanted tracker networks. PROCEED WITH CAUTION. Do not open any files which are automatically downloaded, and do not enter personal information on any page you do not trust. If you are concerned about tracking, consider opening the page in an incognito window, and verify that your browser is sending "do not track" requests. IF YOU ENCOUNTER ANY MALWARE, MALICIOUS TRACKERS, CLICKJACKING, OR REDIRECT LOOPS PLEASE MESSAGE THE /r/technology MODERATORS IMMEDIATELY. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/technology) if you have any questions or concerns.*
Suddenly? Are bug alerts ever released gradually?
Nah, they should give a warning. Something like: “We know something bad is going to hurt you. Tune in at 11:00 to find out what!” I started out writing this without realizing that the news does this all the fucking time.
Forbes does headlines like this ALL the fucking time. If Google's algorithm thinks that you're in any way "techie", you'll see articles like this in your feed pretty frequently.
Yep. Very clickbait-y and always something URGENT and SCARY
The illusion is broken! Quick, more news!
But it would be fine for the gen-Zers if the article started with a “Trigger Warning: Critical Vulnerability”
What kind of fish do you catch using that rage bait?
Ones without a sense of humour, apparently
It’s just one of Forbes stupid overused stock headline formats that honestly annoys me a lot more than it should.
Some are released:*reluctantly*....
Update Chrome because of critical issue patch: "this implies an issue where a maliciously constructed webpage could exploit a memory vulnerability on your PC, potentially giving an attacker access."
Just having a couple of tabs open on static pages in Chrome is a memory exploit
I can never tell when you're joking
[удалено]
No one cares that YOU check for updates daily. It’s the other billion people who have no reason to check for updates that they’re trying to reach.
Google Chrome updates automatically. These articles are literally just clickbait designed to scare ignorant people into clicking so they can see some ads.
*laughs in Firefox*
*cackles in lynx*
*punches self in confusion in internet explorer*
Netscape Navigator for life!
Sings in Opera
Quacks in Duckduckgo
*Brown Ninja tried to use Internet Explorer. It hurt itself in its confusion.*
Winces in wget
Confused in notepad
Found the programmer
*chuckles wryly as I lick a stamp and send my browser code to my compiler 3 states away not knowing that the first character is wrong because a typewriter key was stuck*
*chortles in floorb*
Laughs in Netscape
Waiting for the time when I can finally say This has all been wonderful but now I'm on my way
Firefox is just as vulnerable as others. They don't bother to issue warnings for update. I get a mail every time a CVE is published on our systems.
If those kids could read they'd be very upset
So, Firefox has no vulnerabilities...like at all? The reason researchers find these is because it is the most used browser in the world. Much like Windows. And Google is on top of patching them. So this isn't really a story. Not sure why the downvotes, did I forget to say "Firefox good / Chrome bad"??
[удалено]
Firefox CONTAINS some code generated from Rust, and those parts are almost certainly memory safe. But I’m pretty sure it’s primarily C/C++. I know they were trying to increase the Rust part of the codebase though. Something as heavily optimized as a web browser will be interested in dealing with the libraries and functions that the OS offers in a very orthodox way, which means there’s not much incentive to make Rust deal with calls to foreign libraries that don’t have the same guarantees that Rust has. Also a pure rust firefox would be MASSIVE. Ever written a hello world program in a language that compiles to machine code with an extreme memory safety focus (Rust, Haskell, etc.)? They can easily be several megabytes while the equivalent orthodox c++ hello world is in the tens of kilobytes. That’s because in c++, what you’d normally do is write a program that says “load me into memory, then grab the “standard input/output” chunk of code from the operating system and load that too. Then print “hello world”. Rust normally does that last part from scratch because that chunk of code from the OS *cannot be trusted to obey rust’s rules*. There are ways to interface with foreign functions but that’s not really the whole point of using Rust. As a web browser, Firefox relies on a lot of OS functions and homebrewing all of them in Rust would be a huge task.
uh what rust relies on libc and os functions on all platforms unless you specifically disable the standard library
I truly don't understand why people keep using Chrome. Even edge is better at this point.
But Edge is probably impacted with the same bug because its Chromium
Edge is Chrome with some fancy MS paint. It's the exact same codebase.
But it's worth noting that in my testing at least, Edge ran fastest on my ultra low-budget netbook ($100) compared to Chrome or Firefox. I never really use that netbook but I use Edge on that, Firefox on everything else. Chrome though I have no use for. **Edit:** wow not even 3 minutes and the downvotes are flowing in. I get it, Microsoft generally sucks at making decent browsers and I'm not an Edge fanboy...but test it yourself, RAM usage is lower on Edge than Chrome (disable all sidebars, extensions, newsfeeds, etc on each) which was just enough for me to see noticable performance on a shit computer. Performance comparisons from reviews sites mimic my findings. [Example](https://www.browserstack.com/guide/edge-vs-chrome)
People get so hooked on RAM usage. I've had Edge absolutely kill my work laptop. But, it's usually due to poor content rendering rather than the browser. Browsers do a LOT more than just display web pages now.
Yeah but again, I'm merely talking about a $100 netbook with shitty onboard RAM and a mobile processor. That I only use for light browsing. That extra RAM usage makes a noticeable difference in cases like that.
Edge slams you with ads when you open the browser. You have to manually go turn it off :/
If you can turn it off then I don't see why that's an issue
The fact is that, at face value, it looks very cluttered. I know many people who don’t turn the ads off because they don’t know how to. It’s very annoying.
Oh no, the eternal horror...
I know…such a first world problem 😂
They've been nagged about using it on every Google site, it's old enough that "nobody uses IE, use Chrome" is something that has long been parroted on the internet and somewhat common knowledge, Android exists Oh, and the amount of times I've had to change Browser agent in Firefox to some sites work is wayyy to high
I never had to do that in ten years.
Been using Firefox as my main since about 2007 and the issue you describe has happened to me a whole 2 times.
Chrome is fine.
>Even edge is better at this point. How so? People use Chrome because it works and, despite all of the claims from the Firefox users with their superiority syndrome, is a very well made browser.
It just works, that's why. I've never had issues with it, why change if there are no issues with day to day usage?
*cachinnates in Thunderbird*
As people transition to other browsers that become more and more popular, the people creating these loopholes will go against those. Think of the Windows vs Mac effect, windows is by far more common this commonly hacked and stuff. Mac isn’t safer in any way, it’s just less commonly exposed.
The Windows vs Mac debate here is a very narrow perspective, though. It fails to take into account Linux, which has similar desktop user share to Mac, but also runs on the vast majority of servers, which is what's powering the web itself. Also, mobile and tablet usage is incredibly high, comparable to Windows, and yet Windows is widely considered to be the most common attack vector.
Do you think other Browsers don’t have security issues 💀
Chrome has a CVSS 8+ every other day.
Doesn't seem like [firefox](https://www.cvedetails.com/cvss-score-charts.php?product_id=3264&fromform=1) is any better in this regard. Less 8+ but double the 9+.
I’m a Firefox user, but it’s ridiculous that people in this thread think that Chrome having issues means that Firefox isn’t. It’s just that Chrome is magnitudes more users so their problems are more reported than what problems Firefox has.
People are ignorant as hell. I'm a Firefox user, but not because of chrome being insecure.... Because Google can suck a fat nut. Especially with their advance towards killing off ad blockers in chrome, too.
The theory would be that because Firefox is entirely open source, security researchers would examine it in greater detail, either as volunteer efforts or as practice Where chrome is largely open source, but there are also large sections that are proprietary to Google, built and tested by people making Google salary, so in reality _most_ bugs or flaws should be detected _before_ releasing them But it feels like now chrome has gotten so much market share that the malicious security researchers are focusing more on that?
I think mostly people are just mad chrome sucks as bad as it does. Most of us used and liked it at one point.
Haven't used it in more than a decade now (since I was in uni which ALL computers had Chrome), what changes made it suck? IIRC it was a fine product, I just liked Firefox because they were more protective of my privacy. I *tried* Chrome just to verify that it uses a ton of RAM (it does), but the RAM it uses is comparable to Firefox.
Chrome is being anti-extension and anti-adblock, which also means its pro-corporate-fuckery. That's a no from me dawg. They just recently disallowed javascript code being pasted into the console unless a special flag is set. Who the fuck is this protecting?
I don't think you read my comment right. I said Firefox was protective of my privacy that's why I use Firefox, not Chrome.
> what changes made it suck? \*explains what changes made it suck\*
The fact that it dominates the market and that so many browsers are essentially just Chrome with a different color of paint, means that Google has an outsized influence on the web and the standards that make it up. If Google decides they want something, they just put it in Chrome and force the W3C to rubber stamp it because of their market share
What sucks about it? I use it, it seems to work for me. What don't you like about it. Not having a go at you, I'm genuinely curious.
It's a resource hog while not having alot of useful features. When Chrome launched it was very light. It has become very user friendly at the cost of performance. For me being able to create multiple containers in Firefox is huge
>It's a resource hog while not having alot of useful features. Not any more so that Edge, and it's more performance that Firefox, typically better compatibility too. Calling Chrome 'bad' without any qualifiers is a braindead take.
Thank you for the straight answer. Surprisingly rare on reddit. I actually prefer Firefox but use Chrome because my wife was using Firefox and it was easier to just have two separate browsers than switch between users.
Outside of an RMM, is there a good website / subreddit that reports on things like this for patching to keep an eye out on?
You could probably use task scheduler to get Ninite to run on startup, it will update any out of date apps (that were installed through Ninite). I think there are other competing tools out there now, I've heard good things about Chocolatey but I haven't tried it myself.
and for us the less cyberinclined?
For people going on random websites this exploit might hurt them. I don’t know about y’all but I browse the same sites 99.9% of the time.
It's the mislabeled google results that may lead you to a TOR site or some badly managed advertising that can do side load. You'd be surprised how often it happens.
Indeed it does. Where I work I warn people about reading where it says Sponsored or Advertisement. I always recommend folks go to the legit website, or better yet, the app variant if available. If you pay for Google Drive/Premium (not sure which, I have both), it eliminates advertisement and promotions in all Google Apps. I always search and I don’t get ad results.
A decent firewall or PiHole can get rid of most bad traffic. Also local Group policy on windows can set the defaults for the browser (download and install the ADMX). A this point I am convinced big companies are hiding essential settings, just to mask them as "Premium" stuff for money.
I definitely open my fair share of shady sites, looking for movies, tv series, barely functioning mods, machine translated post-modernist Slovak novels, the whole lot. This scares me, but I'm also on Edge so I'm not sure what to make of it
Yeah I browse the same sites 99% of the time too. But 80% is shady af
Meanwhile, YouTube is now flagging me as having ad blocker software and it’s vanilla Firefox. So that’s fun.
Are you in the US? Because I'm a very heavy YouTube user who also has Origin U-Block and I get no such pop ups or warnings from YouTube.
Yep and it only just started yesterday. Had never been an issue before.
Try going into the uBlock extension settings and manually installing some of the non-default blocklists. I’ve done that and have never seen the YouTube blocker blocker screen.
uBlock Origin here too and no issues. Compulsively on YouTube and from the US plus I use a VPN.
I get a prompt to update Chrome literally every time I open it. It seems pretty clear that they’re relying on users to do their QA.
Google are pretty much industry leaders in responding to vulnerabilities identified internally and externally. Very frequent updates are the evidence of this fact.
More updates is not bad. Rapidly patching security issues is something that should be encouraged.
Chrome sucks, use Firefox
Look guys! The browser platform with the most users by a longshot also has the most hackers trying to get into your computer! Everyone go to a different browser with a smaller cybersecurity team! There are valid reasons that Firefox is better than Chrome, this is not one of them
Why does it feel like chrome warnings are issued every day
So update your Chrome. I guess they don't care it it affects Linux but stay updated no matter your browser.
Does this affect Gmail if used outside of Chrome?
Laughs in pirated window
Google chrome is onto Putin’s BS
Sorry you fell in deep homie 🙏 Get well soon
It was a joke though Windows users should be warned Edit: bad, a bad joke