Recently Browsing 0 members
No registered users viewing this page.
By Usama Jawad96
GitHub finally fixes 'high' severity security flaw reported by Google Project Zero
by Usama Jawad
Google's Project Zero team is dedicated to finding security vulnerabilities in the company's own software as well as those developed by other firms. Its methodology involves privately reporting flaws to vendors and giving them 90 days to fix them before public disclosure. Depending upon the severity of the situation, this deadline may be extended or brought closer according to the group's standard guidelines.
At the start of November, Google publicly disclosed a "high" severity security issue in GitHub following the latter's inability to fix it in 104 days - more than the standard time frame. However, GitHub users will now be pleased to know that the security hole has finally been filled.
The security flaw in question was that workflow commands - which act as a communication channel between executed actions and the Action Runner - in GitHub Actions are extremely vulnerable to injection attacks. Google Project Zero's Felix Wilhelm, who originally reported the security flaw, stated that the way workflow commands are implemented is "fundamentally insecure". A short-term solution would be to deprecate the command syntax, whereas a long-term fix would involve moving workflow commands to some out-of-bound channel, but that is also tricky because it would break dependent code. Google publicly disclosed the issue on November 2 following GitHub's failure to fix the issue in the allotted 104 days.
Apparently, this has put some pressure on the company as the vulnerability has now been patched. The patch notes indicate that the fix is in line with Wilhelm's proposed short-term solution:
The problem was fixed by GitHub a few days ago but has now been validated by the Google Project Zero team, and has been marked as such on the issue repository. This brings the list of open issues reported by the security team down to nine. It includes software developed by numerous vendors including Microsoft, Qualcomm, and Apple. The only open issue present in Google's own software is related to a pointer leak on Android, but the status of this "medium" severity flaw has been open since September 2016.
By Abhay V
Google extends support for Chrome on Windows 7 by six months, to now end in 2022
by Abhay Venkatesh
Google today announced that it is extending support for the Chrome browser on Windows 7 by another six months, with the end-of-support now set for January 15, 2022, moved from the earlier July 15, 2021 timeline. The new date makes it exactly two years since Windows 7 reached its end of life. The company says that the decision was based on the feedback received from its enterprise customers and data about companies’ migration plans to Windows 10.
The search giant adds that many organizations were slated to migrate to Windows 10 this year. However, the challenges brought about by the pandemic resulting in differing priorities for enterprise IT teams have delayed the migration. The firm also cites a Kantar study that it commissioned that notes that 21% of organizations are still in the process of migrating from the legacy OS to the Redmond firm’s latest offering.
Additionally, Windows 7 is still being supported for some users that have opted for Extended Security Updates, the price of which doubles every year. The Mountain View company says that such users can “benefit from Chrome’s security and productivity” features since the browser will not only receive security updates but also new features. It also touts the upcoming enterprise features that Windows 7 users will be able to leverage thanks to the extended support period.
Lastly, Google says that it will “continue to evaluate the conditions [its] enterprise customers are facing” and will communicate any other changes in the future.
By Jefferson Mangubat
Google Assistant is rolling out to Samsung's 2020 smart TVs outside the U.S.
by Jefferson Mangubat
The suite of digital assistants available on Samsung's 2020 smart TVs is getting a new addition. Google Assistant is now rolling out to Samsung smart TVs in the UK, France, Germany, and Italy, expanding the choice of voice assistants for customers in those countries.
The digital assistant was previously introduced to Samsung’s TVs in the U.S. last month. It's now available on Samsung's 2020 4K and 8K QLED TVs, Crystal UHD TVs, The Frame, The Serif, The Sero, and The Terrace outside the U.S. Assistant's latest release complements other voice assistants available on those smart TVs including Samsung's Bixby and Amazon Alexa.
If you're in one of these countries, you can now use Assistant to switch channels, adjust the TV volume, or control compatible smart home devices such as thermostats or lights using your voice. The integration will also allow you to ask Assistant to show weather updates, play music or launch apps. In addition, you can search for content by genre, director, or actor. Assistant will also give you access to Google services such as Search, Photos, Maps, and Calendar on your TV.
Later this month, Assistant is also coming to Samsung smart TVs in Spain, Brazil, India, and South Korea. Samsung says the integration will be available in a total of 12 countries by the end of 2020.
Gmail and more Google apps are getting widgets on iOS
by João Carrasqueira
Apple's iOS 14 added support for home screen widgets for the first time, and companies have been working to catch up and add widgets to their own apps. Google is one such company, and after adding a widget for the Search app back in September, the Mountain View giant has now revealed a few more apps getting their own iOS home screen widgets.
Some of the widgets are rolling out in the next few days, and those are for Gmail, Google Drive, and Google Fit. The first two are fairly similar, featuring a search bar at the top and a couple of quick links. In the Gmail widget, you can start composing a new message or get a glimpse at how many unread emails you have. For Drive, you get links to the "files you're most likely to need".
Meanwhile, Google Fit simply shows a summary of your activity in the past week. You can see your daily and weekly goals for heart points and steps and whether you've met them.
Coming a little later, the Calendar widget shows your upcoming events. And next year, Chrome is also getting its own widget, which is similar in design to Gmail and Google Drive widgets. A search/address bar is at the top, along with links to open an incognito tab, use voice, or scan a QR code.
There's also a smaller widget with a "prehistoric surprise", which is likely a reference to the dinosaur game that's displayed when you try to open a webpage in Chrome without an internet connection. These widgets are available now for Chrome Beta users, but the general public will only get them in 2021.
RCS messaging is now available worldwide on Android
by João Carrasqueira
Google has along been working on rolling out Rich Communication Services (RCS) to Android smartphones for a few years now, and over time, it's gotten more aggressive with its rollout. Today, the company has shared an update on its implementation of RCS, announcing that the service is now available worldwide through the company's own Messages app.
RCS messaging brings with it an array of "chat features" you don't usually get from SMS, such as read receipts, typing indicators, higher-quality media sharing, and more. Apple has offered something like this for quite some time with iMessage, but Android has lacked a widely-adopted competitor, which is probably why Google is pushing its RCS implementation harder. Broader availability naturally means more users can benefit from those improvements, and one less reason to consider using an iPhone over an Android device.
There's still a caveat, though, as Google warns that "in some cases", it may depend on your device or carrier to enable RCS. That's a problem Google has been facing for some time, which is why it decided to roll out the capability in some countries without waiting for carriers to enable it themselves starting last year. It's not clear exactly which devices or carriers may prevent RCS from working right now, but if you want to try setting it up, you can follow these steps on your phone.
Google also announced that it's building up security for RCS messaging on Android by enabling end-to-end encryption, a capability that was rumored to be in the works earlier in the year. Beta testers of the Messages app by Google will start seeing end-to-end encryption this month, with the rollout continuing into 2021. One-on-one conversations will be the first to support it, and just like other RCS features, both sides of the conversation need to be using the Messages app with chat features enabled.