Firefox 152 is out with JPEG XL support, new Settings layout, and much more

Posted on by Martin Brinkmann

Mozilla released Firefox 152 Stable a moment ago. The new version of the open source web browser includes security fixes as well as new features and changes. The two extended support versions, Firefox 140.12 ESR and 115.37.0 ESR for legacy systems have also been updated.

The big visual feature of Firefox 152 is the new Settings page. The goal of the redesign was to streamline the page, improve grouping and navigation. Mozilla says the change is visual only, meaning that user settings were not changed and that all settings remain available.

One effect that you may notice immediately is that the average number of preferences per page has been reduced. Means, less scrolling. You can still use the built-in search to find a preference quickly.

Here is an overview of other important features in the release:

  • Firefox supports JPEG XL now. The image format is not enabled by default, but you can enable it under Settings > Firefox Labs > Webpage Display > Media: JPEG XL: This adds support for the image format, so that the browser can render it.
  • Firefox Translations supports Basque and Galician now.
  • The languages Croatian, English (UK), Georgian, Persian, Slovenian, Tajik, Tamil, Tibetan, Turkish, Welsh, and Xhosa now come with a built-in dictionary for the Firefox spellchecker.
  • Context menu video controls are now available on sites like TikTok or Instagram. These were blocked on the sites previously.
  • Private browsing now supports temporarily disabling the protection on a specific site. The idea is to use this to display sites correctly in Firefox which would otherwise be broken because of the protective features. Whether that is indeed a good idea or giving sites an incentive to break functionality accidently remains to be seen.
  • Links can be copied via a right-click on a tab and the selection of Share > Copy Link on Linux and Windows now. This works, even when the site is not active. You can also copy multiple link paths when several sites are selected.

The official release notes list a few useful changes next to that:

  • Zooming in Firefox via the keyboard or mouse now offers “more zoom levels in smaller increments”.
  • Downloaded PDFs are opened in a background tab, if you close the original page or switched tabs.

Firefox 152 is a security update. Mozilla lists 40 fixed security issues on the security page. The severity is high, there is no critical fix and no 0-day issue that is already exploited in the wild. Still, it is highly recommended to upgrade as soon as possible to fix the security holes.

Most unmanaged Firefox installations will receive the new update automatically. You can download the update immediately either by opening Firefox and going to Menu > Help > About Firefox, or by downloading the latest version from the Mozilla website.

uBlock Origin extension bypasses no longer working in Chrome: your options

Posted on by Martin Brinkmann

We all knew that the time would eventually come. Google is removing bypasses in Chromium and Google Chrome that allowed users to run legacy extensions in the browser.

Google moved to a new extension rules system, called Manifest V3, which turned out to be a very controversial move. The company claimed that this was all for performance and security, but the change had the fortunate side effect that it would impact content blocker extensions more than any other extension type.

Google modified the rule set several times, which would have killed content blockers more or less in the beginning, and content blockers continue to be available.

However, Chrome users who have enabled bypasses to continue using these extensions will soon realize that they can’t anymore. The reason is simple: Google removed them.

This is not the end of content blocking in Chrome and other Chromium-based browsers. Here are the options that you have going forward:

  • Switch to a MV3 extension: Browser extensions such as uBlock Origin Lite are available. These continue to block ads in Chrome, but they lack some of the advanced features of the classic blocker.
  • Use a Chromium-based browser that continues to support MV3 extensions: Brave, Vivaldi and Opera all pledged to support MV2 extensions going forward. It remains to be seen whether this is going to be the case once the bypasses are removed.
  • Switch to Firefox: Firefox supports MV2 and MV3 extensions. You can install uBlock Origin in Firefox and get the best level of protection out of any version of the extension.
  • Use a browser with a built-in content blocker: Plenty of options, Brave, Opera or Vivaldi all come with the functionality.

Microsoft confirms issue with custom folder icons and localized folder names on Windows after June 2026 updates

Posted on by Martin Brinkmann

There are not many good reasons for being first when it comes to installing new updates for the Windows operating system. In fact, being second has the potential of avoiding the usual assortment of bugs that happen to be confirmed regularly after releases.

Take the June 2026 security updates as an example. Microsoft confirmed a new bug just days after releasing the update. It affects Windows 10 and Windows 11 systems that use custom folder icons or localized folder names that are defined by desktop.ini.

First spotted by Deskmodder, the issue is described on a new support page on Microsoft’s website:

After installing a Windows security update released on or after June 9, 2026, you might notice one or both of the following behaviors for some folders:

A custom folder icon defined by desktop.ini no longer appears.

A localized folder display name defined by desktop.ini no longer appears, and the folder shows its original name instead.

This behavior might occur even when the user has not changed an application or folder configuration. ​​​​​​

Microsoft notes that this behavior is expected, as it introduced a security hardening change that affects desktop.ini.

This new behavior is expected. Starting with the Windows security updates released on June 9, 2026, a security hardening change is introduced to desktop.ini handling. When Windows cannot establish that the source of a desktop.ini file is trusted, Windows ignores that file and treats it as if it is not present. However, desktop.ini files from trusted sources continue to work normally.

Microsoft did not first mention this change in the release notes, but has since then added the information.

When is desktop.ini not trusted? When it is downloaded from the Internet and carries the Mark-of-the-Web, copied from “certain” remote locations, or when “files on network paths are not classified as intranet or trusted by zone policy”.

Microsoft has a few workarounds for affected users.

Option 1: Add the source to Trusted Sites (Recommended)

If the affected content is stored on a known internal or managed source, add that source to the Trusted Sites list. Once the source is treated as trusted, Windows processes desktop.ini from that source normally. This keeps the protection in place for other locations and is the lower-risk option.

Option 2: Use policy to restore previous behavior

Organizations that need broader compatibility can enable the policy Allow the use of remote paths in file shortcut icons.Enabling this policy restores the pre-June 2026 behavior for affected remote or untrusted scenarios.

IMPORTANT Using a broad opt-out reduces protection against malicious remote folder-customization content. If you use a workaround, Microsoft recommends trusting only controlled internal sources and keeping trust settings as narrow as possible. ​​​​​​​

Option 3: Check for and remove the Mark of the Web (MotW)

If the desktop.ini file has a Mark of the Web (MotW), Windows may treat it as coming from an untrusted source and block customization. Verify whether MotW is present and, if appropriate, remove it from the desktop.ini file. This can restore expected behavior, but should only be done for trusted content, as it removes the associated security protection.

To remove the MotW tag, open PowerShell and run one of the following commands:

For a single desktop.ini file:

Unblock-File “C:\Your\Folder\Path\desktop.ini”

For all desktop.ini files in a folder:

Get-ChildItem “C:\Your\Folder\Path” -Recurse -Filter desktop.ini -Force | Unblock-File

Mozilla is giving away unlimited VPN bandwidth in Firefox

Posted on by Martin Brinkmann

Firefox VPN is a built-in browser proxy to browse anonymously in the open source browser. It is a free service that protects your device’s IP address by routing traffic through secure servers.

While not as powerful as standalone VPN services, which protect all activity on a device, it is a handy privacy feature nevertheless. Users should not confuse it with Mozilla VPN, which is a device-wide VPN service that is not free.

Mozilla increased the available bandwidth for free users to 50 gigabytes recently. That is a generous amount already. This week, the organization announced another, temporary, increase of the VPN bandwidth.

Bandwidth is unlimited until September 1, 2026, according to the blog post. So, if you really need a lot of bandwidth, for instance for massive downloads or media streams, then this should get you through the coming months without ever worrying about hitting bandwidth limits.

In addition, users may connect to more than 25 different exit regions when they use the browser VPN.

The full set of countries available during this summer period include: Australia, Austria, Belgium, Bulgaria, Canada, Chile, Colombia, Denmark, Finland, France, Germany, Ireland, Italy, Malaysia, Mexico, Netherlands, New Zealand, Portugal, Singapore, Spain, Sweden, Thailand, Norway, South Africa, United Kingdom and United States.

Firefox’s built-in VPN supports turning off the secure connection for specific sites. That’s useful in some cases, for example, when sites do not work properly while the VPN is active.

All in all, if you do not use a VPN service already, this one may be an option to upgrade your privacy on the Internet.

Google Chrome update fixes more than 70 vulnerabilities, including a zero-day

Posted on by Martin Brinkmann

If you run Google Chrome on your computer systems or mobile, then you better make sure that the latest update is installed. Google released a new security update for Google Chrome this week, and it fixes a whooping 74 unique vulnerabilities. Not even near the massive 429 security fixes of last week’s update, but still a sizeable number.

Google lists 17 critical security issues that got fixed in the update on the official release notes page. Even more pressing is one of the high-rated security issues is actively exploited in the wild. As always, Google does not reveal much about this:

Google is aware that an exploit for CVE-2026-11645 exists in the wild.

It is an out of bounds memory access in V8, the JavaScript engine of the Chrome browser. Specifics are not revealed at this stage. It is unclear, therefore, how attackers may exploit the issue and more importantly, how easy it is to exploit it.

Chrome users should upgrade the browser asap, especially if they use it actively on their devices. Even if it is installed only, I’d recommend upgrading it as soon as possible to protect it against the large number of potential attack vectors and issues.

Most non-managed devices should receive the update automatically, thanks to the built-in updating functionality of the web browser. You can speed up the process by selecting Help > About Chrome from the main menu. Windows users may also run winget upgrade google.chrome.exe from Terminal.

As far as versions are concerned, Chrome should display one of the following versions after the update has been installed.

  • Chrome 149.0.7827.102 Linux
  • Chrome 149.0.7827.102/.103 Windows/Mac
  • Chrome 149.0.7827.102 Android
  • Chrome Extended 148.0.7778.254 Windows/Mac

You can now block automatic extension updates in Brave Browser

Posted on by Martin Brinkmann

Most modern browsers install extension updates automatically. The developers claim that this improves security, and this is true to a degree. However, automatic extension updates do open a whole new can of worms, as problematic updates do get installed automatically as well.

Consider this: when an extension gets bought, the new owner may push updates and these will get installed on user systems, often without users knowing about the change in owner. The same is true for extensions that get hijacked or when a developer introduces features that are unwanted.

Firefox is the gold standard when it comes to controlling extensions. Users of the browser can block automatic updates for extensions entirely or for specific add-ons installed in the browser.

Chromium-based browsers do not have these native capabilities. The workaround until now was to install an extension through sideloading. These bypassed the entire updating mechanics, but it also meant that the browser might show a reminder that developer extensions are running.

The most recent update of Brave Browser introduces native support to it. This sets it apart from other Chromium-based browsers, which do not offer this feature.

Here is what it does: Once enabled, Brave browser stops updating extensions in the background. You can run the update process at any time from the extensions page of the browser, which makes it comfortable compared to the sideloaded extensions bypass. The main downside is that it is an all or nothing approach, but there is a workaround.

To enable it, it is necessary to configure an experimental flag in the browser.

  1. Load chrome://flags/#brave-user-extension-auto-update in the address bar.
  2. Set the flag to Disabled.
  3. Restart the web browser.

To update all extensions, do the following:

  1. Open the Extensions page in Brave: brave://extensions/
  2. Check the Developer Mode toggle at the top right corner.
  3. Click on the update button that appears.

This runs the update check for all installed extensions and will download and install any update found during the process.

There is no direct option to run a check for individual extensions, it is an all-or-nothing approach. There is a workaround though, but it requires manual steps and it has disadavantages.

If you want to update a highly trusted tool (like a password manager) but want to keep a smaller utility frozen on its current version, you can manually force a single update by refreshing it.

  1. Go to brave://extensions.
  2. Click Remove on the specific extension you want to update.
  3. Head to the Chrome Web Store, search for it, and click Add to Brave.

This installs the latest version in the browser. Note that uninstalling an extension will remove its data. Any custom configurations or personal data is removed in the process. Works best for extensions that do not have any of that.

Brave has not revealed much about the feature at this stage. Since it is experimental, there is the possibility that it will get more comfortable in the future. For now, Firefox remains the gold standard for users who want to stay in full control over extension updates.

Looking up businesses on Google Maps in Germany? Echtstern reveals their true rating

Posted on by Martin Brinkmann

Google introduced a change in its map application Google Maps recently. The update shows, whether businesses have been activate at getting low ratings removed from their Google Maps scores. The behavior seems to be widespread in Germany only, as Google introduced this new option only in Germany.

Whenever you open the profile page of a Google Maps business in Germany, Google reveals if the business had ratings removed from its listing. Google does not give you an exact count, but a range on the reviews tab. It is a useful indicator, as it tells you that the rating that Google Maps shows is likely not the true rating, if all customer ratings would be included.

Users who know are cautious when it comes to these businesses. While the information that Google displays is useful, it is bare bones. That is where the extension Echtstern comes into play.

It is an open source extension for Firefox and Chromium-based browsers. For Firefox, only an Android version appears to be available right now. For Chromium-based browsers, a desktop version is also provided.

The extension works automatically on Google Maps. Just look up a business and switch to the review tab. It displays the corrected score and information below the rating that Google displays.

If you prefer a web service, as it does not require installing an extension, then you could check out Review Proof. The service focuses on the different regions in Germany, but you can use a search to find out a specific restaurant or business.

In closing, both services are useful as they reveal which businesses have removed ratings from customers from Google Maps. However, it should be noted that there are legitimate reasons for removing ratings. While that is the case, a large number of removed ratings is more often than not a good indicator that the rating that Google shows on Maps does not reflect its true rating.

The Nvidia RTX Spark promises a new Windows PC era, but the price tag may stings

Posted on by Martin Brinkmann

For forty years, you launched apps by clicking and typing—but Nvidia wants your next computer to simply do the work for you and behave more like R2-D2 and C3PO.

Kicking off Computex 2026 with a high-octane keynote at GTC Taipei, Nvidia CEO Jensen Huang officially unveiled the RTX Spark, a novel 1-petaflop system-on-a-chip designed to completely reinvent the Windows PC for the era of personal AI agents.

Up until now, Nvidia delivered graphics cards to PC users but kept out of the ongoing CPU-battles between AMD and Intel. This changes with the new chip, which is a custom 20-core ARM CPU infused with Nvidia’s Blackwell GPU-architecture and a huge 128 GB of unified memory.

This, according to Nvidia, allows PCs to run massive local AI models and the most taxing tasks. Yet, while Nvidia claims that this will move PCs from basic tools to active teammates, a staggering price tag may limit the audience to the ultra-premium tier.

Under the Hood

The RTX Spark represents a complete architectural split from the traditional x86 platform that Intel and AMD have dominated for years.

By designing a SoC (System on a Chip), Nvidia is bringing ultra-tight hardware integration similar to Apple’s M-series of chips to high-performance Windows PCs, but with the added benefit of a strong graphic processing part.

Based on the technical data revealed during the keynote, here is what is known about the silicon powering the RTX Spark:

  • The Custom ARM CPU: The 20-core processor utilizes a custom architecture optimized specifically for Windows on ARM. It splits workloads efficiently between high-performance cores for demanding tasks and high-efficiency cores to keep background OS processes from draining resources.
  • Blackwell Graphics Pipeline: Rather than relying on a separate graphics card connected via PCIe, desktop-class Blackwell GPU cores are baked directly onto the same die. This eliminates the latency bottleneck between the processor and the graphics card, allowing for instantaneous asset loading and ray-tracing calculations.
  • Next-Gen Unified Memory: The headline-grabbing 128GB of unified memory operates on a massive bus width, allowing both the CPU and GPU to pull from the same pool of lightning-fast RAM.
  • The 1-Petaflop AI Engine: By fusing traditional Tensor cores with a dedicated, next-generation Neural Processing Unit (NPU), the chip delivers unprecedented local AI throughput. This isn’t just for blurring webcam backgrounds; it provides the raw muscle required to generate complex code, render real-time AI upscaling, and drive persistent local operating system agents simultaneously.

Innovation on this scale doesn’t come without structural trade-offs. While ARM architectures are fundamentally praised for their power efficiency, pushing a petaflop of local compute requires advanced cooling solutions.

While Nvidia has kept exact MSRPs under wraps until its hardware partners (such as ASUS, MSI, and Razer) open pre-orders closer to the fall launch, the pricing strategy is premium.

WinFuture notes that the price of the very first N1X-powered device, the Lenovo Yoga Pro 7, starts at around $3000 and goes all the way up to $4600 for the premium version. Cheaper models are planned, but it looks as if these devices will push premium computing on Windows to a whole new level.

Meta is rolling out subscriptions for all of its products, including Facebook, Instagram and WhatsApp

Posted on by Martin Brinkmann

If you make a lot of money as a company from advertisement already, your next question as a company should not only be how to expand that revenue, but to find outer ways to complement it.

That’s what Google, Microsoft and co. are doing already. Meta, parent company of Instagram, Facebook and WhatsApp, is now joining the party. New subscriptions are available for all products that, in some cases, replicate what X did with its premium subscriptions: it gives subscribers an advantage over those who are not.

First, here is the overview:

Consumer “Plus” Subscriptions

These plans are targeted at everyday users who want more personalization and control over their social media experience

  • WhatsApp Plus – $2.99 per month – chat organization and interface personalization
  • Instagram Plus – $3.99 per month – advanced story controls and profile customization
  • Facebook Plus – $3.99 per month — enhanced social tools and profile personalization

Key Advantages

  • WhatsApp Plus: Upgrades the messaging experience with custom app themes, personalized ringtones, the ability to pin additional chats, and access to exclusive premium stickers.
  • Instagram Plus: Transforms how users interact with Stories by allowing them to preview others’ stories anonymously, see who rewatched their own stories, and keep stories active beyond the standard 24-hour limit. It also includes “Super Heart” reactions, custom app icons, and profile pins.
  • Facebook Plus: Mirrors the social and personalization upgrades seen on Instagram, offering enhanced story features, super reactions, and expanded profile customization options.

Then there is Meta One, which are structured around heavy AI usage and brand growth. Plans start at $7.99 per month and go all the way up to $49.99 per month.

Especially the Essential and Advanced tiers are of interested to creators and businesses:

  • Meta One Essential: Replaces and expands upon the standard Meta Verified offering. It provides a blue Verified badge, proactive impersonation protection, priority customer support, and enhanced link sheets to consolidate an online presence
  • Meta One Advanced: Functions as a growth and management engine. It guarantees higher visibility in Facebook feeds and search results, adds prominent “Follow” buttons on Reels, and automates follow invitations. It also grants access to advanced audience insights, automated scheduling, and allows moderators to manage accounts without needing to share passwords.

These grant higher visibility, which gives subscribers an advantage over anyone who is not subscribed already. Whether that is worth the extra $50 per month needs to be tested, but it could force the hand of many creators on Instagram or Facebook who want to grow their audience.

One question that may come to mind is this: when is the tipping point reached? Subscriptions work, but only that many are sustainable. With more and more companies jumping on the bandwagon, it is only a matter of time before fatigue kicks in or money runs out. What is the plan then?

Using 7-Zip? Time to update, as your version may be vulnerable

Posted on by Martin Brinkmann

7-Zip is a popular open source archiver that is a popular option on Windows. While Windows comes with its own basic archive creation and extracting options, it is significantly slower compared to third-party apps such as 7-Zip.

A vulnerability in earlier versions of 7-Zip was discovered in April 2026 that could allow attackers to cause the application to crash or run arbitrary code.

The affected version is 7-Zip 26.00 and earlier versions appear also affected by the vulnerability. The latest version is 7-Zip 26.01 and this version is safe to use.

If you run the archiving software on your devices, you may want to check the installed version and update if it is 26.00 or earlier.

You can check the installed version under Settings > Apps > Installed Apps. Type 7-Zip into the search box and wait for the app to appear. The version is shown in its title.

Updating is a flawless process. Just download the latest version from the official developer website and run it after the download finished. The installed version will be updated and any attacks targeting the vulnerability won’t have an affect on the app or the system anymore.

You can also check the version when you launch 7-Zip on the system. Select Help > About 7-zip in that case to display the installed version.