No one has seen that development coming. After announcing the end of support for its Firefox web browser for Windows 7, 8 and 8.1 starting in February 2026, Mozilla seems to have had a change of heart.
Now, the organization says that it is extending support once again. The information has been published on its What Train Is It Now website, which lists the latest and upcoming Firefox releases.
There, Mozilla writes:
We have decided to extend support to ESR 115 only on Windows 7-8.1 and macOS 10.12-10.14 up to August 2026. We will re-evaluate this decision in July 2026 and announce any updates on ESR 115’s end-of-life then.
Support for Firefox on Windows 7, 8, 8.1 and the macOS versions 10.12, 10.13, and 10.14, is guaranteed until at least August 2026. At least? Yes, as Mozilla may extend support again. In either way, the organization will make an announcement in July 2026 regarding the web browser’s support on the older operating systems.
Firefox 115.x users on these operating systems should receive browser updates, only security fixes and critical bug fixes, as usually via the integrated updating system.
The extension gives users on these old systems access to one of the major browsers, as the other major browser makers, including Google and Microsoft, have stopped supporting the older operating systems for a long time already.
Security updates are guaranteed for another six months at the very least. Good move by Mozilla.
If February 2026 was the sprint, March is a marathon of essential infrastructure updates.
Microsoft’s third Patch Tuesday of 2026 has arrived, addressing 84 vulnerabilities in total. While the total count is typical, the release demands close attention: it contains two publicly disclosed zero-day vulnerabilities and eight critical flaws affecting a wide range of enterprise products, including SQL Server, Office, and Azure components.
Here is the breakdown of what you need to know, what to patch first, and what might break.
Key Action Item: Administrators must prioritize database and application servers due to the SQL Server elevation of privilege flaw and the .NET denial of service vulnerability. Simultaneously, ensure Office updates are deployed to workstations to prevent potential zero-click remote code execution via the Preview Pane.
Important Patches
CVE-2026-21262 — Microsoft SQL Server Elevation of Privilege Vulnerability
Security updates. Includes a GPU stability fix and Secure Boot updates.
Deep Dive: The Critical Vulnerabilities
Microsoft confirmed two publicly disclosed zero-day vulnerabilities are fixed this month. Furthermore, Microsoft fixed several critical remote code execution (RCE) and elevation of privilege (EoP) flaws.
Attackers may exploit the issues on systems that have not been patched to bypass protections, elevate privileges, or execute malicious payloads remotely.
Here is the critical overview:
CVE-2026-21262 (Microsoft SQL Server Elevation of Privilege)
This publicly disclosed zero-day allows an authorized attacker to elevate privileges over a network. Due to improper access control, a logged-in user can quietly elevate to become a full database administrator (sysadmin). With that level of control, they can read, modify, or delete data without user interaction.
CVE-2026-26127 (.NET Denial of Service)
The second publicly disclosed zero-day is an out-of-bounds read flaw in the .NET platform (versions 9.0 and 10.0). It allows an unauthenticated remote attacker to crash .NET applications over the network, resulting in a denial of service for any app running on the affected runtime libraries.
CVE-2026-21536 (Microsoft Devices Pricing Program Remote Code Execution)
Scoring a critical 9.8 out of 10 on the CVSS scale, this is the most severe flaw of the month. It allows remote attackers to execute arbitrary code over the network without privileges or user interaction. Notably, this flaw was discovered by an autonomous AI penetration testing agent. Microsoft notes that the vulnerability has been fully mitigated on their end, requiring no direct action from users.
These type confusion and untrusted pointer dereference flaws in Microsoft Office enable remote code execution when malicious files are processed. They are particularly dangerous because they can potentially allow zero-click exploitation if a user simply views a booby-trapped document in the Outlook Preview Pane.
CVE-2026-25187 (Windows Winlogon Elevation of Privilege)
Discovered by Google Project Zero, this vulnerability leverages improper link resolution in the Winlogon process. A locally authenticated attacker with low privileges could exploit a link-following condition to effortlessly escalate to SYSTEM privileges.
Significant Changes in the March 2026 updates
Sysmon is now built-in: Previously a manual download from Sysinternals, Sysmon is now included as a native component in Windows 11 for better security auditing and monitoring of malicious activity.
Quick Machine Recovery (QMR) expansion: QMR is now turned on automatically on more hardware. This feature allows administrators to revert endpoints to a working state if a disastrous third-party update takes down the system.
RSAT on Arm64: Remote Server Administration Tools are finally supported on Windows 11 Arm64 devices, allowing administrators to manage Windows Server environments directly from Arm-powered PCs.
First Steps: Your Patch Tuesday Strategy
Prioritize the zero-days: Map your exposure and prioritize the two zero-day vulnerabilities, focusing heavily on SQL Server environments and .NET application servers.
Update Office installations: Deploy Microsoft Office updates to all workstations immediately to mitigate the risk of zero-click remote code execution via the Preview Pane.
Prepare for Secure Boot changes: Ensure your enterprise environment allows the new Secure Boot allowed Key Exchange Key (KEK) updates to install properly to avoid boot issues in the coming months.
Secure Boot is a key security feature of PCs that is ensuring that only trusted, digitally signed software can load before the Windows operating starts. It uses a chain of trust using cryptographic certificates.
Microsoft issued the original Secure Boot certificates in 2011. Nearly every PC since 2012 has these certificates.
The problem: The certificates are set to expire in 2026. Some will expire in June 2026, others in October 2026.
The solution: To prevent Secure Boot disruptions, Microsoft is exchanging certificates.
What happens if the certificates are not exchanged?
Good news is that the PC won’s break or fail to boot when that happens. In fact, for most users, the PC will act and behave just like before. Windows will boot, apps will launch, and they can use their PC just like before.
The only limitation in that case is that Secure Boot can’t be updated anymore. This means that the official blocklist won’t update anymore to stop known malware or bootkits, can’t receive new features or fixes.
The expiring and new Secure Boot keys
Expiring 2011 Certificate
New 2023 Replacement
Purpose
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Gives Windows the authority to update the Signature Database (DB) and the blocklist (DBX).
Microsoft Windows Production PCA 2011
Windows UEFI CA 2023
Signs the actual Windows bootloader so the OS is allowed to start.
Microsoft Corporation UEFI CA 2011
Microsoft UEFI CA 2023
Signs third-party bootloaders (like Linux) and EFI applications.
Most Windows users on unmanaged PCs won’t have to do anything. The update is pushed via Windows Update and it will happen automatically in the background. A restart of the PC is required, but that is about it.
Microsoft begins with PCs that are “deemed highly compatible” first. This is the same distribution strategy that Microsoft uses for pushing out new feature or major updates to home and consumer PCs.
Here is how you can find out if the update is installed:
Open the Start menu.
Type Powershell.
Select “Run as administrator”.
Confirm the security prompt.
Type Confirm-SecureBootUEFI and press the Enter-key.
True means that Secure Boot is active.
False means that Secure Boot is turned off.
If True is returned, run the command ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’).
True means that the update is fully installed.
False means that the update is not yet installed, the 2011 keys are still used.
When I updated the RSS feed reader RSS Guard recently to version 5.x on a computer, I found myself without any feed subscriptions after the upgrade. It is a bug apparently that is confirmed by the developer when upgrading from 4.x to the new major version.
Anyway, I picked the very first RSS feed file that I had on the computer and imported it. It was from 2023, not that long ago, but I realized quickly that something was off.
More than half of the subscribed feeds were shown in red after hitting the “update all feeds” button. This meant that they a) were not responding temporarily b) no longer available, or c) that the Feed address changed.
Often decade-old websites, like Raymond.cc, Donationcoder.com, or Ask Windows Wally, came up red. When I checked the addresses manually, I discovered that some of them were gone for good while others have not been updated for years.
One a few showed new articles or content, which meant that the Feed URL had changed or was removed entirely.
Loading an old RSS file teaches us a few fundamental truths about the web’s lifecycle:
Link rot is the rule: Websites come and go, which is especially true when it comes to independently run sites. These used to thrive a decade ago, but have a hard standing nowadays with traffic flowing to AI content or major players.
Security migration caused problems: The great migration from HTTP to HTTPS left all the sites behind that did not upgrade. Maybe they were abandoned by their owner prior to the changes, or the owner did not have the technical know-how or desire to upgrade.
Graveyard of hosted platforms: Platforms like Feedburner were used by millions of blogs in the past. Now, they are in a zombie-like state that is causing more and more problems. Also, restructures of blogs, e.g., Microsoft migrating away from Technet and MSDN, and defunct community projects, all caused disruptions in the field.
Shift to “walled gardens”: Old RSS feeds represented a decentralized web. People visited dozens of independent niche blogs. Today, many authors have moved to using centralized platforms, such as Substack, Medium, Reddit, or social media. At least some of these make it difficult to subscribe to feeds.
The Internet used to be this cool decentralized place where everyone could start a site or blog and attract an audience. Today, this has shifted towards social media and centralized platforms. The last holdouts feel this shift with every passing year, see it in traffic stats and bank statements.
I’m not saying that ever independent site will be gone in the next five or ten years, but every passing year is going to make it harder for many independent sites out there.
Now You: is there any site in particular that you miss a lot? Feel free to leave a comment down below.
Mozilla is working on a redesign of its open source Firefox web browser according to leaked mockups of the project. Previous attempts to redesign the browser split the community. While some heralded the changes as a move to modernize the browser, others pointed out that these redesigns were removing or changing features.
Here is an overview of the main changes according to the leak:
Strongly Rounded Elements: The most characteristic feature of the Nova design is its prominent use of rounded corners. The tabs, address bar, sidebar launcher, website content area, and elements on the start page are all significantly more rounded. The top section (tab bar and navigation bar) now forms a single rounded unit.
Subtle Color Gradients: Unlike the previous design, which relied on solid, single-color surfaces, Mozilla is introducing subtle color gradients across parts of the interface.
New Color Accents: The mockups show a noticeable tendency toward violet tones. However, these colors appear to adapt to the chosen theme, as another screenshot demonstrates a mint-green start page with matching UI colors.
Improved Vertical Tabs Integration: The redesign prominently features built-in support for vertical tabs as an alternative to the traditional horizontal tab bar.
Return of “Compact Mode”: While Firefox currently hides its space-saving “compact mode” behind advanced settings, the Nova mockups explicitly show a visible toggle for it. This suggests Mozilla might officially support and promote a compact UI layout again.
Split-Screen Tabs: The dark theme mockups showcase a layout with two tabs open side-by-side, hinting at a native split-screen or tiling feature currently in development.
Mozilla is not reinventing the wheel with this new design. Most web browsers look very similar in this day and age. In fact, compared to the current version of Firefox, it is focusing heavily on colors and rounded elements as the main distinguishing visual changes.
The one thing that excites me the most is the (supposed) return of the compact mode. This mode, which is still supported unofficially by Firefox, is my favorite display mode, as it reduces the size of the UI to give websites more room. Its existence in the mockups suggests strongly that Mozilla might return it officially to Firefox, a change that I would welcome with open arms. It would be another feature that Mozilla is returning or adding to Firefox in the past two or so years.
The mockups show a work in progress. This means that it is not really clear if a redesigned Firefox will look exactly like that.
Now You: What is your take on the proposed redesign of the web browser?
After nearly six years of legal bombshells and courtroom drama, the walled garden of the Android app ecosystem has finally cracked. This week, Google announced a massive, platform-altering overhaul to its Android operating system, officially marking the end of its legal battle with Epic Games.
In a move that will fundamentally reshape the economics of mobile software, the tech giant says it is rolling out a “new era” of openness that drastically alters how the Google Play Store operates.
Google decouples service and billing fees, allows registered third-party app stores, and gives developers choice when it comes to payments.
Here is an overview of the announced changes by Sameer Samat, President of the Android ecosystem:
Expanded Billing Choice: Developers can now use their own billing systems alongside Google Play’s or direct users to their own websites for purchases.
Registered App Stores Program: A new initiative to streamline the installation flow for third-party app stores that meet specific safety and quality benchmarks.
Revised Fee Structure: A new business model that decouples billing fees from service fees, reducing the in-app purchase service fee to 20% (or as low as 15% for those in specific developer programs).
Resolution with Epic Games: The post also notes that these updates officially resolve Google’s long-standing global legal disputes with Epic Games.
The changes are a major shift from the walled-garden approach of Google and also Apple. While it is uncertain how this change affects Apple, if at all, it will open up Android.
The effects for users and developers
The biggest immediate effect is the end of the 30 percent fee that Google is charging for any transaction on the platform. Google replaces it with the following system:
The service fee is dropped to 20 percent as the new baseline.
Developers who participate in the new “App Experience” or “Play Games Level Up” programs pay 15 percent.
Billing fees, if developers want to still use the billing system of Google Play, adds “market-specific fees” to the bill. Google set it to 5 percent in core markets such as US, UK and EEA.
Developers who choose to distribute their apps through their own store and process payments using their own billing system pay nothing to Google under the new system.
Sideloading is changing as well with the official Registered App Stores program. Third-party app stores that are accepted into the program get a “streamlined, friction-free installation process”. Provided that Google allows competitors, like the Epic Games Store, into the program, it will make it easier to install games offered through these stores.
When is this coming?
The rollout will happen in phases.
By June 30, 2026: US, UK, and EEA.
By September 30, 2026: Australia.
By December 31, 2026: Japan and Korea.
By September 30, 2027: The rest of the world.
It remains to be seen how this will all work out and whether it will really be that easy for developers to set up their own store and billing system.
You probably know that KeePass is still my favorite password manager and that I do not save passwords in a browser or cloud-based location. It is a free Windows-based local password manager that does not restrict passwords and can be extend easily thanks to its open system. Other developers have created apps for all kinds of operating systems.
KeePass 2.61 is the latest version that got released earlier today. The new version adds new features and improvements, including several that make the password manager more versatile or secure.
As always, while you can configure KeePass to inform you about updates, you do need to download the new version from the developer website manually, as it does not include automatic update functionality. The new version should upgrade without any issues.
The main improvements of KeePass 2.61
One of the main improvements is update-related. Checks for new updates are now performed before a database is opened. Furthermore, if the master key prompt is opened, it will now also indicate that an update is available with an icon. You can toggle the feature under Options > Advanced.
The built-in one-time password generation capabilities have received several changes:
White-space characters are now automatically removed when pasting shared secrets, if the encoding is Base16/Hex, Base32 or Base64.
New buttons in the one-time password generator to copy the passwords to the clipboard.
The settings dialog supports displaying history entries now.
Other than that, you get improved saving of active databases to local files, multi-location/file synchronization options, and multiple attempts at entering the master key when a database is exported. Previously, users had to re-open the option to try again if the master password was incorrect.
The changelog lists a solid number of improvements next to that, which are mostly minor changes. One of the main changes is that searches are now more tolerant by default in almost any location. You can check the full list on the linked at the top.
Ultimately, KeePass 2.61 doesn’t try to fix what isn’t broken; instead, it polishes the edges of a tool built for those who value total sovereignty over their digital keys.
Google released this month’s big security update for Android. It fixes a total of 129 vulnerabilities, including one that is actively exploited in the wild.
As is the case with these updates, they are not published immediately to all Android devices. Pixel devices do get them first, usually, before other manufacturers start pushing them out. Even then, your device may not receive them for weeks or even months, depending on how the manufacturer handles these updates.
Google describes the most severe of the patched issues in the following way:
The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
The vulnerability affects more than 200 different Qualcomm chips and has the identifier CVE-2026-21385.
Google does not reveal how the vulnerability is exploited in the wild, but it says that it is aware of “limited, targeted exploitation” of the issue. Users should exercise caution on devices without the March 2026 patch update.
You can check the full list of patches here. Check your manufacturer’s support website to find out when your device may be getting the update. Samsung users, for instance, find the full listing on the Samsung Mobile website.
Google updates the stable version of its Chrome web browser every week right now. It gets one major version bump, for instance from version 145 to 146, and three point updates. The big update introduces new features and changes plus security updates, the point updates usually only security fixes and major bug fixes.
Google announced a major change to the browser’s release cycle today on the official Chrome for Developers blog. “Starting September 2026, Chrome will move to a two-week release cycle”, writes Google on the blog.
Google continues:
The new release cycle means that a new beta and stable version of Chrome will ship every two weeks, starting from the stable release of Chrome 153 on September 8th. This applies to all platforms—Desktop, Android, and iOS. There will be no changes to the Dev and the Canary channels.
The company explains that this is done to “match the demands of a modern web” by providing developers and users with “immediate access to the latest performance improvements, fixes and new capabilities”. It may also help Google reclaim the (major) browser rank with the highest version, a coveted rank that it lost recently to Mozilla’s Firefox web browser.
The changes apply to stable Chrome on all platforms only. The Extended Stable release is not affected by this. It has a different schedule, as it is updated on an eight-week cycle. Similarly, Beta and Canary channels are also not affected by the change.
While the change may not look like big, as Google retains the number of Chrome releases in a month, it is far from small either. Security updates install without major problems usually, but this can’t be said for a browser release that introduces changes or new features.
With two coming each month, users have to keep a good eye on the changes and better increase the number of backups that they make before installing new software to account for potential issues arising from this.
While I won’t cover all Chrome releases here on Chipp, you can expect me to cover those that are causing major issues.
How fast is the Internet connection of your Windows 11 PC? It may surprise you that you may give two answers to that question: the maximum speed of the line or the actual speed of the device.
Speedtests help test this. They are useful for troubleshooting connection-related issues, and may also help you get a partial refund from your Internet Service Provider, if the advertised speed does not match the actual speed you get.
Most Internet users run tests in browsers. Go to a site like speedtest.net, fast.com, or Cloudflare Speed, and you get information about the download and upload speed and the ping.
There are also some apps that you can run locally, which may offer better results as they eliminate the browser bottleneck. Lastly, there are also some command line solutions, but these may require the installation of extra packages.
For example, to install Speedtest CLI, which enables you to run tests from the command prompt, you would first install the module with the command winget install Ookla.Speedtest.CLI. Once done, you’d run a basic test from the command prompt with the command speedtest. You can also use parameters, which allow you to test the speed against specific servers or write the output to a json file.
The Windows 11 Speed test
Microsoft released preview updates for Windows 11 about a week ago. These add several new features, including a new speedtest.
Here is how Microsoft describes the feature:
A built‑in network speed test is now available from the taskbar. You can open it from the Wi‑Fi or Cellular Quick Settings, or by right-clicking the network icon in the system tray. The speed test opens in the default browser and measures Ethernet, Wi‑Fi, and cellular connections. This feature helps check network performance and troubleshoot issues.
This sounds like a useful addition to Windows. Instead of having to open a test in a browser, run an app or a command, you’d simply run the test from the taskbar.
However, when you test the feature, you may realize that this is not a fully integrated speedtest in Windows 11. When you select the option, for instance by right-clicking on a network icon on the Windows taskbar, you are taken to the speedtest.net website.
In other words, Microsoft has implemented a shortcut to the website instead of implementing its own solution.
Is it still useful? Well, it may save you a click or two and it may expose the option to some users who did not know such tests existed in first place.
However, if you have used a device with Internet connectivity for a while, you may not be that impressed by this new feature.
Now it is your turn: have you used speed tests in the past to test your Internet speed?
