Google

Latest Chrome 125 security update fixes 11 unique issues

Posted on by Martin Brinkmann

Google has released a new security update for its Chrome web browser for all supported platforms. The update patches 11 unique security issues in the browser. It comes days after an out-of-bounds security update for Chrome to address a 0-day security vulnerability.

While the issues do not appear to be exploited at the time of writing, it is recommended to update Chrome immediately.

This is done by loading chrome://settings/help in the browser’s address bar or selecting Menu > Help > About Google Chrome manually.

Chrome lists the installed version and will download a new version that it finds automatically on desktop systems.

Pro Tip: open a command prompt window on Windows and run winget upgrade google.chrome.exe to update Chrome without opening it.

Chrome should display one of the following versions after installation of the update:

  • Chrome for Mac or Windows: 125.0.6422.141 or 125.0.6422.142
  • Chrome for Linux: 125.0.6422.141
  • Chrome Extended Channel for Mac or Windows: 124.0.6367.243
  • Chrome for Android: 125.0.6422.146 or 125.0.6422.147

The security fixes

Google lists seven of the eleven security issues that it fixed in the Chrome update on the official releases site.

All seven have a severity rating of high. Google does not publish information about security issues that it discovered internally. The severity of the four unmentioned security issues is unknown as a consequence.

Here is what Google reveals about the listed security issues:

  • [$7000][339877165] High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11
  • [TBD][338071106] High CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01
  • [TBD][338103465] High CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01
  • [TBD][338929744] High CVE-2024-5496: Use after free in Media Session. Reported by Cassidy Kim(@cassidy6564) on 2024-05-06
  • [TBD][339061099] High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2024-05-07
  • [TBD][339588211] High CVE-2024-5498: Use after free in Presentation API. Reported by anymous on 2024-05-09
  • [TBD][339877167] High CVE-2024-5499: Out of bounds write in Streams API. Reported by anonymous on 2024-05-11

The security issues affect several components of the browser, including APIs, keyboard inputs, media session, WebRTC, and Dawn. Dawn is an “open-source and cross-platform implementation of the WebGPU standard” according to Google Source.

Chrome

Chrome warning “These extensions may soon no longer be supported”

Posted on by Martin Brinkmann

Google is working on shutting down the old ruleset for Chrome browser extensions in favor of a new ruleset. The switch from Manifest V2 to Manifest V3 brings along with it a huge problem: extensions that are not updated will cease to work.

While no one has counted the extensions that rely on Manifest V2 in the Chrome Web Store, the count is likely in the thousands. Not all of the are actively maintained.

In addition, some extensions cannot be upgraded without loss of functionality. This is especially the case for content blockers.

Google, an advertising company first and foremost, does have a vetted interest in limiting content blockers. While there is no evidence that the company has made the decision to limit content blockers deliberately, it is clear that content blockers suffer under Manifest V3.

Chrome These extensions may soon no longer be supported

Soon, Chrome is warning users who have extensions installed that rely on Manifest V2. The browser lists extensions that won’t be supported by Chrome in the near future on the extensions page.

Google suggests to either remove the extensions entirely or to replace them with extensions from the Chrome Web Store that support Manifest V3.

Popular extensions such as uBlock Origin and even some of Google’s own are listed there as incompatible.

While there is a chance that some of these extensions will be updated to support Manifest V3, users of Chrome should not get their hopes up that this is the case for all extensions currently incompatible.

If you use Chrome, you can enable the deprecation warning right now in Chrome Canary.

  1. Load chrome://flags/#extension-manifest-v2-deprecation-warning in the Chrome address bar.
  2. Change the state to Enabled.
  3. Restart Google Chrome.
  4. Load chrome://extensions to see the list of unsupported extensions.

Google has revealed the following information about the deprecation of Manifest V2:

  • June 2024 — Manifest V2 extensions will be disabled in pre-stable versions of Chrome starting in Chrome 127. Manifest V2 extensions cannot be installed in Chrome anymore. Google will roll out the change gradually.
  • July 2024 or later — After monitoring the deprecation for at least a month, Google will roll out the deprecation to stable versions of Google Chrome.
  • June 2025 — Manifest V2 extensions cannot be installed anymore on Enterprise devices running Chrome.

The change will impact most Chromium-based browsers as well.

What about your extensions? Are some of them only available as Manifest V2 extensions?

AntennaPod interface

Podcast Player AntennaPod 3.4 launches with massive performance gains

Posted on by Martin Brinkmann

The end of Google’s Podcast application and the attempt to push users to the mediocre alternative YouTube Music has pushed some users to other podcasting apps.

AntennaPod is an open source podcast player and manager that is updated regularly. Core features include:

  • No ads.
  • Option to subscribe to podcasts using online podcast directories.
  • Download podcast episodes manually or automatically.
  • Modify settings per-podcast, e.g., playback speed or auto-skipping.
  • Supports authentication.
  • Lots of customization options.

AntennaPod 3.4.0

The latest update improved the application’s efficiency in several key areas. The developers note in the release note that this update completes the modernization of the apps’ code structure. The process began three years ago.

AntennaPod 3.4.0 improves the refreshing of subscriptions by up to three times compared to the previous performance. This improvement is especially noticeable if a user has subscribed to a lot of podcasts.

The release notes mention at least 1000 episodes. While that sounds like a lot, it depends on the subscribed podcasts.

The second improvement speeds up the deletion of podcasts subscription. This process is improved by up to the factor 10.

The new version includes other improvements:

  • An option to back up the database automatically is now available. You find it under Settings > Import/Export > Automatic database export. It saves the database every three days when activated and keeps the last 5 backups.
  • Add a sleep timer to AntennaPod notifications. This option is found under Settings > User Interface > Set notification buttons.
  • Skip Silence can now be configured per subscription.
  • An option to reorder sections on the homepage is now also available.

While there are other excellent apps out there, AntennaPod is certainly among them when it comes to functionality and the overall experience.

What about you? Do you listen to podcasts? If so, which app or service do you use?

O&O ShutUp10++ update

O&O ShutUp10++ update adds more privacy goodness

Posted on by Martin Brinkmann

The first O&O ShutUp10++ update for Windows 10 and 11 of 2024 is now available. It is an excellent privacy tool to improve privacy through an easy to use interface.

You can check out my full review of O&O ShutUp10++ for in-depth information.

O&O ShutUp10++ 1.9.1437

The new version of the free application is available already. It was released about a week ago. New and existing users may download it from the official project website.

The update introduces new privacy options and also quality of life improvements. As far as privacy options are concerned, here is what is new:

  • NEW: Disable remote assistance connections to this computer
  • NEW: Disable remote connections to this computer

You find these two new options under Local Machine > Miscellaneous at the very bottom of the page.

The remaining changes improve usability of the app. Whenever you make a change, you receive a prompt to create a system restore point. If the feature is disabled, O&O ShutUp10++ may now launch the Control Panel in this case to rectify this.

Existing users may also notice that the start of the app is faster than before.

The configuration file is saved to the start directory now, and it is automatically migrated from previous versions. The file is called OOSU10.cfg and you find it in the same directory that you run O&O ShutUp10++ from. This makes it easier to migrate the configuration to other systems.

The application supports making bulk changes. It distinguishes between recommended, somewhat recommended, and all settings. A click on any of those under Actions displays the number of changed preferences now.

Tip: while these actions sound useful, they are applied immediately. It is better to make changes manually instead.

  1. Select View > Group by Categories to disable the grouping of settings.
  2. Click on “recommended” in the table to sort by recommendation state.
  3. Go through the list from top to bottom and make the changes manually.

Closing Words

O&O ShutUP10++ is an excellent free application for Windows to improve user privacy on the system. It is updated frequently to introduce new privacy options, such as disabling Copilot.

Do you use privacy tweak tools or system optimization tools? Which do you use and prefer?

Microsoft Copilot Bot on Telegram

You can now chat with Microsoft Copilot on Telegram

Posted on by Martin Brinkmann

Microsoft has identified another service that its AI Copilot has not been available on. Today, Microsoft launched Copilot officially for the messaging service Telegram.

Word of warning: while you do not need a Microsoft account to communicate with the AI, it is necessary to part with your mobile phone number for verification purposes.

Here is how it works:

  1. Open the Telegram app and search for Microsoft Copilot, or, open the official Microsoft Copilot Telegram page here.
  2. Select I Accept when asked to do so to continue.
  3. Provide Copilot with the device’s phone number for verification.

Once that is out of the way, you may interact with Copilot using text messages or by selecting one of the displayed ideas.

Note: Copilot limits interactions to 30 per day. This is not much and there is no option currently to increase the limit.

The bot accepts a few commands:

  1. /restart to end the current chat and start over.
  2. /ideas to display examples.
  3. /share to get invites for friends.

The most important command is restart, as it erases the previous chat so that you can start a new one.

Interactions work as you expect them to work. Type a message and submit it to get an answer.

As is the case with all Copilot interactions, messages are send to Microsoft servers. They are processed there and then returned to Telegram.

The process was quick during tests. It is unclear whether that is going to change as the bot’s popularity may increase on the platform.

All in all, you do get the same experience that you get on other platforms that Copilot is available on. The experience is limited, because of the 30 chat turns limit and the inability to generate images at this point.

Verdict

Considering that you can interact with Copilot on other platforms as well, without handing over your phone number, most of you will probably shy away from the Telegram bot experience.

Have you interacted with Copilot or another AI before? Did you like it or find it useful?

How to disable Recall taking snapshots of the screen in Windows 11

Posted on by Martin Brinkmann

Recall is an upcoming AI feature of Windows 11. It takes captures of the screen every five seconds and saves them on the local system. Users may then interact with AI to look up information or process data that has been captured.

Most current Windows 11 PCs won’t get Recall functionality, as a Copilot+ PC is required. These PCs have specific requirements that include a neural processing unit and 16 GB of RAM.

The first iteration of Recall will only be available for specific Snapdragon ARM processors on top of that. With time, Recall will become available for AMD and Intel PCs as well.

Recall Criticism

Windows 11’s Recall feature is not without criticism. Here are the main points:

  • It records a user’s entire activity on the Windows PC, with a few exceptions. This makes it the holy grail for law enforcement, spammers, malicious actors, advertisers and marketers.
  • Recall snapshots require lots of storage. The default is 25 GB on a 256 GB hard drive. While you can drop that to 10 GB, it is still a lot of space. On 1 TB+ drives, the default is 150 GB of storage.

Disabling Recall in Windows 11

There are three options to disable Recall on PCs that support it.

  • Via the Settings app.
  • Via the Group Policy Editor.
  • Via the Registry (not yet available)

Settings app

Disable Windows 11 Recall in Settings
  1. Open the Start menu and select Settings.
  2. Go to Privacy & security > Recall and snapshots.
  3. Toggle Save snapshots to off.

This is all to it. Recall is disabled from that moment on for that user account.

Turn off Recall in the Group Policy Editor

Note: The Group Policy Editor is only available in Windows 11 Pro, Enterprise, and Education editions. Home systems may disable Recall in the Registry, which is explained in the next section.

  1. Open the Start menu.
  2. Type gpedit.msc and press the Enter-key to load the Group Policy Editor.
  3. Use the hierarchy on the left to go to User Configuration > Administrative Templates > Windows Components > Windows AI.
  4. Double-click on Turn off Saving Snapshots for Windows.
  5. Change the statues from Not Configured to Disabled.
  6. Restart the PC.

Disable Recall in the Registry

Information not yet available, will update once it becomes available.

Gmail

Gmail: low priority emails pushed to Updates inbox category

Posted on by Martin Brinkmann

Google is rolling out an update for Gmail on Android and iOS that is moving what it considers low priority emails to the update inbox category.

Google’s email service Gmail classifies emails into different inbox categories automatically by default. This is done to display fewer emails to the user by default to avoid email overload according to Google.

Here is the current classification:

  • Primary—Emails from people you know and messages that don’t appear in other tabs.
  • Social—Messages from social networks and media-sharing sites.
  • Promotions—Deals, offers, and other promotional emails.
  • Updates—Notifications, confirmations, receipts, bills, and statements.
  • Forums—Messages from online groups, discussion boards, and mailing lists.
  • Reservations—Flight confirmations, hotel bookings, and restaurant reservations.
  • Purchases— Order, shipping, and delivery emails.

Soon, Gmail will move emails that its algorithm classified as low priority to the Updates inbox. In other words, some emails that you would expect in the Primary inbox may not be there anymore.

Good to know: this change applies only if you have not disabled the inbox category system. This can be done in Settings > Email Address > Inbox Categories.

There you find options to disable all but the primary inbox. When you do that, all emails are shown in a single inbox in the Gmail application.

The change is rolled out only in Gmail for Android and iOS. The web-based version of Gmail won’t move low priority emails to the Updates group for now.

Google shows a banner in the Gmail app when it is activating the change. It says:

Now, Gmail puts messages that may not need your immediate attention in Updates. You can change this any time in settings.

Google told 9to5Google that it has been testing this change and that it has received positive feedback from testers about it.

Closing Words

Automatic classification of emails is always problematic and Google may make incorrect classifications at times on Gmail. You can disable the functionality entirely to restore a single inbox in Gmail apps and Gmail for the web though.

Do you use Gmail at all or do you use another email service?

Google fixes another 0-day exploit in Google Chrome

Posted on by Martin Brinkmann

Google has released quite a few security updates for its Chrome web browser in recent months. Besides the weekly scheduled security updates, Google has released updates to address 0-day vulnerabilities in Chrome.

Today, Google released another security update for Google Chrome to address a 0-day exploit. The issue affects all desktop versions of Chrome and Chrome for Android.

Chrome users may want to install the update immediately to fix the issue. Here is how that is done on desktop systems (there is no option to speed up the installation of Chrome updates on Android):

  • Load chrome://settings/help in the Chrome address bar.
  • Chrome displays the current version and runs a check for updates.

Updates will get installed automatically at this point, but you need to restart the browser manually to complete the update.

Chrome should return the following version after installation of the update:

  • Chrome for Windows and Mac: 125.0.6422.112 or 125.0.6422.113
  • Chrome Extended Stable for Windows or Mac: 124.0.6367.233
  • Chrome for Linux: 125.0.6422.112
  • Chrome for Android: 125.0.6422.112 or 125.0.6422.113

About the Chrome security vulnerability

The official release notes page lists basic information about the vulnerability only. It is CVE-2024-5274, a Type Confusion in V8 issue. Google has rated the vulnerability as high and notes that it is exploited in the wild.

V8 is the JavaScript and WebAssembly engine that Google Chrome uses.

In other words, systems with an outdated version of Chrome may be successfully attacked. It is unclear how the issue can be exploited, however.

The last update that fixed a 0-day vulnerability in Google Chrome was released just 2 weeks ago. It is the 8th 0-day exploit fix in Chrome in this year alone.

Recall memories

About Windows 11 version 24H2 Recall AI feature

Posted on by Martin Brinkmann

A lot has been written about the upcoming Recall feature of Windows 11 version 24H2. Reserved exclusively for Copilot+ PCs, it will be unavailable to the majority of users who upgrade their Windows 11 PCs to the new version.

Recall, in a nutshell, takes frequent captures of the entire screen and stores them encrypted on the local system. Windows 11 users may then invoke the Recall feature to interact with the saved content.

From searching for specific information over getting summaries of watched videos or telecalls to finding that specific asparagus recipe that you looked at some time ago in Edge.

It is a proactive feature, unlike Copilot’s rewrite feature and others.

Microsoft describes Recall in the following way:

Search across time to find the content you need. Then, re-engage with it. With Recall, you have an explorable timeline of your PC’s past. Just describe how you remember it and Recall will retrieve the moment you saw it. Any photo, link, or message can be a fresh point to continue from. As you use your PC, Recall takes snapshots of your screen. Snapshots are taken every five seconds while content on the screen is different from the previous snapshot.

How Recall works

You use natural language to find something and Recall returns the information separated into text and visual matches.

Windows 11 Recall feature

Recall is shown as an icon on the Windows 11 taskbar and it may also be started using the keyboard shortcut Windows-J.

Recall displays a timeline on start that you may use to check out a specific day. Recall loads and displays the snapshots of that particular day then, allowing you to interact with the content.

Recall Timeline

Search is the heart of recall. You use natural language to find or interact with the saved content.

Type what you are looking for and Recall returns any matching snapshot. The AI feature displays hits from all apps by default, but you can filter results by a specific app to narrow down the results.

The feature distinguishes between close and related matches:

  • Close matches — includes at least one of the search terms or images that represent the search term.
  • Related matches — displays related items, e.g., cannelloni results when you searched for goat cheese pizza.

Selecting a screenshot launches the Screenray feature. Microsoft says that Screenray anayzes the snapshot and enables interactions with elements of it.

The company writes:

What you can do with each element changes based on what kind of content screenray detects. If you select a picture in the snapshot, you can copy, edit with your default .jpeg app such as Photos, or send it to another app like the Snipping Tool or Paint. When you highlight text with screenray, you can open it in a text editor or copy it.

Is Recall a privacy nightmare?

Recall records most activity on a Windows PC when it is active. It is up to the user to enable or disable Recall.

Microsoft has added options to disallow the capturing of specific apps or websites. Some of these are only available in Edge.

Recall does not capture private browsing sessions in Chromium-based browsers. In Edge, the feature may furthermore block captures of specific websites.

In other words, if you use a different browser than Edge, website filtering won’t work. If you use Firefox or another non-Chromium-based browser, everything will get recorded.

Recall runs locally only according to Microsoft. Captures are stored locally and the OCR feature runs local as well only.

The main privacy concerns

Recall runs locally only. The main concern that some users have is that someone else may gain access to the recorded data.

There are several scenarios where this may happen:

  • Malware infections may gain access to the data. This gives threat actors access to a user’s entire activity on the PC. It may include information about financial services they use, online accounts, password managers or security software, and confidential information in Word or Excel.
  • Law enforcement, including border agents, may want access to the information as it highlights (most of) the activity of a user on the Windows 11 device. Users may be coerced into giving state representatives access to their Windows PCs.

It is your choice

You may or may not use Recall. Most Windows 11 users cannot even use it, as their PCs do not meet the minimum system requirements.

If your PC supports it, you may want to ask yourself a simple question: do I really need it? Is it improving may workflows or helping me in another way?

It is a novelty feature, but how often will you make use of it once that novelty factor wanes off?

If you ask me, I won’t make use of it. All my PCs are not Copilot+ PCs and even if they were, I would turn it off as I do not need it. I know where to look when need to find something.

For businesses, it may play a bigger role. Making everything searchable, including video calls and presentations, is certainly useful in some scenarios.

What about you? Will you use the Recall feature when it comes out?

AI is changing the World Wide Web: 4 predictions

Posted on by Martin Brinkmann

Microsoft, Google, and other search engine companies have started to add AI to the search results. Google is rolling out AI Overviews to search. This feature displays AI generated content at the top of the results.

This change has severe implications for the World Wide Web. In this article, I’m making four predictions about the future of the WWW.

Not all sites and services will be around in 5 years

AI generated results will keep a portion of searchers on the search engine’s website. The answer may suffice for a good percentage of user searches.

This impacts sites that rely on traffic from search engines. Google says that sites listed by its AI Overviews feature have received more clicks, but it is too early to tell whether only a tiny percentage of sites really benefits from it. In any event, sites on the second or third party of results will likely get less traffic.

The same may be true for certain services. Search engines like Google added more and more tools and features. You can check the weather, convert currency, get translations, do calculations or directions right from Google.

In any event, the drive towards showing more information directly on search results pages will push lots of sites out of business.

Good news is that this may level the search playing field. Companies like OpenAI may create their own search engines, which threatens the dominance of Google.

AI favors large sites and data sources

Generative AI relies on data created by humans. Without that data, it would not be able to produce any results.

For search engines, large data sources are of greater interest than smaller ones. Giving the AI access to the entirety of Wikipedia or Reddit is better than having to parse millions of smaller sites for the information.

Larger sites benefit from this, as they may sell their data to AI companies. Smaller websites do not have the means to broker deals with these companies, which means that they won’t get any compensation for their data. While they may opt-out, this also means that they won’t receive any links when the AI includes them as a source.

Ultimately, small sites are at the receiving end again when it comes to this, while large sites have a new revenue source at their disposal.

Trust will play a major role

Can AI results be trusted? AIs may hallucinate, which means that they make things up. There is also the question about the actuality of data. Since AIs rely on human generated content, they may return content that is out of date or also incorrect.

Say, you search for instructions on making a change to your Windows system. AI may return instructions that work on older versions of Windows. While you may adjust the query, there is a chance that out of date content is returned.

Trust will also play a major role in the survival of websites. Trusted sites will continue to do well, as many searchers will favor them over AI generated content. Sites that have a loyal followship may also survive.

Personality and authenticity remains important

Bland sites that just rehash news stories will have it difficult in the future. They do not really provide much value, but the business model worked, especially for established sites that can rank for pretty much any topic they write about.

Information returned by AI has no personality. It is just a robot returning information. Your favorite reviewer of video games, movies, software applications, or cars, on the other hand, may have more to offer than just the information.

This personality and authenticity of writers, podcasters, or video creators drives users towards services and sites, and may make them follow certain sites or services.

These will continue to do well, as AI cannot compete with that or mimic it satisfyingly.

Now You: what is your take on AI integrations in search, or entirely AI-powered search engines?