Week in Geek: Google Chrome 25 (Dev Channel) Blocks Silent, Stealthy Extension Installations

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

By Akemi Iwaya on December 23rd, 2012

This week’s edition of WIG is filled with news link coverage on topics such as Mozilla Firefox 20 will speed up page loading times, an Apache plugin is turning legit sites into bank-attack platforms, spyware on rental PCs captured users’ most intimate moments, and more.

Image courtesy of The Chromium Blog.

Weekly News Links

Image courtesy of The Chromium Blog.

  • No more silent extension installs
    From the blog post: It’s important for users to know what extensions they have enabled since extensions can sometimes influence Chrome’s functionality and performance. Many users have installed extensions from the Chrome Web Store, but some users have extensions that were silently installed without their knowledge.
  • Mozilla Firefox 20 Will Speed Up Page Load Times
    Firefox 20 is shaping up to be a really big release for Mozilla. In addition to the Private Browsing feature upgrade, it looks like Firefox is also getting a really interesting Network load fix that could make a huge performance difference. Firefox 20 will load stylesheets before images.
  • Microsoft offers patches to WebKit to aid touch compatibility
    In a move that has raised eyebrows, Microsoft has submitted a patch to the WebKit project to extend the open source rendering engine with a prototype implementation of the Pointer Events specification that the company is also working on together with Google, Mozilla, and Opera. WebKit is the rendering engine used in Apple’s Safari and Google’s Chrome browsers, making Microsoft’s work a contribution to products that are in direct competition to its own.
  • Microsoft brings back the fonts
    Microsoft has reworked the security patch that led to disappearing OpenType fonts. The MS12-078 patch has now been modified so that fonts are once again displayed correctly. For users who have already installed the old version of the patch, the update needs to be installed again but the Windows Update service will usually take care of this.
  • Steam for Linux Enters Open Beta, Download Now
    Steam for Linux is entering the final stages before the official launch and Valve has just opened the Beta program for everyone.
  • Google+ mentions make their way to Blogger
    Now, Blogger users can put a “+” before a person’s name, and have a link to their Google+ profile automatically included in their post.
  • Twitter Starts Rolling Out Option To Download Your Twitter Archive: Request Every Tweet You’ve Ever Made In One File
    It looks like Twitter has started rolling out the option to let users download all their tweets — with some Twitter users reporting they are seeing an option to ‘request your archive’ appearing in their settings.
  • Dropbox nabs cloud-based photo library Snapjoy
    It looks like Dropbox is really getting more serious about photo sharing now that it has acquired digital photo organizer Snapjoy.
  • No, Instagram can’t sell your photos: what the new terms of service really mean
    The new terms actually make things clearer and — importantly — more limited. That “on, about, or in conjunction” with language is dead and gone. Now you’re only agreeing that someone else can pay Instagram to display your photos and other information only in connection with paid or sponsored content.
  • Here’s How To Opt Out Of Instagram’s New Arbitration Clause
    Among the other controversial changes to Instagram’s Terms of Service is a spanking new forced-arbitration clause that, as things do, effectively takes away consumers’ rights to band together in a class-action against the company. Thankfully, you can opt out of the clause in writing before Feb. 15, 2013.
  • Facebook said to launch autoplay video ads in news feed
    The social network is rumored to be amping up its video ads by adding in autoplay, audience targeting, and video expansion.
  • Facebook’s $1 messages: One more way to get your credit card
    The latest update to Facebook Messages did more than just change a few settings. It’s also a sign of the social network seeking yet an opportunity to encourage impulse purchases.

Security News

  • Shocking Delay in Fixing Adobe Shockwave Bug
    The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) is warning about a dangerous security hole in Adobe’s Shockwave Player that could be used to silently install malicious code. The truly shocking aspect of this bug? U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won’t be fixing it until February 2013.
  • Apache plugin turns legit sites into bank-attack platforms
    A malicious Apache module found operating in the wild turns sites running the Internet’s most popular Web server into platforms that surreptitiously install malware on visitors’ computers.
  • Symantec finds a new trojan that steals data from US banks, customers
    Nearly half of detected infections are on financial institutions’ servers. – Symantec has discovered a new piece of malware that appears to be targeting financial institutions and their customers in the US. Dubbed Trojan.Stabuniq by Symantec, the malware has been collecting information from infected systems—potentially for the preparation of a more damaging attack.
  • Suspected security hole found in many Samsung devices
    Developer finds vulnerability in Exynos 4-powered devices, including the Galaxy S2 and Galaxy Note, that bypasses system permissions, letting data be extracted from RAM or malicious code be injected.
  • Samsung aims to fix severe Android device vulnerability
    The world’s top mobile phone maker says it is working on a fix for a security flaw that affects some of its flagship smartphones and tablets.
  • Android botnet sends SMS Spam
    An Android botnet dubbed “SpamSoldier” is active, according to a blog post by mobile device security specialists Lookout, and it is spreading through SMS spam that promises free games such as Need for Speed or Angry Birds Space. Users who respond to SMS spam offering these free games by clicking on a link in the message actually download a bogus “installer” app which, when run, activates the SpamSoldier trojan.
  • No, Microsoft Didn’t Bring Halo 4 To iOS – This $4.99 Scam Is A Game Of Chess
    While Apple has managed to keep the App Store free from malware, it seems the Cupertino company has a hard time filtering out scams. Every so often, a shameless developer tries their luck at selling a title that promises to be something it isn’t. The latest claims to be a Halo 4 clone that is “iPhone/iPad exclusive.” They’ve gone through the trouble of writing a lengthy App Store description in an effort to fool you into thinking it’s the real thing. But in reality, it’s just a $4.99 game of chess.
  • How spyware on rental PCs captured users’ most intimate moments
    On the second-to-last Monday of 2010, Brian Byrd was playing video poker on his Dell Inspiron laptop when someone knocked on the door of his home in Casper, Wyoming. The visitor, who drove a truck from the local Aaron’s rent-to-own store that furnished the PC five months earlier, said the 25-year-old Byrd was behind in his payments and demanded he pay up at once. He then brandished a picture that was about to cause a national privacy uproar.
  • Instagram to start sharing user data with Facebook
    The company says that the change to its privacy policy will allow it to do a better job fighting spam and detecting system problems.
  • F.T.C. Opens an Inquiry Into Data Brokers
    Companies that collect, analyze and sell billions of details about the activities of consumers for marketing purposes have increasingly found themselves under government scrutiny this year.
  • Two-for-one: Amazon.com’s Socially Engineered Replacement Order Scam
    Someone has devised a relatively simple way of defrauding Amazon.com and they require very little hard information to pull it off.
  • Point-of-Sale Skimmers: No Charge…Yet
    If you hand your credit or debit card to a merchant who is using a wireless point-of-sale (POS) device, you may want to later verify that the charge actually went through. A top vendor of POS skimmers ships devices that will print out “transaction approved” receipts, even though the machine is offline and is merely recording the customer’s card data and PIN for future fraudulent use.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

One Year Ago on How-To Geek

How-To Geek Comics Weekly Roundup

How-To Geek Weekly Trivia Roundup

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 12/23/12
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!