大†Shinegumi†大

Google Chrome 84.0.4147.135 update

Google Chrome 84.0.4147.125 update

https://www.mozilla.org/en-US/firefox/79.0/releasenotes/

This update includes 38 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$TBD][1103195] Critical CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08 [$5000][1074317] High CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24 [$5000][1084820] High CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20 [$2000][1091404] High CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04 [$TBD][1076703] High CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30 [$TBD][1082755] High CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA on 2020-05-14 [$TBD][1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2020-06-08 [$TBD][1095560] High CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16 [$3000][986051] Medium CVE-2020-6518: Use after free in developer tools. Reported by David Erceg on 2019-07-20 [$3000][1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25 [$1000][1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08 [$500][1075734] Medium CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27 [$TBD][1052093] Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13 [$N/A][1080481] Medium CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08 [$N/A][1081722] Medium CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12 [$N/A][1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05 [$1000][1074340] Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24 [$500][992698] Low CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10 [$500][1063690] Low CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22 [$N/A][978779] Low CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26 [$N/A][1016278] Low CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21 [$TBD][1042986] Low CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17 [$N/A][1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11 [$N/A][1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20 [$TBD][1073409] Low CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22 [$TBD][1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [1105224] Various fixes from internal audits, fuzzing and other initiatives

Adobe Flash Player 32.0.0.403 update

Mozilla Firefox 78.0.2 update

Mozilla Firefox 78.0.1 update

https://www.mozilla.org/en-US/firefox/78.0/releasenotes/

Format Factory 5.3.0.1 Update

Format Factory 5.3.0.0 update

Google Chrome 83.0.4103.106 update

Adobe Flash Player 32.0.0.387 Silent update

Google Chrome 83.0.4103.97 update

Telegram is a free instant messaging app which works on all your devices: Android, iOS, PC, Mac, Linux, Windows Phone, and there's a web version to cover everything else. You can have the app running simultaneously, everywhere, if you like-- Telegram automatically keeps everything in sync. Chats can be simple, just you and one or two friends. Add some stickers, use the animated GIF search, or share some pictures of your own. There's even a capable photo editor to make sure your images are looking their best. But that's just the start. You could also work with groups of up to 5,000 people, and share an unlimited number of photos, videos, archives, or any other file type up to a maximum of 1.5 GB each. And if there's not enough space on your device, no problem-- keep it in the cloud. (It's still free.) Powerful privacy features include "Secret Chats", a special type of encrypted message which can be set to self-destruct in a set time after it's been read. An open API enables developers to extend the app with smart bots and custom Telegram clients. And all this is based on a network of servers distributed around the world, delivering excellent performance wherever you are. Silent installation Silent installation

Mozilla Firefox 77.0.1 Update

Firefox 77.0 Changes update

Format Factory 5.2.1.0 update

Skype 8.80.0.78 update

Other developer features in this release include: ARIA Annotations: New ARIA annotations support screen reader accessibility for comments, suggestions, and text highlights with semantic meanings (similar to <mark>). Additionally, related information can now be tied semantically to an element allowing descriptions, definitions, footnotes, and comments to be tied to another element. ‘auto’ keyword for ‘-webkit-appearance’ CSS property: The -webkit-appearance CSS property has a new auto keyword, which indicates the default appearance of the target element. This is a step on the way to replacing the nonstandard -webkit-appearance property with a future fully standardized appearance property. Barcode Detection API: Chrome now supports the Barcode Detection API, a subset of the Shape Detection API which provides the ability to detect and decode barcodes in an image provided by a script. The image may come from any type of image buffer source such as an <image>, <video>, or <canvas>tag. Previously, supporting barcode detection on a web page required inclusion of a large third-party library. This API is only available on devices with Google Play Services installed and is not available on uncertified devices. CSS contain-intrinsic-size: The contain-intrinsic-size property allows developers to specify a placeholder size which would be used while contain: size is applied. With contain-intrinsic-size specified, elements lay out as if they had a single child with fixed size, the one specified by this property, unless they have an explicit width/height. The motivation for the property is to provide a placeholder sizing for subtree content which is either not yet available or not rendered. There was previously no way to provide this other than sizing the element itself which may not be desirable as it affects how the element lays out in its container. Examples are available from the WICG. CSS Color Adjust: Many operating systems now have a “dark mode” preference. Some browsers already offer an option to transform web pages into a dark theme. The prefers-color-scheme media query lets authors support their own dark theme so they have full control over experiences they build. The meta tag lets a site explicitly opt-in to fully supporting a dark theme so that the browser loads a different user agent sheet and not ever apply transformations. display:inline-grid/grid/inline-flex/flex for <button>: The display keywords inline-grid, grid, inline-flex, and flex now function with the <button>element when the align property is applied. (Demo) ES Modules for shared workers (‘module’ type option): JavaScript now supports modules in shared workers. Setting module type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available in worker contexts. With this feature, web developers can more easily write programs in a composable way and share them among a page and workers. Improvements to font-display: A few changes have been made to the way font-display works on Chrome. Setting font-display to optional no longer causes relayout. Web font preloading is allowed to slightly block rendering (for all font-display values), so that if the font loads fast enough, Chrome doesn’t need to render with fallback. IndexedDB relaxed durability transactions: IDBDatabase.transaction() now accepts an optional durability argument to control flushing of data to storage. This allows developers to explicitly trade off durability for performance. Previously after writing an IndexedDB transaction, Firefox did not flush to disk but Chrome did. This provided increased durability by guaranteeing that data is written to the device’s disk rather than merely to an intermediate OS cache. Unfortunately, this comes with a significant performance cost. Valid options are "default", "strict", and "relaxed". The "default" option uses whatever behavior is provided by the user agent and is currently the default. An example is shown below. The current value may be read using IDBTransaction.durability. Out-Of-Renderer Cross-Origin Resource Sharing: Out-Of-Renderer Cross-Origin Resource Sharing (OOR-CORS) is a new CORS implementation that inspects network accesses. Chrome’s previous CORS implementation was only available to Blink core parts, XHR, and Fetch APIs, while a simplified implementation was used in other parts of the application. HTTP requests made by some internal modules could not be inspected for CORS at all. The new implementation addresses these shortcomings. Reversed range for <input type=time>: Chrome now supports reversed ranges for <input> elements whose type is time, allowing developers to express time inputs that cross midnight. A reversed range is one where the maximum is less than the minimum. In this state, the input allows values that are less than the minimum or greater than the maximum, but not between them. This functionality has been in the specification for many years, but has not yet been implemented in Chrome. Support “JIS-B5” and “JIS-B4” @page: Chrome now supports two page sizes for the @page rule, both listed in the CSS Paged Media Module Level 3 spec. @supports selector() feature query function: The new @supports function provides feature detection for CSS selectors. Web authors can use this feature to query whether the UA supports the selector before they actually try to apply the specified style rules matching the selector. RTCPeerConnection.canTrickleIceCandidates: The canTrickleIceCandidatesboolean property indicates whether a remote peer is capable of handling trickle candidates. It exposes information from the SDP session description. RTCRtpEncodingParameters.maxFramerate: This encoding parameter allows developers to limit the framerate on a video layer before sending. Use RTCRtpSender.setParameters() to set the new framerate, which takes effect after the current picture is complete. Read it back using RTCRtpEncodingParameters.maxFramerate. Setting maxFramerate to 0 freezes the video on the next frame. RTCRtpSendParameters.degradationPreference: A new attribute for RTCRtpSendParameters called degradationPreference allows developers to control how quality degrades when constraints such as bandwidth or CPU prevent encoding at the configured frame rate and resolution. For example, on a screen share app, users will probably prefer screen legibility over animations. On a video conference users likely prefer a smooth frame rate over a higher resolution. Valid values for degradationPreference are "maintain-framerate", "maintain-resolution", and "balanced". WebXR DOM Overlay: DOM overlay is a feature for immersive AR on handheld devices that lets two-dimensional page content be shown as an interactive transparent layer on top of the WebXR content and camera image. With this feature, developers can use the DOM to create user interfaces for WebXR experiences. For VR, inline sessions are by definition within the DOM. For AR, though, there is no inline mode, making this particularly important for certain use cases. To try the feature, use one of the two samples in Chrome 83. This feature is currently only available on ARCore-based handheld devices. For a full rundown of what’s new, check out the Chrome 83 milestone hotlist.

Mozilla heeft versie 76 van zijn webbrowser Firefox uitgebracht. In versie 76 is onder meer de ingebakken Lockwise password manager verbeterd. Zo laat het zien wanneer websites waarvan wachtwoorden zijn opgeslagen zijn gehackt, of het wachtwoord van een gehackte website ook ergens anders wordt gebruikt en worden opgeslagen wachtwoorden niet meer getoond zonder dat het Firefox of Windows wachtwoord wordt ingegeven. Verder zijn er diverse beveiligingsproblemen verholpen en zijn er enkele verbeteringen aangebracht in de zoekfunctie vanuit de adresbalk. De complete changelog kan hieronder worden gevonden.

The stable channel has been updated to 81.0.4044.138 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$N/A][1073602] High CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-22 [$7500][1071059] High CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang on 2020-04-15 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [1077866] Various fixes from internal audits, fuzzing and other initiatives

“MPVCI” – A simple GUI packaged installer for all the latest MS Visual C++ redistributes. Direct Download: MPVCI 3.4 – November 2023 Edition (Win7+ supported. Uninstall support for Win10+) Download Mirrors: MajorGeeks (Official) & OlderGeeks & Softpedia https://www.upload.ee/files/16001638/MPVCI_3.4_setup.exe.html Installer bundle includes all the newest VC++ 2005 – 2022 Packages: Microsoft Visual C++ 2005 (x86 only) 8.0.61001 Microsoft Visual C++ 2008 (x86/x64) 9.0.30729.6161 Microsoft Visual C++ 2010 (x86/x64) 10.0.40219.473 Microsoft Visual C++ 2012 (x86/x64) 11.0.61030.0 Microsoft Visual C++ 2013 (x86/x64) 12.0.40664.0 Microsoft Visual C++ 2015-2022 (x86/x64) *14.38.33130.0

The stable channel has been updated to 81.0.4044.122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$20000][1065298] High CVE-2020-6459: Use after free in payments. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-27 [$15000][1063566] High CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous on 2020-03-21 [$5000][1067270] High CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-04-02 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [1072815] Various fixes from internal audits, fuzzing and other initiatives

The stable channel has been updated to 81.0.4044.113 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 1 security fix. Please see the Chrome Security Page for more information. [$TBD][1067851] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Adobe Flash Player 32.0.0.363 Update