This week’s theme encompasses all web browsers, with major security releases for Chrome and Firefox as well as upcoming support changes for Internet Explorer.

Microsoft announced the end to Internet Explorer 10 this week, with an upcoming upgrade path for Server 2012 and Windows Embedded 8 systems. Detailed on its blog post, Internet Explorer 11 will be available for these platforms this spring, with support for Internet Explorer 10 ending in 2020. For 2019, it looks like separate updates for each major version will be supported to assist with this transition.

Security Releases

For the first time this year, Google Chrome saw a major update this week with version 72. According to Google’s release blog, this release includes 58 security fixes with 29 having CVE assignments. A rare critical vulnerability, CVE-2019-5754, is disclosed in this release where an attacker could execute code on an endpoint by simply visiting a malicious website. On Week 52 last year, I covered a Google Chrome exploit where a website can force a system’s resources to max out at 100%. This issue (917493, currently behind a login now) is not listed within the fixes list, so make sure to avoid these malicious pages until a proper fix is released.

Following the trend, Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird. A total of eight CVEs are included in these releases, with two critical CVEs shared between all releases. With Firefox 65, Mozilla has also released MSI installers for the first time for enterprise users. A list of CVEs with affected products as well as color-coded severity is below:firefox 65 - firefox esr 60.5 - thunderbird 60.5 - patch - screenshot

Third-Party Updates

Alongside these browser updates, other vendors released non-security updates for the week. These patches may contain undisclosed security fixes as well as valuable stability fixes.

Software Title

Ivanti ID

Ivanti KB

Blue Jeans 2.10.263.0

JEANS-013

QBJN2102630

Box Sync 4.0.7929.0

BOXSYNC-022

QBOXSYNC4079200

Evernote 6.17.6.8292

ENOT-016

QENOT61768292

Nitro Pro 12.8.0.449

NITRO-020

QNITRO1280449

Nitro Pro Enterprise 12.8.0.449

NITROE-002

QNITROE1280449

Node.JS 10.15.1 (LTS Upper)

NOJSLU-005

QNODEJSLU10151

Node.JS 11.9.0 (Current)

NOJSC-008

QNODEJSC1190

Notepad++ 7.6.3

NPPP-088

QNPPP763

Opera 58.0.3135.53

OPERA-199

QOP580313553

PDF-Xchange PRO 7.0.328.2

PDFX-029

QPDFX703282

Royal TS 4.3.61328

RTS4-019

QRTS40361328

Royal TS 5.00.61330.0

RTS5-004

QRTS50061330

Skype 8.38.0.138

SKYPE-150

QSKY8380138

VirtualBox 6.0.4

OVB-019

QOVB6040

Zoom Client 4.3.46333

ZOOM-017

QZOOM4346333

How Ivanti Endpoint Security Customers Can Achieve a 176% ROI Over 3 Years - DOWNLOAD THE STUDY