Chrome 80: Everything You Need to Know

Shouldn’t come as much of a surprise that Google Chrome continues to be the world’s most preferred web browser, and there doesn’t seem to be much of a risk of it relinquishing that title anytime soon. Sure, there’s going to be plenty of iPhone users that will be perfectly fine with Safari when web browsing with their mobile devices, but even most of them will probably spend more than a little time using Chrome on their notebook or desktop. One thing’s for sure, both of them (along with Firefox) have definitely left the now-obsolete Internet Explorer in the dust.

 

Which is the way it should be, but it’s still true that even Google’s super-popular web browser hasn’t avoided having a few glitches as it’s been progressively rolled out. Here at 4GoodHosting, we imagine we’re just the same as any good Canadian web hosting provider in that we understand that a person’s web browser of-choice is going to be very relevant in regards to how well they experience the websites and other dynamic multimedia content that’s offered by those of people like the very same clients we have. It’s for that reason we’ve decided that a brief overview of the extensive Chrome 80 version update is a worthwhile topic of discussion for this week’s blog.

 

So let’s get to it.

 

Ambitious and Extensive Offering

 

Chrome 😯 arrived a week and some back, and it’s been promoted most notably as promising to put the clamps on cookies while patching 56 vulnerabilities at the same time. Making this happen has reportedly cost Google about 48k to address the vulnerabilities to ‘bugs’, with 10 specific ones being prioritized as ‘high risk’. Half of those 10 were submitted by engineers of Google’s own Project Zero team.

 

Chrome updates in the background, so by relaunching their browser most users can complete the upgrade. If a manual update is needed, then select ‘About Google Chrome’ from the Help menu under the vertical ellipsis at the upper right. You’ll then see a tab showing that the browser has been updated or displays the download process before making a “relaunch” button available.

 

Limiting Function of ‘Cookies’

 

This is a huge part of what makes the Chrome 80 update such a big deal, and especially for anyone who feels a little put off about how their computer seems to ‘know so much about them.’

 

Google had already promised it would find a way to restrict cookies. For those of you who may not know what a ‘Cookie’ is, they are small bits of code websites rely on to identify individual users. This is done using the SameSite standard. SameSite was designed to give web developers a way to control which cookies can be sent by a browser – under certain conditions.

 

The Chrome 80 update will mean that Google will begin enforcing SameSite, and Cookies distributed from a third-party source – ones not initiated by the site the user is currently visiting – must be correctly set and will now only be accessible over secure connections. It’s also reported that enforcement of the new cookie classification system in Chrome 80 will commence later in February, and we should remember that Google generally prefers to roll out new features and other changes in stages, to verify things are working as expected before making them available to their enormous pool of users. The company has stated this week of Feb. 17 is going to be the switch-on-SameSite salvo, so we may get news of that today or tomorrow in confirmation.

 

Another aspect of Chrome 80 is that cookies without a SameSite definition will be considered as first-party only by default; third-party cookies – ones from an external ad distributor tracking users as they wander the web – won’t be sendable.

 

It’s believed that the idea behind this is an aggressive push by Google to motivate site makers and other cookie distributors to get behind the SameSite standard, and that this is important and advisable based on Google Chrome being the industry leader for web browsers. We’ll keep in mind that SameSite is not Google’s answer to the increasing anti-tracking positions being offered by rivals like Mozilla and Microsoft. However, Google is quick to tout SameSite’s better, security prowess, and especially for preventing cross-site request forgery (CSRF) attacks,

 

A Cease to Notification Nagging

 

Chrome 80 is implementing the quieter notifications that Google promised last month too. Instead of letting sites place pop-ups on the page requesting permission to send notifications, following the Chrome 80 update you’ll instead see an alarm bell icon with a strike-through near the right edge of the address bar. We’re one of the many who’ve found notification pop ups to be very annoying, so this is very likely going to be extremely well received.

 

Users will be able to manually engage the new notification UI using an option in Settings > Advanced > Privacy and security > Site Settings > Notifications. Toggle the “Use quieter messaging (blocks notification prompts from interrupting you)” switch and you’ll immediately have activated the pop-up blocker.

 

Google has said it would also automatically enable the quieter UI for some, and a new feature where users who repeatedly deny notification requests will be auto-enrolled in it. Google will automatically silence some sites too, and ones that fish extremely hard for notification enrolments are going to be targeted.

 

Tab groups are also expected to debut in Chrome 80, but as of this writing it seems that feature has yet to be entirely rolled out yet. For those of you who’ll be eager to see it this is where you’ll be able to confirm:

 

  • The option to turn it on is behind chrome://flags: Search for Tab Groups, change the setting at the right to Enabled, and relaunch the browser

 

Google is claiming that the feature should begin rolling out to users with Chrome 80, but it may not be in final form until March’s Chrome 81 which is scheduled to arrive on March 17, 20202. When it does, users should be able to right-click tabs and choose new menu items to create groups, assign tabs to them or remove tabs from those groups.

 

On least thing to note for the Chrome 80 update is that it will allow for effective blocking of employees trying to install external add-ons. Administrators can call on the BlockExternalExtensions policy to stop the practice.

Security Risks Increasing Considerably When Moving Sensitive Data to Enterprise Cloud

Stick your head around pretty much any corner and there’s bound to be something about the ever wider reaches of cloud computing and what it promises to entail for the future in the digital world. The ability to utilize non-physical storage and then share data with requiring access to this storage has really been a game changer. Now with good usually comes at least a little not-so-good, and – surprise, surprise – cloud computing is no exception. However, if there was a ‘do over’ button would anyone press it and go back to the times of exclusively physical location storage and access?

Not a chance.

Cloud computing is going to be one of the centerpieces of modern computing technology for the foreseeable future, so we are going to need to accept and overcome a few bumps in the road along the say. Increased security risks are at everyone’s forefront in the digital realm these days, and here at 4GoodHosting we’re like any reputable Canadian web hosting provider in that we’re making enterprise-level security measures standard with most of our web hosting packages.

And while we’re huge fans of cloud computing, our expertise is in web hosting and we don’t claim to know much if anything about security risks related to cloud computing. However, research is something we ARE very proficient with and as such we’re always happy to dig into topics that our customers are likely to find relevant to what they do on a day-to-day business on the World Wide Web.

Cloud with Caution

And so here we are in a brand new decade and there’s going to be no one surprised with the fact that enterprises continue to feed their clouds with increasingly sensitive information. However, it would seem doing is increasingly risky and decision makers are being urged to move forward with caution. A recent study logged from anonymous data from 30 million enterprise cloud users found that roughly 26 percent of files analysed in the cloud now contain sensitive data, and the trend has been for this to increase some 23% year over year.

This becomes potentially problematic when you consider that 91% of cloud services do not encrypt data upon entering cloud storage. That means of every 10 or so entries, more than 9 aren’t guarded well – if guarded at all – sitting in the cloud.

Now, to be fair, data loss protection (DLP) software does exist and a lot of it is quite good and reasonably effective. However, it’s also estimated that only 37% of cloud service providers say they are utilising DLP. Add next that nearly 80% of them also access to enterprise-approved cloud services from personal devices, and – perhaps more alarmingly – a quarter of companies report having sensitive data downloaded from the cloud to an unmanaged personal device.

Spotty Security and Risk Management

It’s not that the current infrastructures in place are bad, and more that they’re insufficient and spotty with how and where they’ve been rolled out. Gaps in data visibility and shielding continue to mean that certain networks look very inviting to breach attempts and non-compliance.

A recent survey found that 93% of cloud storage providers agree that the responsibility to secure data in the clouds is theirs. However, many of these same respondents say there is an emerging trend in the industry where there are simply not enough individuals with the skills required to put the right infrastructure in place and maintain it. SaaS (software as a service) is new, but it’s not that new and to some degree it’s hard to believe this assertion.

It IS fair to say, however, that technology and training continues to be outpaced by cloud’s aggressive enterprise growth. The expression ‘growing pains’ may be very appropriate here.

Smart Reactionary / Precautionary Measures

So what are the recommendations for anyone with above-average concerns about sensitive data of theirs being stored in the cloud?

Here are 3 things you can – and should – do to increase security of cloud-stored data:

  1. Evaluate your data protection strategy for devices and the cloud

Consider the difference between a disparate set of technologies at each control point, along with the advantages of merging them into a single set of policies, workflows, and results

  1. Investigate the breadth and risk of shadow IT

Determine your scope of cloud use, and put a primary focus on high-risk services; then move to enabling your approved services and restricting access to any that have the potential of putting data at risk

  1. Plan for the future with unified security for your data

Context about devices improves cloud data security, and context about the risk of cloud services improves access policy through the web. Many more efficiencies will exist, while some are yet to be discovered. The smart merging of all these control points will be what will deliver the future of data security when it comes to utilizing all the advantages of cloud storage and access.

In conclusion, a last consideration that you can have is to look a little longer at what sensitive files will be fine in physical storage and better there with all the inherent security that comes with that. Never look at cloud storage as something to be used just because it’s there. If you don’t see a particular set of files as needing the ease accessibility the cloud provides, and they don’t ask much for much space, then perhaps they’re just fine staying stored where they are.

 

New Windows 10 Patch More of a Problem Creator than Problem Solver

It’s not often we choose to use relevant recent software news as the subject for our weekly blog post, and the reason for that is not only because there’s usually plenty more noteworthy news out there, but also because often times these software shortcomings don’t affect a large swath of people. However, any time it’s about anything related to a Windows OS issue then the sheer number of people that rely on that particular operating system make it so that it’s worthy of mention. We’re certain that the software engineers that put out these patches are qualified and have best intentions, but we all get it wrong sometimes.

Here at 4GoodHosting, we’re just the same as any quality Canadian web hosting provider in that we’ll see the value in putting certain news on the billboard – if you will – so long as it will be welcome information for a good many of our customers. Now we’re fairly sure that there’s more than a few of you sitting with a Windows OS device in front of you, so that’s we’ve decided to make the shortcomings of the new Windows patch our topic of discussion this week.

Admittedly it’s not the most engrossing stuff. But if it leads even a few of you to avoid major headaches by skipping this patch and ‘leaving well enough alone’, as the expression goes, then we will have done something for the collective good.

Alright, let’s get to it.

A Not-So-Good Fix for Search Function Bugs?

Windows 10 recently issued forth an update which was promoting itself as being the cure for the long-standing bugs in the search function that have been a real thorn in the side for Microsoft Windows OS users. To get right to the meat of this, what seems to have happened is that in their efforts to find a working fix for the search bugs (which was accomplished), what this patch has actually done has tampered with other parts of the OS and as such introduced a whole manner of new issues.

Hate to be overly critical, but sometimes you just have to call it as it is – this is really quite the mess for Windows 10 users who were simply looking to get past the Search hang up. If you haven’t downloaded the newest Windows 10 patch yet, you might want to avoid doing that altogether.

And here’s that worse case scenario we were talking about – more than a few people have reported installing update KB4532695 – and then receiving a ‘blue screen of death’ for their troubles, meaning their PC is totally locked up and probably needing a trip to see a computer repairman unless you’re something of a computer repair tech yourself.

The bad continues; if a thread on Microsoft’s Answers.com help forum is to be believed, the patch is isn’t done there when it comes to undesirable outcomes; a reported boot failure, disabling audio and the sound card on the PC, rendering Bluetooth useless, or making connection to the Internet and impossibility – even after reboots.

And if you are still booting fine, they may be sluggish and annoyingly slow. Some people described being stuck at the splash screen for a good 5 minutes at least, and only deinstalling the update fixed this for them.

Glitches Too

KB4532695 is something of a failure for other reasons too; while it’s true not everyone is going to experience ALL of this, it’s still expected to be a huge nuisance for a number of people to the extent that the onus is definitely on Microsoft to fix this, and fix it without too much delay.

Fortunately, deinstalling the update IS possible, and it may well be your best choice to do this, put up with poor search functionality for the time being, and wait until a better and more wholesome patch is issued from Seattle.

Search Fix, Any Fix?

We’ve established that this patch does little to solve the sear problems with File Explorer, despite this being the reason for its creation. We will give credit where its due and say the KB4532695 patch DOES resolve issues with right-clicking, and the search bar being unresponsive. However, there are still bugs affecting the bar even after installing this patch. So that’s a negative too

Users have reported having to left-click twice to get the cursor to appear in the place where they’re clicking inside the search bar. Apparently you need to left-click first before a right-click on the search bar has any function.

Obviously not intentional and I’m sure certain individuals have been told to get back to the drawing board without delay – but one things for sure, this new Microsoft search bar issue patch is something of a dud. Not recommended, especially if you can make do until a PROPER and FUNCTIONAL successive patch arrives.