Now I understand. Google releases patches for its Chrome browser all the time. As @b explained about 36 hours ago, Google sent out a special alert to
[See the full post at: Google comes clean on that “emergency” security patch – and shows how it was used to trigger a Windows 7 0day]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Google comes clean on that “emergency” security patch – and shows how it was used to trigger a Windows 7 0day
Home » Forums » Newsletter and Homepage topics » Google comes clean on that “emergency” security patch – and shows how it was used to trigger a Windows 7 0day
- This topic has 11 replies, 6 voices, and was last updated 4 years, 2 months ago by
anonymous.
AuthorTopicwoody
ManagerViewing 6 reply threadsAuthorReplies-
Microfix
AskWoody MVPHow Microsoft will react is to include a fix in SMQR and SO patches and say nothing but document it a week later for respective patches. One thing for sure, it won’t be documented immediately upon patch release so a week is giving them the benefit of the doubt.
Opaque Transparency 🙂Keeping IT Lean, Clean and Mean! -
anonymous
Guest -
brian1248
AskWoody LoungerA zero-day vulnerability is one for which there are active exploits even before it was announced. In other words, the “bad guys” knew about the bug and were actively exploiting it before the vulnerability was patched or even known about. Therefore, once it is discovered by the “good guys”, and before it can be patched, there are zero days before attacks using it will occur.
Many vulnerabilities (other than zero day vulnerabilities) have no active exploits and it could be many days or weeks before an exploit becomes available.
-
anonymous
Guestanonymous
GuestThis is great for others but what about persons stuck on Vista and using an “unsupported” chrome? There was a time where the security of the internet was critical on all being updated so the “virus” could not easily spread. Is that still true? Are these exploits done in old code or the current “patched” one? Is it even likely that a non patched computer or browser could be more secure then a patched one?
If the Above is true “There was a time where the security of the internet was critical on all being updated so the “virus” could not easily spread”, then would it not be in the interest of keeping ALL patched regardless of OS version or Browser Version? After all then a ‘unprotected’ browsers could in theory infect all others.
-
anonymous
GuestYou stick with old programs, your risk is increased but that doesn’t mean you will be hit. Generally, you (as in the person behind the keyboard) needs to do something that triggers the virus.
Very dated but possibly helpful article
Another possibly useful article
The problem with zero-day malware is your AV program will not ‘see’ it. Even VirusTotal is likely to report the file/link containing the malware is clean. So, occasionally run a demand scanner (examples: Malwarebytes; Superantispyware).
Something else that can function as a demand scanner on running processes is Sysinternals Process Explorer – look through the menu options options. Sysinternals Autoruns also has the VirusTotal option.
1 user thanked author for this post.
Nibbled To Death By Ducks
AskWoody Plus“As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available.”
It makes one wonder, as I have through the decades, if MSFT was the source of some of these problems…great way to encourage “Updating your OS”!
“…when they become available”….what a laid back, ho-hum, indefensible attitude when a 0-day is in the wild!
Life sure looks different from underneath the bus…
Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"...all the people, all the time..."Peter Ustinov ad-lib in "Logan's Run"1 user thanked author for this post.
-
anonymous
GuestYep, the advisement to begin using Windows 10 as the mitigation looks evil and suggests collusion.
It also seems somebody at Microsoft quietly fixed that error not informing anybody else or there is actually a overall useful “tail covering” feature that mitigates the bug which still exists inside Windows 10.
EP
AskWoody_MVPreaction from Born’s blog:
https://borncity.com/win/2019/03/08/kritische-chrome-schwachstelle-bedroht-32-bit-windows-7/
check out the last sentence on there that says “The recommendation of the Google developers to migrate to Windows 10 because of the bug seems to me as a bad joke.”
1 user thanked author for this post.
anonymous
Guest-
anonymous
GuestYes. I grudgingly admit Google is acting in good faith here. Because their product contributes to the exposure, they admit it openly and describe the broader problem as well. More information is better than less information. Of course it helps that they seem to have already patched their part.
Which actually means the opposite of your question. Chrome browser is now the one browser we know has been patched.
1 user thanked author for this post.
Viewing 6 reply threads - This topic has 11 replies, 6 voices, and was last updated 4 years, 2 months ago by
-

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Remove One Drive
by
crudolphy
1 hour, 3 minutes ago -
Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release
by
Alex5723
3 hours, 12 minutes ago -
How to change “User Account Control:Run as administrator”
by
DKThompson
1 hour, 29 minutes ago -
Two monitors, want different “fixed” wallpaper on each one
by
MauryS
8 hours, 3 minutes ago -
Microsoft forcing move to Microsoft account?
by
Tom
5 hours, 58 minutes ago -
Event 2545 Device Management – Enterprise – Diagnostics – Provider
by
Tex265
9 hours, 23 minutes ago -
QBot malware exploits Windows WordPad EXE to take over
by
Alex5723
1 day, 4 hours ago -
Laptop powers off during KB5026361 update
by
dhunter
1 day, 4 hours ago -
How to enable Sleep in Shut down menu?
by
Alex5723
1 day, 6 hours ago -
Beware of Google’s .ZIP domain and password-embedded URLs
by
B. Livingston
1 hour, 21 minutes ago -
Longstanding feature requests, and their status
by
Mary Branscombe
1 day, 14 hours ago -
Three typing tutors — no more “hunt and peck”
by
Deanna McElveen
1 day, 13 hours ago -
Is online banking secure?
by
Susan Bradley
27 minutes ago -
Bluetooth audio not working on older Lenovo T420 with Win 10
by
WSmsc0357
19 hours, 42 minutes ago -
Using wildcards in search and replace
by
Bob Karrow
1 day, 23 hours ago -
How is Windows XP an security risk?
by
Curious
9 hours, 43 minutes ago -
Is using VPN a good idea?
by
Tex265
1 day, 19 hours ago -
How to prevent/disable Bitlocker Automatic Device Encryption?
by
EricB
2 days, 7 hours ago -
Unexplained aspects of installing the latest update of Office 2021
by
TonyC
2 days, 6 hours ago -
Getting started with macOS Disk Utility: RAID, images, and repairs
by
Alex5723
2 days, 15 hours ago -
Getting started with macOS Disk Utility: Resizing, snapshots, and journaling
by
Alex5723
2 days, 16 hours ago -
Are you ready for AI?
by
Susan Bradley
4 hours, 3 minutes ago -
Windows 11 Insider Preview build 25375 released to Canary
by
joep517
2 days, 18 hours ago -
Windows 11 Insider Preview Build 22621.1825 and 22624.1825 released to BETA
by
joep517
2 days, 18 hours ago -
Duplicate image name brings up old images
by
Susan Bradley
4 days ago -
XP offline activation tool, xp_activate32.exe
by
Alex5723
1 day, 13 hours ago -
Huge Tesla leak reveals thousands of safety concerns, privacy problems
by
Alex5723
2 days, 2 hours ago -
Android : iRecorder – Screen Recorder new Android RAT
by
Alex5723
4 days, 4 hours ago -
HP has found an exciting new way to DRM your printer!
by
Alex5723
4 days, 4 hours ago -
Outlook 2019 Resend “you do not appear to be the original sender…” msg
by
Mw Ward
4 days, 15 hours ago
Recent blog posts
- Beware of Google’s .ZIP domain and password-embedded URLs
- Longstanding feature requests, and their status
- Three typing tutors — no more “hunt and peck”
- Is online banking secure?
- Are you ready for AI?
- MS-DEFCON 4: Skip those Secure Boot scripts
- Getting started with winget
- No NumLock key? Problem solved! Here’s the fix.
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.