Eighteen disclosures over the last two weeks, with nine issues unfixed.
Other Security News
Way back in 2014, Google announced its plans to push for “HTTPS everywhere”. In 2015, they began downranking non-https links in favor of https links. Last October, starting with the release of version 62 of Chrome, they began marking http pages that contained input elements, and all http pages in Incognito mode as “Not Secure“. The final day of reckoning has arrived: in July, with the release of Chrome 68, all non-https pages will be marked as “Not Secure”. If you’re running a WordPress site, you should already have a certificate to protect your credentials over-the-wire when you’re logging in, and your cookies in transmit while logged in. For your non-sensitive sites, given that the cost of a domain validated certificate is trivial, it’s a good idea to go ahead and add it, if for no other reason to reduce help desk calls about those sites being marked as not secure. Start making plans now to get those certificates in place before summer. At least you’ll have a small break between the end of the semester and when Google plans on releasing version 68.