Minor update to Vivaldi 1.13 (Spectre fixes)
-
Today we release a minor update to 1.13 with security updates for the Spectre security issue and a crash fix for Linux.
Click here to see the full blog post
-
@gwen-dragon: ah... yes, good point!
-
@gwen-dragon: we will fix this now
-
Thanks!
-
Thanks for the quick update, out of the usual release cycle!
One question about the Spectre fix, because we read many things on the net and it's hard to get clear and reliable info:
From my understanding, to be safe, one need to patch several levels of his machine:- Hardware (via bios / motherboard update)
- OS
- Critical softwares like internet browser
The OS fixes seem to be relevant only if done in combination with bios updates. What about the browser fix that you include here?
Is it enough by its own to mitigate Javascript exploits (for example), or does it also absolutely need OS or Bios update to be effective?I ask that because lot of people having HW older than a few years will never receive any update from their manufacturers. In this case, can we still expect to have at least a small layer a protection against attacks which would rely on malicious code on the net?
-
It's loading pages faster.
-
@guilimote: There are no fixes for Spectre. And there will not. Only mitigations. The only fix is to change hardware, with one not vulnerable (I'm not aware of any right now...)
Each level you name can do a level of mitigation :
- At the hardware level, a microcode update can limit the usage of branch prediction
- At the OS level, the mitigations can separate more fully the user code from the kernel/core code.
- At the browser level, each tab can be run into a single process, and precision of timing accessible through JS can be limited.
Each isn't enough, and to be honest, even all together, it's not enough. It's enough right now, because you can't protect more, but in the months/years coming, other mitigations will appear, to avoid new utilisation of those vulnerabilities that appeared.
But yes, those mitigations in Vivaldi will limit the impact (for now) of those vulnerabilities. Just don't believe that you are fully safe for all times
-
I was promised that in the next update we would finally have the rearrangeable web panels that are available in the Beta.
Very disappointed to see that yet again this is not included, more so because I was told that it would indeed be.So, with that said I have but one question, when?
-
@jasonjosephnyc: I think you have misunderstood. That feature was promised for 1.14. This is a minor update to 1.13. In such minor updates we do not introduce any new features. We only fix critical outstanding bugs. However it will still be in 1.14 as promised, snapshots of which are already available should you wish to test.
-
New bug you introduced with this fix.
[modedit] Edited image url
-
@cqoicebordel Thank you for your precision, and what you say makes sens (no fix, only mitigations, ...)
But I'm still not sure about what to think... Sorry if I have misunderstood you, I will try to be clearer:
Even if I know that the more layers I update the better it is, that this is not enough to be "safe", and even if I know it is only a matter of "limiting the impact": Are the Chromium updates relevant to prevent from some of the possible browser exploits IF they are not done in combination with updates on other layers (ie HW, OS, ... )?
In other words, is it different from some of the OS updates which absolutely need bios updates to be effective? -
@guilimote: Yes, each add their layer.
Each level has its own surface of attack. And thus, their mitigations are only to add hurdle on their surfaces. In other words (that are factually wrong but work as a metaphor) : each level slows the attacker ten times. If you have all the mitigations in place, you slowed it a thousand times (101010, a tenth for each level). If you have only the browsers mitigations, it is slowed only ten times.There are not dependent from one another. At least here.
If I'm not mistaken, though, it seems to me that the new microcode Intel provided allows new commands, that can be used by compilers to compile new softwares. So, maybe, if I'm not wrong, in the near futur, there will be mitigations in softwares (including browsers) that needs the microcode updated, and the OS patched.
But again, I'm not sure on that one, and I'm not sure on the schedule of those fix either (search terms : "LFENCE opcode") -
After upgrading to this release, all my cookies and passwords are gone and will not persist even if I remove my profile. See this topic for more details: https://forum.vivaldi.net/topic/23883/cookies-and-passwords-won-t-persist-after-updating-to-1-13-1008-44
Any help would be appreciated!
-
@ruario I asked about this on twitter and was told by Vivaldi that this was coming in the next update, NOT in the beta but in the stable release. For a browser that prides itself on customizability, this seems like it should be in the wild already... IMHO
-
@jasonjosephnyc: and it will be in the stable release of 1.14. It was never going to be in 1.13 and if we needed to do another security update before 1.14 comes out it will not be in that either. It will only arrive with 1.14. This is to be expected, sorry if it was not clear to you before.
-
@jasonjosephnyc Not the next update. The next major release. Soon, now.
-
I've noticed some strange beheviour with this build and the previous one - occasional, seemingly random CPU load. We're talking 50%+ load on a Core i7-5820K CPU that doesn't go away until I kill Vivaldi and start it again.
Edit: sorry, wrong thread. This was about the latest snapshot, I don't know if it manifests in 1.13.
-
@gwen-dragon: Sorry for that, there is no edit or delete button...
Win 10 1709 64-bit
A lot of gray space between tabs, it resolves on a restart of Vivaldi.
Haven't been able to reproduce on purpose. -
@darkmagician said in Minor update to Vivaldi 1.13 (Spectre fixes):
there is no edit or delete button...
There is, at bottom right, the three vertical dots.
-
I will say that the browser seems ALOT faster! I love it!