In wake of scandal, Google clamps down on Chrome shopping extensions
Late last year, there was a big scandal involving the Honey browser extension, which wasn’t helping users find the best deals and coupons as it so claimed to do. Instead, it was swapping out affiliate links and stealing potential commissions from influencers and creators.
Following that revelation, Google is now tightening the rules for shopping extensions in the Chrome Web Store.
In short, affiliate links, coupon codes, and cookies can now only be included in the extension if they provide a direct and clear benefit to users when they shop. For example, extensions can’t insert links unless they lead to real discounts or cash back on purchases. Extensions also can’t update your shopping cookies or inject affiliate links on web pages without explicitly notifying you.
While the Honey scandal mainly affected influencers and creators — not Joe Schmoe who’s just browsing the web — this is generally good news as you can be more sure that extensions are doing what they claim.
Further reading: I hope Google does lose ownership of Chrome 
© 2025 PC World 4:25am  
|
Big March patch fixes dozens of security flaws in Windows and Office
Yesterday was Microsoft’s Patch Tuesday for March, which brought security updates that addressed 58 new vulnerabilities. According to the company, six of the vulnerabilities in Windows are already being exploited and attacked in the wild. Another vulnerability in Office was already publicly known as well.
Microsoft offers sparse details on the vulnerabilities in their Security Update Guide. Fortunately, Dustin Childs dives into the patch with lots more details on the Trend Micro ZDI blog, always with an eye for admins who manage corporate networks.
The next scheduled Patch Tuesday will be on April 8, 2025.
Windows security flaws addressed
A large number of the patched vulnerabilities — 37 of them this time — are spread across various Windows versions, including Windows Server, 10, and 11, for which Microsoft still offers security updates. (Remember, official support for Windows 10 is ending later this year!)
With Windows 7 and 8.1 no longer receiving security updates, they’re growing increasingly more vulnerable to security threats. If your hardware allows for it, you should switch to Windows 10 (22H2) or Windows 11 (24H2) to continue receiving security updates.
Windows under attack
According to Microsoft, there are already attacks on six of the Windows security vulnerabilities addressed in the patch. However, Microsoft doesn’t classify any of them as critical. It’s generally not known how widespread the attacks on these vulnerabilities currently are. Microsoft doesn’t provide any information on that.
According to Dustin Childs, the vulnerability CVE-2025-26633 in the Microsoft Management Console (MMC) is being used by the ATP group EncryptHub (aka Larva-208) for targeted attacks. The perpetrators have already successfully attacked more than 600 organizations. The flaw is in the handling of MSC files, which attackers can use to bypass security mechanisms and execute code with user rights.
If you mount a specially crafted virtual hard drive (VHD) file, there’s also an exploit for vulnerabilities CVE-2025-24993 and CVE-2025-24985. While one RCE (Remote Code Execution) vulnerability affects the NTFS file system, the other is in the driver for the FAT file system. In combination with an EoP (Elevation of Privilege) vulnerability, an attacker could take over the entire system.
If a logged-in user can be tricked into executing a specially crafted program that exploits CVE-2025-24983 in the Win32 kernel subsystem, code with system privileges can be executed. In combination with an RCE exploit, this could lead to a system takeover.
Critical Windows vulnerabilities
Microsoft classifies five RCE vulnerabilities in Windows as critical, which have not yet been attacked. Two vulnerabilities in the Remote Desktop Services — CVE-2025-24035 and CVE-2025-24045 — appear to be particularly problematic. An attacker would only need to connect to a vulnerable RDS gateway in order to inject and execute code.
Microsoft Office security flaws addressed
Microsoft has fixed 11 vulnerabilities in its Office products and services, all of which are RCE vulnerabilities. The vulnerability CVE-2025-26630 in Access stands out as it was already publicly known in advance (zero-day vulnerability). However, the only vulnerability identified as critical is CVE-2025-24057, which can probably affect all Office apps. There are three RCE vulnerabilities each in Word and Excel.
Microsoft Edge security flaws addressed
The latest security update for Microsoft’s Edge browser is version 134.0.3124.51 from March 6, based on Chromium 134.0.6998.45. It fixes an Edge-specific security vulnerability (CVE-2025-26643). Google later released a new security update for Chrome (version 134.0.6998.89) on March 10, which fixed a zero-day vulnerability.
© 2025 PC World 4:05am 
|
|
|
|
|
Addlink S93/A93 SSD review: Good value if you skip the heatsink
At a glanceExpert's Rating
Pros
PCIe 4.0 host memory bus performance
Heatsink-less S93 is a super bargain
Five-year warranty
Cons
One of the slower drives in its class
Our Verdict
The Addlink A93/S93 is a solid-performing PCIe 4.0, DRAM-less NVMe SSD that can save you a few bucks. But the A93 with its heatsink faces heavy competition from many similarly priced and often faster SSDs.
Price When Reviewed
This value will show the geolocated pricing text for product undefined
Best Pricing Today
PCIe 4.0 host memory buffer (HMB) SSDs like the Addlink S93 / A93 (heatsink) are all the rage these days. Without the cost of DRAM primary cache added to the mix, the modules are cheaper to produce and can still match DRAM-designs in most performance areas.
That said, the 1TB version of the S93/A93 I tested ranks low among a list of very fast SSDs — primarily due to a very slow time in our 450GB write compared to the 2TB competition.
Read on to learn more, then see our roundup of the best PCIe 4.0 SSDs to for comparison.
What are the Addlink S93’s features?
The S93 is a 2280, PCIe 4.0 x4 (four lane) NVMe 2.0 SSD sporting a Phison P27T controller and 162-layer TLC NAND. It’s a host memory buffer design, which means in lieu of DRAM, your device’s memory is used for primary caching duties.
When it first showed up, HMB designs were slower than DRAM in most areas. Now they regularly compete well in terms of sequential throughput, though DRAM still rules when it comes to random 4K operations. The gap seems to be slowly closing though.
Addlink warranties the S93/A93 for five years and the drives feature a 300TBW per every 1GB of capacity rating. That’s a bit on the parsimonious side — actually, half of what we normally see from TLC drives.
The S93 is bargain, the A93, not quite so much.
The back of the S93 NVMe SSD.
TBW indicates the amount of data that may be written under warranty. Note, that you may be able to write a lot more than that before the drive turns read-only. This is basically a vendor risk calculation.
How much is the S93/A93?
The S93 we tested is very affordable at $68.44 for the 1TB, $133.44 for the 2TB, and $268.44 for the 4TB. The heatsink on the A93 adds more bucks than I was expecting, making the 1TB version $84.44, the 2TB $149.44, and the 4TB capacity $312.44.
The S93 is bargain, the A93, not quite so much. It’s a nice heatsink, but few users need one and the graphene heat spreader/label on the S93 dissipates a fair amount of heat.
How fast is the Addlink S93?
The 1TB S93 Addlink proved mostly competitive performance-wise, if not up there with the best we’ve seen. What dragged down its overall performance to 24th out of 29 PCIe 4.0/HMB/TLC SSDs that I’ve tested was its miserable 450GB write time. That’s primarily thanks to having only half the NAND of its competitors available for secondary caching.
All three PCIe 4.0/DRAM-less/TLC competitors listed in the chart — the Lexar Play 2280, WD Black SN7100, and the Teamgroup T-Force A440 Lite — are 2TB models.
As you can see, CrystalDiskMark 8 rated the S93’s sequential transfer abilities highly when queues were in play. But the single-queue performance was more than a bit off the highly ranked WD Black SN7100’s.
As you can see, CrystalDiskMark 8 rated the S93’s sequential transfer abilities highly when queues were in play. But the single-queue performance was a bit off the competition. Longer bars are better.
Random performance in CrystalDiskMark 8 was better, and actually comparable with a single queue in play. The Lexar’s tragic numbers in these tests were largely a matter of subpar caching, as they turned competitive when we reduced the CrystalDiskMark 8 data set to 16GB.
Random performance in CrystalDiskMark 8 was a bit better, and actually comparable with a single queue. Longer bars are better.
I have nothing to complain about with the A93/S93’s 48GB transfer times. It’s good in common real-world scenarios.
I have nothing to complain about with the S93’s 48GB transfer times. Shorter bars are better.
The 450GB is where being only 1TB in capacity hurt the S93/A93 — there’s simply less NAND to treat as SLC secondary cache. However, the slowest write speed was still a SATA-like 600MBps, so this isn’t quite as tragic as you might think in the grand storage scheme.
The 450GB is where being only 1TB in capacity hurt the S93 compared to the competition — there’s simply less NAND to treat as SLC secondary cache. Shorter bars are better.
Again, in its 2TB flavor, the S93/A93 would likely have ranked a good deal higher.
Note that originally I was set to test the heatsink-clad A93 that Addlink also provided. Alas, to use the SSD in my upside-down secondary PCIe 5.0 M.2 slot, the heatsink had to go.
Rather startlingly, the two NAND chips came off the PC board along with the heatsink and its thermal coupling material. This should not happen, and was a first for me after performing numerous other similar operations. Make sure you opt for the bare S93 if you don’t need or can’t use a heatsink.
Should you buy the Addlink S93/A93?
The S93/A93 is hardly a barn burner in the category, but it will do the job, and in its S93 incarnation it’s outstandingly affordable. That said, I recommend the 2TB version and looking for it on sale.
How we test
Drive tests currently utilize Windows 11, 64-bit running on an X790 (PCIe 4.0/5.0) motherboard/i5-12400 CPU combo with two Kingston Fury 32GB DDR5 4800MHz modules (64GB of memory total). Both 20Gbps USB and Thunderbolt 4 are integrated to the back panel and Intel CPU/GPU graphics are used. The 48GB transfer tests utilize an ImDisk RAM disk taking up 58GB of the 64GB of total memory. The 450GB file is transferred from a 2TB Samsung 990 Pro which also runs the OS.
Each test is performed on a newly NTFS-formatted and TRIM’d drive so the results are optimal. Note that in normal use, as a drive fills up, performance may decrease due to less NAND for secondary caching, as well as other factors. This can be less of a factor with the current crop of SSDs with far faster late-generation NAND.
Caveat: The performance numbers shown apply only to the drive we were shipped and to the capacity tested. SSD performance can and will vary by capacity due to more or fewer chips to shotgun reads/writes across and the amount of NAND available for secondary caching. Vendors also occasionally swap components. If you ever notice a large discrepancy between the performance you experience and that which we report, by all means, let us know.
© 2025 PC World 4:05am 
|
|
|
