Google Updates Chrome against a Severe VulnerabilityOn April 23, 2009, Google released the latest version of Chrome browser so as to mend a serious security vulnerability that was detected on April 8 for the first time by Roi Saltzman, a leading researcher at IBM Rational Application Security Research Group. Saltzman discovered that the Chrome was susceptible to cross-site scripting (XSS) attacks that, in turn, trigger various other attacks. For instance, attacker could steal victims' cookies, direct the users to some malicious site, assist phishing attacks and steal online form's saved data. The flaw infuses universal XSS that can lead to successful exploit of the vulnerability. In other words, once the vulnerability is abused, it could initiate a sequence of malicious assaults, including phishing. Further, this recently discovered vulnerability is like users having Chrome already installed in their systems and who unfortunately visited a hacker-controlled site by means of browser other than Internet Explorer may experience unusual things, including the opening of a group of tabs, followed by loading and execution of malicious codes after traversing to a URL of the hacker's choice. Moreover, Chrome may install itself on the compromised websites according to the choice of attackers, including malware distributors, hackers and phishers. This, in turn, helps attackers to implant malware or other malevolent codes on the PCs which visit the infected websites. Besides, Chrome has been continuously troubled by various security issues since the time of its launch (towards the end of 2008). Security researchers have reportedly discovered severe flaws in the browser's beta version. Additionally, security experts have commented that security has been a major issue for Chrome since a long time as it uses different browsers' technologies, such as Firefox of Mozilla, and Safari of Apple. Google's Chrome received its major update in March 2009 for the last time; at that instant, it was able to survive a big hacking competition called PWN2OWN. However, browser vendors strongly boast that they are highly alert to all the reports related to vulnerabilities and are able to efficiently avoid such exploits. But, security concerns have definitely increased amid these latest browser attacks, as security of software still remains a debatable issue as exemplified by Google releasing yet another patch for its Chrome browser. Related article: Google Rectifies Gmail flaw in Three Days » SPAMfighter News - 5/4/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
