Google Plans to Block Outdated Fixes in Chrome

Google is about to block the running of unprotected versions of plug-ins on its Chrome Web-browser for ensuring they're free from vulnerabilities which malicious websites could exploit.

As per the Google security team, the feature planned for release over the middle term would stop Chrome from executing a few outdated 'plug-ins.' the team further states that the exercise would be an assistance to end-users seeking updates, as reported by Channel Register on June 30, 2010.

The security team wrote that as a lot of plug-ins were found everywhere, they put Google users in the highest risk.

As per both Google and Mozilla, the new functions were designed in view of many attacks on non-secured plug-ins, particularly Adobe's Reader and Flash Player.

The security company 'F-Secure' states that Adobe's Reader software is now the most targeted for the distribution of malware in place of the earlier exploited Microsoft Word. This was in the case, for e.g., which Google revealed during January 2010, which leaked out confidential intellectual property.

The company stated that the large-scale exploitation of Adobe Reader/Acrobat was mainly due to the increased vulnerabilities in these applications in contrast to Microsoft Office software. More plug-ins like Flash Player of Adobe and Java Virtual Machine of Oracle were regularly attacked as well, as reported by Channel Register on June 30, 2010.

By exploiting the poorly secured plug-ins, online crooks plant malicious code on users' systems. When this is accomplished, they manage to carry out various malicious actions like exploiting network connection, searching sensitive folders containing valuable data, and capturing banking passwords of users.

According to the security researchers, cyber criminals conventionally employ the most simple attack technique of persuading an end-user to run a file or attachment (a malicious executable). But modern sophisticated attacks rely on searching unrevealed security flaws in the Web-browser plug-ins.

Security companies estimate that there is a rapid rise in attacks on Web-browser plug-ins, especially the widely used Reader PDF viewer of Adobe. McAfee, an antivirus agency, reported during April 2010 that over the Q1-2010 period, PDF attack codes made up for 28% of the total exploits that bore malware.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 7/9/2010