Google Resolves Six High-risk Vulnerabilities in Chrome
by iClass - Sunday, March 27, 2011
The release patches a buffer error in base string handling first identified by Alex Turpin. Security professionals at Google have resolved stale pointer in handling of Cascading Style Sheets (CSS) and SVG text handling, both identified by Sergey Glazunov. The update fixes a DOM tree corruption issue with broken node parentage. Use-after-free issues in the frame loader and HTML collection have been mitigated in the new Chrome channel. While the issue with frame loader was detected by Sławomir Błażek, Sergey Glazunov identified the issue with HTML collection. Use-after-free issue takes place, when memory is deallocated, but regained later. All the six vulnerabilities have been rated as high-risk. Google rates bugs as critical, high, medium and low. According to the company’s severity policy, those vulnerabilities are rated as high, which enable an attacker to gain access or modify confidential information on a website, allow execution of arbitrary code in sandbox, interference with browser security features and issues in sandbox implementation.
Vulnerabilities in software products are exploited by attackers to breach the security of computers and websites. Coding errors, compatibility issues and other human errors may result in vulnerabilities in software products. IT professionals could be encouraged to undertake refresher courses, secured programmer certification and other online university degree programs to improve their technical skills.
Usually, developers evaluate the strength of products through penetration testing. Google encourages security researchers to identify and report vulnerabilities, before their exploitation by the attackers. The researchers are awarded a cash prize under the company’s vulnerability rewards program. Sergey Glazunov received a total bounty of $7,000 for reporting four vulnerabilities.
The new version of chrome would be automatically updated. However, those users, who have not enabled automatic updates for the browser, must update the browser to avoid exploitation of vulnerabilities. Video tutorials, online degree and e-learning programs could help in creating cyber security awareness among individuals.
Hiring security professionals qualified in masters of security science and computer degree programs may enable organizations to keep track of the security updates and timely application of appropriate patches.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Read More Press Releases
Get press releases by email