Google Resolves Six High-risk Vulnerabilities in Chrome 

by iClass - Sunday, March 27, 2011
In yet another update, Chrome stable and beta channels have been updated to 10.0.648.204. The latest update mitigates six vulnerabilities identified by various security researchers, and resolves performance and stability issues. The update also includes support for password manager on Linux.

The release patches a buffer error in base string handling first identified by Alex Turpin. Security professionals at Google have resolved stale pointer in handling of Cascading Style Sheets (CSS) and SVG text handling, both identified by Sergey Glazunov. The update fixes a DOM tree corruption issue with broken node parentage. Use-after-free issues in the frame loader and HTML collection have been mitigated in the new Chrome channel. While the issue with frame loader was detected by Sławomir Błażek, Sergey Glazunov identified the issue with HTML collection. Use-after-free issue takes place, when memory is deallocated, but regained later. All the six vulnerabilities have been rated as high-risk. Google rates bugs as critical, high, medium and low. According to the company’s severity policy, those vulnerabilities are rated as high, which enable an attacker to gain access or modify confidential information on a website, allow execution of arbitrary code in sandbox, interference with browser security features and issues in sandbox implementation.

Vulnerabilities in software products are exploited by attackers to breach the security of computers and websites. Coding errors, compatibility issues and other human errors may result in vulnerabilities in software products. IT professionals could be encouraged to undertake refresher courses, secured programmer certification and other online university degree programs to improve their technical skills.

Usually, developers evaluate the strength of products through penetration testing. Google encourages security researchers to identify and report vulnerabilities, before their exploitation by the attackers. The researchers are awarded a cash prize under the company’s vulnerability rewards program. Sergey Glazunov received a total bounty of $7,000 for reporting four vulnerabilities.

The new version of chrome would be automatically updated. However, those users, who have not enabled automatic updates for the browser, must update the browser to avoid exploitation of vulnerabilities. Video tutorials, online degree and e-learning programs could help in creating cyber security awareness among individuals.

Hiring security professionals qualified in masters of security science and computer degree programs may enable organizations to keep track of the security updates and timely application of appropriate patches.

Contact Press

Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.


0    submitted by iClass -
Read More Press Releases

PDP Pays Protestors against Buhari

What Causes an Underbite?

Ziqitza Healthcare Ltd aims to revitalise their on the go medical services

All Kids Braces Medical Card is now Available in Evanston through iDentity Orthodontics

'Home seekers looking to home loan interest rate cuts from RBI in Feb’: Niranjan Hiranandani

Hiranandani Group’s new foray into Dream Project of PMO Narendra Modi with commercial establishmens in GIFT City, Gandhinagar, and Gujarat

Isle of Man court stays order against Hiranandani

Thane the ideal ‘luxe living’ residential destination: Niranjan Hiranandani

Clipping Creations India Offer Multiple Service in Photo Editing

Practitioner seeks state funds to widen study of naprapathy to treat vets’ PTSD

Get press releases by email