Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: News > News > Google Confesses Chrome Vulnerability during Hacker Contest

» IT Security NEWS
 
» 19 May 2009
Google Confesses Chrome Vulnerability during Hacker Contest
Even though Chrome was so well-developed that, in last March's Pwn2Own hacking contest, it was the only browser left standing, Google has recently confessed that, at the time of the competition, its premiere web browser had the same vulnerability as the rest of its competitors.

Google didn't reveal the vulnerability because, even though Chrome's developers had noted the bug on the Google bug database the very same day the competition occurred, they ultimately decided to backtrack and become secretive about the problem out of consideration for the developers of Apple's Safari.

Mark Larson—the program manager for Chrome—related on a post published on May 7, "Disclosing that this release contains the fix for CVE-2009-0945, an issue in WebKit code that also affects Apple's Safari web browser. We did not want to disclose this until Apple's fix for Safari users was released."

The post addressed that the vulnerability itself stemmed from WebKit, the open source rendering engine that is incidentally utilized by both Safari and Chrome. Larson insists that the problem originates with WebKit's management of SVGList objects, so an exploit would require deceiving the user into browsing a malicious website. Then again, the reason why Chrome proved more durable during the contest was that it employs a "sandbox"-type security that blocks system access.

A successful hack of the WebKit vulnerability would only take a hacker so far because he's only allowed to run code within the constraints of the sandbox. The sandbox defense has also been used by both of the latest versions of Internet Explorer (IE 7 and 8) running under Windows Vista or the soon-to-be-released Windows 7.

Executing browsers in a sandbox is one of the latest methods of choice for enhancing browser security because browsers have increasingly become the favorite targets for hacker attacks. Even though this method is now being adopted by browser developers, a number of security products like Sandboxie and ZoneAlarm ForceField offer the same sandbox security option to any browser.

After the results of the Pwn2Own contest, Mozilla provided a patch for Firefox on March 27, while Apple's patch for Safari only appeared recently on May 12 as part of a hefty security update for the OS X. Microsoft's response to the proceedings was to produce a final build of IE 8 that's impervious to the Pwn2Own attacks, although IE 7 may still be susceptible.

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245