Recently, Google updated Chrome to 9.0.597.107 for all supporting platforms. The latest update mitigates 19 vulnerabilities. Out of 19 vulnerabilities, 16 are rated as high risk bugs by the company, while the remaining three have been rated as medium risk vulnerabilities. Google rates those bugs as high risk, which allows an attacker access and modify confidential data as well as those bugs, which disrupt the security features of the browser. The company defines medium risk security flaws as those which allow attackers gain limited access to information. The patched security flaws were associated with textarea handling, internal extension functions, URL address bar, javascript dialogs, pickle deserialization, SVG rendering, WebGL and forms controls. The update mitigated stale pointer vulnerabilities associated with Stylesheet node, key frame rule, table handling, SVG animations, table rendering, XHTML, device orientation and layout. The new stable version of Chrome also includes a patch for use-after-free flaw associated with blocked plug-ins. The latest update comes a week before the Pwn2Own contest. Google has announced an award of $20,000 for breaching the Chrome browser in 30 minutes on the first day of the contest. The contest would be part of the upcoming CanSecWest security conference to be held in Vancouver. The company issues browser updates frequently to wipe out flaws. The vulnerabilities were discovered by security researchers affiliated to various organizations including Google security team. Google will disburse a total amount of $14,000 to 9 researchers for discovering 15 high risk vulnerabilities under the vulnerability rewards program. Sergey Glazunov and Martin Barbella, who discovered 3 high vulnerabilities each, will receive a bounty of $3,000 each. According to the company, with the latest bounty, the chromium rewards program has crossed $1,00,000. Web browsers are susceptible to vulnerabilities, which could be exploited by cybercriminals. Regular in-depth security evaluation of web browsers is crucial to weed out security flaws, prior to their exploitation by individuals with malicious intentions. Over the recent times, developers have been encouraging security researchers to pre-empt attackers in discovering flaws to protect users from security breaches. Several developers have initiated rewards programs to attract security professionals to share the identified vulnerabilities with the company before making them public. Users must adhere to security updates and advisories. Chrome users must immediately upgrade their browser to the latest version. The continuously evolving threats in the Internet space have resulted in greater demand for security professionals such as computer science degree holders. The prevalent security threats require security professionals to be vigilant and initiate prompt action. Proper communication of threats involved to management and employees is also crucial to ward off potential attacks. Security professionals may improve their soft skills through online degree and training programs. Introduction of online university degree programs on cyber security may encourage research among students and also help organizations to meet the growing requirement of cyber security professionals. Proactive steps on the part of different stakeholders such as developers, security researchers, individual users, employees, management, government bodies and regulatory authorities is crucial to thwart off the ever evolving security challenges.
Related Articles -
Chrome, vulnerabilities, security flaws, stale pointer, cyber security, Pwn2Own, Google, Internet, security, 9.0.597.107, textarea handling, WebGL,
|