http://arstechnica.com/business/news/2012/03/after-the-pwnage-critical-google-chrome-hole-plugged-in-24-hours.ars By Dan Goodin ars technica March 8, 2012 Less than 24 hours after a Russian hacker pocketed $60,000 by exploiting a previously unknown critical vulnerability in Google Chrome, company developers released an update removing the security threat. The quick turnaround underscores one of the key advantages of Google's open-source browser: the speed in which highly complex bugs are fixed and updates are pushed out to users. By contrast, Microsoft, which must run updates through a battery of rigorous quality-assurance tests, often takes months to fix bugs of similar complexity. A post published Thursday morning to the Google Chrome Release blog said technical details will be withheld until a majority of users have actually installed the fix. For now, it described the vulnerability as an "UXSS and bad history navigation" issue and identified it as CVE-2011-3046. Even after a more detailed description is published, it's likely some characteristics will be withheld. Chrome is based on the WebKit, the same browser engine powering Apple Safari and many mobile browsers. Google researchers will likely be reluctant to provide information making it easier for hackers to compromise users of those systems until they've been updated as well. [...] ______________________________________________________________________________ Certified Ethical Hacker and CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best program, best price. http://www.ExpandingSecurity.com/PainPillReceived on Fri Mar 09 2012 - 01:23:10 PST
This archive was generated by hypermail 2.2.0 : Fri Mar 09 2012 - 01:22:37 PST