Google admits Chrome was vulnerable to WebKit hack
Monday, May 18, 2009
Google said last week that it had patched a vulnerability to its Chrome web browser that could have been exploited through WebKit code.
The vulnerability was patched in an update issued May 7, but Google did not disclose the vulnerability until after Apple had fixed the same flaw in its Safari browser.
The company said in a blog post last Wednesday that its May 7 update - which arrives automatically for users of the stable version of the browser - contained a fix for CVE-2009-0945, "an issue in WebKit code that also affects Apple's Safari."
Thanks to Google's foresight, Apple was possibly spared the embarrassment of having Safari exposed to a hack that it had itself sponsored through the Pwn2Own hacking contest it promoted in March.
For the contest, a German computer science student won $15,000 after exploiting the flaw to infiltrate Apple Safari, Internet Explorer 8 and Firefox.
Chrome and Safari both use the open-source WebKit rendering engine to power their browsers, although "Nils," the name given by the German student, was unable to exploit the flaw in Chrome.
Another Pwn2Own contestant, IT security professional Charlie Miller, won $5,000 for exploiting a flaw in Safari to hack a MacBook in less than 10 seconds. Apple prohibited the contest winners from providing details of the hack.
Related News:
March Madness latest threat to web security - 3.15.2010
The moment the 65-team field for the 2010 NCAA Divsion I Men's Basketball Tournament became public, cyber criminals began their latest attacks on web security.
Banks boost web security with new program - 3.15.2010
A new program designed by web security provider Trusteer allows banks to remotely access computers of its online banking users to investigate potential web and network security breaches.
Estonian cyber criminal jailed for targeting web security - 3.12.2010
The author of the Allaple malware strain that targeted local insurance firms and scores of other websites recently received a prison sentence of nearly three years. Arthur Boiko, a 44-year-old man from Estonia, pled not guilty to the charges, but a jury found him guilty after prosecutors claimed he sought revenge against the insurance company that denied his claim.
Small businesses need stronger web security - 3.11.2010
Cyber criminals have increased efforts to target the bank accounts of small businesses because they frequently do not have the web security measures in place that larger companies do, according to David Nelson of the Federal Deposit Insurance Corporation.
UK bankers struggle with online fraud - 3.11.2010
Online banking fraud cost bankers in the UK the equivalent of nearly $90 million in 2009, according business technology website Silicon.com.
|
