Web Security News

Google admits Chrome was vulnerable to WebKit hack

Monday, May 18, 2009

Google said last week that it had patched a vulnerability to its Chrome web browser that could have been exploited through WebKit code.

The vulnerability was patched in an update issued May 7, but Google did not disclose the vulnerability until after Apple had fixed the same flaw in its Safari browser.

The company said in a blog post last Wednesday that its May 7 update - which arrives automatically for users of the stable version of the browser - contained a fix for CVE-2009-0945, "an issue in WebKit code that also affects Apple's Safari."

Thanks to Google's foresight, Apple was possibly spared the embarrassment of having Safari exposed to a hack that it had itself sponsored through the Pwn2Own hacking contest it promoted in March.

For the contest, a German computer science student won $15,000 after exploiting the flaw to infiltrate Apple Safari, Internet Explorer 8 and Firefox.

Chrome and Safari both use the open-source WebKit rendering engine to power their browsers, although "Nils," the name given by the German student, was unable to exploit the flaw in Chrome.

Another Pwn2Own contestant, IT security professional Charlie Miller, won $5,000 for exploiting a flaw in Safari to hack a MacBook in less than 10 seconds. Apple prohibited the contest winners from providing details of the hack.
ADNFCR-1765-ID-19174417-ADNFCR

Related News:

Network security concerns prompt postponement of Google phones in China - 1.20.2010
The Wall Street Journal reports that Google has decided to indefinitely postpone the launch of two of its Android smartphones to the Chinese market, which pundits have taken as further proof of the growing rift between the search giant and the Chinese government.

Cloud network security concerns prompt Microsoft to propose new laws - 1.20.2010
Microsoft's general counsel, Brad Smith, told an audience at the Brookings Institution today that the government should step in to regulate the emerging cloud computing industry and help protect businesses and consumers from fraud and abuse.

Network security experts unmask command servers behind Google attack - 1.19.2010
Researchers at VeriSign's iDefense lab have published a report claiming that the Chinese government was responsible for the recent large-scale cyber attacks that targeted Google and other U.S. companies.

Out-of-band IE patch to fix widespread vulnerability - 1.19.2010
Microsoft will issue a patch to its Internet Explorer browser software before its next scheduled update, intended to fix the flaw that enabled hackers to launch a damaging cyber attack on numerous U.S. companies.

France and Germany warn citizens to avoid using Internet Explorer - 1.18.2010
The governments of both France and Germany have issued official warnings to their citizenry, saying that, until Microsoft releases a patch for the widely-used Internet Explorer web browser, it is a threat to network security and should not be used.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now