Google Updates Chrome Stable Channel to 10.0.648.205, Mitigates Critical Vulnerabilities

April 15, 2011 - PRLog -- Recently, Google updated Chrome stable channel to 10.0.648.205 for Windows, Linux, Mac and Chrome platforms. The latest update mitigates a vulnerability associated with Adobe Flash player and three vulnerabilities in Chrome. Adobe had earlier alerted users on the flash player vulnerability. The vulnerability was rated critical by Adobe. The latest version of Chrome stable Channel includes a new version of Adobe Flash. The security flaws in Chrome are associated with the GPU process. The vulnerabilities include a use-after-issue, off-by-three and heap overflow issue in GPU. Google has rated all the three security flaws as critical. The company rates those flaws as critical, which allow an attacker with user privileges on a computer to execute arbitrary code. Memory safety issues that allow an attacker to execute arbitrary code are also rated as critical.

Developers must frequently conduct in-depth security evaluation of software products to improve their security in accordance with latest threats. Usually, security professionals qualified in IT degree programs and security certifications such as penetration testing detect vulnerabilities. In this case, the off-by-three issue was identified by yuri.ko616 and heap overflow issue was identified by Christoph Diehl. The use-after-issue was identified by Chrome security team. Google encourages security researchers to detect and report vulnerabilities so that they could be mitigated before their exploitation by attackers. Researchers are rewarded for reporting flaws under the Vulnerability Rewards Program. While Diehl received a cash prize of $1,000, yuri.ko616 received $500 as prize money.

Google has been proactive in releasing security updates for the Chrome browser. Online IT degree courses, e-learning programs and webinars could help security professionals to update their technical skills and proactively deal with persistent IT threats.

Internet users must update immediately to the new stable channel to prevent exploitation of the identified vulnerabilities. Enabling automatic updates would allow browsers to identify and install updates and provide maximum protection to users. Developers must educate users on latest online threats and safe practices through security blogs, advertisements and e-flyers. Online IT courses and e-tutorials may also to gain insights on cyber security tips and best practices.

Contact Press

EC-Council
Website:  http://www.eccuni.us
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).