Google Patches Security Flaw Exploited by Security Researchers in Pwn2Own Contest

March 15, 2011 - PRLog -- Recently, Google patched a security flaw in Chrome browser exploited by security researchers in the Pwn2Own Contest. Security professionals at Google were prompt in releasing the security update for the WebKit flaw, which was exploited by Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers. The trio of researchers received a bounty of $15,000 for breaching the security of Blackberry Torch 9800 smartphone by exploiting WebKit flaw. Google also awarded a prize of $1,337 to the team of security researchers under the company’s vulnerability reward program. While Weinmann is a post-doctoral researcher from Luxembourg, lozzo works as an engineer in Germany and Pinckaers is a security consultant from the Netherlands.

Attackers may exploit the vulnerability resulted by an error in style handling to cause memory corruption. WebKit is the rendering engine used by Chrome browser. The company has rated the patched vulnerability as high in severity. Google rates vulnerabilities as critical, high, medium and low in terms of severity. High rating is given to a flaw that allows attackers to read confidential data or execute arbitrary code or interfere with browser security features, and those which arise during the implementation of sandbox.

The company has updated the stable and beta channels of the Chrome browser to 10.0.648.133 for Windows, Mac, Linux and Chrome by mitigating the WebKit security flaw. The company does not reveal additional information regarding security flaws for a long period to enable users to update the patch. Attackers try to take advantage of the lack of security awareness among people to exploit vulnerabilities. Online IT courses  and video tutorials may be used to create cyber security awareness among users.

Attackers are quick to identify and exploit vulnerabilities. The vulnerability reward programs by software developers are aimed at encouraging researchers to detect flaws before their exploitation by malicious individuals. Growing threats in the online environment have resulted in increased demand for professionals qualified in IT degree programs and security certifications.

Except for the identified security flaw, Google Chrome remained unbreached at the Pwn2Own contest. Firefox, the other popular web browser also survived the contest and was not intruded by security researchers. Security professionals are required to constantly update their skills to deal with vibrant security threats. Online IT degree, e-learning programs, webinars and seminars may help security professionals in enhancing their technical know-how and improving skill sets.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).