Security note: Google Chrome 31.0.1650.63 and Microsoft Certificate Trust List (CTL) involved.



To address multiple vulnerabilities, dear professionals Google has released Google Chrome 31.0.1650.63 for Windows, Mac, Linux and Chrome. These vulnerabilities could allow a remote attacker to hijack a web session, spoof the address bar or cause a denial of service condition.
Connectikpeople encourages users and administrators to review the Google Chrome Release post entry and follow best practice security policies to
determine which updates should be applied.
Regarding Microsoft, the company is updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of a mis-issued third-party digital certificate, which could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties.
Microsoft also announced that with this action, users will be automatically being protected against this issue. ‘’The Enhanced Mitigation Experience Toolkit (EMET) 4.0 and newer versions can help mitigate man-in-the-middle attacks by detecting untrusted or improperly issued SSL certificates through the Certificate Trust feature’’. Stated Dustin Childs Group Manager, Response Communications
Microsoft Trustworthy Computing.

You can see the Microsoft Security Advisory 2916652.

Popular Posts