bitVelocity

Google Browser Update Exposes Millions of Users

bitVelocity Security Researchers Discover Serious Security Problem In Latest Version Of Google Chrome Browser

 
Repost This

Guelph, Ontario -- (SBWIRE) -- 07/12/2013 -- BitVelocity, LLC security researchers have discovered a serious security risk introduced by Google's latest version of Chrome Browser. Changes to the way Google Chrome's policy settings work have left millions of users exposed, any user that relies upon SOCKS proxy settings being read from the registry are at risk.

Adam Sculthorpe, head of bitVelocity's security team said "Google's browser updates silently, any user that was previously relying upon a secure SOCKS proxy configured via the registry is now at risk".

Many security software solutions that provide encrypted access to the Internet via secure proxies are affected, this happened because Google's Chrome developers decided to change the way policies work, Sculthorpe's team reported "Chrome no longer reads settings directly from the registry but instead from the Group Policy Object".

"The problem with this change is that Windows 7 and 8 home editions do not support it, something the developers seem to have overlooked or ignored, the gpedit tool which may have provided a workaround does not exist in these Windows Home Editions". said Sculthorpe.

This is a big deal because Google's Chrome browser updates are silent, affected users will not even know this has happened, anyone relying upon software that configures Chrome via registry policy settings likely believes they are still secure but aren't.

The bitVelocity security team has informed Google developers of this situation and requested a fix.

For further information about this vulnerability and how it may impact users please contact Adam Sculthorpe, head of security for bitVelocity at http://bitvelocity.com/