News

Chrome and Firefox may have accepted counterfeit certificates

By admin
Spread the love

A bug in a library used by Chrome and Firefox for secure connections, among others, allowed forged certificates to be accepted. An update has been released for both web browsers.

Certain values ​​in an ssl certificate were not parsed rigorously enough, which could trick the Network Security Services library with fake rsa certificates. Several researchers discovered this; a French researcher discovered the problem at the same time as Intel’s security team. Rsa is one of the most widely used encryption algorithms for certificates.

Network Security Services is an open source library for SSL connections that is used in Firefox, Chrome and Chrome OS, among others. An update was released for both browsers last night. Thunderbird, Apache’s mod_ssl module, Pidgin, OpenOffice.org, and Java, among others, also rely on Network Security Services. Chrome on Android uses a different SSL library.

The issue can only be exploited if an attacker manages to intercept the visitor’s connection, for example by setting up a spoofed Wi-Fi access point, or by directing a user to a spoofed web page. It is not yet clear whether the vulnerability could also be exploited in practice. The Intel security team promises to release a paper detailing all the technical details of the issue.

You might also like
News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

ASUS will produce and support NUC mini PCs after Intel exit

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Eurostar starts check-in with facial recognition at train stations in London

News

Igor’s Lab shares specs LGA1851 socket Arrow Lake: PCIe 5.0 SSDs and more pins