Sign in / up

back to article Google heads out the back with rifle, puts down POODLE

Google will destroy vicious POODLE in a pending update to its flagship Chrome browser. Update 40 will remove SSLv3 and the hard-to-exploit cookie-stealing Padding Oracle on Downgraded Legacy Encryption (POODLE) attack. Mountain View followed Redmond in its browser POODLE put-down after a single click FixIt SSLv3 disabler was …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    So it's been trivially easy to protect desktop browsers (IE/FF) but it's mobile devices which you are most likely to connect to random, possibly malicious net-works.

    My win 8.1 phone is vulnerable and I can't find anything regarding a patch being in the pipeline (not that I'd use a mobile device on a public wifi for anything sensitive mind).

    The stock android browser on JB 4.1 is vulnerable too and I can't see that being updated in the push to Chrome. I bet a lot of android device users that have the stock browser still use it.

    2 0 Reply

  2. This post has been deleted by its author

  3. Robert Helpmann??
    Childcatcher

    Talking Poodle

    There is a lot of misunderstanding concerning this vulnerability, at least among the probably non-representative set of admins I spoke with. Most of the confusion seems to be as to whether this is a client or server issue (it is both). This article has a fairly decent explanation:

    http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

    0 0 Reply
  4. Thomas Chippendale

    Cupertino ≠ Mountain View

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like