Google reveals POODLE vulnerability found in obsolete but widely used SSL 3.0 protocol, to update its browser soon
Google on Tuesday revealed that the decade old, but still widely used SSL 3.0 (Sockets Layer) has a major security flaw. According to the company, the vulnerability dubbed as POODLE (short for, Padding Oracle On Downgraded Legacy Encryption) allows decryption of the contents of encrypted connections to websites. The vulnerability affects any product that follows SSL 3.0, which includes Chrome, Firefox, and Internet Explorer.
The SSL is a protocol that is supposed to encrypt your communications, including your connections with any bank website etc, so that nobody can eavesdrop on it. The protocol, however has become relatively older, and has been replaced with newer protocols like Transport Layer Security 1.0 through several many versions. However, if the security protocol at both the ends are common, the SSL 3.0 becomes relevant again, even if the superior encryption protocol TLS is available, and that is exactly where the problem lies. “If a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around serve side interoperability bugs.”
The design flaw dubbed POODLE is a vulnerability lying within the codes of SSL, and is why they affect the widely used browsers. Google has announced that it is scrubbing SSL 3.0 support from Chrome browser. Mozilla has also announced that it will squash the support for the outdated protocol with the Firefox v34, which it will release next month.
