A Google Inc spokesman said on Tuesday that researchers with the company have uncovered a vulnerability in widely used SSL web encryption technology, finding a bug in the SSL 3.0 protocol.
SSL 3.0 is nearly 15 years old, but it is still widely used, Google said, in a Tuesday evening blog post. Even browsers that use newer protocols will retry failed connections with older protocol versions, including SSL 3.0.
“Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue,” Google said, in the statement. The immediate fix to the problem will “break some sites, and those sites will need to be updated quickly.”
“In the coming months, we hope to remove support for SSL 3.0 completely from our client products,” Google said.
This story is developing. Please check back for further updates.