PageSpeed Module Update Addressing CVE-2016-3626

Google has released an important security notice regarding a vulnerability (CVE-2016-3626) in the PageSpeed Module. The recommendation was to immediately update to the newest version of PageSpeed as all previous versions were affected.

CVE-2016-3626 permits a third party to trick the PageSpeed module into making arbitrary HTTP requests on arbitrary ports and re-hosting the response. If the machine running PageSpeed has access to services that are not otherwise available, this can reveal those resource and can also be used for cross-site scripting (XSS). XSS is one of the most commonly documented security vulnerability and enables attackers to inject client-side scripts into web pages as well as bypass access controls and tracking pages to reveal data as if another page of the same origin has requested it.

We, at FastComet address this by updating all of our shared hosting servers to the latest stable release of PageSpeed (ver. 1.9.32.14). The maintenance was performed without any downtime for our clients and their websites.

Additionally, all FastComet VPS and Dedicated servers are set on auto update, thus no further actions from our customers are required.

We have and will continue to stay on top of possible security vulnerabilities that could expose our clients to malicious activities.

Antoniy

Antoniy’s primary goal at FastComet is helping grow our client base through affiliates and strategic partnerships. It is all about statistics analysis, communication with our affiliates, working on various campaigns, searching the web for trends and generating ideas for future projects. You're likely to run across him at some point in the FastComet Community, too because he loves getting in and interacting with our great customers. You can always count on him to come up with strategic ideas for the team and is always searching for the smartest ways to spread our brand and services worldwide.