Google says Comodo’s ‘secure’ browser isn’t safe to use at all

Google says Comodo’s ‘secure’ browser isn’t safe to use at all

Comodo-browser

In an advisory published today, a Google engineer has pointed out that security firm’s Comodo suite of tools to stay safe online actually exposes users to possible attacks.

Tavis Ormandy, an information security engineer at Google, reports that the Comodo Internet Security suite installs a new browser called Chromodo and sets it as default during setup.

Ormandy says that when you install Comodo Internet Security, “All shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.”

What’s especially worrying is that Chromodo disables Chrome’s same-origin policy, which allows a script to access data in another script only if they’re both from the same site.

Without this setting in place, users are vulnerable to attackers who could attempt to intercept their traffic via malicious sites.

Shortly after the Lenovo Superfish adware fiasco last February, Comodo was found adding man-in-the-middle code to its app which caused affected machines to trust self-signed certificates — making it easy for hackers to snoop on users’ information.

If you’ve got Comodo Internet Security installed on your computer, you’re probably better off not using its included browser right now.

Update: Charles Zinkowski, director of corporate communications for Comodo, said in a statement:

The vulnerability was not with Comodo or the Chromodo browser itself, but rather with an add-on. It has been fixed and addressed. Comodo is releasing an update of Chromodo today (Wednesday) without the add-on, removing any issues and the update will go to all current Chromodo users as well.

As an industry, software in general is always being updated, patched, fixed, addressed, improved – it goes hand in hand with any development cycle. What is critical in software development is how companies address an issue if a certain vulnerability is found – ensuring it never puts the customer at risk. At Comodo, the customer always comes first.

 

[The Next Web]

February 4, 2016 / by / in , , , , , , , ,

Leave a Reply

Show Buttons
Hide Buttons

IMPORTANT MESSAGE: Scooblrinc.com is a website owned and operated by Scooblr, Inc. By accessing this website and any pages thereof, you agree to be bound by the Terms of Use and Privacy Policy, as amended from time to time. Scooblr, Inc. does not verify or assure that information provided by any company offering services is accurate or complete or that the valuation is appropriate. Neither Scooblr nor any of its directors, officers, employees, representatives, affiliates or agents shall have any liability whatsoever arising, for any error or incompleteness of fact or opinion in, or lack of care in the preparation or publication, of the materials posted on this website. Scooblr does not give advice, provide analysis or recommendations regarding any offering, service posted on the website. The information on this website does not constitute an offer of, or the solicitation of an offer to buy or subscribe for, any services to any person in any jurisdiction to whom or in which such offer or solicitation is unlawful.