Menu
Custom Web browser from Comodo poses security threat, researcher says

Custom Web browser from Comodo poses security threat, researcher says

The browser has the 'same origin policy' disabled

A customized version of Google's Chrome browser developed by security vendor Comodo has a jaw-dropping flaw, according to a researcher.

Tavis Ormandy, an information security engineer with Google, analyzed Comodo's "Chromodo," a browser based on the Chromium open-source code.

Chromodo is marketed as a browser with enhanced security and privacy controls. But Ormandy found it contains a flaw that violates one of the most basic rules for Web security.

Code that runs on one website shouldn't be allowed to execute on another since it would pose a great security risk. It's known as the same origin policy.

For some reason, the same origin policy was disabled in Chromodo, Ormandy wrote in an advisory.

"Chromodo is described as 'highest levels of speed, security and privacy,' but actually disables all web security," he wrote.

Ormandy typically gives companies 90 days to patch a flaw before going public, and he started writing about Chromodo on Jan. 21.

On Tuesday he updated the advisory, saying that it appeared Comodo tried to patch Chromodo against an exploit he developed. But the patch isn't effective and he planned on filing a fresh bug report.

Comodo officials reached Tuesday didn't have an immediate comment. The company is one of the largest sellers of SSL/TLS certificates, which encrypt data traffic, and other security products.

On Tuesday, Ormandy wrote on Twitter: "Selling antivirus doesn't qualify you to fork chromium, you're going to screw it up."


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

HP channel recognised at 2017 Partner Awards

HP channel recognised at 2017 Partner Awards

The HP Partner Awards 2017 at Shed 10 kicked off with an AMD-sponsored hackers lounge, a mysterious gaming style area filled with dry ice and red lasers, the waiters wearing Mr Robot style masks.

HP channel recognised at 2017 Partner Awards
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments