What is
Chromodo?
Comodo’s Chromodo,
a Chromium-based browser based on the open-source project Chromium that claims
to improve the browsing experience by increasing loading speeds of the websites
and online security.
According
to the researchers, Chromodo automatically overrides system settings and set
itself as the Default Browser without users' knowledge. Comodo’s
Chromodo browser contains security failings and puts its users at risk.
According
to the Google report, Comodo's Chromodo browser is less secure than it claims
to be.
If your
default browser had been changed to "Chromodo", then you could
be at risk!
The main
security issue is that the Chromodo browser has SOP - 'Same Origin
Policy' disabled by default. This violates one of the strongest browser
security policy.
SOP permits scripts running in a web
browser to make requests to pages on the same domain.
It must
be enabled to prevent the malicious scripts on one page from obtaining access
to the data on another web page.
Disabling
SOP in Chromodo could allow attackers to steal session authentication
cookies, run malicious script codes and could even Replace websites with
attacker - created HTML design. Some Chromodo browser are vulnerable to
cross - domain attacks. “They also hijack DNS settings, among other shady
practices,” Ormandy wrote.
No comments:
Post a Comment