Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware


  • Please log in to reply
No replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 02 February 2016 - 10:45 PM

Google security boffins have thrown the book at Comodo for turning off Chrome security.

As explained in this advisory today, users who install Comodo Internet Security may not realize that their Chrome installation is replaced with Comodo's own browser, Chromodo.

That little bit of crapware isn't secure at all: it's set as the default browser, and "all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices," Google's Tavis Ormandy notes.

Chromodo is promoted as a "private browser" on Comodo's website, but it's not only not private, it's not remotely safe to use, because it also disables Chrome's same-origin policy.

The same-origin policy enforces a rule that one script can only access data in another script if they're both from the same site. Without it, users are exposed to malicious sites sniffing private data.

 

Article From The Register



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users