Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chromodo Browser Disables Key Web Security (thestack.com)

Posted by timothy on from the it's-only-a-browser dept.

An anonymous reader writes: A Google Security Research update has claimed that Comodo's internet browser Chromodo, based on the open-source project Chromium, contains significant security failings and puts its users at risk. This week's Google alert suggested that the Chromodo browser – available as a standalone download, as well as part of the company's Security package – is less secure than it promises. According to analysis, the browser is disabling the Same Origin policy, hijacking DNS settings, and replacing shortcuts with Chromodo links, among other security violations.

5 of 54 comments (clear)

  1. I avoid knockoffs by LichtSpektren · · Score: 4, Insightful

    There's a lot of Chromium and Firefox clones/forks by small teams that have certain targeted goals (better UI, different default settings, etc.), but I tend to avoid them; I figure that Google and Mozilla have world-class security experts working for them, whereas these little forks, even if competently done, do not and might introduce security holes by accident.

    The same is also true for Linux distros--I advise people stick to the big ones (Debian, Ubuntu, Fedora/Red Hat/CentOS, Arch, Gentoo, SUSE, Tails) since they're thoroughly audited by security professionals, whereas those tiny little forks that do nothing but alter the UI probably aren't.

    1. Re:I avoid knockoffs by Trax3001BBS · · Score: 2

      What's noteworthy about this specific instance is that Chromodo is made by Comodo, an anti virus developer, and is supposed to have a focus on security. I've never used the browser itself, but I tend to stay away from chrom* and clones.

      What's noteworthy about this specific instance is that Chromodo is made by Comodo, an anti virus developer, and is supposed to have a focus on security. I've never used the browser itself, but I tend to stay away from chrom* and clones.

      I use Comodo firewall version 5.3.176757.1236 ~If it ain't broke don't fix it, been using it for
      years now. Between it and my hosts file I've stopped a lot of problems others have had.

      This version is very easy to configure, and a very small foot print, and it's on top of every file that want's access. Charter.com turned MMC.exe into a keylogger, Comodo caught it, became the front program and the scrolling stopped you couldn't miss the event. (I bought a streighttalk phone with a reused number flagged by Charter.com for a debit, and I had direct deposit). It's an issue still in the process of my satisfaction.

      Just had to get a shout out for Comodo, it's treated my very well for a long time now. As a firewall, sandbox and a fairly decent antivirus (which I quit using long ago), so fills a small gap as well.

  2. What? by ArchieBunker · · Score: 4, Insightful

    A shady browser that nobody has ever heard of is insecure? Who actually finds and installs this garbage besides the clueless and elderly?

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  3. Re:If Windows, then insecure... by gestalt_n_pepper · · Score: 2

    It doesn't. But why make it easier for them? At the very least, I get to opt out of those targeted ads.

    --
    Please do not read this sig. Thank you.
  4. The company behind forged certificates?? by Billly+Gates · · Score: 2

    Wasn't this the company who gave us forged compromised certificates last year that installed malware on some pcs and phones?

    They use a Lenovo style spearfish SSL MITM and replace legitimate certificates with their own. Gee no security problem with that. Kaspersky does the same too until you tell it not to scan HTTPS connections.

    --
    http://saveie6.com/