Chromodo Browser has serious security issues
Comodo's Internet web browser Chromodo, based on Chromium, has significant security issues according to a Google Security Research report that puts its users at risk while using it.
When Google launched its Chrome web browser years ago, several third-party companies created their own version of the browser by modifying specific settings of it that would improve user privacy.
Comodo was one of those companies that released a custom rebranded version of the Chrome browser launching it as Comodo Dragon.
The browser is optimized for speed, privacy and security according to Comodo. Last year, Comodo released another Chromium-based browser which it named Chromodo.
The core difference between the two browsers seems to be design related only, but it is difficult to tell since Comodo does not reveal detailed information about the differences between the two browsers on its site.
A recent Google report indicates that Comodo's Chromodo browser is less secure than it claims to be. The web browser is available as a standalone download but it also included in the company's Internet Security suite offering.
According to Google's analysis of the browser, it is disabling the same origin policy, hijacking DNS settings, replacing shortcuts with Chromodo links, and more.
FYI, I still haven't got a response. The same origin policy is basically disabled for all of your customers, which means there is no security on the web....this is about as bad as it gets. If the impact isn't clear to you, please let me know.
Same Origin is an important security policy which restricts how documents or scripts loaded from one origin can interact with resources from other origins.
Pages have the same origin if they share the protocol, port and host. So, http://www.example.com/ and http://www.example.com/dir1/ share the same origin as protocol (http), port (default) and host (www.example.com) are identical while https://www.example.com/ and http://www.example.com/ don't share the same origin as the protocol (https vs http) is not identical.
Comodo's Chromodo browser does not take same origin into account which means that scripts or resources from third-party sites can interact with a resource or script as if it would be from the same origin.
This could result in the stealing of browser cookies among other things if the issue is exploited.
Google released a proof of concept exploit, less than 10 lines of JavaScript code, that lists the data of a stolen cookie in a JavaScript popup in the browser.
Closing Words
It is quite frightening that security companies such as Comodo, AVG or TrendMicro have created products in the past that put users at risk despite claims by these companies that their products improve user privacy and security while on the Internet.
The companies in question fixed the detected issues or are in the process of fixing them, but the underlying implication is more severe than the detected security issue considering that this should not happen to security companies in first place.
Don’t forget Comodo’s security failure in 2011 with SSL certificates. That was very serious, and to quote infoworld.com:
“The whole story involves a company that simply didn’t do its job, betrayed our trust, and tried to excuse its incompetence by blaming a bigger villain.
Use Comodo products only with caution.
Complete article:
https://www.infoworld.com/article/2623829/authentication/weaknesses-in-ssl-certification-exposed-by-comodo-security-breach.html
use google browser is more danger than any browser
all data, all IP, they will collect
google browser = number one violators of user’s Privacies
Hey Admin, why don’t you release the new for Exploit in Avastium browser found by Tavis Ormandy??
Please see: http://www.pcworld.com/article/3030319/security/researcher-finds-serious-flaw-in-chromium-based-avast-safezone-browser.html
The Comodo’s vulneraility is not browser based… The problem was AdSanitizer extension. Now the extension completeyly removed from Comodo browsers.
Thanks
don’t forget ice dragon had no updates for over a year they should check if they hijack dns and turn off origin policy in it too.
for a security company and certificate authority they sure lapse in the security department.
New Chromodo version just released which fixed the problem above. Same origin policy problem fixed.
Download: http://www.majorgeeks.com/files/details/comodo_chromodo_private_internet_browser.html
Shame on you Google, this bug reports should be private for 90 days. They even did not obey their own rules.
Because Comodo released a adblocker for all platforms.. http://whichadblocker.com/
Google just doing against moves.. Google is an ad company. They did not like these adblockers you know ;)
Sincerely,
LOL. New rule soon: Avoid installing proprietary antivirus/security programs (they are selling your data, whatever).
Will be nice to have an overview of open source and truly freeware options on that front.
1. Security is a long-term project or huge system to maintain.
2. Everyone or every firm has its own advantages and weaknesses. Examples are:
* Google = Internet Search
* AVG… = top SECURITY program vendors, not the alternatives to Firefox, Chrome, yet.
You forgot the Biggest security threat out there these days – Microsoft!!!!!!!!!
Now that with Windows 8 and above they can collect every bit of personal data of what you do online or even offline and have it sent back to them and from that, sell it off to companies, means that nothing is safe anymore! The biggest thing that people don’t even realize it that when they get agree to the terms and conditions of the operating software, you actually agree to allow Microsoft to do this!. For those who try to remove this spyware from their computer, they have only found out that it magically reinstall itself. Did people really think that Microsoft was actually going to just give away Windows 10 and not make a profit from it?! It is also the one reason I no longer update my Windows 7 machine because I know that at least 1 of those updates will try and stick me into windows 10. It is just Plain upsetting that an American company like Microsoft can get away with something like this in a day like this when privacy issues are a big concern to people. Of course Microsoft claims that it will never give out personal information like you banking or credit card info. Only problem is that the software they use has recently been found to be easily hackable and others can now break into it and steal that same stuff that Microsoft is stealing from its customers. And I say stealing because many don’t actually read the Tearms of Service and have no idea what Microsoft is doing or the danger they are in!
Security is definitely a huge issue. It seems we cannot trust anything these days in terms of our browsers or even the computers that we buy. After all, how many companies have gotten in trouble for installing software on new computers that are basically showcasing everything we do online? I recently read about some of the top security threats for 2016 (https://anonymweb.co.uk/top-security-threats-for-2016-know-how-to-protect-yourself/), and I honestly think that this year is going to be one of the biggest in terms of what we face.
Comodo, Chromodo, what next? ComoChromodo?
“Comodo does not reveal detailed information about the differences between the two browsers on its site.” and “the underlying implication is more severe than the detected security issue considering that this should not happen to security companies in first place.”
it is a bit ironical that a browser declared as an improvement in terms of privacy and security waits for others to find the implications of their code manipulation. I’d advise thinking twice before relying on a browser proposed as a fork but including core modifications that can result in tough issues. Same with Waterfox when the developer declares he improved this, removed that, and the result being a problematic browser. You have to be an expert (such as the developer of Pale Moon browser) to know exactly what you are doing. Obviously Comodo lacks.
Chromodo? Bwahaha…. What a funny name for a browser…. XD
First line had me in stitches.. remembered a Family Guy joke:
“We now return to Janeane Garofalo and Mark Ruffalo in Garofaruffalo”
DNS Hijacking ?? It is just Comodo Secure DNS guys.. don’t be noob.. do not believe everything you read.
People called PrivDog as superfish in the past but KAspersky, Bitdefender Adguard etc. are alreayd doing the same thing..but people just blame Comodo about it. Look at the Avast HTTPS Scanning feature.. please google it as Avast in the middle!
The fixes are ready for Comodo browsers and they will be released soon.. Tavis should look into Comodo Internet Security, this will be more welcome to find a security flaw ;)
Look at that advertisement company > Google.. it knows everything.. I hate Google every single day.. They mislead users with fake concerns.. Disabling the same origin policy is not acceptable but others are fake lamentations..
Sincerely,
I am using Cent Browser, I am very satisfied!
http://centbrowser.com/
http://i.xomf.com/jmspk.jpg