Chromodo Browser has serious security issues

Comodo's Internet web browser Chromodo, based on Chromium, has significant security issues according to a Google Security Research report that puts its users at risk while using it.

When Google launched its Chrome web browser years ago, several third-party companies created their own version of the browser by modifying specific settings of it that would improve user privacy.

Comodo was one of those companies that released a custom rebranded version of the Chrome browser launching it as Comodo Dragon.

The browser is optimized for speed, privacy and security according to Comodo. Last year, Comodo released another Chromium-based browser which it named Chromodo.

The core difference between the two browsers seems to be design related only, but it is difficult to tell since Comodo does not reveal detailed information about the differences between the two browsers on its site.

chromodo security issue

A recent Google report indicates that Comodo's Chromodo browser is less secure than it claims to be. The web browser is available as a standalone download but it also included in the company's Internet Security suite offering.

According to Google's analysis of the browser, it is disabling the same origin policy, hijacking DNS settings, replacing shortcuts with Chromodo links, and more.



FYI, I still haven't got a response. The same origin policy is basically disabled for all of your customers, which means there is no security on the web....this is about as bad as it gets. If the impact isn't clear to you, please let me know.

Same Origin is an important security policy which restricts how documents or scripts loaded from one origin can interact with resources from other origins.

Read also:  Malwarebytes 3.0: new all-in-one protection

Pages have the same origin if they share the protocol, port and host. So, http://www.example.com/ and http://www.example.com/dir1/ share the same origin as protocol (http), port (default) and host (www.example.com) are identical while https://www.example.com/ and http://www.example.com/ don't share the same origin as the protocol (https vs http) is not identical.

Comodo's Chromodo browser does not take same origin into account which means that scripts or resources from third-party sites can interact with a resource or script as if it would be from the same origin.

This could result in the stealing of browser cookies among other things if the issue is exploited.

Google released a proof of concept exploit, less than 10 lines of JavaScript code, that lists the data of a stolen cookie in a JavaScript popup in the browser.

Closing Words

It is quite frightening that security companies such as Comodo, AVG or TrendMicro have created products in the past that put users at risk despite claims by these companies that their products improve user privacy and security while on the Internet.

The companies in question fixed the detected issues or are in the process of fixing them, but the underlying implication is more severe than the detected security issue considering that this should not happen to security companies in first place.

Summary
Article Name
Chromodo Browser has serious security issues
Description
Comodo's Internet web browser Chromodo, based on Chromium, has significant security issues according to a Google Security Research report that puts its users at risk while using it.
Author
Publisher
Ghacks Technology News
Logo

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Chromodo Browser has serious security issues

  1. user February 3, 2016 at 9:20 am #

    I am using Cent Browser, I am very satisfied!
    http://centbrowser.com/

    http://i.xomf.com/jmspk.jpg

  2. Lugo February 3, 2016 at 12:19 pm #

    DNS Hijacking ?? It is just Comodo Secure DNS guys.. don't be noob.. do not believe everything you read.
    People called PrivDog as superfish in the past but KAspersky, Bitdefender Adguard etc. are alreayd doing the same thing..but people just blame Comodo about it. Look at the Avast HTTPS Scanning feature.. please google it as Avast in the middle!
    The fixes are ready for Comodo browsers and they will be released soon.. Tavis should look into Comodo Internet Security, this will be more welcome to find a security flaw ;)
    Look at that advertisement company > Google.. it knows everything.. I hate Google every single day.. They mislead users with fake concerns.. Disabling the same origin policy is not acceptable but others are fake lamentations..

    Sincerely,

  3. Tom Hawack February 3, 2016 at 1:02 pm #

    Comodo, Chromodo, what next? ComoChromodo?

    "Comodo does not reveal detailed information about the differences between the two browsers on its site." and "the underlying implication is more severe than the detected security issue considering that this should not happen to security companies in first place."

    it is a bit ironical that a browser declared as an improvement in terms of privacy and security waits for others to find the implications of their code manipulation. I'd advise thinking twice before relying on a browser proposed as a fork but including core modifications that can result in tough issues. Same with Waterfox when the developer declares he improved this, removed that, and the result being a problematic browser. You have to be an expert (such as the developer of Pale Moon browser) to know exactly what you are doing. Obviously Comodo lacks.

    • Pete February 3, 2016 at 3:36 pm #

      First line had me in stitches.. remembered a Family Guy joke:

      "We now return to Janeane Garofalo and Mark Ruffalo in Garofaruffalo"

    • hahaha February 15, 2016 at 4:32 pm #

      Chromodo? Bwahaha.... What a funny name for a browser.... XD

  4. D. H. February 3, 2016 at 4:00 pm #

    Security is definitely a huge issue. It seems we cannot trust anything these days in terms of our browsers or even the computers that we buy. After all, how many companies have gotten in trouble for installing software on new computers that are basically showcasing everything we do online? I recently read about some of the top security threats for 2016 (https://anonymweb.co.uk/top-security-threats-for-2016-know-how-to-protect-yourself/), and I honestly think that this year is going to be one of the biggest in terms of what we face.

  5. S0215 February 3, 2016 at 7:01 pm #

    1. Security is a long-term project or huge system to maintain.
    2. Everyone or every firm has its own advantages and weaknesses. Examples are:
    * Google = Internet Search
    * AVG... = top SECURITY program vendors, not the alternatives to Firefox, Chrome, yet.

    • Johndoe3815 July 5, 2017 at 3:44 pm #

      You forgot the Biggest security threat out there these days - Microsoft!!!!!!!!!

      Now that with Windows 8 and above they can collect every bit of personal data of what you do online or even offline and have it sent back to them and from that, sell it off to companies, means that nothing is safe anymore! The biggest thing that people don't even realize it that when they get agree to the terms and conditions of the operating software, you actually agree to allow Microsoft to do this!. For those who try to remove this spyware from their computer, they have only found out that it magically reinstall itself. Did people really think that Microsoft was actually going to just give away Windows 10 and not make a profit from it?! It is also the one reason I no longer update my Windows 7 machine because I know that at least 1 of those updates will try and stick me into windows 10. It is just Plain upsetting that an American company like Microsoft can get away with something like this in a day like this when privacy issues are a big concern to people. Of course Microsoft claims that it will never give out personal information like you banking or credit card info. Only problem is that the software they use has recently been found to be easily hackable and others can now break into it and steal that same stuff that Microsoft is stealing from its customers. And I say stealing because many don't actually read the Tearms of Service and have no idea what Microsoft is doing or the danger they are in!

  6. o_O February 3, 2016 at 10:05 pm #

    LOL. New rule soon: Avoid installing proprietary antivirus/security programs (they are selling your data, whatever).
    Will be nice to have an overview of open source and truly freeware options on that front.

  7. Lugo February 4, 2016 at 2:10 pm #

    New Chromodo version just released which fixed the problem above. Same origin policy problem fixed.
    Download: http://www.majorgeeks.com/files/details/comodo_chromodo_private_internet_browser.html

    Shame on you Google, this bug reports should be private for 90 days. They even did not obey their own rules.

    Because Comodo released a adblocker for all platforms.. http://whichadblocker.com/
    Google just doing against moves.. Google is an ad company. They did not like these adblockers you know ;)

    Sincerely,

  8. wonton February 4, 2016 at 2:53 pm #

    don't forget ice dragon had no updates for over a year they should check if they hijack dns and turn off origin policy in it too.

    for a security company and certificate authority they sure lapse in the security department.

  9. Lugo February 6, 2016 at 3:46 pm #

    Hey Admin, why don't you release the new for Exploit in Avastium browser found by Tavis Ormandy??
    Please see: http://www.pcworld.com/article/3030319/security/researcher-finds-serious-flaw-in-chromium-based-avast-safezone-browser.html

    The Comodo's vulneraility is not browser based... The problem was AdSanitizer extension. Now the extension completeyly removed from Comodo browsers.

    Thanks

  10. neverusegoogle March 27, 2016 at 1:29 pm #

    use google browser is more danger than any browser
    all data, all IP, they will collect

    google browser = number one violators of user's Privacies

Leave a Reply