Log in or Sign up

Comodo Chromodo browser does not enforce same origin policy and is based on an outdated version

Discussion in 'other security issues & news' started by ronjor, Feb 4, 2016.

Thread Status:: Not open for further replies.

ronjor Global Moderator

Joined:

Jul 21, 2003

Posts:

164,627

Location:

Texas

Original Release date: 04 Feb 2016 | Last revised: 04 Feb 2016
Overview

Comodo Chromodo browser, version 45.8.12.392, 45.8.12.391, and possibly earlier, does not enforce same origin policy, which allows for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities.
Click to expand...

ronjor, Feb 4, 2016

#1
WildByDesign Registered Member

Joined:

Sep 24, 2013

Posts:

2,587

Location:

Toronto, Canada

Also noteworthy here is that Chromodo's use of Ad Sanitizer by AdTrustMedia, AdTrustMedia being the parent company to PrivDog. PrivDog, of course, was big news back in all of that MiTM news regarding Superfish. Part of this vulnerability relates to the Ad Sanitizer extension.

WildByDesign, Feb 6, 2016

#2
Brosephine Registered Member

Joined:

Dec 4, 2015

Posts:

181

Location:

Metropolis

Do you know if the vulnerability applies to IceDragon? I like it as a back up browser!

Brosephine, Feb 17, 2016

#3
AutoCascade Registered Member

Joined:

Feb 16, 2014

Posts:

741

Location:

United States

This is a duplicate of Wild by Designs post from Feb 2, 2016

https://www.wilderssecurity.com/thre...ore-release-cicles.382607/page-3#post-2561395

AutoCascade, Mar 3, 2016

#4

Thread Status:: Not open for further replies.

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...