Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms

stapp · May 21, 2025

Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.
Click to expand...

The most notable user of OpenPGP is encrypted email provider Proton Mail. The team behind it maintains the library, and the technology is used to offer end-to-end encryption for its users.
Click to expand...

https://www.theregister.com/2025/05/20/openpgp_js_flaw/

Palancar · May 21, 2025

Ouch!!! This should be a rather easy fix. GPG support and Protonmail could close this gap pretty quickly. I haven't been over there yet to hear their side of this CVE. No way they will sit on an open flaw like this without a thorough response.

stapp · May 22, 2025

Palancar said: ↑

Ouch!!! This should be a rather easy fix. GPG support and Protonmail could close this gap pretty quickly. I haven't been over there yet to hear their side of this CVE. No way they will sit on an open flaw like this without a thorough response.
Click to expand...

Please let us know when you hear anything.

Log in or Sign up

Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms

stapp Global Moderator

Palancar Registered Member

stapp Global Moderator

Log in or Sign up

Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms

stapp Global Moderator

Palancar Registered Member

stapp Global Moderator

Useful Searches