Avast forked up its Chrome fork, so flings fix after Google goggles Antivirus vendor Avast has patched a vulnerability in its very own fork of the Chrome browser. And a good job too: the vuln allowed remote attackers to completely compromise the platform. Avast's SafeZone browser is bundled with its 2016 security products. It's based on the Avastium fork of Chrome, which is of course Google- …
This post has been deleted by its author
Does anyone know if Bitdefender Safepay is similarly impacted or at risk of this issue? I always worried about these dedicated browsers after my bank used to warn me that the latest version of Chrome was not being used. I then discovered that typically these "secure" browsers are a version or several behind the official release and no doubt missing subsequent security patches. Lazy bastards.
Just google puts their patch into Chrome and then somebody else has to take that patch and merge it into their fork. Now maybe you could set it up so both branches get the patch simultaneously, but a pain to manage.
Being a "little bit" behind on your version wouldn't be too bad - except when Google announce they've applied a security fix and everybody in Chrome is now safe, it's not the hardest thing in the world to identify where they've applied their fix, and then wander off to see if any popular-ish browsers based on Chromium haven't got theirs yet.
If you remember the first versions of these Eastern European miracles that changed the entire security software scene...
AVG and Avast started as extremely light, focused software which did one thing and did it perfectly. Once large funds and companies started to pour money, they added one bloat after another and became the very Symantec they fought with.
... trend of software vendors turning my browsing machine into a bunch of exploitable web-services.
So they make a browser that also has an accompanying service that listens for HTTP requests on localhost for "commands". That's quite a wide attack surface for a "locked-down" browser.
It does make me wonder how safe the spotify client is, given that it operates in a surprisingly similar fashion in order to interact with web-pages.
When Avast! added it's unsafe bloatware browser, I never used it because I don't want to be tracked by Gurgle. Wonder what other problems they have with their insecurity suite.
I do not feel safe, so never bank online. Sorry, Amazon, but rather not put my credit card out there.. Gift cards work better. Too many fools out there to trust my money for the convenience of credit cards online.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
