Avast SafeZone Browser Lets Attackers Access Your Filesystem

Found on Softpedia on Sunday, 07 February 2016

While Chromodo was caught disabling a crucial security feature called Same Origin Policy (SOP), Avast's Chromium fork is much worse, bringing a series of problems, one of which allows attackers to list and read files from your computer after you click a simple malicious link.

An attacker wouldn't even need an info-stealing malware strain if they knew their target had Avast's SafeZone installed, a browser that was dumping everything out in the open.

"Additionally, you can send arbitrary *authenticated* HTTP requests, and read the responses," Mr. Ormandy also explained. "This allows an attacker to read cookies, email, interact with online banking and so on."

It makes you wonder what is worse: the malware itself, or the products which claim to protect you.

Browse all articles« Previous « » Next »