Archive for the ‘Same Origin Policy Bypass’ Category

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly

March 30th, 2019
Exclusive — A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure. Both unpatched vulnerabilities—one of which affects the latest version of Microsoft Internet Explorer and another affects the latest Edge

Posted in hacking news, Internet Explorer, microsoft, Microsoft Edge browser, Microsoft Internet Explorer, Same Origin Policy Bypass, Vulnerability, Zero-Day Vulnerability | Comments (0)

Comodo’s so-called ‘Secure Internet Browser’ Comes with Disabled Security Features

February 3rd, 2016
comodo-web-browser-security

Beware Comodo Users!

Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns.
First of all, make sure whether your default browser had been changed to “Chromodo” — a free browser offered by Comodo Antivirus.
If your head nod is “Yes,” then you could be at risk!
Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as ‘Private Internet Browser’ for better security and privacy, automatically overrides system settings to set itself as your ‘Default Browser.’
And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has ‘Same Origin Policy’ (SOP) disabled by default.
Google’s security researcher Tavis Ormandy, recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy.

Ormandy notes that “all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.”

Moreover, this is a total unethical movement to change default browser settings without users’ knowledge.
Same Origin Policy (SOP) is one of the browser security policies that permits scripts running in a web browser to only make requests to pages on the same domain.
If enabled, Same Origin Policy will prevent malicious scripts on one page from obtaining access to sensitive data on another web page.

What If, Same Origin Policy is Disabled

chromodo-browser

To understand this, assume you are logged into Facebook and somehow visits a malicious website in another tab.

With SOP disabled, various malicious script files on that website could take over the control of your Facebook profile, allowing malicious actors to compromise your account with access to your private messages, post status updates, etc.
The same thing Comodo is doing with its users, by default disabling SOP in Chromodo that could allow attackers to:
  • Steal session authentication cookies.
  • Perform malicious actions through script code.
  • Even Replace trusted websites with attacker-created HTML design.

How to Check, If your Browser has SOP Enabled/Disabled

If you are still unsure whether your browser is SOP disabled, then visit this link.
If you are getting a prompt as “Browser appears to be fine,” then you are out of danger.
But, if you are getting a negative approach such as “Your browser is not enforcing the SOP,” you are advised to migrate to other browsers such as Chrome or Firefox for your self-defense against any malicious attack.
Stay Safe! Safe Tuned!

Posted in chrome, Chromodo, comodo antivirus, hacking news, same origin policy, Same Origin Policy Bypass, secure web browser, web browser, Web browser security | Comments (0)

Microsoft Internet Explorer Universal Cross-Site Scripting Flaw

February 4th, 2015

A serious vulnerability has been discovered in all the latest versions of Microsoft’s Internet Explorer that allows malicious hackers to inject malicious code into users’ websites and steal cookies, session and login credentials.
UNIVERSAL XSS BUG WITH SAME ORIGIN POLICY BYPASSThe vulnerability is known as a Universal Cross Site Scripting (XSS) flaw. It allows attackers to bypass the

Posted in Cross site scripting, Internet Explorer, Internet Explorer Exploit, Same Origin Policy Bypass, Vulnerability, XSS vulnerability | Comments (0)