Executive Summary

Summary
Title Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium
Informations
Name VU#305096 First vendor Publication 2016-02-04
Vendor VU-CERT Last vendor Modification 2016-02-08
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#305096

Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

Original Release date: 04 Feb 2016 | Last revised: 08 Feb 2016

Overview

Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables the same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities.

Description

Comodo Chromodo is a web browser that comes packaged with Comodo Internet Security. It is based on Chromium 45.0.2454.93, which was released in September 2015. By default, the browser uses the Ad Sanitizer extension by AdtrustMedia, which disables same origin protections and allows for an attacker to access a victim user's web content from other domains via a specially crafted web page.

According to the original disclosure by the Project Zero team at Google, version 45.8.12.392 was released to address attacks based on the use of execCode. Version 45.8.12.392 appears to remove Ad Sanitizer.

Impact

By convincing a user to visit a specially crafted web page, an attacker can obtain access to web content from another domain.

Solution

The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workarounds.

Disable or remove Ad Sanitizer

Disabling or removing the Ad Sanitizer extension mitigates cross-domain attacks. This can be accomplished by updating to version 45.8.12.392 or through the extensions management interface. For instructions, refer to the Chromodo help page.

Note that disabling Ad Sanitizer does not address known vulnerabilities in the version of Chromium on which Chromodo is based. For this reason, users should prioritize implementing the following workaround.

Discontinue use

Until these issues are addressed, consider discontinuing use of Chromodo.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
AdTrustMediaAffected-05 Feb 2016
COMODO Security Solutions, Inc.Affected04 Feb 201604 Feb 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal6.5E:F/RL:U/RC:C
Environmental1.6CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

  • https://code.google.com/p/google-security-research/issues/detail?id=704
  • https://code.google.com/p/google-security-research/issues/attachmentText?id=704&aid=7040001000&name=exploit.html&token=ABZ6GAfUyycnO1UhdZ369lvGVlxdWMfS0Q%3A1454598007839
  • https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
  • https://help.comodo.com/topic-249-1-593-6760-.html

Credit

The CERT/CC acknowledges Tavis Ormandy of the Project Zero team at Google for disclosing this issue.

This document was written by Joel Land.

Other Information

  • CVE IDs:Unknown
  • Date Public:04 Feb 2016
  • Date First Published:04 Feb 2016
  • Date Last Updated:08 Feb 2016
  • Document Revision:16

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/305096

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2016-02-08 21:28:49
  • Multiple Updates
2016-02-08 21:24:27
  • Multiple Updates
2016-02-06 00:27:50
  • Multiple Updates
2016-02-06 00:23:18
  • Multiple Updates
2016-02-04 21:30:01
  • Multiple Updates
2016-02-04 21:24:42
  • First insertion