Chromium under versions 58 have a huge security problem

Slimjet bug reports
Post Reply
Pishraft
Posts: 19
Joined: Mon Jun 22, 2015 10:24 pm

Chromium under versions 58 have a huge security problem

Post by Pishraft »

look at this links:

https://www.engadget.com/2017/04/17/goo ... code-flaw/

https://arstechnica.com/security/2017/0 ... -you-want/

Google said the problem has been corrected in version 58
You can quickly prepare new version?

User avatar
oftentired
Posts: 1691
Joined: Tue May 13, 2014 3:14 am

Re: Chromium under versions 58 have a huge security problem

Post by oftentired »

I am not saying by this reply that Slimjet should not act on this exploit. But, really this is a never ending story. There is always another chapter to it.

We cannot trust any email/browser to be safe. The nasty people are always finding new ways to exploit the nice people. We cannot rely on any email/browser to be safe. A person needs to click safely by not clicking without looking first at the address, the underlying imbedded address not the obviously shown address.

So I'm saying the ultimate fix lay with the user. So for phishing.

I don't click imbedded links without looking at them first. In emails especially, if at all possible, I don't click the links. I go to the addresses from another route. For example I may get a billing from my power company. I don't click the email to go to their website. I use my own favorite I've created or just type it in manually.

If I've read the links correctly the chrome fix is in ver 59 which is in beta and not yet released. If a fix is brought into play in Slimjet I'm thinking it would be to change the address bar so that it reveals the actual punycode address while waiting on the 59 release.
For those of you who wear aluminum foil hats, the voices lie, don't believe them!

32 Bit SJ on Win 11

Pishraft
Posts: 19
Joined: Mon Jun 22, 2015 10:24 pm

Re: Chromium under versions 58 have a huge security problem

Post by Pishraft »

oftentired this problem is different
you see real URL bot it's not real !
for example if you open this URL you see аррӏе.com in address Bar:

https://www.xn--80ak6aa92e.com/

but it's not аррӏе.com !

they can make hyperlink like thies:

https://www.apple.com/

and your eyes can't recognise it's not real

Pishraft
Posts: 19
Joined: Mon Jun 22, 2015 10:24 pm

Re: Chromium under versions 58 have a huge security problem

Post by Pishraft »

It's fake:
https://www.apple.com/

It's real:
https://www.apple.com/

do you see any difference?

User avatar
oftentired
Posts: 1691
Joined: Tue May 13, 2014 3:14 am

Re: Chromium under versions 58 have a huge security problem

Post by oftentired »

really i got it

my reply stands as written; read it again
For those of you who wear aluminum foil hats, the voices lie, don't believe them!

32 Bit SJ on Win 11

dev
Posts: 761
Joined: Mon Apr 21, 2014 10:30 pm

Re: Chromium under versions 58 have a huge security problem

Post by dev »

whack this in or half dozen other extensions that are on the store till slimjet release ver 58 which the flaw is debugged in https://chrome.google.com/webstore/deta ... imhkmdcjne
Here's another one that people should be wary off but as oftentired says its the user themselves that need to be more careful as these exploits come everyday and chrome being the market leader in browsers nowadays its the one that gets targeted first https://www.ghacks.net/2017/05/18/you-s ... right-now/

User avatar
paul1149
Posts: 304
Joined: Sat Aug 30, 2014 1:51 pm

Re: Chromium under versions 58 have a huge security problem

Post by paul1149 »

Pishraft wrote:It's fake:
https://www.apple.com/

It's real:
https://www.apple.com/

do you see any difference?
When I hover over the links, yes, I see a difference in the status bar, which always displays the underlying link, not the link's name.

What oftentired says is correct. Of course vulnerabilities should be patched ASAP, but safe surfing is first and foremost a user function.
___

dev, it's unclear to me which password would automatically would be sent to the remote SMB server in that exploit. I always disable automatic downloads, though, because I want the opportunity to rename the file before it saves.

BW

Pishraft
Posts: 19
Joined: Mon Jun 22, 2015 10:24 pm

Re: Chromium under versions 58 have a huge security problem

Post by Pishraft »

paul1149
Thanks for your comment
Are you sure your browser is slimjet?
i see in both status bar apple.com
Here is screenshot:

http://i.imgur.com/sFK5GVs.png

User avatar
paul1149
Posts: 304
Joined: Sat Aug 30, 2014 1:51 pm

Re: Chromium under versions 58 have a huge security problem

Post by paul1149 »

My apologies, Pishraft. In Slimjet ( 14.0.9.0 (based on Chromium 57.0.2987.98 (64-bit)))
the true url is not shown in the status bar, as you say. Indeed, I was viewing this thread from Vivaldi, which I now use much of the time. There, the true url is revealed in the status bar. Thank you for the correction. This is indeed a vulnerability. Vivaldi 1.9.818 uses the Chrome/58.0.3029.82 engine.

Post Reply