Google researcher Tavis Ormandy has found more vulnerabilities in yet another security solution.
This time it’s Comodo Internet Security and, according to this issue tracking page, the software installs a new browser called Chromodo and sets it as the default browser.
“Additionally, all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices,” says Ormandy.
Chromodo is described by the company as a “fast and versatile internet browser based on Chromium, with highest levels of speed, security and privacy,” but according to the researcher that claim is untrue, as the browser disables the same-origin policy, effectively turning off web security.
Comodo has been notified of the problem, and has apparently fixed the issue, but Ormandy is not satisfied with the fix.
“It looks like Comodo pushed a change that removes the ‘execCode’ API that I was using in my exploit. This is obviously an incorrect fix, and a trivial change makes the vulnerability still exploitable,” he noted, and added that he will be pushing the matter further by filing a new bug with the trivial bypass of their fix as a new issue.
Ormandy has lately been concentrating on probing security software for vulnerabilities, and has so far found bugs in solutions by FireEye, Kaspersky, Avira, Webroot, Trend Micro and Malwarebytes.
In security circles he is (in)famous for releasing vulnerability information to the public in order to spur developers into fixing them quickly.