Author Topic: Punycode vulnerability in Chromium  (Read 1230 times)

Offline ubuysa

  • Comodo's Hero
  • *****
  • Posts: 390

Offline JoWa

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5507
  • I believe in doubt.
    • Evolutionary history of life
Re: Punycode vulnerability in Chromium
« Reply #1 on: April 25, 2017, 08:49:41 AM »
In Chromium older than M58.
Ubuntu 18.04 | Chrome 70β | HTTPS Everywhere | Privacy Badger
Forum Policy | Comodo Product Help

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24580
Re: Punycode vulnerability in Chromium
« Reply #2 on: April 25, 2017, 10:23:52 AM »
With FF browser the problem can be mitigated:
Quote
Firefox users can limit their exposure to this bug by going to about:config and setting network.IDN_show_punycode to true. This will force Firefox to always display IDN domains in its Punycode form, making it possible to identify malicious domains. Thanks to user MARKZILLA from reddit for this temporary solution.


People with Chrome using the latest version are protected:
Quote
Chrome 58+ users and Firefox users who apply this fix will see the Punycode domain rather than "apple.com"

Also using a password manager helps to mitigate the problem:
Quote
A simple way to limit the damage from bugs such as this is to always use a password manager.

Extra vigilance also comes in  handy:
Quote
In general, users must be very careful and pay attention to the URL when entering personal information. Until this is fixed, concerned users should manually type the URL or navigate to sites via a search engine when in doubt.

Using your bookmarks for important sites may also help to mitigate the issue.

Offline ubuysa

  • Comodo's Hero
  • *****
  • Posts: 390
Re: Punycode vulnerability in Chromium
« Reply #3 on: April 26, 2017, 02:14:40 AM »
Since Dragon is at Chromium 55 this is a concern I think. There are currently 3 extension available for Chromium that warn of Punycode content, I'm now running the Punycode Alert extension which seems to function quite well.

Dragon at Chromium 58 would be the ideal solution though..........

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek