Google has disclosed high-severity vulnerabilty in Chrome, discovered by searchers from Kaspersky labs, and being actively exploited. As per :
…
Google is urging users to update to the latest version of Chrome, 78.0.3904.87.
Please confirm whether the current version of Comodo Dragon is affected/exploitable,
and in the plausible event it IS currently affected, when will either a fix or the new version be offered for download to CD users ? TIA !
[edited, to add:] I am not intending to be rude, understanding security is hard - but, security IS Comodo’s trade, also ! Realising this issue re. Google Chrome looks crucial, being exploited “in the wild”, please tell us ASAP either : CD 77.0.3865.120 (current UIAM) is NOT affected by the exploitable Chrome flaw, OR else, how soon do you estimate we’ll be offered the fix, available for Chrome, and either backported to CD 77.xxx or as an updated CD 78 ?
Hello Czerno, we are investigating the root of the problem, if this version of dragon contains the exploit we will release a new version as soon as posible
Thank you, Sergiu ! In the meanwhile, are there known mitigations to the issue ? Should we stop using CD altogether ? Webpage hosting a (benign) demo of the exploit - or is this still embargoed ?
Hello Czerno, the experts says that it can be triggered only if the users enter on certain websites that are specially crafted for this which means, “the average user shouldn’t lose any sleep”.Google did not make a disclosure yet. More info in the next few days. Thanks for the concern.
Weeks later… no news ? How are we supposed to avoid those “certain sites”, specially crafted to exploit us? We can’t just ignore the threat and rely on mere luck, can we !
Google Chrome users are supposed to be protected. Please do the fix to Dragon ASAP, albeit just a beta release! I don’t know about Mr Average User, but this user is on the verge of loosing sleep while the menace is not addressed…
Hello Czerno this issue has been addressed in the newest release(v77.0.3865.121), and your question has been answered by our Product Manager, Shane. The new beta version of Dragon will come shortly, it is currently under test
Oh ! Good! Though I’d read Shane’s announcement about the issue, it hadn’t been clear (to me) that the mitigation was indeed included in the publicly released Dragon (.121).
… Now I sure will stop worrying about it!
The new beta version of Dragon will come shortly, it is currently under test