"Comodo "Chromodo" Browser disables same origin policy [...] [Merged]"

As reported by Tavis Ormandy Comodo “Chromodo” Browser disables same origin policy, Effectively turning off web security.

Seems like something that should be fixed properly and sooner rather than later.

Edit: Wasn’t sure where to put this, mods may move it if needed.

Reserved.
I informed the Comodo about it. Waiting response…
This guy know where to hit. :-TU

Looking forward to Comodo’s response from Google’s claims about Chromodo → Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware • The Register

Any comment Comodo ?

https://code.google.com/p/google-security-research/issues/detail?id=704

Wow! Google, an advertising company that snoops into your privacy in order to make a profit, makes a statement about Comodo. I still don’t believe it.

LOL! Google uses sniffing to get Chrome to load YouTube videos to load faster than the competition, pretty shady to me.
Let alone that they put so much priority on their browser when making changes to just about everything, leaving other browsers that aren’t Blink to play “catch-up,” anything to dethrone the competition, which is working, sadly.

I still trust a security company like Comodo over an advertising company like Google or Alphabet.

Both of them don’t care about user privacy at all.
Thankfully there are a lot of other solutions that do !

Edited image link. JoWa

I love how they manage to not include the fact that installation of Chromodo is not compulsary and you can opt-out of that option.

The DNS servers were changed within the browser to Comodos secure DNS servers adding the additonal level of protection and faster browsing.

The AdSanitizer extension can be disabled. I’m currently trying out the other Comodo Adblocker but AdSanatizer works best for me so far and the option to block all adds is in the settings if I don’t want to see any.

I don’t know anything about the supposed vulnerability that was described and then resolved but I feel safer searching the web with Comodo’s browsers.

Just my 2 pence.

Eric

It is very pathetic situation… can we learn since which version that Same Origin Policy disabled?
Is this affect Comodo Dragon & IceDragon?

Guys you can check your browsers Same Origin Policy is OK or not?

A js code introduced by a non comodo code has caused this issue.
we have removed it and will do a release shortly.
we regret that Google did not follow its own responsible disclosure guideline and put users at risks by releasing this publicly, against their policy of 90 days.

We always care for our users and users come first.

We welcome the extra attention from google since we launched http://whichadblocker.com/ world’s most comprehensive adblocking initiative that includes an Android ad blocker (http://www.amazon.com/COMODO-Security-Solution-Ad-Blocker/dp/B01ATW7NC6 )

We invite google, in the interest of user’s security, to follow its own published guidelines for responsible disclosure.


here is the note about Google responsible disclosure guideline, at the foot of the initial bug report, posted 21st Jan…of course its not been 90 days since 21st Jan.

[i]704 - google-security-research - Monorail

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.
[/i]

Merged similar topics

The fix mentioned by Melih has gone live. Start the browser and it will update its self.

Hi,

It is believed that the record with a working exploit on January 21, 2016 has been laid out, after there was no response received from the developers.

It’s true?

Hi everyone,
Im user of Comodo products and today I read article where was information about Chromodo with same-origin policy off (by Google Security Research). Why this concept for security is off? That´s issue? When will be fix it?
Thank you for answer

This is not good. :o

https://forums.comodo.com/news-announcements-feedback-cd/comodo-chromodo-browser-disables-same-origin-policy-t114533.0.html

no.

as you can see in the tweets, Comodo responded immediately. And a fix was released yesterday.

But against Google’s responsible disclosure guidelines regrettably they chose to release it before 90 days.
We are grateful that Google started spending their hard earned money testing our products right after we launched our adblockers http://whichadblocker.com/ we hope they continue to do that.

[attachment deleted by admin]

https://forums.comodo.com/news-announcements-feedback-cd/comodo-chromodo-browser-disables-same-origin-policy-t114533.0.html;msg829049#msg829049

Hello , everyone …Google says Comodo’s ‘secure’ browser isn’t safe to use at all

what’s going on here


here’s the link

Hello guys , I found this on (pc world). It’s all over the web

A serious issue that needs to be resolved.