A Security Software Product "AVAST" Having A Flaw
An open-source Chromium browser has been taken up by so many antivirus vendors. And they always claim that they are more secure and privacy-friendly than the others. But, we have recently found serious flaws that are not in Chromium.
One of them is the Avast SafeZone browser which also known as Avastium. It installed with the paid version of Avast’s antivirus and security suites. Tavis Ormandy is the researcher who found this vulnerability. This vulnerability allows an attacker to have a full control of Avastium. Once he has full access then he could remotely access to read "files, cookies, passwords, etc." In one of the reports which Ormandy sent to Avast in December, announced it publically on Wednesday. He told that "the attacker could take control of authenticated sessions and read email, he can also interact with online banking, etc.”
According to the Ormandy Web-based proof of concept, an attacker can easily manipulate the list of contents of C:\drive, and can send any potentially files back to him.
Accorrding to Google researcher, " a Web accessible RPC service on the local computer has opened by the Avast that listens port 27275. If there is any malicious program or website opened in browser then it can easily send commands to this service by making a request to http://localhost:27275/command. But not all the commands are dangerous, there is one called SWITCH_TO_SAFEZONE which can used to open URL in Avastium. And not just any URL like http:// or https:// ones, but also local or private URL schemes like file:/// or chrome://.
This is the only the reason, Avast has removed Ormandy calls a "critical security check". Critical security check prevents any non-Web-related URL schemes from being opened from the command line. This protection is present in Chromium but not in Avastium, and this makes the attacker target it and achieved any malicious action.
This flaw has been reported by Ormandy on Dec. 18, but now it has been fixed by the company on Wednesday in Avast version 2016.11.1.2253. Ormandy also disclosed a critical vulnerability in Chromodo(a Chromium-based browser). It is distributed by the security firm Comodo.
Avast and Comodo are not the only security vendors who have created so-called “safe” browsers based on Chromium and are shipping it with their products. It would be interesting if Ormandy continues to investigate them, and found more serious flaws.
A security researcher Joxean Koret has found vulnerabilities in antivirus products. He advised people on Twitter not to use the browsers provided by antivirus vendors. “I’ve analyzed 3. All broken,” he said.
“Selling antivirus doesn’t qualify you to fork chromium, you’re going to screw it up,” Ormandy said in a Twitter message earlier this week.