This week Ormandy also disclosed a critical vulnerability in Chromodo, another Chromium-based browser that's distributed by security firm Comodo as part of its Internet Security suite. The company provided a complete fix Wednesday as part of Avast version 2016. 18, Avast deployed a temporary fix that broke the attack chain.
![avast safezone avast safezone](https://thedailysound.com/wp-content/uploads/2019/11/Role-Of-Avast-SafeZone-Browser-And-Whether-To-Keep-This-Tool-Or-Switch-To-Avast-Secure-Browser-1-1200x720.jpg)
This protection, which exists in the original Chromium, was not present in Avastium, making it possible for an attacker to ultimately construct a payload that can read local files.Īfter Ormandy reported the flaw on Dec. That's because, for some reason, Avast has removed what Ormandy calls a "critical security check" that prevents non-Web-related URL schemes from being opened from the command line. And not just any URL like or ones, but also local or internal URL schemes like file:/// or chrome://. A malicious website opened in any browser can therefore send commands to this service by forcing the browser to make requests to While most of the available commands are not particularly dangerous, there is one called SWITCH_TO_SAFEZONE that can be used to open a URL in Avastium. Ormandy created a Web-based proof of concept exploit that can list the contents of the computer's C:\ drive, but an attacker could easily extend it to have any potentially interesting files sent back to him.Īccording to the Google researcher, Avast opens a Web accessible RPC service on the local computer that listens on port 27275.