Alert ! Ethereum Mist browser affected by Chromium vulnerability

Ethereum team has issued a security alert for Mist Browser Beta v0.9.3 and below. Unlike Parity wallet vulnerability, no fund is affected so far. It is an alert to protect Private key from malicious websites.

According to the blog,

Due to a Chromium vulnerability affecting all released versions of the Mist Browser Beta v0.9.3 and below, we are issuing this alert warning users not to browse untrusted websites with Mist Browser Beta at this time. Malicious websites can potentially steal users private keys.

Screen-Shot-2017-12-15-at-2.21.32-PM

Issue

The Mist browser is based on Electron, which is based on Chromium. Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. But, multiple vulnerabilities have been found in Chromium so far, the worst of which could result in the execution of arbitrary code. Each new Chromium release fixes numerous security issues. There is no workaround found so far. All Chromium users should upgrade to the latest version.

The layer between Mist and Chromium, Electron, is a project led by GitHub that aims to ease the creation of cross-platform applications using JavaScript. Recently, Electron hasn’t kept up to date with Chromium, leading to an increasing potential attack surface as time passes.

"A core problem with the current architecture is that any 0-day Chromium vulnerability is several patch-steps away from Mist:

  • first Chromium needs to be patched, then
  • Electron needs to update the Chromium version, and
  • finally, Mist needs to update to the new Electron version."

Users should remember that Mist is still beta software, and there are no warranties of any kind, expressed or implied. For safety of the wallet and private key, tt is advised not visit untrusted websites with Mist, not use Mist on untrusted networks. Keep your day-to-day browser updated and keep track of your Operating System and anti-virus updates.

How to access your wallet now?

Ethereum Wallet desktop app are not affected as they do not fall under the same category as 'Mist Browser'. So, for now, it is recommended to use Ethereum Wallet to manage funds and interact with smart contracts.

Ethereum Dev team is working to fix it as soon as possible. stay tuned to be updated.

Follow us at Twitter, Facebook, Google+ and Medium. For weekly newsletter, subscribe here. For publishing Press Release and free listing of ICO at our website, email at contact@etherworld.co.

Subscribe to EtherWorld.co