WHITEHAT SECURITY was made red in the face after Google managed to bork what it markets as "the most secure browser by default".Aviator is a Chromium-based browser designed to be safer because it strips out anything that will allow advertisers and other nasties to identify you.One problem, though. It doesn't. A Google+ post from Google security researcher Justin Schuh starts: "You probably shouldn't be using the WhiteHat Aviator browser if you’re concerned about security and privacy," and sort of goes downhill from there."Aviator is perennially at least two major releases behind Chrome, and ships with dozens of publicly disclosed vulnerabilities that are already fixed in the stable Chrome release," he added."Had these branding changes been made more carefully, this simply wouldn't be a problem and Aviator would be able to pull upstream changes and benefit from the security work being done by the Chromium Project."This is the tip of the iceberg, however. A number of bugs and vulnerabilities were introduced in the fork, which Schuh believes would not have been a problem if the company had used the Extension APIs instead of doing its own thing.Google already blocks extensions not downloaded from its store to avoid potential malware issues, but the process could still have been used "under the bonnet".The response from WhiteHat came in the form of ablog post which essentially had a bitch back at Google and didn't address the problems raised."We never claimed to be as fast as Google at releasing updates. In fact, that would be nearly impossible for a company of our size. Google gets the benefit of making in excess of $50bn a year from ads by marketing its users to advertisers," was one line that tickled us for its irrelevance.The company does, however, point out that, having just taken the Aviator fork open source, the intention was always to get the benefit of the user community in fixing these problems.However, when you are starting from two versions behind, it does beg the question of exactly how it can claim to be more secure.Schuh retorted to the blog post, pointing out that the response doesn't really change the fundamental problems. WhiteHat replied by posting a spoiler-filled review of The Imitation Game.Google currently pays bounties of up to $5,000 for bugs found in Chromium, but we don't think it counts if you add them yourself.
Comments
Post a Comment