HTTPS Everywhere Chrome users: be advised that a security vulnerability has been found of moderate severity with versions <= 2016.3.23 of the extension. This has been fixed as of the latest version, 2016.4.4, released earlier this week and available via the Chrome Web Store.[1]
The vulnerability, discovered by Dylan Katz[2], allows any remote website to cause the Chrome browser to hang indefinitely by triggering a redirect in HTTPS Everywhere with a specially-crafted URL. We thank Dylan for reporting this to us and allowing us to fix it in a timely manner. This was disclosed as a part of EFF's Security Vulnerability Disclosure Program[3], launched in December of last year. 1. https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp 2. https://www.eff.org/security/hall-of-fame 3. https://www.eff.org/security
signature.asc
Description: Digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
