Hi Can you confirm, that other platforms (Firefox, Android, Opera) are not affected? You may forward this to the oss-security list and request a CVE.
Regards, Jonas Am 08.04.2016 um 23:50 schrieb William Budington: > HTTPS Everywhere Chrome users: be advised that a security vulnerability has > been found of moderate severity with versions <= 2016.3.23 of the extension. > This has been fixed as of the latest version, 2016.4.4, released earlier this > week and available via the Chrome Web Store.[1] > > The vulnerability, discovered by Dylan Katz[2], allows any remote website to > cause the Chrome browser to hang indefinitely by triggering a redirect in > HTTPS Everywhere with a specially-crafted URL. We thank Dylan for reporting > this to us and allowing us to fix it in a timely manner. > > This was disclosed as a part of EFF's Security Vulnerability Disclosure > Program[3], launched in December of last year. > > 1. > https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp > 2. https://www.eff.org/security/hall-of-fame > 3. https://www.eff.org/security > > > _______________________________________________ > HTTPS-Everywhere mailing list > [email protected] > https://lists.eff.org/mailman/listinfo/https-everywhere
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
