Is Vivaldi vulnerable to the new zero-day? CVE-2019-13720
-
Since Vivaldi is chromium-based it might be vulnerable to CVE-2019-13720 and CVE-2019-13721. Both are exploited right now in the wild.
Chrome has updated - I would recommend using chrome until we hear from the Vivaldi team! Read more here:
https://www.technadu.com/google-chrome-zero-day-flaw-under-active-exploitation/83700/
/ Alex
-
-
@x385993 I wouldn't get my undies in a bunch about it. If you're going to jump on every zero-day and exploit being reported out there, you'd be giving yourself a headache pretty fast.
Use a good AV solution and use common sense while surfing, and you'll be fine.
-
Very rarely zero days in chrome is exploited in the wild... Now it is - Chrome is already protected - vivaldi is not at the moment.
If you have nothing to protect, well then just use vivaldi right now
best regards,
Alex -
Windows defender is already updated against the latest exploits, on par with Chrome. The other AV have not fallen asleep either.
The AVs are updated in real time based on the cloud or in a matter of hours others, just know a new exploit. Therefore don't panic. -
The writeup on the Kaspersky Securelist blog is really informative:
https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/That's the kind of information I really enjoy reading about malware and get real details on how they work.
-
So unless this forum is hacked, I guess one is safe with disabling javascript and creating an exception for this forum...
And disabling the internal pdf viewer plugin in the settings if you have a tick there I suppose too. -
@Pathduck said in Is Vivaldi vulnerable to the new zero-day? CVE-2019-13720:
The writeup on the Kaspersky Securelist blog is really informative:
https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/That's the kind of information I really enjoy reading about malware and get real details on how they work.
In view of more than 800,000 new malware circulating on the network, I have the impression that the reason for such information corresponds more in commercial and advertising interests (use Chrome, Kasperski) that a necessary information for the user.There is a war in the network between different countries with a continuous attack on companies and governments and aimed primarily at them, not the normal user who can naturally become infected in ocasones when they do not have an updated system and act unconsciously on the network. But this is always valid, not only in "zero days"
-
@Pathduck off-topic but I couldn't help myself laughing about it, in the article there's a link to Chrome's bulletin about the exploit and the first comment was that below
:smiling_face_with_open_mouth_closed_eyes: :smiling_face_with_open_mouth_closed_eyes:
-
https://www.av-test.org/en/statistics/malware/
Normal that a user finds a robbery of a sack of rice in China more interesting than the appearance of a new exploit.
-
I find the advisory to use "Chrome or else" attitude to be flawed. Each and every browser or internet facing software is always open to attack. It's up to the user to use common sense while surfing the interweb. May I suggest using a solid antivirus along with a firewall with all ports stealthed. Personally I run avast free and Windows Firewall.
The idea of promoting the use of Chrome seems more like a knee jerk reaction rather than logic and wisdom.
It also sounds like a Chrome fanboy more than anything else.I promote using Vivaldi based on the fact Vivaldi is what Chrome wants to be. Vivaldi is much more personal and flexible than Chrome will ever be.
-
@Catweazle That and the most casual of casual browsers couldn't stand that and started removing even more stuff. They ditched 'New tab', 'Close other tabs', 'Reopen closed tab', and 'Bookmark all tabs' lol. I hope Vivaldi gets a positive impulse from that.
-
@Para-Noid I love vivaldi - but I hate the fact that serious patches takes so long time to deliver! It's putting it's users at risk - especially when there is a zero-day exploited in the wild.
I use vivaldi every day - except at this moment until we get the crucial update.
So - no chrome fanboy here... I use it out of necessity right now.
Firewall's / AV provide a false sense of security... They are only useful after a virus has been detected by AV-companies
-
@x385993 said in Is Vivaldi vulnerable to the new zero-day? CVE-2019-13720:
@Para-Noid I love vivaldi - but I hate the fact that serious patches takes so long time to deliver! It's putting it's users at risk - especially when there is a zero-day exploited in the wild.
I use vivaldi every day - except at this moment until we get the crucial update.
So - no chrome fanboy here... I use it out of necessity right now.
Firewall's / AV provide a false sense of security... They are only useful after a virus has been detected by AV-companies
Correct, an AV can only act against a virus when it is detected, browser like Chrome too. The detection of a new threat is public and that Google or Kaspersky write about this threat does not mean that they were the first to detect it.
But as I said before, there are tens of thousands of new threats on the network every day and therefore any browser or AV security update is ALWAYS relative. But a good AV has something that does not have a browser, a heuristic detection, that detects suspicious system changes.
This is why I believe that these articles correspond more to advertising reasons of Google or Kaspersky, than to a real threat.
The advertising of fear always results, whether in politics or in business.
The day before this news I had a Windows security update, which surely contained information about this threat, among others, for the Windows Defender. -
Minor Update (2) fixes this bug.
-
@x385993 said in Is Vivaldi vulnerable to the new zero-day? CVE-2019-13720:
serious patches takes so long time to deliver!
Vivaldi People don't work during the weekend. Now it's patched. Took a morning. Hopefully this will help you to calm down
-
@iAN-CooG said in Is Vivaldi vulnerable to the new zero-day? CVE-2019-13720:
@x385993 said in Is Vivaldi vulnerable to the new zero-day? CVE-2019-13720:
serious patches takes so long time to deliver!
Vivaldi People don't work during the weekend. Now it's patched. Took a morning. Hopefully this will help you to calm down
Vivaldi now safe against a threat over the 80,000 that still exists today.Remember that this patch does not replace the common sense of the user and a good updated AV, which should always have.
-
If not indiscretion, do you use anything other than the MS security package for the overall security of your Win 10? Or just MS suite?
-
@JoaBravo said in Is Vivaldi vulnerable to the new zero-day? CVE-2019-13720:
If not indiscretion, do you use anything other than the MS security package for the overall security of your Win 10? Or just MS suite?
Apart from my common sense, extensions in Vivaldi, which also prevent bugs and trackers from getting into them, I have TDSS Killer and AdwCleaner, I use Quad9 DNS, DNScrypt and have important files safe in the cloud.
I surf a lot and on the net I don't trust my shadow, in view of bad experiences in the past. -
-