Potential vulnerability to attack via custom scripts/browser.html?

  • Hi all, just started using Vivaldi yesterday, already have it quite well customized to suit my needs/wants, and got a family member to start trying it out as well. I am certainly a convert, but, he mentioned something this morning that could be of concern. All it takes to make pretty massive changes to how Vivaldi works is something/someone running a .bat file as admin.. My question is, is there any protection against this? What is stopping someone from say, hacking Download.com, injecting a random popular app installer with a couple .js files and a code to run a small .bat file, and adding some disclaimer to the installer that it is recommended to run it as admin? Would that not allow them to quite massively alter the functionality of Vivaldi in nefarious ways? Seems like they could quite easily add in a keylogger, datasniffer, backdoor, who knows what, since all it takes to modify browser.html and install custom .js and .css files is a .bat file run as admin. And Vivaldi doesnt even notify you when there have been changes made to browser.html. It just accepts whatever modifications were made. I tried searching around for anything making mention of potential security risks in the way Vivaldi is customizable, but did not have any luck.

  • If you say Vivaldi installation package could be modified by someone, then I can say it could be. However, modified package couldn't be signed. So you shouldn't install it. Please take a look at "Unauthorized Vivaldi installers – help us find them"

  • @greench No, that is not what I am saying. I am asking if there is any security feature in Vivaldi stopping malware from modifying browser.html to run malicious code within the Vivaldi browser. Since we as users can modify how Vivaldi works as easily as running a .bat file as admin, could that functionality not also be used by malware?

  • I might get you wrong on this but as I see it when an attacker managed to get on your pc via a download and is able to execute files as admin I am pretty sure it doesn't matter at all which browser you use.

  • @faaaaq

    I am asking if there is any security feature in Vivaldi stopping malware...

    I believe, no. Not in Vivaldi. Nor in any browsers.
    Default place for Vivaldi installation is under root/admin jurisdiction, in Windows, Linux or Mac. If this so called malwares could alter that place, we got bigger problem to worry.

    Since we as users can modify how Vivaldi works as easily as running a .bat file as admin

    Never ever run sensitive applications as root/admin. Decide your self what's sensitive applications for your systems.
    just users in real multiple users system can't run anything as root/admin.
    If you allow just users able to run things as root/admin then Houston we have a problem.

    Only in Personal Computer (PC) users could also mean root/admin.
    In this case, your system protection protection is called I application. You know, that's the application we usually put between keyboard & chair.

  • @dLeon thanks for being so condescending. I work in IT, so I certainly wasn't aware of how to keep myself safe on my pc. Great browser, apparently terrible community..

  • @faaaaq -- Well, aren't you just the rude & arrogant one? Having just read your astonishing retort, i re-read your two earlier posts in this thread. I presume you typed the bit about your superior IT industry experience in invisible ink, or microdots, or in a parallel universe, or something else that this terrible community was too stupid to see? How do you expect dLeon, or anyone else reading this thread prior to your precocious outburst, to discern that you work in IT? Do you usually react this way when people waste their valuable time & effort trying to help you?

    I was going to post that, if using Linux, you could run V in FireJail for added security, as i do... but i suppose i'm just an idiot too for being so condescending to you. It won't happen again.


Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.