Ethereumteam has issued a security alert for Mist Browser Beta v0.9.3 and below. Unlike Parity wallet vulnerability, no fund is affected so far. It is an alert to protect Private key from malicious websites.According to the blog,
Due to a Chromium vulnerability affecting all released versions of the Mist Browser Beta v0.9.3 and below, we are issuing this alert warningusers not to browse untrusted websites with Mist Browser Beta at this time.Malicious websites can potentially steal usersprivate keys.
The Mist browser is based on Electron, which is based on Chromium. Chromium is an open-sourcebrowserproject that aims to build a safer, faster, and more stable way for all users to experience the web. But, multiple vulnerabilities have been found in Chromium so far, the worst of which could result in the execution of arbitrary code. Each new Chromium release fixes numerous securityissues. There is no workaround found so far. All Chromium users should upgrade to the latest version.
“A core problem with the current architecture is that any 0-day Chromium vulnerability is several patch-steps away from Mist:
- first Chromium needs to be patched, then
- Electron needs to update the Chromium version, and
- finally, Mist needs to update to the new Electron version.”
Users should remember that Mist is still beta software, and there are no warranties of any kind, expressed or implied. For safety of the wallet and private key, tt is advised not visit untrusted websites with Mist, not use Mist on untrusted networks. Keep your day-to-day browser updated and keep track of your Operating System and anti-virus updates.
Ethereum Wallet desktop app are not affected as they do not fall under the same category as ‘Mist Browser’. So, for now, it is recommended to use Ethereum Wallet to manage funds and interact with smart contracts.Ethereum Dev team is working to fix it as soon as possible.
Stay tuned to be updated.