Yahoo!It will take a lot of effort to regain user trust with Axis after a serious security error has been detected
This means that if a hacker wants to create a malware to infect Chrome, they can use this Axis authority to make the malware seem to be safe, aimed over the eyes. Chrome browser.
Once you have the right to confirm, Chrome will think that this malware has been approved by Yahoo! and allow installation.
Cubrilovic said he tested this security hole by creating a copy of the Axis add-on on Chrome, using the authentication license on the add-on Axis, then installing the fake add-on. Chrome browser. This process was perfect when Chrome mistook it for Yahoo's add-on.
According to Cubrilovic, if hackers use this Axis validation license, hackers could theoretically create malware to be able to capture all the websites that users access on Chrome browser, including login password and cookies.
As soon as there was information about this dangerous security vulnerability, a Yahoo spokesman said: 'We have received a report on Axis security vulnerability in Chrome. We will work quickly to fix this problem and launch new add-on on Chrome. Users who have installed Yahoo Axis on Chrome during the period of 6-9 am (Vietnam time) from May 23, please remove the old add-on and install the new version '.
Sophos later confirmed that Yahoo replaced the Axis add-on on Chrome browser to the new version. However, it is worrisome whether Google canceled the old license used by the old Axis add-on. If not, hackers can still take advantage of this license to create fake and intrusive add-ons to the Chrome browser.
Sophos also advises users not to use Axis at this time and wait a while for this add-on to really improve.
The newly discovered security vulnerability is considered a serious 'stumbling block' for Yahoo !, as it attempts to regain its image and reputation. However, with a serious security error after only one day of launch, Yahoo! It will take a lot of effort to regain the trust of users.