Yahoo! 'sticky' security error after 1 day of launch

Yahoo! Many people were surprised when they suddenly launched their own web browser, called Axis yesterday. However, it seems that Yahoo! was too impatient in his decision when a serious security error was soon discovered in Axis.

>>>Yahoo launches Axis browser - Chrome's "killer"?

Axis is the web browser that Yahoo! launched as an application for iOS platform (both iPhone and iPad), and works as an add-on for browsers on personal computers (Firefox, Safari, Chrome and Internet Explorer).

However, according to a hacker and businessman, Nik Cubrilovic, the add-on Axis on Google's Google Chrome web browser contains a serious security hole.

After downloading and installing the Axis add-on for Google Chrome for the purpose of checking source code, Cubrilovic discovered that the validation license that Axis uses to authenticate with Google, is basically a code used for Chrome. Check if the add-on is safe to install, can be easily accessed by anyone.

Yahoo!It will take a lot of effort to regain user trust with Axis after a serious security error has been detected

This means that if a hacker wants to create a malware to infect Chrome, they can use this Axis authority to make the malware seem to be safe, aimed over the eyes. Chrome browser.

Once you have the right to confirm, Chrome will think that this malware has been approved by Yahoo! and allow installation.

Cubrilovic said he tested this security hole by creating a copy of the Axis add-on on Chrome, using the authentication license on the add-on Axis, then installing the fake add-on. Chrome browser. This process was perfect when Chrome mistook it for Yahoo's add-on.

According to Cubrilovic, if hackers use this Axis validation license, hackers could theoretically create malware to be able to capture all the websites that users access on Chrome browser, including login password and cookies.

As soon as there was information about this dangerous security vulnerability, a Yahoo spokesman said: 'We have received a report on Axis security vulnerability in Chrome. We will work quickly to fix this problem and launch new add-on on Chrome. Users who have installed Yahoo Axis on Chrome during the period of 6-9 am (Vietnam time) from May 23, please remove the old add-on and install the new version '.

Sophos later confirmed that Yahoo replaced the Axis add-on on Chrome browser to the new version. However, it is worrisome whether Google canceled the old license used by the old Axis add-on. If not, hackers can still take advantage of this license to create fake and intrusive add-ons to the Chrome browser.

Sophos also advises users not to use Axis at this time and wait a while for this add-on to really improve.

The newly discovered security vulnerability is considered a serious 'stumbling block' for Yahoo !, as it attempts to regain its image and reputation. However, with a serious security error after only one day of launch, Yahoo! It will take a lot of effort to regain the trust of users.