Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Dark stablecoins will emerge, here’s why

    May 12, 2025

    Bitcoin SV holders attempt legal comeback against Binance

    May 12, 2025

    Top 3 catalysts for Bitcoin, altcoin prices this week

    May 11, 2025
    Facebook X (Twitter) Instagram YouTube
    X (Twitter) Instagram YouTube LinkedIn
    Block Hub News
    • Lithosphere News Releases
    • Altcoins
      • Bitcoin
      • Coinbase
      • Litecoin
    • Crypto
    • Ethereum
    • Blockchain
    Block Hub News
    You are at:Home » Security alert — Chromium vulnerability affecting Mist Browser Beta
    Ethereum

    Security alert — Chromium vulnerability affecting Mist Browser Beta

    Olivia MartinezBy Olivia MartinezApril 22, 2025No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Due to a Chromium vulnerability affecting all released versions of the Mist Browser Beta v0.9.3 and below, we are issuing this alert warning users not to browse untrusted websites with Mist Browser Beta at this time. Users of “Ethereum Wallet” desktop app are not affected.

    Affected configurations: Mist Browser Beta v0.9.3 and below
    Likelihood: Medium
    Severity: High

    Malicious websites can potentially steal your private keys.

    As Ethereum Wallet desktop app does not qualify as a browser — it accesses only the local Wallet Dapp — it is not subject to the same category of issues present in Mist. For now, it is recommended to use Ethereum Wallet to manage funds and interact with smart contracts instead.

    Mist Browser’s vision is to be a complete user-facing bridge to the ethereum blockchain and set of technologies that compose the Web3. The browser paves a significant path for the next Web our ecosystem is proudly building.

    Security-wise, making a browser (an app that loads untrusted code) that handles private keys is a challenging task. Over the course of the last year, we have had Cure53 conduct an extensive security audit of Mist, and vastly improved the security of both the Mist browser and the underlying platform, Electron. We’ve promptly fixed found security issues.

    But that is not enough. Security in the browser space is a never-ending battle. The Mist browser is based on Electron, which is based on Chromium. Each new Chromium release fixes numerous security issues.

    The layer between Mist and Chromium, Electron, is a project led by GitHub that aims to ease the creation of cross-platform applications using JavaScript. Recently, Electron hasn’t kept up to date with Chromium, leading to an increasing potential attack surface as time passes.

    A core problem with the current architecture is that any 0-day Chromium vulnerability is several patch-steps away from Mist: first Chromium needs to be patched, then Electron needs to update the Chromium version, and finally, Mist needs to update to the new Electron version.

    We’re examining how we could deal with Electron’s not-so-frequent release schedule, to reduce the gap between Chromium versions we use. From preliminary studies, Brave’s Muon (an Electron fork) follows Chromium updates closely and is one potential option. The Brave browser, which also contains a cryptocurrency wallet integration, has a similar threat-model and demands for security as Mist.

    An important reminder: Mist is still beta software, and you must treat it as such. The Mist Browser beta is provided on an “as is” and “as available” basis and there are no warranties of any kind, expressed or implied, including, but not limited to, warranties of merchantability or fitness of purpose.
    Quick security checklist:

    • Avoid keeping large quantities of ether or tokens in private keys on an online computer. Instead, use a hardware wallet, an offline device or a contract-based solution (preferably a mix of those).
    • Back up your private keys — Cloud services are not the best option to store it.
    • Do not visit untrusted websites with Mist.
    • Do not use Mist on untrusted networks.
    • Keep your day-to-day browser updated.
    • Keep track of your Operating System and anti-virus updates.
    • Learn how to verify file checksums (link).

    Lastly, we would like to thank the security researchers that worked hard on reproducing and making invaluable submissions through the Ethereum Bounty program.

    If you need further information, get in touch here: mist[at]ethereum dot org.

    [We’ll update this post as the situation evolves].

    @evertonfraga
    Mist Team






    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleAmp price prediction | What’s next for AMP coin?
    Next Article Craig Wright skips UK court hearing, COPA wants him in prison
    Olivia Martinez

    Related Posts

    Ethereum (ETH) sees major uptick as Pectra upgrade goes live

    May 8, 2025

    Allocation Update – Q1 2025

    May 8, 2025

    CVE-2025-30147 – The curious case of subgroup check on Besu

    May 7, 2025
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Dark stablecoins will emerge, here’s why

    May 12, 20250 Views

    Bitcoin SV holders attempt legal comeback against Binance

    May 12, 20250 Views

    Top 3 catalysts for Bitcoin, altcoin prices this week

    May 11, 20250 Views

    Shiba Inu pattern points to 190% surge asv burn rate rises

    May 11, 20250 Views
    Don't Miss

    TAO and Arbitrum investors rush to buy into 1Fuel presale before anticipated rally

    By Isabella TaylorApril 22, 2025

    For years, Arbitrum and TAO have dominated the market as two of the best altcoins…

    Slasher Ghost, and Other Developments in Proof of Stake

    April 24, 2025

    Bitcoin breaks $93,000 amid rumors that Saudi, UAE, or Qatar is buying

    April 23, 2025
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Demo
    X (Twitter) Instagram YouTube LinkedIn
    Our Picks

    Dark stablecoins will emerge, here’s why

    May 12, 2025

    Bitcoin SV holders attempt legal comeback against Binance

    May 12, 2025

    Top 3 catalysts for Bitcoin, altcoin prices this week

    May 11, 2025
    Most Popular

    TAO and Arbitrum investors rush to buy into 1Fuel presale before anticipated rally

    April 22, 202528 Views

    Slasher Ghost, and Other Developments in Proof of Stake

    April 24, 202519 Views

    Bitcoin breaks $93,000 amid rumors that Saudi, UAE, or Qatar is buying

    April 23, 202510 Views
    © 2025 - 2026

    Type above and press Enter to search. Press Esc to cancel.