{"id":8399,"date":"2025-02-11T05:11:31","date_gmt":"2025-02-11T04:11:31","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=8399"},"modified":"2025-02-11T05:11:31","modified_gmt":"2025-02-11T04:11:31","slug":"critical-chromium-flaw-discovered-in-mist-browser-beta","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/","title":{"rendered":"Critical Chromium Flaw Discovered in Mist Browser Beta"},"content":{"rendered":"<p><\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">Due to a Chromium security flaw impacting all distributed versions of the Mist Browser Beta v0.9.3 and prior, we are issuing this alert to advise users against visiting untrusted websites with Mist Browser Beta at this moment. Users of the &#8220;Ethereum Wallet&#8221; desktop application remain unaffected.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Configurations at risk: Mist Browser Beta v0.9.3 and below<br \/>\nProbability: Medium<br \/>\nImpact: High<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Deceptive websites may potentially compromise your private keys.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Since the Ethereum Wallet desktop application is not categorized as a browser \u2014 it solely connects to the local Wallet Dapp \u2014 it is not exposed to the same kinds of problems found in Mist. For the time being, it is advisable to use <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/ethereum\/mist\/releases\">Ethereum Wallet<!-- --><\/a> for fund management and engagement with smart contracts instead.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Mist Browser&#8217;s aim is to serve as a comprehensive user-facing bridge to the Ethereum blockchain and the range of technologies that comprise Web3. The browser significantly contributes to the next iteration of the web our ecosystem is actively developing.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">From a security perspective, creating a browser (an application that executes untrusted code) that manages private keys is a daunting challenge. Over the past year, we have had Cure53 perform an extensive security assessment of Mist, leading to substantial enhancements in the security of both the Mist browser and the foundational platform, Electron. We have quickly addressed identified security vulnerabilities.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">However, that alone is insufficient. Security in the browser domain represents an ongoing struggle. The Mist browser operates on Electron, which in turn is built on Chromium. Each new Chromium release addresses numerous security concerns.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">The layer that exists between Mist and Chromium, <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/electronjs.org\">Electron<!-- --><\/a>, is a project managed by GitHub aimed at simplifying the development of cross-platform applications using JavaScript. Recently, Electron has lagged behind Chromium, resulting in an expanding potential attack surface over time.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">A principal issue with the existing architecture is that any zero-day Chromium vulnerability is several patching steps away from Mist: first, Chromium must be patched, then Electron must upgrade its Chromium version, and finally, Mist must adopt the new Electron version.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">We are assessing ways to handle Electron&#8217;s infrequent release schedule, aiming to lessen the gap between the Chromium versions we utilize. Initial findings suggest that <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/brave\/muon\">Brave&#8217;s Muon<!-- --><\/a> (a fork of Electron) closely follows Chromium updates and presents one potential alternative. The Brave browser, which also integrates a cryptocurrency wallet, possesses a comparable threat model and security requirements as Mist.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">A vital reminder: Mist remains beta software, and you should treat it accordingly. The Mist Browser beta is offered on an &#8220;as is&#8221; and &#8220;as available&#8221; basis, with no warranties of any sort, either expressed or implied, including but not limited to warranties of merchantability or suitability for a particular purpose.<br \/>\nQuick security checklist:<!-- --><\/p>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">Refrain from storing substantial amounts of ether or tokens in private keys on an online device. Instead, utilize a hardware wallet, an offline gadget, or a contract-based solution (preferably a combination of these).<!-- --><\/li>\n<li class=\"css-cvpopp\">Make backups of your private keys \u2014 Cloud services are generally not the best choice for storage.<!-- --><\/li>\n<li class=\"css-cvpopp\">Avoid accessing untrustworthy websites using Mist.<!-- --><\/li>\n<li class=\"css-cvpopp\">Do not operate Mist on unreliable networks.<!-- --><\/li>\n<li class=\"css-cvpopp\">Ensure your daily browser is kept updated.<!-- --><\/li>\n<li class=\"css-cvpopp\">Monitor your Operating System and anti-virus updates.<!-- --><\/li>\n<li class=\"css-cvpopp\">Familiarize yourself with how to verify file checksums (<!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/ethereum\/mist\/wiki#verifying-sha-256-checksums\">link<!-- --><\/a>).<!-- --><\/li>\n<\/ul>\n<p>Finally, we extend our gratitude to the security researchers who diligently worked on reproducing issues and providing invaluable contributions through the <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/bounty.ethereum.org\">Ethereum Bounty program<!-- --><\/a>.<br \/>\n<!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">For additional information, please reach out here: <!-- --><em class=\"chakra-text css-0\">mist[at]ethereum dot\u00a0<!-- --><\/em>org.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">[We will update this notice as the situation progresses].<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">@evertonfraga<br \/>\nMist Team<!-- --><\/p>\n<p><!-- --><br \/>\n<!-- --><br \/>\n<!-- --><br \/>\n<!-- --><\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2017\/12\/15\/security-alert-chromium-vulnerability-affecting-mist-browser-beta\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Due to a Chromium security flaw impacting all distributed versions of the Mist Browser Beta v0.9.3 and prior, we are issuing this alert to advise users against visiting untrusted websites with Mist Browser Beta at this moment. Users of the &#8220;Ethereum Wallet&#8221; desktop application remain unaffected. Configurations at risk: Mist Browser Beta v0.9.3 and below<\/p>\n","protected":false},"author":3,"featured_media":8282,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[1235],"class_list":["post-8399","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ethereum","tag-return-a-list-of-comma-separated-tags-from-this-title-security-alert-chromium-vulnerability-affecting-mist-browser-beta"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Critical Chromium Flaw Discovered in Mist Browser Beta - WSJ-Crypto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Chromium Flaw Discovered in Mist Browser Beta - WSJ-Crypto\" \/>\n<meta property=\"og:description\" content=\"Due to a Chromium security flaw impacting all distributed versions of the Mist Browser Beta v0.9.3 and prior, we are issuing this alert to advise users against visiting untrusted websites with Mist Browser Beta at this moment. Users of the &#8220;Ethereum Wallet&#8221; desktop application remain unaffected. Configurations at risk: Mist Browser Beta v0.9.3 and below\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/\" \/>\n<meta property=\"og:site_name\" content=\"WSJ-Crypto\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-11T04:11:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"wsjcrypto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"wsjcrypto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/\",\"url\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/\",\"name\":\"Critical Chromium Flaw Discovered in Mist Browser Beta - WSJ-Crypto\",\"isPartOf\":{\"@id\":\"https:\/\/wsj-crypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"datePublished\":\"2025-02-11T04:11:31+00:00\",\"author\":{\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#primaryimage\",\"url\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"contentUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"width\":2100,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wsj-crypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Chromium Flaw Discovered in Mist Browser Beta\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wsj-crypto.com\/#website\",\"url\":\"https:\/\/wsj-crypto.com\/\",\"name\":\"WSJ-Crypto\",\"description\":\"Just Another Crypto News Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wsj-crypto.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\",\"name\":\"wsjcrypto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"caption\":\"wsjcrypto\"},\"url\":\"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Chromium Flaw Discovered in Mist Browser Beta - WSJ-Crypto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/","og_locale":"it_IT","og_type":"article","og_title":"Critical Chromium Flaw Discovered in Mist Browser Beta - WSJ-Crypto","og_description":"Due to a Chromium security flaw impacting all distributed versions of the Mist Browser Beta v0.9.3 and prior, we are issuing this alert to advise users against visiting untrusted websites with Mist Browser Beta at this moment. Users of the &#8220;Ethereum Wallet&#8221; desktop application remain unaffected. Configurations at risk: Mist Browser Beta v0.9.3 and below","og_url":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/","og_site_name":"WSJ-Crypto","article_published_time":"2025-02-11T04:11:31+00:00","og_image":[{"width":2100,"height":900,"url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","type":"image\/jpeg"}],"author":"wsjcrypto","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"wsjcrypto","Tempo di lettura stimato":"3 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/","url":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/","name":"Critical Chromium Flaw Discovered in Mist Browser Beta - WSJ-Crypto","isPartOf":{"@id":"https:\/\/wsj-crypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#primaryimage"},"image":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#primaryimage"},"thumbnailUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","datePublished":"2025-02-11T04:11:31+00:00","author":{"@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7"},"breadcrumb":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#primaryimage","url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","contentUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","width":2100,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/11\/critical-chromium-flaw-discovered-in-mist-browser-beta\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wsj-crypto.com\/"},{"@type":"ListItem","position":2,"name":"Critical Chromium Flaw Discovered in Mist Browser Beta"}]},{"@type":"WebSite","@id":"https:\/\/wsj-crypto.com\/#website","url":"https:\/\/wsj-crypto.com\/","name":"WSJ-Crypto","description":"Just Another Crypto News Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wsj-crypto.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7","name":"wsjcrypto","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","caption":"wsjcrypto"},"url":"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/8399","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/comments?post=8399"}],"version-history":[{"count":2,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/8399\/revisions"}],"predecessor-version":[{"id":8401,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/8399\/revisions\/8401"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media\/8282"}],"wp:attachment":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media?parent=8399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/categories?post=8399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/tags?post=8399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}