Avast browser

https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/ Thx @jermanuts #1 (comment)
beerisgood · Jul 16, 2024 · bed59fb · bed59fb
1 parent deb44eb
commit bed59fb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -26,7 +26,7 @@
 * SIM Card [Hijacking](https://www.maketecheasier.com/sim-card-hijacking/): How it works and what you can do about it
 * [SS7](https://secure-voice.com/ss7_attacks/) Attacks: Intercepting SMS and calls as easy as ABC
 * Messenger (problems): [Whatsapp's Backups](https://sudneela.github.io/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/), [Signal's Sealed Sender](https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/) and [downplayed](https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/) encryption key flaw, [Telegram](https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol)'s [*Cryptanalysis*](https://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest) and [very](https://words.filippo.io/dispatches/telegram-ecdh/) old [InSecurity](https://blog.bytebytego.com/p/ep29-online-gaming-protocol#§is-telegram-secure), Three Lessons from [Threema](https://breakingthe3ma.app/), [Converso - how to uncover extraordinary claims](https://crnkovic.dev/testing-converso/), Tox handshake [vulnerablity](https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/)
-* Browser Insecurity: [Pale Moon](https://seirdy.one/notes/2022/06/01/pale-moon/), [ungoogled-Chromium](https://qua3k.github.io/ungoogled/), [Brave](https://www.spacebar.news/p/stop-using-brave-browser)
+* Browser Insecurity: [Pale Moon](https://seirdy.one/notes/2022/06/01/pale-moon/), [ungoogled-Chromium](https://qua3k.github.io/ungoogled/), [Brave](https://www.spacebar.news/p/stop-using-brave-browser), [Avast Browser](https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/)
 * [SMS phishing](https://www.bejarano.io/sms-phishing/) is way too easy
 * [Why](https://gergelykalman.com/why-you-shouldnt-use-a-commercial-vpn-amateur-hour-with-windscribe.html) you [shouldn't](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) [*use*](https://superuser.com/a/926524) VPN [services](https://educatedguesswork.org/posts/public-wifi/) with their [leaks](https://www.leviathansecurity.com/blog/tunnelvision). If needed, use [MPRs](https://invisv.com/articles/relay.html)
 * [avoid](https://blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos/) Electron [*based*](https://www.malwarebytes.com/blog/news/2022/08/a-vulnerability-was-found-in-electron-which-is-what-drives-discord-spotify-and-microsoft-teams) [programs](https://blog.doyensec.com/2022/09/27/electron-api-default-permissions.html)