Comodo unveils Chromium-based browser

The Comodo Dragon browser is based on Chromium, the same open source architecture as Google's Chrome, but also features links to several services that are specific to Comodo.

The browser highlights websites that serve domain-only certificates. These certificates prove only that the website being served to the browser belongs to the person that controls that domain name. In practice, domain-only certificates offer little real assurance that a site isn't operating a scam or serving malicious software. If Comodo Dragon encounters a domain-only certificate, it warns the user that the website may not be reliable.

Comodo was behind the Extended Validation Certificate movement, which created standards for issuing digital certificates based on more rigorous vetting of the applicants. Although many browsers now highlight websites that offer EV certificates, few alert users to sites serving domain-only certificates which have gone through minimal vetting procedures. The familiar padlock icon seen in many browsers during SSL sessions may fool many users into thinking that a site is secure, even when it isn't.

Comodo is also promoting the enhanced privacy in the Dragon browser. The company explained that the software does not transmit information about a browsing session to a remote server. "Other Chromium Project-based browsers refer software errors to remote servers," Comodo said. "When it finds software errors, Comodo Dragon responds with error messages found on the PC browser, keeping information about the user's internet travels private."

Chromium is an open source browser architecture that was built with security features from the ground up. Integrated sandboxing helps to keep the host operating system safe from any exploits designed to compromise the rendering engine, for example, while contributors have also implemented multiple security enhancements to the code in recent weeks. These include enforcing encrypted sessions, and clickjacking protection. Comodo will also presumably be able to benefit from the Google-operated vulnerability payment scheme, in which researchers are paid for exposing security flaws in the code.

The Comodo Dragon browser runs on Windows, but is not available for the Mac.

What’s Hot on Infosecurity Magazine?