Today Ethereum Foundation has published in his blog post, which States that a browser for ethereum Mist can compromise the private keys of users.
The threat arose from the newly discovered vulnerability, which the authors of the blog post klassificeret as “a serious danger” and that are in all the existing versions of the browser. However, the wallet Ethereum Wallet browser-compatible Mist is not in danger, again, according to the authors.
Mist users are advised to avoid “untrusted” web sites and default to use Ethereum Wallet to manage by any means.
The vulnerability is due to a basic software, Electron. And the delay updates for the Electron leads to the fact that the risk of attacks aimed at this vulnerability increases over time.
As a result, Mist is considering a move to one of the forks of the Electron, the schedule updates which are noticeably more frequent than the Electron.
Fraga, one of the developers of the browser and the author stressed that Mist is still in beta mode, and users that work with the browser, do so at your own risk.
Beta version Mist browser is provided “as is” and we make no guarantees when using it.
Fraga also noted that “creating a browser that handles private keys is a challenging task”.
Sponsored by the Ethereum Foundation, Mist is the most popular browser ethereum to work with decentralized applications (dapps).