Chromebleed Chrome Browser Plugin Will Safeguard You Against Heartbleed Exploit

rated by 0 users
This post has 6 Replies | 2 Followers

Top 10 Contributor
Posts 26,733
Points 1,209,490
Joined: Sep 2007
News Posted: Fri, Apr 11 2014 9:08 AM
The discovery of a security vulnerability in OpenSSH, which is a set of programs that provide encrypted communication sessions using the SSH protocol for an estimated two-thirds of the web, challenged the notion that anyone can ever be truly safe on the Internet, regardless of how careful you surf. How so? Researchers discovered a major vulnerability in OpenSSH that could allow hackers to dig up your personal information, including usernames, passwords, credit card data, and much more. It's called Heartbleed, and it has the Internet community on high alert. There's a patch available, which many website admins have applied, but if you want to err on the side of caution, Chromebeed is here to help.

Chromebleed is an extension for Google's Chrome browser. It uses a web service developed by Filippo Valsorda to check the URL of a page you just loaded. If the page is affected by Heartbleed, a Chrome notification will appear and you'll know not to enter any personal information.

Image Source: Flickr (snoopsmaus)

It's a simple solution to a pretty serious problem, though be advised that it can create false positives. If you don't trust the result but want to play it safe, we suggest getting in touch with the website owner or site admin to find out if (A) they're aware of Heartbleed and (B) if they've taken care of the situation by patching OpenSSH.

You can download Chromebleed here. Alternately, you can bookmark Filippo Valsorda's Heartbleed Test page to manually check individual websites for the vulnerability. And for those wondering, you're safe to enter your login credentials at HotHardware.
  • | Post Points: 65
Top 500 Contributor
Posts 94
Points 990
Joined: Oct 2010
Location: NYC
RMD replied on Fri, Apr 11 2014 10:15 AM

Thank you for this info!

  • | Post Points: 5
Top 500 Contributor
Posts 257
Points 3,190
Joined: Aug 2012
Jaybk26 replied on Fri, Apr 11 2014 11:40 AM

Maybe I'm not well informed, but this makes me curious. How can it tell if it's affected by heartbleed by its URL?

  • | Post Points: 20
Top 25 Contributor
Posts 3,494
Points 47,210
Joined: Nov 2005
Location: Metropolis
Super Dave replied on Fri, Apr 11 2014 11:41 AM

Thanks for the article, Paul. I was a bit leery of installing it but finally did. The results don't show up instantly and sometimes seemed to take a long time to register. Not sure how accurate this thing is but I used it to check my usual favorite websites (they all passed). Probably will use it for a few days and then disable it. 

 SPAM-posters beware! ®

  • | Post Points: 5
Top 500 Contributor
Posts 119
Points 1,295
Joined: Jul 2013
Location: Utah

It works by attempting to gain access to the website in question by using the "heartbleed bug". If it gets through it will notify you that the website is not protected against this attack.

So it lets you know, by actually performing the attack. It uses the same process as found here.

  • | Post Points: 20
Not Ranked
Posts 2
Points 10
Joined: Apr 2014

Shouldn't it be OpenSSL and not OpenSSH?

  • | Post Points: 5
Not Ranked
Posts 15
Points 90
Joined: Jul 2013

Thank the maker! This oil bath is going to feel so good.

  • | Post Points: 5
Page 1 of 1 (7 items) | RSS