Consequences Chrome zero-day vulnerability for PHsPeed

and more notes about security..

As you might know, the internal browser of PHsPeed is build upon Chromium, the engine that is also used by Google Chrome and Microsoft Edge. So it is highly likely that this issue is in the embedded browser as well. Everybody is encouraged to upgrade their browsers as soon as possible.
Upgrading the embedded browser in the PHsPeed IDE usually takes a bit more time, as the open source Chromium needs to be updated and the engine that we use in our development environment needs to be updated also. As soon as these updates are available, we will upgrade the chromium engine.

That brings us to the main question. What is your current risk? The vulnerability applies when you visit websites that are not trustworthy or have some kind of hack. The internal browser is used to display your generated application(s) as localhost. Because of that, it is not very logical that you are in risk while developing PHsPeed applications. Unless you use the internal browser to visit all kinds of (obscure) websites, or are implementing the vulnerability yourself. Therefore: as long as you use the browser where it is intended for (developing PHsPeed web applications), you do not have a security risk.

In addition to this, we use Apache webserver as part of our Xampp installation. This is a webserver that is configured for testing and development purposes. Therefore it is NOT suitable for production environments. Most of our customers uploads the application on a shared hosting where the webserver is maintained by the provider, or intranet where the webserver is configured for production. But uploading the Xampp installation from your development studio into your production site is dangerous. Simply don't do that.

31 Mar 2022 Blog None