Ethereum Browser Bug Could Put User Funds At Risk

Using ethereum browser Mist may put cryptocurrency private keys at risk, according to an Ethereum Foundation blog post published today.

The threat arises from a newly discovered vulnerability, which the blog post classifies as "high severity," and impacts all existing versions of the browser. However, Mist browser compatible Ethereum Wallet is not affected, the post clarifies.

As a result, Mist users are urged to avoid "untrusted" websites, and to default to Ethereum Wallet to manage any funds.

The vulnerability stems from the underlying software framework, Electron. Electron's delay in upgrading to correct known security issues has led to "an increasing potential attack surface as time passes," the post's author, Mist developer Everton Fraga, said.

As a result, Mist is considering migrating to a fork of Electron from Brave – named Muon – that has a more frequent release schedule.

In the post, Fraga stressed that Mist is still in beta mode, and users that engage with the browser do so without warranty.

He said:

"The Mist Browser beta is provided on an "as is" and "as available" basis and there are no warranties of any kind, expressed or implied, including, but not limited to, warranties of merchantability or fitness of purpose."

The developer further described security as a "never-ending battle" in browser development, writing: "making a browser (an app that loads untrusted code) that handles private keys is a challenging task."

Sponsored by the Ethereum Foundation, Mist is the most popular ethereum browser for browsing decentralized applications (dapps).

Code image via Shutterstock

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Rachel-Rose O'Leary

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.