Jump to content

Extreme Explorer 360 Chromium 78-86 General Discussion


Recommended Posts


Could not replicate here, stable and no crashes.

I did have to allow ebay.com, ebaydesc.com, and ebaystatic.com in NoScript.

But I did not have to change uMatrix settings to get eBay to "work" and it blocked 8 scripts from ir.ebaystatic.com and another from secureir.ebaystatic.com.

Are you just letting any-and-all scripts load on any-and-all websites?

Link to comment
Share on other sites

7 hours ago, ArcticFoxie said:

Are you just letting any-and-all scripts load on any-and-all websites?

Pretty much. I am not using NoScript.

Important disclaimer, this is version 12.0.1016. 

Link to comment
Share on other sites

Hi

Here is a complementary forum to avoid redoing what already exists concerning 360EE v12 and a support xp 2021 version RU and for different browser working with tor, like Basilisk 55 etc...

details

source of the update

Updated set of 4 browsers for Windows XP from July 31, 2021
- 360EE v12 - clone Chrome 78 (recommended browser, build December 2020)
- Modernized version of the TOR browser (2 versions - October 2020 and June 2021)
- Modernized version of classic Opera v12 (build June 2021)
- Basilisk browser analogue of FireFox (2 versions - September 2020 and July 2021)
:cool:

Edited by IXOYE
Link to comment
Share on other sites

On 5/6/2021 at 1:54 AM, CRK said:

is there any oficial website to keep updating with the mini browser version ??

I guess it should be available from browser.kfsafe.cn
 


Jarsin@Win10
$ whois kfsafe.cn
Domain Name: kfsafe.cn
ROID: 20200930s10001s31635017-cn
Domain Status: ok
Registrant: 卡饭(上海)信息安全有限公司
Registrant Contact Email: kfsafe@protonmail.com
Sponsoring Registrar: 阿里巴巴云计算(北京)有限公司
Name Server: dns7.hichina.com
Name Server: dns8.hichina.com
Registration Time: 2020-09-30 17:03:19
Expiration Time: 2021-09-30 17:03:19
DNSSEC: unsigned

Jarsin@Win10 ~
$ wget https://browser.kfsafe.cn/ -O - | grep "© 2021 kafan"
--2021-08-03 13:54:39--  https://browser.kfsafe.cn/
Auflösen des Hostnamens browser.kfsafe.cn (browser.kfsafe.cn)… 47.111.231.65
Verbindungsaufbau zu browser.kfsafe.cn (browser.kfsafe.cn)|47.111.231.65|:443 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK
Länge: 3599 (3,5K) [text/html]
Wird in »STDOUT« gespeichert.

                <p>© 2021 kafan All rights reserved. 沪ICP备2020031077号-4</p>
-                                      100%[===========================================================================>]   3,51K  --.-KB/s    in 0s

2021-08-03 13:54:40 (55,3 MB/s) - auf die Standardausgabe geschrieben [3599/3599]

I downloaded it yesterday from that site and it gives version number 1.0.0.121. I'm wondering, if 1071 in the 'repacked' MiniBrowser *.exe may reflect version 1.0.0.71?
kpm8Pr7.png

I suspect, that the Browser-Download of http://browser-download.kfsafe.cn/MiniBrowserSetup.exe  may be somewhat 'clean'. I tested the file and link with VirusTotal. It came out with zero malicious hits. https://www.virustotal.com/gui/url/8856c98c18f991dc70fe832744d054fb2ad237b040b23751a5d72030a5b1494b/detection https://www.virustotal.com/gui/file/c0fba86791698e7ffc6642d7385fa513b2cec4d98c05e3baf9a445e31313cd74/detection

Though I didn't try to observe the connections while browsing.

But on testing it's capabilities I noticed, it's (Or even my Windows XP SP3 in qemu) is affected by vulnarability CVE 2020-0601 curveball Certificate spoofing in crypt32.dll, according to Slllabs by Qualys. I didn't find any patch for that vulnerability in crypt32.dll in Windows XP. Is there any?

1209556217_2021-08-0302_06_00-QEMU(WindowsXP).thumb.png.2b0d76398ffd5ffc6535f1343584efa7.png1353049265_2021-08-0302_15_26-QEMU(WindowsXP).thumb.png.5a30ed4211a9e15daeca544191bd5dd7.png1664169420_2021-08-0302_04_27-QEMU(WindowsXP).thumb.png.f1ed99b3c7ea61781b71b758a32a4806.png1146190004_2021-08-0314_15_39-2021-08-0301_23_38-QEMU(WindowsXP)_ed.thumb.png.c60932754e60c080630426cd8da152a9.png

 

So it comes with a proper set of SSL/TLS capabilities, despite the security issue CVE-2020-0601 (I guess XP SP3 is the main culprit here) and it performs with 522 points in html5test.

ELVc8VU.png

 

O4cf0cq.png

Further information on the ISP of that domain.
https://webrate.org/index.php/site/kfsafe.cn/

Edited by Jarsin
Link to comment
Share on other sites

Hi

54 minutes ago, Jarsin said:

But on testing it's capabilities I noticed, it's (Or even my Windows XP SP3 in qemu) is affected by vulnarability CVE 2020-0601 curveball Certificate spoofing in crypt32.dll, according to Slllabs by Qualys. I didn't find any patch for that vulnerability in crypt32.dll in Windows XP. Is there any?

chrome==> setting/advanced=====>HTTPS/SSL  active "check for intercepting certificate risk"  <_<

Control security pc  link https://www.grc.com

Edited by IXOYE
Link to comment
Share on other sites

12 minutes ago, IXOYE said:

Hi

chrome==> setting/advanced=====>HTTPS/SSL  active "check for intercepting certificate risk"  <_<

Control security pc  link https://www.grc.com

Thank you for that! So I asume, that there is no KB patch for Windows XP, but such workarounds in the client apps, right?

 

Link to comment
Share on other sites

3 hours ago, Jarsin said:

But on testing it's capabilities I noticed, it's (Or even my Windows XP SP3 in qemu) is affected by vulnarability CVE 2020-0601 curveball Certificate spoofing in crypt32.dll, according to Slllabs by Qualys. I didn't find any patch for that vulnerability in crypt32.dll in Windows XP. Is there any?

So it comes with a proper set of SSL/TLS capabilities, despite the security issue CVE-2020-0601 (I guess XP SP3 is the main culprit here) and it performs with 522 points in html5test.

Microsoft's CVE 2020-0601 description says it has to do with ECC certificate spoofing (as do many other articles, some specifically stating that RSA is not affected). Since XP (even with POSReady patches) has never supported any ECC on the OS level (crypt32.dll), how exactly would it be spoofed on XP? :unsure: I'm not sure how SSL Labs is testing this, but something seems amiss here. Assuming the test works correctly, my logic says it'd have to be a browser problem.

Link to comment
Share on other sites

12 hours ago, mixit said:

Since XP (even with POSReady patches) has never supported any ECC on the OS level (crypt32.dll), how exactly would it be spoofed on XP?

Ah, okay. Thanks for pointing that out. then I would say, that's the reason why I didn't find a kb patch or the like. I can handle that issue on client basis, for example in the settings in the browser. On some websites there were people discussing, that the issue derives from all Windows versions crypt32.dll, but that couldn't be the case, on Windows versions, where crypt32.dll doesn't offer ECC support. Also the CVE, Microsoft and Qualys SSLlabs are stating, that only Windows 10, Server 2016 and 2019 were affected.

Link to comment
Share on other sites

1 hour ago, Jarsin said:

Also the CVE, Microsoft and Qualys SSLlabs are stating, that only Windows 10, Server 2016 and 2019 were affected.

But they would also not have even tested XP as that security bulletin is dated Jan 2020.  Six years after XP support ended in 2014.  Windows 7 support ended in Jan 2020 so unsure if they would have tested in 7 or not.

Link to comment
Share on other sites

6 hours ago, dencorso said:

No. :no:  Just over seven, actually.  It went EoS on April 8, 2014. :whistle:

Either your calculator is broken or your calendar is broken, I'll let you decide.

I did "round up", which is fairly standard - but I am unable to reverse-engineer whatever math you used  :whistle:  :puke:

 

spacer.png

Link to comment
Share on other sites

Oh, I know what you did, you calculated to "today".

Microsoft's CVE 2020-0601 security bulletin is ANCIENT, it didn't come out "today".

I'm showing CVE 2020-0601 to be announced Jan 14, 2020 (568 days ago...  1 year 6 months 21 days ago...  18 months 21 days ago...)

Link to comment
Share on other sites

On 8/4/2021 at 12:14 PM, ArcticFoxie said:

Oh, I know what you did, you calculated to "today".

Microsoft's CVE 2020-0601 security bulletin is ANCIENT, it didn't come out "today".

I'm showing CVE 2020-0601 to be announced Jan 14, 2020 (568 days ago...  1 year 6 months 21 days ago...  18 months 21 days ago...)

I just tried your rebuilt version of 360chrome and its nice to see v13 with chromium 86 working on xp without those https issues with the vanilla, just a question? How secure is the browser, is it safe to login into discord or youtube for example?

Link to comment
Share on other sites

I think so, absolutely!  I use it on my financial accounts!

But "safe" is also always a 'relative' term.  Ask an Amish person if YouTube is "safe to log into".

I would personally suggest doing a little compare/contrast and witness web browser traffic yourself.

For WinXP, grab a copy of Wireshark Portable version 1.10.14 (last version to work under XP) from here  --  https://2.na.dl.wireshark.org/win32/all-versions/

Or NetworkTrafficView by NirSoft from here  --  https://www.nirsoft.net/utils/network_traffic_view.html

Or DNSQuerySniffer also by NirSoft from here  --  https://www.nirsoft.net/utils/dns_query_sniffer.html

 

DNSQuerySniffer is probably the "easiest".

Turn it on, open the browser that you "used to use" when you logged into YouTube, grab a screencap or select-all and copy-paste into a txt file.

Now repeat the same task with 360Chrome then compare the two logs.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...