Browsers Security Windows

SuperFREAK: New Security Bug Vulnerablity Affects Desktop & Mobile Browser Security

Christian Cawley 10-03-2015

Another month, another online security flaw. This time, the vulnerability is one that affects your browser, and it isn’t limited to any one browser, nor any single operating system. Are you affected by the FREAK security bug? How can you find out, and what can you do to protect yourself?


What is the FREAK Security Vulnerability?


Discovered through cooperation between researchers from IMDEA, INRIA and Microsoft Research, FREAK (Factoring RSA Export Keys) exploits a weakness in the SSL/TLS security protocols. The export cipher weakness – apparently put in place at the behest of the surveillance-happy NSA The NSA Can Spy On Almost Everybody, Google Buys Songza, And More... [Tech News Digest] Online book sales have overtaken retail book sales, the UK is investigating the Facebook experiment, IFTTT makes Yo useful, Oculus Rift experiment gives third-person perspective, and Google tests our general knowledge with Smarty Pins. Read More – can now be easily exploited, thereby enabling anyone with a reasonably powerful computer to crack public keys. Worse still, when combined with a man-in-the-middle attack What Is a Man-in-the-Middle Attack? Security Jargon Explained If you've heard of "man-in-the-middle" attacks but aren't quite sure what that means, this is the article for you. Read More  (as with the problem with Lenovo bundling Superfish malware on its laptops Lenovo Laptop Owners Beware: Your Device May Have Preinstalled Malware Chinese computer manufacturer Lenovo has admitted that laptops shipped to stores and consumers in late 2014 had malware preinstalled. Read More ), the vulnerability can be used to hack websites and their visitors’ browsers.

Put simply, this is a bit of a problem, not only for users, but for website owners too. Problem sites include online stores and, ironically given the origins of the flaw, US government websites.

Ars Technica’s Dan Goodin called this vulnerability “potentially catastrophic” while Washington Post’s Craig Timberg states:

“The problem illuminates the danger of unintended security consequences at a time when top U.S. officials, frustrated by increasingly strong forms of encryption on smartphones, have called for technology companies to provide ‘doors’ into systems to protect the ability of law enforcement and intelligence agencies to conduct surveillance.”

Who is Affected?

A list of affected websites, accurate as of March 6th, includes,,,,,, and many others. It is particularly ironic that some of those sites affected are those reporting the vulnerability. This accounts for 9.5% of the host servers for Alexa’s top 1 million websites, with 26.3% of servers worldwide still vulnerable to this problem.


But as you should have gathered by now, it isn’t only websites that are affected by the FREAK bug. Users are too.

Working out who is affected is simple. If you’re using Windows, you’re affected, but before you non-Windows users attempt to stifle your snorts of derision, read this: browsers on other platforms are also affected.

Are YOU Affected by FREAK?


To find out if the FREAK security bug affects you directly, head to (no user information is required) and read what it tells you about your browser. If you’re affected you’ll spot a couple of warnings highlighted in red, as illustrated, and a list of the cipher suites that can be hacked using the vulnerability.


Vulnerable Browsers

Six browsers are affected, across five platforms, Mac OS X, Blackberry and Linux included.

As you should have noticed, there is one clear winner here: Mozilla Firefox. If a version is available for your operating system, we recommend that you switch Switching From Chrome: How to Make Firefox Feel Like Home So, you have decided that Firefox is the better browser for you. Is there anything you can do to make Firefox less of a foreign environment? Yes! Read More . That said, Chrome for Windows appears to be safe as well.


Take Action Now: Kill the FREAK Bug

If there is to be any silver lining to all of this, it’s that the main online stores have remained unaffected, and that Mozilla Firefox owners – long portrayed as a dying breed in the face of Google Chrome – can feel vindicated for sticking with the more secure option.


Some behavioural change is required. Drop Internet Explorer if you’re on Windows, and switch to Firefox on any platform where it can be used (after all, it’s arguably more flexible than Google Chrome Firefox Freedom! Four Things Chrome Doesn’t Let Users Do Think Chrome can do everything? Think again. Here are four things Firefox users can do easily that Chrome users basically can't. Read More ). As ever, you should maintain an active firewall, whether built into your operating system or provided by a trusted third party company.

Finally, make sure you accept and install all operating system updates over the coming weeks in order to kill the FREAK security bug.

Leave your questions in the comments.

Featured Image Credit: Woman holding laptop via Shutterstock


Image Credit: HTTPS and Lock Symbol via Shutterstock, Alexander Supertramp /

Related topics: Encryption, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. mindtrip
    March 11, 2015 at 4:05 am

    Oh, and to be safe, I completely removed Chrome, downloaded and installed a fresh copy straight from Google--still vulnerable.

    • Christian Cawley
      March 14, 2015 at 6:50 pm

      Thanks Mindtrip, good advice.

  2. mindtrip
    March 11, 2015 at 4:04 am

    Google Chrome 64-bit is still vulnerable. I have shut off all antivirus, Waterfox (64-bit firefox) registers as fine but 64-bit Chrome always shows it is vulnerable. I suggest checking for yourself and updating this article if you confirm.

  3. Richard Allen
    March 10, 2015 at 9:57 pm

    Chrome Beta is SAFE and actually very stable.
    Firefox is SAFE.
    Dolphin Browser is VULNERABLE.

  4. No_name
    March 10, 2015 at 9:07 pm

    Apple have apparently released an update for the 3rd generation Apple TV?

    How would the Apple TV be affected and what does this mean for owners of the previous Apple TVs?

  5. mastaeit
    March 10, 2015 at 5:38 pm

    Naked browser (Android) - not affected.