Midori 11.7.2

We are constantly improving the Midori Browser and today it is version 11.7.2, but what’s the next step? Why were the updates released in less than 48 hours? A safety critical fallacy is the short answer, but we’ll explain it to you.

Problem

When a user initiates a session on the VPN service, there is a weak configuration, in the process of saving the token, it is stored in chrome.storage.local unencrypted despite the existence of crypto-utils.ts, causing a critical failure in the authentication flow, allowing session hijacking, credential theft, users are asked to update their priority way to Midori 11.7.2

Solution Midori 11.7.2

Improvement focused on enhancing the stability, security, and internal management of the VPN connection through a proxy.

Main new features

• The logic for selecting and validating servers compatible with proxy mode was optimized, avoiding connections with servers that do not support this function or that do not have a valid proxy port.
• Improvements were incorporated into token handling, including support for encryption and decryption, strengthening the protection of credentials within the authentication flow.
• The extension’s permission structure was adjusted to properly separate required and optional permissions, helping to improve compatibility and behavior in supported browsers.
• Internal improvements were made to components, imports, and connection flow to make the code clearer, maintainable, and stable.
• Settings in manifest/main.json for basic permissions such as alarms and storage, keeping permissions such as proxy, tabs, webRequest and webNavigation as optional.
• Refactor in files related to proxy, API, permissions, servers, and VPN status.