Google Project Zero researcher Tavis Ormandy has delved into security software offered by anti-virus firms and has found holes in three of their ‘secure’ browsers. Engadget reports: After recently exposing holes in products from Trend Micro and AVG, the bug hunter has recently gone public with three issues found in software offered by security firms Avast, Comodo and Malwarebytes that allow attackers to access unsuspecting users’ PCs. For Avast, Ormandy identified that its Avastium browser (a fork of Google Chromium) allowed an attacker to “read any file on the filesystem by clicking a link.” The exploit involved using a specially-crafted JavaScript web page that could bypass built-in checks and potentially allow a malicious party to read cookies and email. The issue was first disclosed on December 8th, but Avast released a patched version of its browser on February 3rd. It’s a similar story for Comodo’s Internet Security software and its Chromodo browser. When users install the software suite, their existing Chrome installation is replaced with Comodo’s own. It was meant to be “private,” but it wasn’t. When it’s executed, “all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, [...]