Security Updates

Hotspot Shield for Windows


Versions affected: Hotspot shield for Windows 7.10 and earlier
Impact: An internal audit discovered all versions of Hotspot Shield for Windows < 7.10 contain a vulnerability that leads to information disclosure when a user visits a specific vulnerable domain. The issue was fixed by removing special treatment of these domains.
This vulnerability has been assigned the CVE-2018-17241
Entry added: September, 20, 2018


Betternet for Windows

Versions affected: Betternet for Windows <= 4.1.0.0
Impact: A vulnerability was reported in the Betternet for Windows installer that lead to arbitrary code execution provided a DLL planting attack that had already succeeded.
This vulnerability has been assigned CVE-2018-12269
Entry added: June 13, 2018


Hotspot Shield Chrome Extension


Versions affected: Hotspot Shield Chrome extension <= 3.2.14
Impact: A vulnerability was reported in the way the Chrome extension was resolving domains that lead to leaking the user’s IP address under specific conditions.
This vulnerability has been assigned CVE-2018-7878
Entry added: March 12, 2018


Hotspot Shield Chrome Extension


Version affected: Hotspot Shield Chrome extension <= 3.2.14
Impact: A vulnerability was reported in the whitelist present in the PAC script.
If a user visited a website that hosted a URL with a specific query parameter, the extension would then start proxying traffic to that URL, leading to a traffic hijack.
This vulnerability has been assigned CVE-2018-7879
Entry added: March 12, 2018


Hotspot Shield Chrome Extension


Versions affected: Hotspot Shield Chrome extension <= 3.2.14
Impact: A vulnerability was reported in the whitelist present in the PAC script.
If a user visited a specially crafted page, the request would bypass the VPN and the user’s real IP address would be visible.
This vulnerability has been assigned CVE-2018-7880
Entry added: March 12, 2018