From the overview:
Comodo Chromodo browser, version 45.8.12.392, 45.8.12.391, and possibly earlier, does not enforce same origin policy, which allows for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities.
…
Solution
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workarounds.
Disable JavaScript
Disabling JavaScript may mitigate cross-domain scripting attacks. For instructions, refer to Comodo’s help page.
Note that disabling JavaScript may not protect against known vulnerabilities in the version of Chromium on which Chromodo is based. For this reason, users should prioritize implementing the following workaround.
Discontinue use
Until these issues are addressed, consider discontinuing use of Chromodo.
…
Discontinue use is about as extreme a workaround as I can imagine.
Too bad the Comodo site doesn’t say anything about refunds and/or compensation for damaged customers.
Would you say that without any penalty, there is no incentive for Comodo to produce better software?
Or to put it differently, where is the downside to Comodo producing buggy software?
Where does that impact their bottom line?
I first saw this in a tweet by SecuriTay.