•  paul
  • 50.25% (Neutral)
  • Member Topic Starter
The discovery of a security vulnerability in OpenSSH, which is a set of programs that provide encrypted communication sessions using the SSH protocol for an estimated two-thirds of the web, challenged the notion that anyone can ever be truly safe on the Internet, regardless of how careful you surf. How so? Researchers discovered a major vulnerability in OpenSSH that could allow hackers to dig up your personal information, including usernames, passwords, credit card data, and much more. It's called Heartbleed, and it has the Internet community on high alert. There's a patch available, which many website admins have applied, but if you want to err on the side of caution, Chromebeed is here to help.

Chromebleed is an extension for Google's Chrome browser. It uses a web service developed by Filippo Valsorda to check the URL of a page you just loaded. If the page is affected by Heartbleed, a Chrome notification will appear and you'll know not to enter any personal information.

Image Source: Flickr (snoopsmaus)

It's a simple solution to a pretty serious problem, though be advised that it can create false positives. If you don't trust the result but want to play it safe, we suggest getting in touch with the website owner or site admin to find out if (A) they're aware of Heartbleed and (B) if they've taken care of the situation by patching OpenSSH.

You can download Chromebleed here. Alternately, you can bookmark Filippo Valsorda's Heartbleed Test page to manually check individual websites for the vulnerability. And for those wondering, you're safe to enter your login credentials at HotHardware.

Thank you for this info!


Maybe I'm not well informed, but this makes me curious. How can it tell if it's affected by heartbleed by its URL?

Super Dave

Thanks for the article, Paul. I was a bit leery of installing it but finally did. The results don't show up instantly and sometimes seemed to take a long time to register. Not sure how accurate this thing is but I used it to check my usual favorite websites (they all passed). Probably will use it for a few days and then disable it. 


It works by attempting to gain access to the website in question by using the "heartbleed bug". If it gets through it will notify you that the website is not protected against this attack.

So it lets you know, by actually performing the attack. It uses the same process as found here.


Shouldn't it be OpenSSL and not OpenSSH?


Thank the maker! This oil bath is going to feel so good.