Heartbleed is one of the most widespread vulnerabilities we have seen in recent years — it impacted an estimated 66% of the entire Internet at the time of its discovery. The bug affects OpenSSL, which is a popular security protocol used to encrypt sensitive data sent to and from websites. Major sites such as Yahoo, Flickr and Imgur are among the sites that were affected by Heartbleed, potentially exposing users’ passwords and other data to hackers. While many have patched the bug and others continue to do so, it will be months or even years before every site addresses the issue.
In the meantime, a simple free Chrome browser plugin will alert users when they visit a website that is still vulnerable.
Developer Jamie Hoyle has created a nice Chrome extension dubbed Chromebleed that serves a single purpose: It displays a warning when you visit a website affected by Heartbleed.
From the plugin’s description:
Many HTTPS-secured sites on the internet use OpenSSL. Unfortunately, a major vulnerability in OpenSSL was disclosed – known as the Heartbleed bug – yesterday that put hundreds of thousands of servers at risk of compromise.
Whilst some servers have been patched already, many remain that have not been patched. Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected by Heartbleed, then a Chrome notification will be displayed. It’s as simple as that!
to learn exactly what you should do when you encounter sites with the Heartbleed vulnerability.