A popular VPN service, Discuz, has released an update to the software that bypasses a flaw that allows remote code execution via a “fake” browser.
Discuz, which is owned by the US government, said the fix resolves the flaw in its software and allows users to bypass the flaw with no additional steps.
Discuiz, the leading VPN provider in the United States, said it was the first to deploy the fix.
It said it did not disclose the name of the company that originally developed the bug.
“The Discuz VPN update addresses an issue with a vulnerability in Discuz software that allows a remote code-execution vulnerability to be exploited on a user’s computer,” the company said in a blog post on Thursday.
Discusz said it is working with security experts and the US Federal Bureau of Investigation to address the issue.
Discuses, a VPN service that is owned and operated by the United Kingdom’s Government Communications Headquarters (GCHQ), said it has released the fix, which it said is also available on Google’s Chrome browser.
“Discuses VPN update provides a fix to CVE-2017-3418 and CVE-2018-1472,” the service said.
Discuse said it will begin rolling out the fix to users in the next few days.