uTorrent Web as seen as its official website
uTorrent Web as seen as its official websiteuTorrent

Google Project Zero researcher Tavis Ormandy has reported the security flaws in uTorrent that allow any website you visit to copy files you've downloaded, execute remote code and disclose information. He wrote that uTorrent Web uses a web interface and is controlled by a browser. It is also "configured to startup with Windows, so will always be running and accessible."

Ormandy, who informed BitTorrent Inc about the vulnerability in uTorrent back in November 2017, had to remind them again last month. He wrote that he was a little worried as the company hadn't fixed the issue within the 90-day window that Project Zero allows developers to address security flaws.

BitTorrent has released a beta build of uTorrent to fix the bugs that are letting websites see download details of users, but Ormandy has said the old issue isn't solved yet.

Ormandy has suggested that affected users should stop using uTorrent Web and contact BitTorrent to get the issue solved once and for all.

"This issue is still exploitable. The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch, we've done all we can to give BitTorrent adequate time, information and feedback and the issue remains unsolved," he wrote