This issue first came to our engineering team’s attention in August 2013. We took steps then to patch the vulnerability created by a small minority of users relying on old out of date Web browser versions.
Blockchain’s My-Wallet tool relies on, not one, but three sources of entropy to generate ECDSA signing keys: the browser based RNG, mouse movement & keyboard interaction, and a server-side RNG. This protects users from out-of-date browsers with weak RNGs while maintaining the ability run a fully client-side, non-custodial wallet that is easy to use across your desktop and mobile devices.
Blockchain remains vigilant about potential security issues and continues to actively monitor potential threat vectors generated by common software such as web browsers. We encourage all users to make sure they are running the most up to date software to ensure better security.