Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti

Google Chrome’s “Download Bomb” Attack Is Back, Also Affects Firefox, Opera, Brave


Earlier this year, a bug in Google Chrome was a rejoice for tech support scammers who could freeze people’s browser using the infamous download bomb trick.
 
It involves making thousands of downloads from a single booby-trapped web page. Ultimately, the targeted user has to call the given tech support number to get things right.
 
The security firm Malwarebytes spotted the bug. Later, a fix was issued by Google in Chrome 65.
 
But it seems the bug has returned to annoy the users of Chrome 67. Last month, some users reported its comeback by commenting in the original bug tracker.
 
“This is broken again in 67.0.3396.87. Stumbled upon this issue by a malicious redirect to a scam site that froze my browser, and repro.html on this bug causes it too.” – a user wrote in the comments (issue 809775).
 
The list isn’t just limited to Chrome. It can be reproduced in Firefox, Brave, Opera, and Vivaldi. However, Edge and Internet Explorer aren’t affected.
 
When you run the proof-of-concept in an affected browser, you’ll see that the RAM and CPU usage escalates quickly. Ultimately, it freezes your browser. In the Task Manager, you can kill the browser process to make the web browser normal again.
 
As per the comments, no further Chrome 67 updates are planned, so a fix should be expected in Chrome 68 which is due to release later this month, possibly on July 29. Also, a new issue (860045) has been created to keep eye on the progress.






04/07/18    Çap et