Last year Google had addressed a deadly exploit that could be carried on its Chrome browser. The “Download bomb” exploit was mostly used by tech scammers to make sure that users will fall prey to their trap. Sadly this issue seems to have raised its ugly head once again with the release of Chrome 67. The worst part is that the issue also exists in other browsers like Firefox, Vivaldi, and Brave.
Download Bomb exploit
The Download Bomb technique is when the attacker initiates thousands of downloads to freeze the Chrome browser. Many variations of this technique have been created, and each one is associated with a scam of its own. While some of them lure browsers to shady sites, the others cause panic and eventually push the users to fall prey for the support scam.
Earlier on researchers had uncovered a tech support scam that made use of Download bomb. Here is how it all unfolded, the technique used JavaScript Blob, and with this, in place, it initiated thousands of downloads one after the other. This caused the Chrome browsers to freeze and display a tech support scam site. The issue was finally fixed on Chrome 65, but it broke again on Chrome 67.
Malwarebytes security expert, Jerome Segura analyzed the issue and pointed out that even Firefox browser is also affected. He further said that even Opera slowed down. The problem here is that despite opening the Windows Task Manager the downloads still happen in the background and this usually ends up as a cog in the wheel.
On a brighter note, the Microsoft Edge and the Internet Explorer were not affected by this bug.
A word of caution, you can avoid getting trapped into such scams by closing the scam tech support window before the download bomb goes off.
Via bleepingcomputer.com.
