Annoying browser “download bomb” reappears in Chrome

download bomb

Last winter, security company Malwarebytes reported a security vulnerability to Chrome that a malicious gang used the “Download Bomb” to block the user’s browser and then induced the user to dial the “technical support phone” on the page for fraud. 

The “Download Bomb” instantly launches thousands of download threads to kill the browser through the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function, and pops up the so-called Microsoft Technical Support Hotline. When the user tries to click on the page or close the browser and does not respond, the user may be induced to call the fraudulent phone. When the user connects, they will claim to solve the victim’s computer problem remotely and ask for repair costs.

After receiving feedback from Malwarebytes, Google released a fix in Chrome 65.0.3325.70. Recently, however, a user replied below the vulnerability report that he was inadvertently redirected to a scam site using Google Chrome 67.0.3396.87, which was released on June 12th, using the “Download Bomb” technology.

Later, other users confirmed his findings that the latest version of Chrome was again affected by the “download bomb”. According to the comments, the Chrome development team has no plans to update Chrome 67 for the time being, and the vulnerability will be fixed in Chrome 68 released later this month.

It’s worth noting that Malwarebytes’ security experts analyzed the malicious technology in February when he pointed out that Firefox and Opera would also be affected, with Microsoft’s Edge and Internet Explorer exceptions.

https://twitter.com/jeromesegura/status/1010265863365115904

Source: bleepingcomputer