Download Bomb Bug Affects Chrome, Firefox Browsers

Have you heard of the so-called “download bomb” bug which occurs when hundreds or even thousands of downloads are initiated? The result of this technique is that the affected browser stops functioning properly as it typically freezes on a specific page.

This bug was observed last winter to affect Google Chrome when tech support scammers used it to trap users on their dubious pages. The download bomb bug is back once again with the release of Google Chrome 67 but this time researchers found it affects other browsers as well such as Firefox, Vivaldi, Brave and Opera.

More about the Download Bomb Bug

This technique requires the initiation of countless downloads with the purpose to freeze the browser on a certain page. This page is usually crafted by tech support scammers. There have been different variations of download bombs but the end goal is usually the same – trapping the user on the scammers’ page.

In one case, scammers deployed the JavaScript Blob method together with the window.navigator.msSaveOrOpenBlob function to trigger thousands of downloads in a loop to freeze Chrome on tech support pages. This particular download bomb bug was fixed by Google with the release of Chrome 65.0.3325.70. Unfortunately, the problem is back in Chrome 67.0.3396.87, as obvious by new comments in the official bug report.

According to a user who came across the download bomb in Chrome, “This is broken again in 67.0.3396.87”, as he stumbled upon this issue by a malicious redirect to a scam site that froze my browser. The issue has been confirmed by other users as well, and it also appears that the bug affects other browsers, (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: