Ένα bug του Chrome -download bomb bug- που έγινε exploited τον περασμένο χειμώνα και είχε κλείσει με την έκδοση 65 του browser, επέστρεψε με την έκδοση 67 του Chrome,
Όπως φαίνεται όμως ευάλλωτοι είναι και οι Firefox, Vivaldi, Opera, και Brave browsers, ενώ οι Microsoft Edge και Internet Explorer δεν επηρεάζονται.The "download bomb" trick is a technique that involves initiating hundreds or thousands of downloads to freeze a browser on a specific page.
Across the years, there have been multiple variations of download bombs, and they have often been used by tech support scammers to trap users on shady sites that tried to lure victims into calling a tech support number to have their browser unlocked.
Over the winter, security researchers from Malwarebytes noticed a tech support scam campaign that employed a new "download bomb" technique to trap users on its shady sites.
That technique used the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to initiate thousands of downloads one after the other to freeze Chrome browsers on tech support sites.
Πηγή : Bleeping Computer
Bookmarks