Existing Google Chrome Browser Bug Can Freeze Your System

Low-priority bugs and exploits that don't get used much by scammers and malware purveyors get pushed onto the backburner all the time, in favor of more urgent bugs needing fixing. One such vulnerability is a bug in Chrome's HTML5 engine that's been around for about two years now. The bug, in short, uses a piece of malicious HTML5 code that Chrome sees as safe and executes. This code allows the host node, or website in this case, to fill the browser's history with bogus URLs by the thousands in a split second, and keep them coming. This causes the device running Chrome to grind to a screeching halt. That exploit has been found in the wild for the first time.

Many Chrome users swear by the "Prevent this page from creating additional dialogs" button. When you run across a bogus website or malicious popup that won't let you leave or do anything else, it's your only escape route aside from killing your browser session. This bug uses that button as a trigger. The bug was found in a bogus tech support ad, looking much like a run-of-the-mill fake virus popup. The difference is that when the user gets fed up and clicks that magical checkbox, the exploit can then be executed, and the user's system slows to a crawl or even freezes outright, unless the browser session can be killed. While the bug doesn't stick around or cause permanent damage, it can force a user to reboot a less powerful system, like a low-end PC, Chromebook, or Android phone, and can prove to be a scare tactic for less technically-inclined users to call the phone number shown onscreen.

The bug has already been given a full teardown by MalwareBytes, which is a double edged sword. On one hand, Google knows about it, and now that they know it's in the wild, they have the info they need to patch it. On the other hand, now that scammers have seen a use for it and its details are available, you can bet more of them are going to be adopting it leading up to whenever Google patches it. Before, they pushed it aside as a low-level denial of service exploit, not worth the resources to patch. Its latest incarnation, as mentioned above, can completely disable weaker systems. Since a huge chunk of web traffic these days comes from mobile devices, this means that the pressure is on for Google to fix this bug.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now