Breaking the cycle is straightforward
As long as the user hasn't selected the Chrome setting to automatically restore opened tabs upon launch, the browser should then become usable again upon being relaunched. That setting can be found under Google Chrome's three-dot menu and then under settings. It's listed under the subheading 'On Startup.' After the page has been exited, it is a good idea to follow up by clearing cookies from browsing history to remove any cached processes that may have been left behind. Under the 'Advanced' settings in Chrome's settings menu, users should find an option to 'Clear Browsing Data'. Clicking that will load up the appropriate menu, containing options regarding what to delete and how far back to purge. Options for 'Cookies and other site data' as well as 'Cached images and files' should be selected and the 'All Time' option should be selected from the 'Time Range' drop-down menu. A click on the 'Clear data' button will clear out any remnants from the offending site. Finally, although this particular attack doesn't appear to download anything, users should navigate to their preferred virus protection software and perform a scan to ensure that nothing malicious has been left behind.
Forward-looking fixes from Google
These specific kinds of problems stemming from bugs or exploitable features in a browser aren't new by any stretch of the imagination but that doesn't mean they all originate from the same bugs as before. Google has consistently rolled out fixes with each update to its browser and more recently placed more focus on the underlying features and bugs that can enable phishing scams. With Chrome 71, the company rolled out a number of fixes and policy changes that are intended to directly address abusive behaviors in advertisements and other web elements. It's not clear whether or not any of those has any impact on the latest attack vector since the update hasn't necessarily hit every user yet but that focus does appear to continue into the next several updates. For example, the beta channel for Chrome 72 — set to be released on January 29 — halts the loading of new pages when a user navigates away from a site regardless of whether pop-up blocking options are enabled.
Other changes are on the way too that should go a long way toward reducing the viability of these types of scams. That includes a crackdown on manipulation of a user's history, used to insert additional ads or pages so that using the back button no longer takes the user away from a given site or page. That type of abusive practice can feasibly be utilized to perform similar attacks to that described above latest one but will no longer be possible following a future update. For now, the best practice is to avoid entering credit card data or other personal data in windows that appear suspicious. Since a company such as Microsoft or Google is not going to reach out to users with a pop-up window or similar elements unless the user is visiting one of the companies' pages, those can all reasonably be considered malicious.