Scammers Bite Chrome Users With Forgotten 2014 Bug

"Tech support scammers have started exploiting a two-year-old bug in Google Chrome to trick victims into believing their PC is infected with malware," reports security researcher Sophos. It begins by freezing the browser, BrianFagioli reports, sharing an article from Beta News: These bad guys pose as Microsoft tech support and display an in-browser message that says the user's computer is infected with "Virus Trojan.worm! 055BCCAC9FEC". To make matters worse, Google has apparently known about the exploit for more than two years and simply failed to patch it. "The bug was discovered in Chrome 35 in July 2014 in the history.pushState() HTML5 function, a way of adding web pages into the session history without actually loading the page in question. The developer who reported the issue published code showing how to add so many items into Chrome's history list that the browser would effectively freeze", says Sophos...

"Users can either close Chrome using the Task Manager or, in cases where the browser is using up so much processor power that Task Manager doesn't appear, by rebooting the computer. The chances of encountering this particular scam are small -- it's only been spotted on a single website -- but its existence underlines how small bugs that don't seem terribly important may nevertheless be abused by cybercriminals down the line."

Re:Why does that function even exist?

[tlhIngan]

How does it benefit the user to let websites push "visited" URLs into a browsers history? I expect my browser's history to only include sites I've actually visited.

Easy - if you click a link on a page and it does an AJAX thing and load up the destination without actually changing the page URL. You see this in webmail - you click your mailbox and the URL doesn't change, but the email opens. Now, you may know to click the X that they put up to close ir, or a back button to go back to the index, but if you click the real browser Back button, what happens? If you're unlucky, it goes to the previous page you visited (or blank tab page).

Using this function lets you pre-load the page into the Back button so if you use the back button, it does the Right Thing and actually goes back to the index as you expect.

The best example of this is GMail - where you have 3 ways of getting back to the index from a message view - you click the arrow, you click the mailbox, OR you click the browser back button. (And the back button may not be physically clicking the button, but using a mapped keyboard or mouse button)

It's because a lot of sites do AJAXy stuff that would otherwise break Back button functionality