Scammers Bite Chrome Users With Forgotten 2014 Bug

"Tech support scammers have started exploiting a two-year-old bug in Google Chrome to trick victims into believing their PC is infected with malware," reports security researcher Sophos. It begins by freezing the browser, BrianFagioli reports, sharing an article from Beta News: These bad guys pose as Microsoft tech support and display an in-browser message that says the user's computer is infected with "Virus Trojan.worm! 055BCCAC9FEC". To make matters worse, Google has apparently known about the exploit for more than two years and simply failed to patch it. "The bug was discovered in Chrome 35 in July 2014 in the history.pushState() HTML5 function, a way of adding web pages into the session history without actually loading the page in question. The developer who reported the issue published code showing how to add so many items into Chrome's history list that the browser would effectively freeze", says Sophos...

"Users can either close Chrome using the Task Manager or, in cases where the browser is using up so much processor power that Task Manager doesn't appear, by rebooting the computer. The chances of encountering this particular scam are small -- it's only been spotted on a single website -- but its existence underlines how small bugs that don't seem terribly important may nevertheless be abused by cybercriminals down the line."

Its not rare. Its very common.

I work in tech support for a local managed service provider in a small city. We have several dozen business clients in the region (we don't handle private users). We are not a large operation by any measure. We get at least 2 calls a week about someone's computer having a virus that turns out to be this. Most of the time it seems to come from websites that are typo-squatting. If we are seeing that volume of complaints it can't be rare.

Re: Its not rare. Its very common.

[raind]

I was just about to say the same thing .this is been going on for months

Re: Why does that function even exist?

[93+Escort+Wagon]

Specifically it's for sites or web apps that have changes to pages without navigating to a new URL so the back button will work as expected.

Like my.t-mobile.com . It's such an annoying practice... plus sites doing It often don't work correctly in some browsers.

Got bit by this 2-wks ago at latimes.com

[bennet42]

I normally browse using firefox with noscript and uMatrix, but occasionally when I want to view a video, I'll fire up Chrome and copy/paste the link there. Did that for an article at latimes.com two weeks ago and got served up some malware advertisement that did exactly this. I was impressed. You wouldn't expect that a reputable site like latimes.com would allow malvertizements, and you wouldn't expect that chrome would have an easily exploitable javascript vulnerability. Had to use process explorer to kill chrome.