Slashdot Mirror

← Back to Stories (view on slashdot.org)

Severe IE 11 Bug Allows 'Persistent JavaScript' Attacks (bleepingcomputer.com)

Posted by EditorDavid on from the persistent-popups dept.

An anonymous reader writes: New research published today shows how a malicious website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute any kind of persistent JavaScript code while the user is on other domains. In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).

This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports. For IE11 users, a demo page is available here.

3 of 92 comments (clear)

  1. Re:I wouldn't touch Google Chrome on Linux by angel'o'sphere · · Score: 1, Informative

    Chrome requires its sandbox process to run as root.
    Chrome runs under the user id it was started from. No idea what you want to claim.

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  2. I see the problem by ssufficool · · Score: 3, Informative

    "new ActiveXObject('Microsoft.Ancient.Bad.Idea')" I think I've seen this exploit before. SMH. It's time to kill ActiveX in the browser already.

  3. Re:I wouldn't touch Google Chrome on Linux by ArsenneLupin · · Score: 4, Informative

    Nothing in Chrome requires a root user.

    Unfortunately, it does, I didn't believe it myself at first...:
    # ls -l /usr/lib/chromium/chrome-sandbox
    -rwsr-xr-x 1 root root 14664 Jan 30 18:39 /usr/lib/chromium/chrome-sandbox

    Removing that s bit causes chromium to refuse to run:
    > chromium
    [28193:28193:0225/213608.315538:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chromium/chrome-sandbox is owned by root and has mode 4755.
    #0 0x564a04ba083e <unknown>
    #1 0x564a04bb4f7b <unknown>
    #2 0x564a05a0f4cf <unknown>
    #3 0x564a043f3def <unknown>
    #4 0x564a043f325e <unknown>
    #5 0x564a043f384e <unknown>
    #6 0x564a0408872c <unknown>
    #7 0x564a0409036d <unknown>
    #8 0x564a04087dcc <unknown>
    #9 0x564a0480764b <unknown>
    #10 0x564a04805fa0 <unknown>
    #11 0x564a033de1bc ChromeMain
    #12 0x7ff5074f5b45 __libc_start_main
    #13 0x564a033de069

    zsh: abort chromium