Slashdot Mirror
Severe IE 11 Bug Allows 'Persistent JavaScript' Attacks (bleepingcomputer.com)
An anonymous reader writes: New research published today shows how a malicious website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute any kind of persistent JavaScript code while the user is on other domains. In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).
This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports. For IE11 users, a demo page is available here.
This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports. For IE11 users, a demo page is available here.
Yes... other languages "could" have the same problem, and it's not the language per se that's the issue, but javscript is in the position where it's loaded from random malicious or semimalicious web sites and executed in your browser.
If you let that happen by default, after an endless fucking series of javascript based exploits and vulnerabilities and nagware and data-harvesting over the years.. at this point I no longer feel sorry for you. You're letting random strangers who do not mean you well control the operation of a not-well sandboxed environment on your computer, so you deserve what you get.
Running with javascript default-enabled is like letting any stranger in the world use your house for any purpose they want. Might be the an organization who saves orphan cancer victims from bear attacks, or might be drug cartels and human trafficking, or the Stasi planting recording devices. You're saying, "Hey, it's all good! Come on in, do what you want!"
I wager almost nobody would do that with their house, but somehow with computers people have decided that's a good plan. Then they wonder why they suffer from the endless series of problems they do.
Chrome runs under the user id it was started from.
... and then proceeds by invoking a set-uid binary (that it conveniently set up at installation time) to become root:
# ls -ld /usr/lib/chromium/chrome-sandbox /usr/lib/chromium/chrome-sandbox
-rwsr-xr-x 1 root root 14664 Jan 30 18:39