Scammers Use Download Bombs To Freeze Chrome Browsers on Shady Sites (bleepingcomputer.com)
An anonymous reader shares a report: The operators of some tech support scam websites have found a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded software or servicing fees. The trick relies on using JavaScript code loaded on these malicious pages to initiate thousands of file download operations that quickly take up the user's memory resources, freezing Chrome on the scammer's site. The trick is meant to drive panicked users into calling one of the tech support phone numbers shown on the screen. According to Jerome Segura -- Malwarebytes leading expert in tech support scam operations, malvertising, and exploit kits -- this new trick utilizes the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that freezes Chrome.
So here we have yet another attack that APK's work failed to prevent. I am sure he will be along shortly to say that someone else did the hard work and managed to track down some of these sites and create hosts file entries that have to be manually entered be he totally stops this so you can trust him and his work. Too bad for him that something like NoScript prevents this entirely automatically.
An immediate concern is why a method with a Microsoft specific vendor prefix is implemented and targetable in Chrome in the first place.
TFA doesn't mention anything about IE/Edge being affected. If it is that would be understandable. They might not have checked, but there is also no reference to any other OS than Windows. Does that mean that msSaveOrOpenBlob is only implemented on the Windows version of Chrome and if so, why?
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"