Security

Vivaldi, Brave, Firefox and Most Other Browsers Still Vulnerable to Download Bomb Trick

Security experts often promote obscurity as a technique to remain safe when connected to the Internet, but it now seems that even the Vivaldi browser is vulnerable to what some in the media have called the download bomb trick. This exploit can be used to attack the Brave and Opera browsers as well as some of the more common options like Mozilla Firefox.

A download bomb involves starting hundreds or even thousands of parallel downloads, which a client’s browser can’t handle because of the sheer load. This trick then freezes a browser to stick it on a single page simply because it can’t handle downloading that much data at once.

Many variations of this trick have been used by support scams to trap users on sites run by criminals that lure victims into giving a phone call to a number connected with shady organizations. People on the other end of the line then demand a certain amount of money in order to unlock the browser.

Malwarebytes reported that they found a new download bomb technique used by one of these tech support scam groups, which suggested that troubles with the bug were far from over. Experts hoped, however, that the release of Google Chrome version 65 back in March would have helped to severely diminish the issue, as it fixed the bug.

Unfortunately, a new study suggests that the launch of Chrome 67 has reopened an attack vector. Ironically, this means that it could potentially cause trouble for those who kept their browsers up-to-date, but this is by no means an insinuation that doing so is otherwise safe.

Chrome developers, as well as those attached to the other browsers, are already working on a mitigation for this problem. Interestingly enough, it doesn’t seem like there’s been much information about how this vulnerability impacts Microsoft’s Edge browser.

Some individuals have suggested that this could have something to do with Edge’s current share of the user base. While Vivaldi, Brave, Opera and even Falkon do hold lower tiers in market share, they share rendering engines with popular application packages. Microsoft Edge currently holds slightly more than 4 percent of total desktop and laptop browser share.

John Rendace


John is a GNU/Linux expert with a hobbyist's background in C/C++, Web development, storage and file system technologies. In his free time, he maintains custom and vintage PC hardware. He's been compiling his own software from source since the DOS days and still prefers using the command line all these years later.
Close
Close