Download Bomb Bug Affects Chrome, Firefox Browsers

Download Bomb Bug Affects Chrome, Firefox Browsers

Have you heard of the so-called “download bomb” bug which occurs when hundreds or even thousands of downloads are initiated? The result of this technique is that the affected browser stops functioning properly as it typically freezes on a specific page.

This bug was observed last winter to affect Google Chrome when tech support scammers used it to trap users on their dubious pages. The download bomb bug is back once again with the release of Google Chrome 67 but this time researchers found it affects other browsers as well such as Firefox, Vivaldi, Brave and Opera.

Related Story: Which Is the Most Secure Browser for 2018 – Chrome, Firefox, IE, Edge, Safari?

More about the Download Bomb Bug

This technique requires the initiation of countless downloads with the purpose to freeze the browser on a certain page. This page is usually crafted by tech support scammers. There have been different variations of download bombs but the end goal is usually the same – trapping the user on the scammers’ page.

In one case, scammers deployed the JavaScript Blob method together with the window.navigator.msSaveOrOpenBlob function to trigger thousands of downloads in a loop to freeze Chrome on tech support pages. This particular download bomb bug was fixed by Google with the release of Chrome 65.0.3325.70. Unfortunately, the problem is back in Chrome 67.0.3396.87, as obvious by new comments in the official bug report.

According to a user who came across the download bomb in Chrome, “This is broken again in 67.0.3396.87”, as he stumbled upon this issue by a malicious redirect to a scam site that froze my browser. The issue has been confirmed by other users as well, and it also appears that the bug affects other browsers, too.




According to security researcher Jérôme Segura, Firefox is also affected. Other tests reveal that Brave and Vivaldi browsers also freeze under this type of download attack.

It shouldn’t be too surprising that this technique has resurfaced and is once again affecting users. Microsoft recently reported that it received 153,000 reports from users who were targeted by tech-support scammers via the phone or the web, like in the case of the download bomb. These reports were up 20% in comparison with 2016, with statistics gathered from 183 countries.

Related Story: Tech-Support Scams on the Rise, Microsoft and the FBI Say

Why are tech-support scams so successful?

One reason that comes to mind is the variety of approaches and techniques scammers use to lure their victims. They often use Microsoft’s name, claiming they are representatives of the tech giant, but other big company names are also leveraged. These scams have one thing in common – to trick the user to visit a specific page and make it nearly impossible to exit it.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...