Download Bomb in Chrome is back, also affects Opera, Firefox and Brave

by Jake Doevan - - 2018-07-04

The return of Download Bomb in Chrome

Download bomb in Chrome Download bomb is a trick which freezes Chrome on a malicious website.

Download Bomb trick was primarily discovered once Google Chrome 67 was released. However, security experts have eliminated the bug with Chrome 65 in spring, 2018^[1]. Sadly, now it has reappeared on Chrome 67.0.3396.87 and even expanded its targets.

Download bomb is a trick designed to perform an excessive amount of downloads to freeze the Google Chrome at the time when the user is visiting a specific website. This method is widely employed by scammers to stop computer users on fake virus alert pages and lure them into calling via fraudulent tech support number.

Users have reported about the return of Download Bomb trick after the Chrome release on June 12^[2]:

This is broken again in 67.0.3396.87.
Stumbled upon this issue by a malicious redirect to a scam site that froze my browser, and repro.html on this bug causes it too.

64-bit build, Win10 1803.

Deceptive Download Bomb strategy allows scammers to obtain profits illegally

Download Bomb is based on JavaScript Blob^[3] technique which allows starting thousands of downloads at the same time with window.navigator.msSaveOrOpenBlob function that freezes the browser. Thus, users are stopped at the malicious website with fake reports about malware.

Usually, victims are convinced that a unique infection has compromised their computer and/or browser. As a result, they can no longer use their system properly and must get help from the so-called technical support. Unfortunately, this is merely a trick created to lead novice PC users to online scammers.

Criminals are eager to get remote access to the targeted systems for various purposes^[4]:

Place keyloggers or other spyware;
Infect the system with crypto-mining viruses;
Infiltrate ransomware.

Other than that, they can continue injecting various cyber threats to make the person believe that the system needs an urgent repair. Likewise, credulous people are often offered to install expensive and suspicious system optimization or antivirus software for a quick scan.

Firefox, Opera, Brave, and Vivaldi are also vulnerable to Download Bomb trick

According to Jérôme Segura, the cybersecurity researcher at Malwarebytes, this deceptive strategy is more widespread than initially thought. An expert has tested Mozilla Firefox and discovered that it is vulnerable to Download Bomb as well^[5].

Furthermore, previous proof-of-concept (PoC) code was used, and the following results were obtained:

Opera froze for several minutes, but researchers were able to close the browser with Task Manager. Although, an excessive amount of downloads continued to operate in the background;
Internet Explorer and Microsoft Edge are immune to Download Bomb;
Vivaldi and Brave froze immediately.

About the author

Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References

^ Google Chrome’s “Download Bomb” Attack Is Back, Also Affects Firefox, Opera, Brave. Fossbytes. Fresh Bytes of Technology and More.
^ Browser hang with execessive download attempts. The Chromium Projects. Filing a bug.
^ Narayan Prusty. An Introduction To JavaScript Blobs and File Interface. QNimate. Web Development.
^ Get clued in about Remote Access scams. iiNet. Broadband internet, NBN plans, ADSL2+ and Naked DSL.
^ Jérôme Segura. Tech support scammers find new way to jam Google Chrome (updated). Malwarebytes. Free Cyber Security & Anti-Malware Software.