Support Scammers exploit HMTL5 bug that makes Chrome hang

Martin Brinkmann
Nov 3, 2016
Google Chrome
|
5

Malwarebytes reports that a new tech support scam is exploited in the wild that targets all recent versions of the Google Chrome browser.

The scam exploits a bug in Chrome's implementation of the history.pushState() method that enables developers to push data "onto the session history stack". Back in 2014, use of the method caused browsers like Firefox, Chrome or Safari to crash.

The new attack uses loops to push loads and loads of data to the browser's history stack. This results in CPU and Memory usage going up to 100% immediately. Google Chrome stops responding -- hangs -- but does not crash or shut down.

The scammers display a warning message on the screen that tells you that your PC has been infected with a trojan, and that you should contact them using a phone number displayed on the page to regain control of the computer.

image (c) Malwarebytes
image (c) Malwarebytes

Microsoft.Inc Warning!System has been infected

Microsoft Identification-Malware infected website visited.Malicious data transferred to system from unauthorized access.System Registry files may be changed and can be used for unethical activites.

System has been infected by Virus Trojan.worm!055BCCAC9FEC — Personal information (Bank Details, Credit Cards and Account Password) may be stolen.System IP Address 112.15.16.175 is unmasked and can be accessed for virus spreading.Microsoft has reported to the connected ISP to implement new firewall.User should call immediatley to Technical Support 1-844-507-3556 for free system scan.

You call the scammers, and they try to get you to pay top Dollars to regain control of your system and get rid of the alleged trojan that is causing the issues.

The attack uses just a couple of lines of code. Malwarebytes makes no mention of other browsers being affected by the bug. It seems likely that other Chromium-based browsers are affected by the issue as well.

Malwarebytes reported the issue to Google. It seems likely that Google is going to block the offending page quickly. Whether Google will fix the bug itself that caused the issue is not clear yet.

The solution

end task chrome

Should you encounter the situation, all you need to do is the following:

  1. Use Ctrl-Shift-Esc to open the Windows Task Manager. If you are using a different operating system, open the task manager on it instead.
  2. Locate the chrome.exe process and kill it by right-clicking on it and selecting "end task".
  3. Pro Tip: You may locate the process that is causing the cpu and memory spikes easily by sorting the process listing by cpu or memory use. You may then end only that task and not all chrome tasks.

 

Summary
Support Scammers exploit HMTL5 bug that makes Chrome hang
Article Name
Support Scammers exploit HMTL5 bug that makes Chrome hang
Description
Malwarebytes reports that a new tech support scam is exploited in the wild that targets all recent versions of the Google Chrome browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. A41202813GMAIL said on November 5, 2016 at 12:35 pm
    Reply

    FLASH Is A POS, Right ?

    HTML5 Is The Best Thing After Sliced Bread, Right ?

    XPOCALYPSE FOREVER !

  2. boris said on November 4, 2016 at 6:33 am
    Reply

    I get somewhat similar extortion scam on Firefox. Scam page comes as redirect from many porn websites. It crates two popups for each one I close. I have to kill Firefox process every time I get it. Big buzzkill.

  3. naveed said on November 3, 2016 at 9:53 pm
    Reply

    The severely misspelt text, poor formatting and grammar should be a dead giveaway. To kill all chrome processes in one go, open the Command Prompt and run:

    taskkill /im chrome.exe /f

  4. Jim Jackson said on November 3, 2016 at 8:26 pm
    Reply

    Thanks Martin

  5. vux777 said on November 3, 2016 at 6:48 pm
    Reply

    latest dev versions of Chrome (and Opera) have experimental flag to prevent this exploit
    user action (eg .click) is required to push something into tabs history list
    bug report: https://bugs.chromium.org/p/chromium/issues/detail?id=638198
    src: https://disqus.com/home/discussion/operablogdesktop/private_opera_developer_42023920_update/#comment-2969632402

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.