Browser Download Bomb Attack Returned

As reported, Firefox, Opera, Vivaldi and Brave and Chrome are under thread
05 July 2018   1815

The release of the Chrome 67 browser has again opened a security hole that allows attackers to run so-called "downloa bombs" that was fixed in the Chrome 65. According to Bleeping Computer, vulnerabilities are also susceptible to the Firefox, Opera, Vivaldi and Brave.

What is the "download-bombs"?

Attackers use the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to force the browser to load one file at such a rate that the CPU load rises to 100% in 5-10 seconds. As a result, the program interface stops and the user can not close the browser or open another tab:

Download Bomb
Download Bomb

This attack is used by fake support sites that intimidate their victims with reports that data is being stolen from their computer, and to solve the problem it is necessary to report to the specified number.

Who is under threat?

After correcting the error in the version of Chrome 65.0.3325.70, it again appeared in the update on June 12, 2018 under the number 67.0.3396.87. And this time the threat is more serious: according to experts from Malwarebytes, Firefox is also at risk.

In addition, Bleeping Computer tested the proof-of-concept (PoC) code for Chrome and Firefox in other browsers and came to the conclusion that "download-bombs" also work in Vivaldi and Brave. Opera, unlike the others, did not freezed totally after the exploit and even allowed to switch the tab, but the working of PoC-page did not allow the interface to work properly, and the browser had to be closed through the "Task Manager".

According to the results of testing only Microsoft Edge and Internet Explorer were resistant to this attack.

Frontend News Digest 21 - 27.03

Embrace modern image formats, how to indicate scroll postion on page with CSS, integrate TypeScript with GraphQL and more
27 March 2020   2409

Greetings! I hope your week went great! Here's new frontend technologies news digest.

Learn how to use the currentColor value in CSS, how to debug a child process in Node and Gatsby.js with Chrome, how to Debug a Node.js Application: Tips, Tricks and Tools and other cool, useful and demanded things, related to all parts of frontend development.

Guides

  • Embracing modern image formats

Learn how modern images formats and <picture> element can reduce image sizes

  • How to use the currentColor value in CSS

A tutorial on a basic CSS feature, great for newbies

  • Indicating Scroll Position on a Page With CSS

This guide will teach you how to indicate scroll position, using only CSS

  • How to debug a child process in Node and Gatsby.js with Chrome

Learn how to patch `jest-worker`package used by Gatsby.js and by patching enable child process debugging using Chrome Dev Tools in this tutorial

  • Integrating TypeScript with GraphQL

Learn how to integrade TypeScript with GraphQL

  • How to Debug a Node.js Application: Tips, Tricks and Tools

Massive tutorial on Node app debugging, with some tips, that can be useful even for skilled developers

Articles

  • Full Third-Party Cookie Blocking and More (in Safari)

Safari’s Intelligent Tracking, has been in beta for some time, introduces significant privacy changes, including cross-site cookies now being blocked by default

Video

  • The Complete AEA DC 2019 Now Online

Giant number of different interesting speeches from An Event Apart session, that was realeased special in a pack for you to stay home

Updates

  • uppload

JS image uploader with 30+ plugins 

  • Node-SQLite

SQLite client library for Node.js applications 

  • Backstage

Open platform for building developer portals