2 year old Unpatched Chrome bug, Tech Scammers are using

[Ink]

Tech support scammers have started exploiting a two-year-old bug in Google Chrome to trick victims into believing their PC is infected with malware.

The bug was discovered in Chrome 35 in July 2014 in the history.pushState() HTML5 function, a way of adding web pages into the session history without actually loading the page in question.

The developer who reported the issue published code showing how to add so many items into Chrome’s history list that the browser would effectively freeze.

Continue Reading - Tech support scammers bite Chrome users with forgotten 2014 bug

 

[Wave]

Hmm, interesting, Google should focus on fixing this; they should have focused on a fix years ago IMO.

The developer who reported the issue published code showing how to add so many items into Chrome’s history list that the browser would effectively freeze.

In the background make a loop and recursively call the function; would result in the stack up for the history and eventually cause a crash (estimation of how the founder of the vulnerability did the freeze/crash).

 

[Jake Miguel]

There are various reasons that something can go wrong when Chrome tries to render a web page and the “Aw Snap!” is the catch-all error for those problems.

Typically these problems can be divided into two categories:

1. Something wrong with the page data (e.g. the HTML, or cached HTML or proxied HTML) which is why reloading can sometimes solve the problem.
2. Something wrong with the system (e.g. computer out of memory, problem with the Internet connection, Chrome executing in corrupted state) which is often fixed by rebooting.

 

[ForgottenSeer 55474]

They should have closed that loop hole years ago

 

[Wave]

They should have closed that loop hole years ago

Maybe they just don't have the expertise to actually patch the vulnerability, but did try. Who knows.