CyberTech

Level 21
Verified
An exploit has been discovered that could allow ad blocking filter maintainers for the Adblock Plus, AdBlock, and uBlocker ad blockers to create rules that inject remote scripts into web sites.

With a user base of over 10 million users, injecting malicious scripts would have a huge impact as the scripts would be able to perform a variety of malicious functions such as stealing cookies, login credentials, causing page redirects, or other unwanted behavior.

This is possible through the $rewrite filter option that was added to Adblocker Plus 3.2 in 2018 and then subsequently added to the AdBlock and uBlock extensions.

The $rewrite rule allows you replace a web request that matches a particular regular expression with another URL. The only caveat is that the replacement string must be a relative URL, which means it does not contain a hostname, and when rewritten must be in the same origin domain as the original request.
More information
 

Gandalf_The_Grey

Level 14
Verified
Many web browser extensions = many vulnerabilities. Every extension can be exploited and there is no anti-exploit feature for extensions in web browsers. This should be taken into account by the users who installs 10 extensions to enhance security.:giggle:
Correct, but what do you suggest when using HC and Windows Defender?
I have added and adblocker AdGuard (extension) and Emsisoft Browser Security to all used browsers.
 

Windows_Security

Level 22
Content Creator
Trusted
Verified
Bleeping Computers said:
The $rewrite rule allows you replace a web request that matches a particular regular expression with another URL. The only caveat is that the replacement string must be a relative URL, which means it does not contain a hostname, and when rewritten must be in the same origin domain as the original request.
In the 70-ties there was a popular kids-program in the Netherlands called the Fairy Tale's Newspaper at the end a wise owl told the kids to go to sleep without fear for the night.
 

Burrito

Level 11
Verified
In the 70-ties there was a popular kids-program in the Netherlands called the Fairy Tale's Newspaper at the end a wise owl told the kids to go to sleep without fear for the night.

Yeah, but Windows_Security.... if you look closely, the wise old owl 'kept one eye open.' He didn't sleep soundly, blinking one eye open to look for danger.

Even though it's unlikely... that code would be rewritten in the same origin domain as the original request... maybe the owl is still telling all AdBlock Plus users to sleep with one eye open.

Maybe. :LOL:

--------
Edit:
Since English expressions are not universally known, here is the explanation for "Sleeping with one eye open."
sleep with one eye open
 
Last edited: