Hackers can inject code into web pages if you use Adblock, Adblock Plus and uBlock

  • Thread starter Marc
  • Start date
Marc

Marc

"Marc's the sugar daddy of gaming" - Artisan 2020
Forum Management
If you're using Adblock, Adblock Plus or uBlock, you may want to consider deleting it until a patch has been released because hackers can exploit it to remotely inject arbitrary code into web pages you visit online.

I'm uncertain if a fix it live yet but I'm sure they're doing their best to roll out a patch, if not already.

The culprit of the exploit is a new filter option included in the newer versions of the ad blocking software:
ZdNet said:
An exploit has been uncovered in the filter systems of Adblock, Adblock Plus, and uBlock which may permit attackers to remotely inject arbitrary code into web pages.

Security researcher Armin Sebastian said in a blog post on Monday that the issue lies within version 3.2 of the Adblock Plus software which introduced a new filter option for rewriting requests in 2018.

This feature, also adopted by AdBlock and uBlock, is vulnerable to a security flaw deemed "trivial" to exploit by Sebastian, and the issue could potentially be leveraged in attacks including the theft of online credentials, session tampering, or page redirection.
Click to expand...
Source: https://www.zdnet.com/article/adblock-plus-filters-can-be-abused-by-hackers-to-execute-malware/
 
1) It's still being looked into and it's currently only a possibility.
2) Ublock origin doesn't even have the issue.
3) It's a mixture of web service vulns and the limited set of extensions.
4) It requires a specific set of curcumstancesto actually work.

It's not a major issue lol and far from the only vuln that has been found and eventually patched. And anyway, you should be using ublock origin as it is the superior adblocker :p
 
  • Like
Reactions: TerraKnight, Kaynil, Jisenku and 2 others
My first reaction was similar to "well... I guess I'm screwed" but it is a relief to hear that uBlock might not even have that problem.
Do you guys have any idea on how to minimize the likelihood of hitting the specific set of circumstances for the vulnerability to work? Like what kind of sites to avoid. From the article I just got Google Maps is one, though you don't really need the blocker active for it, I think.
 
You must log in or register to reply here.
Back
Top