Skip to main content

I think the new #zombieload exploit is yet another reason why you NEED to be using #adblock (ideally #ublockorigin). The main exploit vector is rogue #Javascript, coming from ad servers.

That'd be nice if it were true, but you can't trust ANY JS, not just ads delivered through JS. Even something as benign as those badges boasting that a site conforms to some set of security standards has been detected serving up TWO keyloggers.
While the latest MDS issues up the stakes (as if meltdown, spectre, L1TF, and foreshadow weren't already enough), the best approach is not running any JS

Ideally, yeah, but most exploits are going to come from ads.

probably, but you get the benefit of faster browsing and more battery life by blocking "legitimate" untrusted and unverified code delivered from gods know where