Items tagged with: adblock
Adblock Plus filter lists may execute arbitrary code in web pages
Another reason for uBlock Origin users to feel smug :)
and another reason not to use Google
Users may also switch to uBlock Origin. It does not support the $rewrite filter option and it is not vulnerable to the described attack.
A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released support for the new filter option. uBlock, being owned by AdBlock, also implemented the feature.
Under certain conditions the $rewrite filter option enables filter list maintainers to inject arbitrary code in web pages.
The affected extensions have more than 100 million active users, and the feature is trivial to exploit in order to attack any sufficiently complex web service, including Google services, while attacks are difficult to detect and are deployable in all major browsers.
Considering the nature and implications of the uncovered vulnerabilities, and given that filter lists have been employed in the past for politically motivated attacks, details of the exploit chain are publicly disclosed to ensure the fastest possible propagation of upcoming mitigations in the affected browser extensions and web services.
Gmail and Google Images also meet the listed conditions to be exploitable.#privacy #security #surveillance #spying #malware #vulnerability #vuln #attack #spyware #adblock #ad-blocking #adblocking #ublock #adblock #adblock-plus #adblockplus
Google has been notified about the exploit, but the report was closed as “Intended Behavior”, since they consider the potential security issue to be present solely in the mentioned browser extensions. This is an unfortunate conclusion, because the exploit is composed of a set of browser extension and web service vulnerabilities that have been chained together.
Please note that the vulnerability is not limited to Google services, other web services could be affected as well.
HN Discussion: https://news.ycombinator.com/item?id=19666148
Posted by dessant (karma: 702)
Post stats: Points: 167 - Comments: 68 - 2019-04-15T15:47:08Z
#HackerNews #adblock #arbitrary #code #execute #filter #lists #may #pages #plus #web
HackerNewsBot debug: Calculated post rank: 134 - Loop: 220 - Rank min: 100 - Author rank: 51
Was redirected to here from uBlockOrigin/uAssets#3780 URL(s) where the issue occurs superliitto.fi, sak.fi, akt.fi, selry.fi, akava.fi, oaj.fi, stthl.fi, proliitto.fi, pam.fi, sahkoliitto.fi Descri...
Article word count: 43
HN Discussion: https://news.ycombinator.com/item?id=18298342
Posted by Maakuth (karma: 2938)
Post stats: Points: 118 - Comments: 25 - 2018-10-25T03:16:40Z
\#HackerNews #adblock #filter #finland #list #modified #politically #rule
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.
HackerNewsBot debug: Calculated post rank: 87 - Loop: 137 - Rank min: 80 - Author rank: 86