A new exploit discovered in Adblock Plus, AdBlock, and uBlocker browser extensions would allow hackers to inject malicious scripts into the blockers according to Security Researcher Armin Sebastian.
Researcher: Adblock, Adblock Plus, uBlock browser extensions could have let providers of filtering lists run arbitrary code in sites; uBlock Origin not affected (@thomasclaburn / The Register)https://t.co/fOF81qeCNfhttps://t.co/2sHuUK1R9p
— Techmeme (@Techmeme) April 16, 2019
Usman Rahim, Digital Security & Operations Manager at The Media Trust:
“Blockers have risen in popularity not only among consumers, but businesses. And for very good reasons. To begin with, they promise to block annoying or criminal elements. The problem is they may not live up to their promise, such as when bad actors inject malicious code that reprograms a blocker to steal from site visitors. Blockers were never meant to be a complete solution, and are only as good as their code and data. For companies that use blockers as their only security measure, the stakes are even higher as are the ways these blockers can go awry. While blockers promise a simple, convenient solution, they can’t stand alone against today’s malware attacks. For starters, they are often dependent on third party data feed. If that feed is incomplete or out of date, the blocker will fail. Blockers can also fail when they are improperly implemented. In today’s difficult security environment, where there are too many points of failure and attack vectors, the best defense is a multipronged approach that combines a blocker that is fed frequently updated first party data with continuous scanning that can help identify unknown or out-of-the-box threats.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.