The release of Google Chrome 67 has reopened a "download bomb" bug that was exploited by tech support scammers last winter, and which had been fixed with the release of Chrome 65 in March 2018.

Furthermore, the issue also appears to affect other browsers as well, such as Firefox, Vilvadi, Opera, and Brave, according to tests carried out by Bleeping Computer.

"Download bomb" trick makes a comeback

The "download bomb" trick is a technique that involves initiating hundreds or thousands of downloads to freeze a browser on a specific page.

Across the years, there have been multiple variations of download bombs, and they have often been used by tech support scammers to trap users on shady sites that tried to lure victims into calling a tech support number to have their browser unlocked.

Over the winter, security researchers from Malwarebytes noticed a tech support scam campaign that employed a new "download bomb" technique to trap users on its shady sites.

That technique used the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to initiate thousands of downloads one after the other to freeze Chrome browsers on tech support sites.

Chrome freezes UI

Google devs were made aware of this campaign, and they fixed the issue starting in Chrome 65.0.3325.70.

But according to a reply in the original bug report of this issue, the problem has returned in Google Chrome 67.0.3396.87, released on June 12.

"This is broken again in 67.0.3396.87," said the user who spotted the problem. "[I] stumbled upon this issue by a malicious redirect to a scam site that froze my browser," he added.

Other users confirmed his findings that the recent Chrome releases are now susceptible to download bombs again.

Download bomb technique also affects other browsers

But the issue is also more widespread than initially thought. Jérôme Segura, the Malwarebytes security expert who first analyzed this issue in February, points out that Firefox is also affected.

Bleeping Computer used previous proof-of-concept (PoC) code for Chrome and Firefox browsers to test other browsers. According to our tests, Brave and Vivaldi freeze when running the PoC.

Opera froze for a short period, but it eventually allowed us to switch away from the PoC tab, although we needed to use the Windows Task Manager to close the browser, as the continuous downloads still happened in the background, jamming the rest of the interface afterward.

Our tests revealed that Microsoft Edge and Internet Explorer were not affected.

If you land on any tech support sites that use this trick and your browser is configured to open the last accessed site, it is possible to close the tech support site's tab before the download bomb kicks in.

This is because the tech support scam website loads the download bomb code after the entire page has loaded, giving users a few seconds to close the tab until the browser UI freezes.

Related Articles:

Scammers Use Facebook Sharer Page to Push Tech Support Scams

Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts

McAfee Tech Support Scam Harvesting Credit Card Information

Thousands of Compromised WordPress Sites Redirect to Tech Support Scams