Scammers try to convince victims to call ‘helpdesk’ by freezing PC with 2 year old unfixed HTML5 bug

vbimport

#1

We’ve just posted the following news: Scammers try to convince victims to call ‘helpdesk’ by freezing PC with 2 year old unfixed HTML5 bug[newsimage]http://www.myce.com/wp-content/images_posts/2016/11/header-900x506-95x75.png[/newsimage]

Cybercriminals, who pretend to be from Microsoft, have found a new method to scam internet users. Through a HTML5 bug Google’s Chrome they can freeze the computer after which the a web page is shown to the victim that tries to convince him to call a ‘helpdesk’.

            Read the full article here: [http://www.myce.com/news/scammers-try-convince-victims-call-helpdesk-freezing-pc-2-year-old-unfixed-html5-bug-80805/](http://www.myce.com/news/scammers-try-convince-victims-call-helpdesk-freezing-pc-2-year-old-unfixed-html5-bug-80805/)

            Please note that the reactions from the complete site will be synched below.

#2

a known HTML5 bug in Google Chrome since 2014
Most important line to know and to remove and clean all traces of Chrome… And users talk how secure Chrome and Html5 is and I was right all along Html5 was just as buggy-worse part they knew since 2014. But still touted how more secure Html5 was then Flash or Java. What a joke…


#3

Well, they put hundreds or thousands of urls in the url-cache of Chrome to exploit it from what I understand. While it was indeed reported to Google in 2014, the vulnerability was marked as a lesser risk factor and so has not been fixed.
It is not so much a bug in HTML5, more isolated to the way Chrome handles this if I got it correct.
With that said, we are bound to see severe bugs and exploits also in HTML5. It is to be expected for any technology that sees widespread use. :wink:


#4

[QUOTE=Xercus;2783216]Well, they put hundreds or thousands of urls in the url-cache of Chrome to exploit it from what I understand. While it was indeed reported to Google in 2014, the vulnerability was marked as a lesser risk factor and so has not been fixed.
It is not so much a bug in HTML5, more isolated to the way Chrome handles this if I got it correct.
With that said, we are bound to see severe bugs and exploits also in HTML5. It is to be expected for any technology that sees widespread use. ;)[/QUOTE]
Either case they touted it more secure but they knew the problem already doesn’t inspire confidence when the problem no matter how small can be exploited-a exploit is a exploit and doesn’t take much to do alot of damage in this day and age of instant computing. But to know and not address it and still say html5 is more secure is also misleading to the public at large.


#5

This time the criminals have found a method that abuses a known [B]HTML5[/B] bug in Google Chrome that consumes all memory and CPU cycles from the computer. When the bug, already known to Google since 2014, is exploited, it makes the computer freeze. The actual code that freezes the computer consists of only 7 lines of [B]Javascript[/B] code.
You do realize that HTML5 != JavaScript, right? Although they are frequently used together, they are [B]not[/B] the same language. Therefore, the title of this article should read “Scammers try to convince victims to call ‘helpdesk’ by freezing PC with 2 year old unfixed [B]JavaScript[/B] bug”.

[QUOTE=coolcolors;2783221]Either case they touted it more secure but they knew the problem already doesn’t inspire confidence when the problem no matter how small can be exploited-a exploit is a exploit and doesn’t take much to do alot of damage in this day and age of instant computing. But to know and not address it and still say html5 is more secure is also misleading to the public at large.[/QUOTE]If nothing else, at least HTML5 bugs and JavaScript bugs are not universal like Flash Player bugs. A Flash Player bug can affect people on all browsers and platforms, whereas a Chrome JavaScript bug can only affect Chrome users, while Firefox bugs only affect Firefox users, Safari bugs only affect Safari, etc.

Still, if two years is not enough for Google to fix this bug, maybe Chrome users should think twice about using Chrome. there’s obviously something wrong with your development process if two years of frequent updates aren’t enough to squash a two-year-old bug.


#6

Ë„ :iagree: two years is a long time to fix a bug small or big.

In all honesty though, Google is currently putting loads of work into doing the browser more secure which is good. In my book however, Chrome is still the worst of the top three securitywise…