// NEWS // A Flaw in Ad Blockers Can Execute Arbitrary Code
Security researcher Armin Sebastian found a flaw in the Adblock Plus, Adblock and uBlock operation. Since 2018, these extensions can rely on the "$ rewrite" option, which allows a filter to modify HTTP requests. Guardrails have been put in place to prevent this option from being exploited to execute malicious code.
The following criteria must be met for a web service to be exploitable using this method:
- The page must load a JS string using XMLHttpRequest or Fetch and execute the returned code
- The page must not restrict origins from which it can fetch using Content Security Policy directives, or it must not validate the final request URL before executing the downloaded code
- The origin of the fetched code must have a server-side open redirect or it must host arbitrary user content
What does this entail
Advertising blocker filters come from different sources and are collaboratively created by volunteers. It would be enough for one of these volunteers to introduce a malicious filter into the filter lists to be able to execute code on many users’ computer.
Alerted by the researcher, Google believes that the risk is not large enough to justify a modification of its mapping site.
A conclusion that the researcher does not share. He recommends using the uBlock Origin extension, which does not include the "$ rewrite" option.
I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!
This is my guide to secure your PC after a fresh installation of Windows
That's how you can be more Anonymous on the internet!
The future of Cyber-Security, what to expect?
The best crypto debit card – Wirex!
Your PC is slow? That's why!
Why is it important to be discreet on the Internet
Feel hot? Your computer also!
How an adware works?
That's how you should guard against Trojan!
What are the different types of hackers?