A new bug affecting Google’s Chrome Browser has recently been spotted and reportedly uses up all of a computer’s resources on Windows 10, eventually causing the system to freeze up entirely. The exploit works via JavaScript and appears on the user-facing side as a phishing scam related to ‘tech support’. Specifically, it calls forward a dialog box claiming to be from ‘support.Windows.com’ and that a users computer is infected with a virus. That can be closed but is designed to loop rather than exiting. So even selecting options to stop new messages from appearing won’t work since it never actually stops running once a page affected by the bug is open. The scam also doesn’t stop if a user clicks through the fraudulent dialogue. That pushes Chrome’s resource usage in Windows 10 to the maximum level, with the code continuing to execute and loop in the background tying up more resources with each instance. Eventually, clicking through or attempting to exit the page results in the operating system itself becoming completely unresponsive.
Breaking the cycle is straightforward
This isn’t the first time Chrome has been impacted by a bug or subsequent new cyber attack. This type of scam is among the most common found on the web. Generally built on similar bugs to lock the user to a page, they typically ask for money to ‘solve’ the problem or collect user data in the background. Sometimes they do both but they rely on more credulous users to interact with the dialog in order to steal information in nearly every case. The primary difference here seems to be that the malicious programming is reliant on a separate bug related to JavaScript and that a loop is created with the apparent goal of crashing the user’s computer. While phishing and social engineering scams typically only allow for directed inputs leading victims forward through planned steps and locking other inputs, the latest bug seems to create a loop that continuously runs and executes new code while it’s up.
The solution to the problem is relatively straightforward and should be familiar to anyone who has encountered similar problems or needed to close software that wasn’t responding properly before. In effect, the JavaScript will only stop once the page is completely closed but since that can’t be accomplished by the usual means, users will need to kill Google Chrome from the Task Manager. That can be opened via a right-click on the system tray — located at the bottom left-hand side of the Taskbar — or by pressing “ctrl+alt+delete” and then selecting Task Manager. That will load up the tool in a second window, as long as enough resources are still available to run it, with a list of running services and apps under the ‘Processes’ tab. Clicking on any running instances of Google Chrome or GoogleChrome.exe before clicking the ‘End Task’ button at the bottom right-hand side of the window will close out the offending process or processes.
As long as the user hasn’t selected the Chrome setting to automatically restore opened tabs upon launch, the browser should then become usable again upon being relaunched. That setting can be found under Google Chrome’s three-dot menu and then under settings. It’s listed under the subheading ‘On Startup.’ After the page has been exited, it is a good idea to follow up by clearing cookies from browsing history to remove any cached processes that may have been left behind. Under the ‘Advanced’ settings in Chrome’s settings menu, users should find an option to ‘Clear Browsing Data’. Clicking that will load up the appropriate menu, containing options regarding what to delete and how far back to purge. Options for ‘Cookies and other site data’ as well as ‘Cached images and files’ should be selected and the ‘All Time’ option should be selected from the ‘Time Range’ drop-down menu. A click on the ‘Clear data’ button will clear out any remnants from the offending site. Finally, although this particular attack doesn’t appear to download anything, users should navigate to their preferred virus protection software and perform a scan to ensure that nothing malicious has been left behind.
Forward-looking fixes from Google
These specific kinds of problems stemming from bugs or exploitable features in a browser aren’t new by any stretch of the imagination but that doesn’t mean they all originate from the same bugs as before. Google has consistently rolled out fixes with each update to its browser and more recently placed more focus on the underlying features and bugs that can enable phishing scams. With Chrome 71, the company rolled out a number of fixes and policy changes that are intended to directly address abusive behaviors in advertisements and other web elements. It’s not clear whether or not any of those has any impact on the latest attack vector since the update hasn’t necessarily hit every user yet but that focus does appear to continue into the next several updates. For example, the beta channel for Chrome 72 — set to be released on January 29 — halts the loading of new pages when a user navigates away from a site regardless of whether pop-up blocking options are enabled.
Other changes are on the way too that should go a long way toward reducing the viability of these types of scams. That includes a crackdown on manipulation of a user’s history, used to insert additional ads or pages so that using the back button no longer takes the user away from a given site or page. That type of abusive practice can feasibly be utilized to perform similar attacks to that described above latest one but will no longer be possible following a future update. For now, the best practice is to avoid entering credit card data or other personal data in windows that appear suspicious. Since a company such as Microsoft or Google is not going to reach out to users with a pop-up window or similar elements unless the user is visiting one of the companies’ pages, those can all reasonably be considered malicious.