Multiple Browsers Vulnerable to Download Bomb Technique
A vulnerability previously found in Google Chrome returned in the recent update to version 67, released on June 12, 2018. The flaw is believed to also affect Firefox, Opera, Brave, and Vivaldi browsers. Threat actors can target vulnerable browsers using a “download bomb” technique to initiate hundreds or thousands of downloads, freezing the browser on a specific web page. Versions of this technique have been used to trap users on malicious sites, often deployed in tech support scams. The NJCCIC recommends users of affected web browsers refrain from clicking on links to unknown sites or those from unknown senders, keep all hardware and software updated, run an up-to-date anti-virus/anti-malware program, and apply necessary updates to affected browsers if/when they become available.