In spite of Google’s crackdown on malicious and intrusive ads, scammers have been exploiting a bug in Chrome – and possibly, even Mozilla Firefox – to fool users. These scammers usually mislead users by posing as Microsoft’s official tech support and then asking them to pay for the fix.
The exploit, which was earlier discovered in February, locks users into a webpage crying wolf about the ISP blocking users. This is actually accomplished by downloading an executable file on a user’s PC without their permission. Soon after the file is downloaded, it installs in the background without the user’s permission by taking advantage of a flaw in Google Chrome.
As a result, the browser becomes unresponsive in a few seconds, with a dialog prompting users to call (an actually phony) phone number, which it claims to belong to Microsoft. When panicking users call the number, con artists dupe them by posing as Microsoft’s tech support and forcing them to share their credit card details in exchange for fixing the issue. The executable file is usually downloaded by clicking on bogus or misleading ads.
The issue had apparently been fixed in Chrome 65 which came out in Chrome 65 but seems to have reappeared with the latest version i.e. Chrome 67. Anti-virus provider Malwarebytes, which first found the bug in February reports that Mozilla could be susceptible to it as well.
Meanwhile, Bleeping Computer confirms that Vivaldi and Brave browsers also freezes on the exploit while Opera stays frozen but only for a short period. Microsoft Edge and Internet Explorer were found not to be affected by the malicious program.
Google has acknowledged the problem and said that it is fixing the issue while Mozilla is also investigating the impact on its browsers. But as a user, one must try to avoid click-baits and too-good-to-be-true advertisements. As far as this flaw is concerned, you can simply kill the browser using Task Manager on Windows or Force Quit on Mac.