Chrome flaw on iOS leads to 500 million unwanted pop-up ads

If you own an iOS device and use the Chrome browser, there is a chance during the last week that you’ve encountered some strange-looking advertising pop-ups.

According to company Confiant, which took a closer look at these campaigns, a typical message might look something like this:

Chrome flaw on iOS leads to 500 million unwanted pop-up ads 1

There are no rewards, of course, because these pop-up ads are run by a cybercrime and exist to generate revenue for the crooks – you don’t get to share the spoils.

But the bigger question that bugged Confiant’s researchers when they analysed the pop-ups was how they were bypassing Chrome’s iOS ad-blocking protection.

The volume of campaigns was massive  500 million pop-ups since 6 April 2019, apparently  featuring 30 adverts connected to a cybercrime group called eGobbler.

Aiming such a large volume of ads at the of one platform and browser, iOS Chrome, also looked a little unusual.

Sure enough, Confiant discovered the campaigns had found a way to beat Chrome’s pop-up blocker by exploiting a previously unknown and unpatched security vulnerability.

Google was told of the issue last week, which Confiant hasn’t yet explained in detail because it remains unpatched:

We will be offering an analysis of the payload and POC [proof-of-concept] exploit for this in a future post given that this campaign is still and the security bug is still unpatched in Chrome as of this blog post.

Chrome flaw on iOS leads to 500 million unwanted pop-up ads 2

You might also like More from author

Comments are closed.