How to Avoid Chrome ‘Download Bomb’
Google’s latest update to its Chrome browser re-enables the ‘Download Bomb’ vulnerability. Version 67 removes the fix applied by Version 65 in March 2018. So what does that actually mean and what can you do about it?
What is a Download Bomb?
A Download Bomb is a nasty trick that causes your browser to initiate hundreds of downloads at once and eventually freeze up. It has previously been used to trap victims on a certain page by scammers who offer a phone number they can call to unlock their browser.
Malwarebytesin late 2017 discovered this technique was being used by scammers masquerading as tech support. Google then patched the vulnerability in Chrome version 65.0.3325.70.
Why is this a problem again?
The fix that was applied in Chrome version 65 has been removed in version 67, meaning updated browsers are once again vulnerable to this flaw.
Which browsers are affected by the Download Bomb threat?
Not just Chrome actually, alsoFirefox, Vilvadi, Opera and Brave, according to tests conducted byBleeping Computer.
How can I protect my computer from Download Bomb attacks?
Use an ad blocker
Malwarebytes claims that most of these Download Bomb type of threats are distributed via malicious advertising, and as such the use of an ad blocker can help avoid such attacks. You can downloadAdBlockfor free from the Chrome app store, but please remember to whitelist sites you trust that rely on funding through legitimate adverts.
Use Microsoft Edge
In Bleeping Computer’s testing it noted that Microsoft Edge and Internet Explorer were not affected by this specific vulnerability.
Try the Task Manager
If you’ve already stumbled across a Download Bomb, on Windows you can bring up the Task Manager by hitting Ctrl + Alt + Del and selecting that option. Use this to force-quit any browser processes.
Downgrade Chrome
This isn’t something we particularly advise, given that each new version applies patches to other flaws, but you can downgrade Chrome by uninstalling it and reinstalling a version somewhere between65.0.3325.70 when the vulnerability was fixed and 67.0.3396.87 when it was broken. Remove your current version via Add/Remove Programs, thendownload previous Chrome installation fileshere.
Install some security software
This threat is simply the latest in a long line, so it pays to always make sure you have adecent antivirus productinstalled on your machine. Be sure to keep it up to date and run regular scans.
Author: Marie Black, Editorial Director, International
Marie is Editorial Director at Foundry. A Journalism graduate from the London College of Printing, she’s worked in tech media for almost 20 years, covering all types of consumer tech from smartphones and their accessories to smart home gear. These days she manages our international editorial teams and leads on content strategy, having witnessed first-hand Foundry’s transition from print, to digital, to online - and beyond.
