A bug in Google Chrome that was initially fixed back in version 65 has reappeared in version 67, allowing bad actors to scam users out of personal information and money. The social engineering attack effectively utilizes a portion of a subroutine, also found in Mozilla’s Firefox, using either a hack or taking over advertising to display an error message in place of a website. The message warns users about a problem with their computer and then forces the download of a file, filling up memory until the browser itself crashes. A phone number is displayed for the user to call in order to “fix” the problem. Of course, the contact details are fake and users who call or email are asked to submit sensitive or bank account information. Ultimately, the malicious entities involved in the attack can steal either the responding user’s money or identity. The messages are generally claimed to be from a widely-known technology company such as Microsoft.
Google, for its part, is reportedly aware of the bug and working to implement a fix as quickly as possible but Mozilla has also said that it is investigating the issue. There’s no timeframe associated with that fix and users should not respond to any error messages via the provided contact information regardless of how legitimate the message may appear to be. For those who are concerned that a warning message may be valid, legitimate contact information for a company like Microsoft can typically be found via its respective website. In the meantime, the problem appears to be predominantly affecting U.S. users and the desktop variations of the browsers. That doesn’t mean that users outside of the region or on mobile can’t be impacted, however, so it’s a good idea to vet any warning messages thoroughly in any case.
With regard to solutions to the problem, there don’t appear to be many. If a social engineering message causes a browser to crash, users will need to end all processes associated with the software. On Windows, that can be accomplished with the task manager while Mac OS users will need to use that systems Force Quit feature. It may also be a good idea to clear any and all cookies since advertising cookies can be left even after a forced restart of the program. On Chrome, that can be found by navigating to the three-dot menu at the top left-hand corner and then clicking settings. Users will need to scroll down and click “Advanced” before selecting the “Clear browsing data” option. After ensuring that the boxes for cookies and cached data have been selected, pressing “Clear Data” should, at least temporarily, resolve the problem.