While you would think that after a bug has been exploited by scammers that it’s never going to work again, that’s just not the case. They just keep continuing to find victims. An old Chrome bug has been taken advantage of once again by scammers trying to hit unwitting users with tech support scams.
Earlier this year scammers took advantage of a Chrome bug to freeze the browser while convincing users at the same time to place a call to Microsoft to contact tech support regarding a fake error message. They hoped to convince users their only way out of the mess was to get paid help.
The scam utilized the programming interface “window.navigator.msSaveOrOpenBlog”. The scammers combined the API with other functions to force Chrome to save a file to disk repeatedly at really quick intervals – so fast in fact that users couldn’t detect what was happening.
The browser then became unresponsive after five to ten seconds of this, while users viewed pages that resembled an error code sent by Microsoft with a phone number to call. Users were warned if they ignored it, they could do further damage to their PC.
Of course the phone number provided wasn’t to Microsoft – it was a direct line to the scammers. They worked on getting a credit card number by telling the users that they could provide tech support to fix this problem.
Google was supposed to have solved this issue when they released Chrome 65; however, with the release of Chrome 67, Ars Technica reports that the bug appears to be back again. The scammers have already found it and are once against setting their scams in motion.
Some users are saying a similar scam is working with Firefox. This bug doesn’t seem to be fixed. Brave and Vivaldi browsers have been shown to freeze with this bug as well, but the experts testing it were able to get out of the freeze themselves. Microsoft Edge and Internet Explorer were not affected.
Google and Firefox Response
“We are aware of the issue and are working on addressing it.,” said a Google representative. Similarly, a Firefox representative said, “We do intend to address this item. We are working towards completion of our Q3 priorities, and this is among them. This update will be pushed to nightly for verification of the fix’s efficacy. The bug reporter will automatically be notified of that work in process.”
If you get caught in such a scam, the important thing to do is remember that it’s a scam and not call that number that shows up on the screen.
Ars Technica reports that if you are not able to get out of the browser freeze, that you can still use the Windows Task Manager (control-alt-delete) on a PC and can use the macOS Force Quit feature (either through the Apple menu or with Command-Option-Escape) to clear the problem.
Scammers Gotta Scam
It’s not surprising that the scammers have returned to the bug as soon as it appears again. It just seems to be the nature of their “business,” if you can call it that. As long as there is computers in this world, we’ll have our share of scammers.
Were you hit with this Chrome/Firefox bug at either time, whether recently or earlier this year? Sound off in the comments section and let us know if you were a victim and how you got out of it.