If you use an adblocker to avoid pesky ads from popping up on your web browser, your security might be at risk.
According to security researcher Armin Sebastian, a major flaw was recently discovered in ad blocking extensions commonly used in internet browsers. Most adblockers use a “blacklist” to block certain types of ads that pop up when you open a webpage. This flaw uses the blacklist to inject malware on to a website, instead of simply blocking the ad.
Sebastian goes on to say that “Under certain conditions the rewrite filter option enables the filter list to inject arbitrary code in web pages”. Anyone capable of exploiting this flaw in an ad blocker could very easily engage in all sorts of malicious activity, such as rob you of your online logins. He further shed light on the fact that this exploit is hard to detect and is easily capable of comprising even Google’s own suite of services (Gmail, Google maps, YouTube).
This flaw is trivial to exploit and is deployable in all major browsers, and given how commonly these extensions are used, it’s estimated to put at least 100 million users at risk.
Popular ad blockers like Adblock, Adblock Plus and uBlock are all vulnerable, ever since the new filter option was added in the July 2018 update.
Adblock Plus, meanwhile, has acknowledged the issue and admits that it’s a serious matter, saying: “Despite the actual risk being very low, we have decided to remove the rewrite option and will accordingly release an updated version of Adblock Plus as soon as technically possible.”