For combating all the annoying advertisements, having robust ad blockers like Adblock Plus, Adblock and uBlock can seem imperative for some. However nowadays such mitigation can pose an actual threat to your online security. A researcher found a vulnerability in the Adblock Plus filter, he discovered that the filter could let a potential attacker execute arbitrary code during browsing sessions.
Adblock Plus Filter Allows Arbitrary Codes
A researcher has found an Adblock Plus filter vulnerability. As reported, this filter allows arbitrary code injection in web pages. This allegedly exposes users to malicious code during browsing sessions.
The researcher Armin Sebastian publicly shared his findings along with the technical attack details in a blog post. According to his discovery, the problem exists with the rewrite filter launched in 2018 with Adblock Plus version 3.2. This filter supposedly enables filter lists maintainers and browser extensions developers to inject codes in web pages.
“The filter option empowers extension publishers and filter list operators to attack specific users on the fly, without the need to release a malicious version of the extension, or publish the offending filter to a public filter list that is easily auditable.”
For now, Sebastian reported that the affected extensions presently have over 100 million active users. He also states that exploiting this feature is trivial for a potential threat actor. He publicly disclosed the matter to ensure the fastest possible mitigation.
Since Adblock and uBlock also implemented the same filters, these two are also vulnerable. However, uBlock Origin remains unaffected by this attack.
Adblock Plus Responds To The Matter
After Sebastian’s blog surfaced online, Adblock Plus quickly responded to it. In an updated article, they acknowledged the existence of the flaw. However, they deemed it an ‘unlikely scenario’, considering their regular monitoring of the filter lists and vetting process for all filter lists authors. They also stated there was no known active abuse of the rewrite filter option, marking the Adblock Plus users safe from such threats.
Nonetheless, they pondered over Sebastian’s suggested mitigations and decided to remove the rewrite filter.
“Despite the actual risk being very low, we have decided to remove the rewrite option and will accordingly release an updated version of Adblock Plus as soon as technically possible.”
They are also considering to implement more security features, such as limiting filter lists to https.
Take your time to comment on this article.