• Home
  • Apps
  • Apps News
  • AdBlock, AdBlock Plus, uBlock Filter Vulnerability Allows Arbitrary Code Injection in Browsing Sessions: Researcher

AdBlock, AdBlock Plus, uBlock Filter Vulnerability Allows Arbitrary Code Injection in Browsing Sessions: Researcher

Share on Facebook Tweet Snapchat Share Reddit Comment
AdBlock, AdBlock Plus, uBlock Filter Vulnerability Allows Arbitrary Code Injection in Browsing Sessions: Researcher

AdBlock Plus first introduced the $rewrite filter last year

  • The vulnerability lies in $rewrite filter used in ad blocking extensions
  • It allows malicious filter authors to steal online credentials
  • AdBlock, AdBlock Plus, uBlock extensions support $rewrite filters

A new alleged vulnerability has been discovered, this time in AdBlock, AdBlock Plus, and uBlock extensions. The vulnerability exists in a filter for rewriting requests (called $rewrite filter) that was introduced in AdBlock Plus first in July last year with v3.2. Under certain conditions the $rewrite filter option apparently enables filter list maintainers to inject arbitrary code in webpages. A malicious filter author can steal online credentials, tamper sessions, or redirect pages using this vulnerability.

Security researcher Armin Sebastian discovered the vulnerability, and he claims that the problem was introduced with the $rewrite filter option that was introduced last year. This filter allows ad blockers to remove tracking data, prevent forced ads by websites, and block circumvention attempts. The $rewrite filter option allows rewrites only within the same origin, and requests of SCRIPT, SUBDOCUMENT, OBJECT, and OBJECT_SUBREQUEST types are not processed.

However, under certain conditions, the Web servers can be exploited. These conditions include that the page must load a JS string using XMLHttpRequest or Fetch and execute the returned code, and the page must not restrict origins from which it can fetch using Content Security Policy directives, or it must not validate the final request URL before executing the downloaded code. The origin of the fetched code must also have a server-side open redirect or it must host arbitrary user content. If these conditions are met with, then malicious filter authors can inject malicious code. The researcher says that Gmail and Google Images also meet these listed conditions to be exploitable, and he even demoed how the security flaw could be triggered using Google Maps.

The $rewrite filter option is available on AdBlock Plus, AdBlock, and uBlock; and together they have more than 100 million active users, Sebastian claims. He adds that the vulnerability is "trivial to exploit", and can be used to attack any sufficiently complex Web service, including Google services. He added these attacks are said to be "difficult to detect and are deployable in all major browsers."

As a temporary workaround, Sebastian advises users to switch to uBlock Origin as it does not support the $rewrite filter option and it is not vulnerable to the described attack. He also advices ad blocking extensions to drop support for the $rewrite filter option.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: AdBlock, AdBlock Plus, uBlock
Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Amazon Targeted by Italy in Market Dominance Probe
Vodafone Brings Rs. 16 Prepaid Recharge Plan With 1GB Data for 24 Hours

Related Stories




© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com