Personal Privacy

Adblock Plus Filters Can Be Used to Inject Malicious Code Into Websites

The Infinite Brief
An exploit has been discovered that could allow ad blocking filter list maintainers for the Adblock Plus, AdBlock, and uBlocker browser extensions to create filters that inject remote scripts into web sites.

This is not the first time filters have been used for malicious purposes. In 2018 a list maintainer added a filter for political reasons that blocked various union web sites in Finland that were conducting protests.

With ad blockers having a a user base of over 10 million installs, if malicious scripts were injected it would have a huge impact as they could perform unwanted activity such as stealing cookies, login credentials, causing page redirects, or other unwanted behavior.

Curated via Bleeping Computer

Leave a Response