Tech support scammers have started exploiting a two-year-old bug in Google Chrome to trick victims into believing their PC is infected with malware.
The bug was discovered in Chrome 35 in July 2014 in the history.pushState() HTML5 function, a way of adding web pages into the session history without actually loading the page in question.
The developer who reported the issue published code showing how to add so many items into Chrome’s history list that the browser would effectively freeze.
It’s taken a while for cybercriminals to get around to exploiting this bug, but they’re now using it in a new attack reported by researcher slipstream/RoL.
From the descriptions of those who fell foul of the attack, Chrome would pop up a 'Prevent this page from creating additional dialogs' window, after which the browser would lock up.