Download Bomb Bug Discovered Again in Google Chrome 67

Last updated June 14, 2021
Written by:
Nitish Singh
Nitish Singh
Tech News Writer
Image Courtesy of MalwareBytes

The Download Bomb Bug that was discovered in Google Chrome 65 in March 2018 has made a comeback to Google Chrome 67 and has the potential to affect popular browsers like Vivaldi, Opera, Firefox, and Brave. The bug initiates hundreds of thousands of downloads on web browsers with the intent of freezing users on scam tech support websites. Microsoft Edge and Internet Explorer are unaffected by the bug. Users who have their web browsers frozen are prompted by the scam websites to call a tech support number to unfreeze their browsers.

https://twitter.com/jeromesegura/status/1010265863365115904

Malwarebytes security Analyst Jérôme Segura who analyzed the Download Bomb bug in February reveals other web browsers are also affected. However, the bug does not affect all browsers as effectively. While Internet Explorer and Microsoft Edge are completely unaffected, the bug freezes Opera only temporarily. Vivaldi and Brave are affected too but closing the processes from Windows Task Manager stop the background downloads, unlike Chrome.

Even when users close Google Chrome using Windows Task Manager, the downloads continue to run in the background, which freezes the browser upon a restart. Users should use Command Prompt instead to manually close the app using the taskkill /f /im chrome.exe command.

The bug does trigger on its own, and it requires users to manually visit the scam tech support websites to trigger the JavaScript Blob method. The scam websites can also deploy advertisements that redirect users into the bug. Users should be careful about the websites they visit and also avoid shady tech support websites to prevent the issue from affecting them. You can also use other web browsers to be safe until the vulnerability is patched.

Users should change their browser settings to prevent the last opened websites from reopening upon a browser restart. It will prevent the scam websites from re-opening when you restart your browser. Google has already listed the Download Bomb bug under its list of known issues for the Google Chrome 67 build and should be pushing an update soon to remove the vulnerability.

Have you run into the Download Bomb bug?  Let us know in the comments below. Also, to get instant tech updates, Follow TechNadu’s Facebook page, and Twitter handle.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: