• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Adblock(Plus), uBlock Filters Can Be Exploited to Run Malicious Code

P4-630

The Way It's Meant to be Played
Joined
Jan 5, 2006
Messages
9,534 (1.95/day)
Location
Vinewood
System Name Desktop / Laptop
Processor Intel i7 6700K @ 4.3GHz (1.180 V) / Intel i3 7100U
Motherboard Asus Z170 Pro Gaming / HP 83A3 (U3E1)
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut + 5 case fans / Fan
Memory 16GB DDR4 Corsair Vengeance LPX 3000MHz CL15 / 6GB DDR4 Samsung 2400MHz CL15
Video Card(s) MSI GTX1070 Gaming X 8GB / Intel HD620
Storage Samsung 970 Evo 500GB + Samsung 850 Pro 512GB + Samsung 860 Evo 1TB / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p + 21.5" LG 22MP67VQ IPS 60Hz 1080p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) SupremeFX Onboard / Realtek onboard + B&O speaker system
Power Supply Be quiet! Straight Power 10 500 Watt CM / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 10 / Windows 10
An exploit has been discovered that could allow ad blocking filter list maintainers for the Adblock Plus,
AdBlock, uBlock and uBlocker browser extensions to create filters that inject remote scripts into web sites.
With ad blockers having a a user base of over 10 million installs, if malicious scripts were injected it would have a huge impact as they could perform unwanted activity such as stealing cookies,
login credentials, causing page redirects, or other unwanted behavior.

https://www.bleepingcomputer.com/news/security/adblock-plus-filters-can-be-exploited-to-run-malicious-code/

UBlock Origin seems unaffected as it doesn't use the $rewrite-function.
https://tweakers.net/nieuws/151612/filterlijsten-voor-meerdere-adblockers-zijn-te-misbruiken-voor-code-injectie.html
 
Last edited:
Joined
Sep 17, 2014
Messages
8,846 (5.17/day)
Location
Too Long to fit in a single line here.
Processor i7 8700k 4.7Ghz @ 1.26v
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) MSI GTX 1080 Gaming X @ 2100/5500
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Eizo Foris FG2421
Case Fractal Design Define C TG
Power Supply EVGA G2 750w
Mouse Logitech G502 Protheus Spectrum
Keyboard Sharkoon MK80 (Brown)
Software W10 x64
Another reason to get Ublock Origin, its not like the alternatives were that great to begin with.
 

FreedomEclipse

~Technological Technocrat~
Joined
Apr 20, 2007
Messages
19,164 (4.34/day)
Location
London,UK
System Name Codename: Icarus Mk.IV
Processor Intel 8600k@4.8Ghz
Motherboard Asus ROG Strixx Z370-F
Cooling Corsair H105 {2x Corsair ML 120 Pro}
Memory 16 Corsair Vengeance White LED DDR4 3200Mhz
Video Card(s) Gigabyte 1080Ti Gaming OC|Accelero Xtreme IV
Storage Samsung 970Evo 512GB SSD (Boot)|WD Blue 1TB SSD|2x 3TB Toshiba DT01ACA300
Display(s) Asus PB278Q 27"
Case Corsair 760T (White) {1x Corsair ML120 Pro |3x ML140 Pro}
Audio Device(s) Creative SB Z {AVR:Yamaha RX-V573|Speakers: JBL Control One|Auna 300-CN|Wharfedale Diamond SW150}
Power Supply Corsair AX760
Mouse Logitech G900/G502
Keyboard Duckyshine Dead LED(s) III
Software Windows 10 Pro
Benchmark Scores (ノಠ益ಠ)ノ彡┻━┻
good thing i switched to Ublock Origin a long time ago. I made the switch when adblock started taking payments to allow ads from certain companies or on certain websites -- Nope. I use an adblocker to block ads not carry on allowing them to pop up.
 
Joined
Sep 17, 2014
Messages
8,846 (5.17/day)
Location
Too Long to fit in a single line here.
Processor i7 8700k 4.7Ghz @ 1.26v
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) MSI GTX 1080 Gaming X @ 2100/5500
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Eizo Foris FG2421
Case Fractal Design Define C TG
Power Supply EVGA G2 750w
Mouse Logitech G502 Protheus Spectrum
Keyboard Sharkoon MK80 (Brown)
Software W10 x64
good thing i switched to Ublock Origin a long time ago. I made the switch when adblock started taking payments to allow ads from certain companies or on certain websites -- Nope. I use an adblocker to block ads not carry on allowing them to pop up.
Yeah that sealed the deal for me too, I used to have ABP until they announced that. Its so fundamentally wrong for an adblocker to start accepting payments to filter certain things and allow others.
 
Joined
Dec 10, 2014
Messages
62 (0.04/day)
Location
Nowy Warsaw
System Name SYBARIS
Processor Intel® Core™ i5 2400
Motherboard Intel® Desktop Board DH61WW B3
Memory Kingston KVR1333D3N7/4G
Video Card(s) Sapphire Nitro+ RX 470 4GB
Storage WD Black WD1003FZEX 1TB + Crucial MX500 500GB
Display(s) LG 22MP68VQ-P 22" 75hz IPS
Case In Win Mana 136
Audio Device(s) HyperX Cloud X | iVOOMi iVO-169SUFBT 2.1
Power Supply Cooler Master G550M
Mouse Logitech G102 Prodigy | Logitech G402 Hyperion Fury
Keyboard Tt eSPORTS COMMANDER Gaming Gear Combo
Software Windows 10 Enterprise x64 1809
Seriously the guy developing uBlock Origin is awesome. Presence is almost every browser out there and he/she doesn't even take a dime. He doesn't even wanna take donation so as to not get attached to what he considers a hobby. I'm gonna be sad the day he abandons it :(
 
Joined
Jul 21, 2015
Messages
468 (0.33/day)
I recommend using a Pi to run the home DNS server "PiHole". It can use the Ublock Origin lists and many others.
It uses some of the same domain lists, but PiHole and uBO are two entirely different animals that complement each other. Most of uBO's lists by their nature do not work in PiHole. PiHole is a DNS blocker that can only block whole domains, while uBO is an element blocker - it can block certain elements from a particular domain while allowing others. This is why uBO can block for example inline ads on Youtube while PiHole can not.
 
Last edited:
Joined
Jul 31, 2014
Messages
473 (0.27/day)
System Name Diablo | Baal | Mephisto | Andariel
Processor i5-3570K@4.4GHz | 2x Xeon X5675 | i7-4710MQ | i7-2640M
Motherboard Asus Sabertooth Z77 | HP DL380 G6 | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Cooling Swiftech H220-X | Chassis cooled (6 fans + HS) | dual-fanned heatpipes | small-fanned heatpipe
Memory 32GiB DDR3-1600 CL9 | 96GiB DDR3-1333 ECC RDIMM | 32GiB DDR3L-1866 CL11 | 8GiB DDR3L-1600 CL11
Video Card(s) Dual GTX 670 in SLI | Embedded ATi ES1000 | Quadro K2100M | Intel HD 3000
Storage many, many SSDs and HDDs....
Display(s) 1 Dell U3011 + 2x Dell U2410 | HP iLO2 KVMoIP | 3200x1800 Sharp IGZO | 1366x768 IPS with Wacom pen
Case Corsair Obsidian 550D | HP DL380 G6 Chassis | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Audio Device(s) Auzentech X-Fi HomeTheater HD | None | On-board | On-board
Power Supply Corsair AX850 | Dual 750W Redundant PSU (Delta) | Dell 330W+240W (Flextronics) | Lenovo 65W (Delta)
Mouse Logitech G502, Logitech G700s, Logitech G500, Dell optical mouse (emergency backup)
Keyboard 1985 IBM Model F 122-key, Ducky YOTT MX Black, Dell AT101W, 1994 IBM Model M, various integrated
Software FAAAR too much to list
Joined
Aug 13, 2010
Messages
4,285 (1.34/day)
Imagine if there was a browser, that was like incredibly fast, free and has a built in blocker for ads and tracking.
Imagine if the founder of Mozilla would make such thing and call it like "brave" or something, and using it will make Chrome and FF look like a joke
 

Robotics

New Member
Joined
Aug 26, 2016
Messages
27 (0.03/day)
Imagine if there was a browser, that was like incredibly fast, free and has a built in blocker for ads and tracking.
Imagine if the founder of Mozilla would make such thing and call it like "brave" or something, and using it will make Chrome and FF look like a joke
Not the same. One of them has a 3. party and the other has already built in its own engine source when it was established.
 
Joined
Mar 24, 2019
Messages
56 (0.89/day)
Location
Denmark - Aarhus
Processor I-7 3770k
Motherboard Asrock Z77 Extreme 9
Cooling 240 mm water
Memory 32 gb 2600 ddr3
Video Card(s) Evga 1080 gtx OC
Storage Ssd ´s in raid.
Display(s) Benq 2770l
Case corsair obsidian 650d
Audio Device(s) Logitech Z-2300 THX-Certified 2.1 Speaker
Power Supply XFX Pro 750
Mouse G900
Keyboard Hyper x
Software win 10
THX, changed to ublock.
 
Joined
Aug 11, 2014
Messages
500 (0.29/day)
Processor ryzen 5 1600 @ 4.05ghz smt off / 4.025ghz smt on
Motherboard asrock b350m pro4 with asrock x370m pro4 bio
Cooling arctic cooler 240mm
Memory Super Talent F3200UA8G x2 (16gbs total) @ 3200mhz cl16-17-17-17-34 1.40v
Video Card(s) PNY XLR gtx1060 3gb
Storage Mushkin Enhanced Triactor 128gb ssd/3TB HDD
Display(s) Lenovo 21.5'' 1920x1080p ips
Case Rosewill CULLINAN
Audio Device(s) onboard
Power Supply corsair 750w
Mouse Best Buy Insignia
Keyboard Best Buy Insignia
Software Win 10 pro
nice catch, thanks for the heads up!
 
Joined
Jul 18, 2007
Messages
2,595 (0.60/day)
System Name panda
Processor 6700k
Motherboard sabertooth s
Cooling raystorm block<black ice stealth 240 rad<ek dcc 18w 140 xres
Memory 32gb ripjaw v
Video Card(s) 290x gamer<ntzx g10<antec 920
Storage 950 pro 250gb boot 850 evo pr0n
Display(s) QX2710LED@110hz lg 27ud68p
Case 540 Air
Audio Device(s) nope
Power Supply 750w superflower
Mouse g502
Keyboard shine 3 with grey, black and red caps
Software win 10
Benchmark Scores http://hwbot.org/user/marsey99/
Any plugin you use with your browser could be exploited....
 
Joined
Jul 18, 2007
Messages
2,595 (0.60/day)
System Name panda
Processor 6700k
Motherboard sabertooth s
Cooling raystorm block<black ice stealth 240 rad<ek dcc 18w 140 xres
Memory 32gb ripjaw v
Video Card(s) 290x gamer<ntzx g10<antec 920
Storage 950 pro 250gb boot 850 evo pr0n
Display(s) QX2710LED@110hz lg 27ud68p
Case 540 Air
Audio Device(s) nope
Power Supply 750w superflower
Mouse g502
Keyboard shine 3 with grey, black and red caps
Software win 10
Benchmark Scores http://hwbot.org/user/marsey99/
Not easily. This has to do with the way plugin are run by the browser.
If you wanted to create it to leave a backdoor, it's easy.

You need to be weary of all plugins you use. People can just be too trusting of software devs.
 
Joined
Jul 5, 2013
Messages
5,788 (2.69/day)
Location
USA
If you wanted to create it to leave a backdoor, it's easy.
While that is true, the plugin vulnerability would soon be discovered and removed. Additionally, it is a serious crime in most countries to deliberately engineer such a backdoor into software.
 
Joined
Jul 18, 2007
Messages
2,595 (0.60/day)
System Name panda
Processor 6700k
Motherboard sabertooth s
Cooling raystorm block<black ice stealth 240 rad<ek dcc 18w 140 xres
Memory 32gb ripjaw v
Video Card(s) 290x gamer<ntzx g10<antec 920
Storage 950 pro 250gb boot 850 evo pr0n
Display(s) QX2710LED@110hz lg 27ud68p
Case 540 Air
Audio Device(s) nope
Power Supply 750w superflower
Mouse g502
Keyboard shine 3 with grey, black and red caps
Software win 10
Benchmark Scores http://hwbot.org/user/marsey99/
Go talk to Intel about that.

Or belkin, or a whole host of other companies that left exploits open for the alphabet agencies dude.

Not hard to deny it, even harder to prove it was deliberately put in place :/
 
Joined
Jul 31, 2014
Messages
473 (0.27/day)
System Name Diablo | Baal | Mephisto | Andariel
Processor i5-3570K@4.4GHz | 2x Xeon X5675 | i7-4710MQ | i7-2640M
Motherboard Asus Sabertooth Z77 | HP DL380 G6 | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Cooling Swiftech H220-X | Chassis cooled (6 fans + HS) | dual-fanned heatpipes | small-fanned heatpipe
Memory 32GiB DDR3-1600 CL9 | 96GiB DDR3-1333 ECC RDIMM | 32GiB DDR3L-1866 CL11 | 8GiB DDR3L-1600 CL11
Video Card(s) Dual GTX 670 in SLI | Embedded ATi ES1000 | Quadro K2100M | Intel HD 3000
Storage many, many SSDs and HDDs....
Display(s) 1 Dell U3011 + 2x Dell U2410 | HP iLO2 KVMoIP | 3200x1800 Sharp IGZO | 1366x768 IPS with Wacom pen
Case Corsair Obsidian 550D | HP DL380 G6 Chassis | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Audio Device(s) Auzentech X-Fi HomeTheater HD | None | On-board | On-board
Power Supply Corsair AX850 | Dual 750W Redundant PSU (Delta) | Dell 330W+240W (Flextronics) | Lenovo 65W (Delta)
Mouse Logitech G502, Logitech G700s, Logitech G500, Dell optical mouse (emergency backup)
Keyboard 1985 IBM Model F 122-key, Ducky YOTT MX Black, Dell AT101W, 1994 IBM Model M, various integrated
Software FAAAR too much to list
Go talk to Intel about that.

Or belkin, or a whole host of other companies that left exploits open for the alphabet agencies dude.

Not hard to deny it, even harder to prove it was deliberately put in place :/
Why deliberately engineer a backdoor in when it's easier to just find one in there from careless devs? People exploit vulns perfectly well enough without needing to spend lots of time and effort crafting malicious code that need to go through code review, fuzzing and a whole host of security-related layers, and reveal specific sources.
 
Joined
Sep 17, 2014
Messages
8,846 (5.17/day)
Location
Too Long to fit in a single line here.
Processor i7 8700k 4.7Ghz @ 1.26v
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) MSI GTX 1080 Gaming X @ 2100/5500
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Eizo Foris FG2421
Case Fractal Design Define C TG
Power Supply EVGA G2 750w
Mouse Logitech G502 Protheus Spectrum
Keyboard Sharkoon MK80 (Brown)
Software W10 x64
Why deliberately engineer a backdoor in when it's easier to just find one in there from careless devs? People exploit vulns perfectly well enough without needing to spend lots of time and effort crafting malicious code that need to go through code review, fuzzing and a whole host of security-related layers, and reveal specific sources.
This is actually usually how it goes. Backdoors aren't built, they're just left open and the key is passed on to someone who knows how to keep a secret. Everybody happy and none the wiser... until it comes out.
 
Joined
Jul 31, 2014
Messages
473 (0.27/day)
System Name Diablo | Baal | Mephisto | Andariel
Processor i5-3570K@4.4GHz | 2x Xeon X5675 | i7-4710MQ | i7-2640M
Motherboard Asus Sabertooth Z77 | HP DL380 G6 | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Cooling Swiftech H220-X | Chassis cooled (6 fans + HS) | dual-fanned heatpipes | small-fanned heatpipe
Memory 32GiB DDR3-1600 CL9 | 96GiB DDR3-1333 ECC RDIMM | 32GiB DDR3L-1866 CL11 | 8GiB DDR3L-1600 CL11
Video Card(s) Dual GTX 670 in SLI | Embedded ATi ES1000 | Quadro K2100M | Intel HD 3000
Storage many, many SSDs and HDDs....
Display(s) 1 Dell U3011 + 2x Dell U2410 | HP iLO2 KVMoIP | 3200x1800 Sharp IGZO | 1366x768 IPS with Wacom pen
Case Corsair Obsidian 550D | HP DL380 G6 Chassis | Dell Precision M4800 | Lenovo Thinkpad X220 Tablet
Audio Device(s) Auzentech X-Fi HomeTheater HD | None | On-board | On-board
Power Supply Corsair AX850 | Dual 750W Redundant PSU (Delta) | Dell 330W+240W (Flextronics) | Lenovo 65W (Delta)
Mouse Logitech G502, Logitech G700s, Logitech G500, Dell optical mouse (emergency backup)
Keyboard 1985 IBM Model F 122-key, Ducky YOTT MX Black, Dell AT101W, 1994 IBM Model M, various integrated
Software FAAAR too much to list
This is actually usually how it goes. Backdoors aren't built, they're just left open and the key is passed on to someone who knows how to keep a secret. Everybody happy and none the wiser... until it comes out.
And that's why we like open-source software and tools like fuzzers and so on: it lets us find and fix those vulns faster and easier. Usually, anyways...

Overall the NSA, CIA and friends' intrusion teams (seem to) work independently from the defensive teams and the more conscientious parts of the industry and tell nothing. The defensive side, on the other hand do their damnedest to get info to devs for fixes to come out ASAP... to varying degrees of success depending on the vendor.
 
Joined
Sep 27, 2014
Messages
539 (0.32/day)
Usually a junior dev can afford to work for free.
But after a while live gets in the way and he needs to work to pay bills. At that point, if is good, is recruited by any of the "evil" companies.
So all in all the open software people are not better than the "other" people, because... they evolve in them. That's life.
 
Joined
Aug 20, 2007
Messages
11,048 (2.57/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64
Additionally, it is a serious crime in most countries to deliberately engineer such a backdoor into software.
Actually, I'm unaware of any actual laws against it, provided such backdoor was not made with malicious intent.

So all in all the open software people are not better than the "other" people, because... they evolve in them. That's life.
Tell that to Stallman & Linus. I think they must've missed your memo.

At that point, if is good, is recruited by any of the "evil" companies.
Also kinda false because you HAVE to be good to get an open source project of any scale to accept a commit. They are generally C, which is a helluva language, and have submission standards that make my eyes water today.

Backdoors aren't built,
A "backdoor" is by definition, an intentionally engineered back entrance. They aren't just bugs. So of course they are intentional, what might be unintentional is leaving them in the final retail build...
 
Last edited:
Top