HTML5 is the latest version of HTML (Hyper Text Markup Language) that offers new attributes, elements and behaviors allowing the design of websites and applications with a powerful and diverse mechanism.
HTML5 new API allows us to play the video\audio within the browser without installing cumbersome browser plug-in (like flash).
Google Chrome, a widely used browser platform recently plucked a bug that had enabled the abuse of video and audio HTML tags by cyber miscreants to embezzle important user information.
Google tagged this vulnerability as CVE-2018-6177 and t has successfully fixed with the release of Chrome version 68.0.3440.75. Users who continue to use the older versions may fall in the trap of threat actors who may exploit this bug to lure users to the malicious websites.
This may be accomplished by:
As mentioned earlier the attack is implanted by injecting malicious code that utilizes audio and video HTML tags on legitimate websites. When the code is executed, the Parsing content of the website may include important user information along the routine calls.
The vulnerability is exploited to leverage side channel methodology & it abused filtering functions in the website.
Side channel information includes timing information, power consumption, electro-magnetic leaks etc. This information can be misused to channelize any attack on the computer.
The Filtering function allows the user to filter the content of a website on category basis. This saves user from unnecessary scrolling to view the desired content on the web page.
The bug makes use of progressive events i.e. the events that occur during the calling, loading and execution of a page.
The Progress events were used to deduce the size of website’s response. Knowing the size of the resource and let the leak of user specific information in an easy manner!
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.