Bypass Chrome Ad-Heavy detection mechanism

Description:

The Chrome Ad-Heavy mechanism prevents attacks against malware that may masquerade as ads. Researchers have discovered a vulnerability in the way Chrome tracks Ad-Heavy that allows malicious ad authors to place memory- and CPU-hungry ads without being “killed” by Chrome’s Ad-Heavy detection mechanism. Impact: All Chrome versions that support Ad-Heavy (Chrome 92.0.4515.159 and higher)

Vulnerability Analysis

PoC provides a polyfill for window.fetch that delegates the network request to SharedWorker. SharedWorker’s bandwidth is not tracked as part of the ad unit, so it can make the network request and then send the response back to the ad unit frame via postMessage without triggering the Chrome’s ad intervention logic.

Exploit:

adunit.html

gads.js

shared-worker.js

index.html

#InfoSec | #RedTeam | #OSINT | #CyberSec | #Pentest