Guest Posted March 3, 2019 Posted March 3, 2019 (edited) Some info in the articles below: https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/ https://www.ghacks.net/2019/02/26/marionet-attack-lets-hackers-control-your-browser-even-after-you-leave-the-attack-page/ To check if the Service Workers is active in your browser: https://browserleaks.com/features Pale Moon and Basilisk by default does not support Service Workers. Also I.E.8 does not support Service Workers: Edited March 3, 2019 by Sampei.Nihira
sdfox7 Posted March 3, 2019 Posted March 3, 2019 2 hours ago, Sampei.Nihira said: Some info in the articles below: https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/ https://www.ghacks.net/2019/02/26/marionet-attack-lets-hackers-control-your-browser-even-after-you-leave-the-attack-page/ To check if the Service Workers is active in your browser: https://browserleaks.com/features Pale Moon and Basilisk by default does not support Service Workers. Also I.E.8 does not support Service Workers: I am reading this on my phone. Chrome on my iPhone 6 does not support service workers. Safari, however, does.
FranceBB Posted March 4, 2019 Posted March 4, 2019 Chrome 72.0.3626.105 on Android 5.1.1 doesn't support service workers, so it's not affected. I'm gonna check whether Chromium 54 does or not on my computer.
Guest Posted March 4, 2019 Posted March 4, 2019 (edited) For those who want to take a more detailed test: https://www.wilderssecurity.com/threads/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page.413876/#post-2812242 With Firefox / Pale Moon / New Moon / Basilisk, you do not need to install the extension, you can test directly. Edited March 4, 2019 by Sampei.Nihira
Mathwiz Posted March 4, 2019 Posted March 4, 2019 I use Basilisk and used to use Firefox, which have these things turned off by default, and I don't think I've ever needed "service workers" for any Web page I've visited to work. So why do "service workers" even exist? They seem to do nothing except create a security exposure.
Mcinwwl Posted March 4, 2019 Posted March 4, 2019 Just FYI, original ZDNet article got updated: Quote UPDATE, February 28: Following the NDSS presentation and this article, Mozilla developers have looked into the reported attack and have concluded that Firefox is currently not susceptible to MarioNet attacks: "While we are grateful for any responsibly-disclosed analysis or security work that might help us make Firefox a safer, more reliable product, the conclusions of this paper rely on a non-standard extension to ServiceWorkers that Firefox does not support, and we have been unable to replicate these claims in-house," a Mozilla spokesperson told ZDNet. "While we've reached out to the authors of this paper for clarification, we do not believe that Firefox users are affected by this vulnerability." 1
FranceBB Posted March 5, 2019 Posted March 5, 2019 Sadly, Chromium 54 is affected: Unfortunately, in Chrome there is no built-in flag to disable service workers specifically, but service workers works with "cookies/site data" which you can find at chrome://settings/cookies so blocking those actually disables service worker. The thing is that cookies are actually useful...
NojusK Posted March 5, 2019 Posted March 5, 2019 7 hours ago, FranceBB said: Sadly, Chromium 54 is affected: Unfortunately, in Chrome there is no built-in flag to disable service workers specifically, but service workers works with "cookies/site data" which you can find at chrome://settings/cookies so blocking those actually disables service worker. The thing is that cookies are actually useful... http://prntscr.com/mth9nv Opera is affected too though
risk_reversal Posted March 5, 2019 Posted March 5, 2019 (edited) Thanks for the tip. FF 51.0.1 has it enabled by default and I have just turned it off. Hopefully it will not disable any functionality on any of the sites that I visit. Cheers Edited March 5, 2019 by risk_reversal
Guest Posted March 5, 2019 Posted March 5, 2019 10 hours ago, FranceBB said: Sadly, Chromium 54 is affected: Unfortunately, in Chrome there is no built-in flag to disable service workers specifically, but service workers works with "cookies/site data" which you can find at chrome://settings/cookies so blocking those actually disables service worker. The thing is that cookies are actually useful... With Chrome, you can block Service Workers as long as you block even the Web Workers. It can be done with the uMatrix extension. But even with the uBlock Origin extension you only need to set up a rule.
Bersaglio Posted March 5, 2019 Posted March 5, 2019 23 minutes ago, Sampei.Nihira said: But even with the uBlock Origin extension you only need to set up a rule. Which rule we should setup to disable ServiceWorkers in uBlock Origin extension?
Guest Posted March 5, 2019 Posted March 5, 2019 (edited) 12 minutes ago, Bersaglio said: Which rule we should setup to disable ServiceWorkers in uBlock Origin extension? *$csp=worker-src 'none' Enter the rule and repeat the test: https://html5workertest.com/ Edited March 5, 2019 by Sampei.Nihira
FranceBB Posted March 5, 2019 Posted March 5, 2019 29 minutes ago, Sampei.Nihira said: *$csp=worker-src 'none' Enter the rule and repeat the test: https://html5workertest.com/ It works. Thank you very much indeed!
Tripredacus Posted March 5, 2019 Posted March 5, 2019 The Browserleaks website doesn't do anything if javascript is disabled and also it appears the MarioNet thing uses javascript also. Regarding Chrome, it may not say this specifically but there is a setting in the advance options "Continue running background apps when Google Chrome is closed" which may be related to whether or not it will allow the Service Workers thing to run properly.
heinoganda Posted March 5, 2019 Posted March 5, 2019 @FranceBB For Chromium-based browsers under "chrome://serviceworker-internals" the current working scripts can be displayed, stopped and removed with (unregister) until the next call of certain web pages. The following websites were noticed:When opening a new tab https://www.4shared.com https://www.youtube.com Lastly, only HttpsProxy (ProxAddr and RearPort) helped interpose a proxy (Jana Server) where certain blocklist entries helped youtube.com/sw.js serviceworker.js sw _ *. js helped put an end to these activities. μBlock could not block these serviceworker scripts. Since they have us a real s*** installed in Chrome, which can not be deactivated.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now