**It is possible to create filters that can execute malicious Javascript code on users' computers. No update is envisaged for the moment.**

<center>![stop-1200.png](https://cdn.steemitimages.com/DQmWvrvJyzwKii9SgRKLW6xA7GTWVUXduAvm3jo7Vm4K8G4/stop-1200.png)
[Source](https://nakedsecurity.sophos.com/2016/02/01/adblocker-blockers-move-to-a-whole-new-level/)</center>

## The info

Security researcher **Armin Sebastian** found a flaw in the **Adblock Plus**, **Adblock** and **uBlock** operation. Since **2018**, these extensions can rely on the *"$ rewrite"* option, which allows a filter to **modify HTTP** requests. Guardrails have been put in place to prevent this option from being exploited to execute malicious code. 

**The following criteria must be met for a web service to be exploitable using this method:**

* The page must load a JS string using XMLHttpRequest or Fetch and execute the returned code
* The page must not restrict origins from which it can fetch using Content Security Policy directives, or it must not validate the final request URL before executing the downloaded code
* The origin of the fetched code must have a server-side open redirect or it must host arbitrary user content

But it turns out that it is not enough. On some websites, it is still possible to execute malicious Javascript code. The researcher proved this by relying on a well-known site: **Google Maps.** In his example, the *"pirate"* filter brings up a Javascript warning window.

<center>![984.jpg](https://cdn.steemitimages.com/DQmTJaMS4NV6CsEvmRSjtjHspGMidKu9tKYqL5ZphhsTomW/984.jpg)
 Bleeping Computers</center>

## What does this entail

Advertising blocker filters come from different sources and are collaboratively created by volunteers. It would be enough for one of these volunteers to introduce a malicious filter into the filter lists to be able to execute code on many users’ computer. 

Alerted by the researcher, Google believes that the risk is not large enough to justify a modification of its mapping site. 
A conclusion that the researcher does not share. **He recommends using the uBlock Origin extension, which does not include the "$ rewrite" option.**

Sources: [Armin Sebastian blog note](https://armin.dev/blog/2019/04/adblock-plus-code-injection/), [Bleeping Computers](https://www.bleepingcomputer.com/news/security/adblock-plus-filters-can-be-exploited-to-run-malicious-code/)

<center>**Stay Informed, Stay Safe**</center>
<center>![DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png](https://cdn.steemitimages.com/DQmTmwRbJG8FrWYFpkLR9GKTDcQAD1peWkCsLcCotMiBoqm/DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png) </center>

* **I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!**

  * This is my guide [to secure your PC after a fresh installation of Windows](https://steemit.com/writing/@vijbzabyss/the-guide-to-secure-your-pc-after-a-fresh-installation-of-windows) 

  * If you think that your [phone](https://steemit.com/writing/@vijbzabyss/how-to-tell-if-my-phone-has-been-hacked) **or** [your PC](https://steemit.com/writing/@vijbzabyss/that-s-how-you-can-know-if-you-have-been-hacked-or-to-prevent-further-attacks) has been hacked, you have to check it right now!

  * That's how you can be more [Anonymous on the internet!](https://steemit.com/writing/@vijbzabyss/be-anonymous-on-the-internet)

  * The [future of Cyber-Security](https://steemit.com/news/@vijbzabyss/big-news-the-future-of-cyber-security-what-to-expect), what to expect?

  * The best [crypto debit card – Wirex!](https://steemit.com/bitcoin/@vijbzabyss/the-best-crypto-visa-card-wirex-review)

  * These are the best VPN to protect your numeric life: [NordVPN](https://steemit.com/writing/@vijbzabyss/the-nordvpn-test-or-full-review-and-speed-test), [ExpressVPN](https://steemit.com/writing/@vijbzabyss/expressvpn-vpn-full-test-or-why-is-it-also-a-good-choice) and [CyberGhost](https://steemit.com/writing/@vijbzabyss/cyberghost-vpn-full-test-or-6-month-free)!

  * Your PC is slow? [That's why!](https://steemit.com/writing/@vijbzabyss/why-is-a-pc-slow-what-you-need-to-know-before-anything-else)

  * Why is it important to [be discreet on the Internet](https://steemit.com/writing/@vijbzabyss/why-is-it-important-to-be-discreet-on-the-internet)

  * The [4 security measure to put in place on your WIFI router](https://steemit.com/writing/@vijbzabyss/the-4-security-measures-to-put-in-place-on-your-wifi-router)

  * The [security guide everyone must have on holidays!](https://steemit.com/writing/@vijbzabyss/the-security-guide-everyone-must-have-on-holidays)

  * Feel hot? Your [computer also!](https://steemit.com/writing/@vijbzabyss/you-are-hot-your-computer-also)

  * How an [adware](https://steemit.com/writing/@vijbzabyss/how-an-adware-works) works?

  * That's how you should guard against [Trojan!](https://steemit.com/writing/@vijbzabyss/that-s-how-you-should-guard-against-trojan-if-you-care-about-you-money-and-your-privacy)

  * Why [antiviruses are not your friend?!](https://steemit.com/writing/@vijbzabyss/why-antivirus-is-not-your-friend)

  * Basics tools to protect your [privacy](https://steemit.com/writing/@vijbzabyss/basics-tools-to-protect-your-privacy-and-your-computer) and your [computer](https://steemit.com/blog/@vijbzabyss/free-software-to-ensure-good-basic-security)

  * What are the different [types of hackers?](https://steemit.com/writing/@vijbzabyss/the-different-types-of-hackers)

<center>![DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif](https://cdn.steemitimages.com/DQmRZu8dBVp3kJarLxAfrd4FMS58W6NwqrRwCVn6jRVwHMp/DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif)</center>