Lately, an exploit has been floating around that relies on data urls to deliver malicious (phishing) sites. Briefly, clicking what appears to be a gmail attachment delivers the user to a data url, from which a phishing site is loaded. To counter this attack, users would need to pay careful attention to their address bar.
This plugin addresses this exploit by searching the page for all urls with data:
URIs, and replaces them with links to an informaive URL.
I will submit this plugin to Google. But, the approval process may take a while. To install in the meantime:
- Download the extension.zip and unzip.
- Navigate to chrome://extensions
- Drag the unzipped
chrome-ext
folder into your browser window. - Check Enabled.
Ideally, we would just block the user from visiting any data: url. Unfortunately, Chrome extensions’ webRequest API won’t allow us to do this:
The webRequest API only exposes requests that the extension has permission to see, given its host permissions. Moreover, only the following schemes are accessible: http://, https://, ftp://, file://, or chrome-extension://.
via.
Chrome should really fix this.
In the meantime, we take a much grosser approach: We scan the page for all links (a
) with an href
point to a url starting in data:
. We then replace these =href=s to a link with some information about this attack.
Since attackers could change the page, we repeat this search-and-replace on an interval.
While 2-factor authentication is not a pancea, you should definitely enable it; it makes phishing schemes like this one far less likely to succeed.
Also, you should check the lock in your address bar, to make sure the certificate is really signed to the organization you think you’re authenticating with.
BSD