loader gif

Google patches ‘evil cursor’ bug in Chrome exploited by tech support scammers

Google patches ‘evil cursor’ bug in Chrome exploited by tech support scammers
  • A threat group named ‘Partnerstroka’ exploited this bug by replacing the standard mouse cursor (OS 32-by-32 pixels) with 128 or 256 pixels in size.
  • The fix to this ‘evil cursor’ bug is currently live for Google Canary users and is scheduled for the Chrome 75 stable branch soon.

Google has patched a bug in Chrome dubbed ‘evil cursor’ that was exploited by the tech support scammers to create an artificial mouse cursor and lock users inside browsers.

A security researcher from Malwarebytes, Jerome Segura, who detected this ‘evil cursor’ bug noted that the tech support scammers relied on custom images to replace the system’s standard mouse cursor.

The big picture

According to Segura, a threat group named ‘Partnerstroka’ exploited this bug by replacing the standard mouse cursor (OS 32-by-32 pixels) with 128 or 256 pixels in size.

  • Even after replacing the standard mouse cursor, it would still appear on the screen, but in the corner of a transparent bounding box.
  • This would trick users into clicking on the area the cursor appears.
  • However, the cursor would click on another area of the screen, preventing users from closing or leaving browser tabs.

Why Google took a long time to patch - The security researcher reported this bug to Google last year. However, it took longer for Google to patch this bug. Browsers support custom mouse cursor images for web games, therefore, disabling custom images would impact thousands of gaming sites.

Since it is complex to patch the bug without impacting the existing sites, Google developers tested this bug for months and have now come up with a patch.

The fix to this bug in Chrome will automatically revert the cursor back to the standard OS graphics when hovering over parts of the Chrome browser interface thereby preventing users from getting locked in browser pages.

Worth noting - The fix to this ‘evil cursor’ bug is currently live for Google Canary users and is scheduled for the Chrome 75 stable branch soon.

loader gif