Ads that expand on a web page to show a larger banner or video containers can be abused as entry points for other hacks, according to new research published this week by Randy Westergren, a Delaware-based security researcher.
The researcher says he identified several vulnerabilities in iframe busters --the name given to files that websites host on their server to support "expanded ads."
The researcher says he identified XSS vulnerabilities in most of the iframe buster scripts that, until recently, Google has been providing for download as part of a multi-vendor iFrame Buster kit, offered through the DoubleClick AdExchange documentation site.
Westergren detailed four examples on his blog, showing how an attacker could run malicious code on any site that uses iframe busters from ad networks like Adform, Eyeblaster (Add in Eye), Adtech, and Jivox.
The researcher says he notified Google of the issues with the iframe buster scripts part of the company's iFrame Buster kit, and Google engineers removed those scripts within two weeks, back in January this year.
In the meantime, Google has stopped offering the kit for download altogether, but some of these iframe buster scripts are still vulnerable if downloaded from other sources.
Users who want to remain safe are advised to use an ad blocker, as most ad blockers will block intrusive ads that roll out and cover a large area of the page.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
If you can't answer these basic questions, your security could be at risk.
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.