A massive malvertising campaign is exploiting a vulnerability in the Chrome for iOS mobile browser to redirect iPhone and iPad users to adware, scams, and other malicious sites, ZDNet has learned today from Confiant, a cyber-security firm specialized in tracking malvertising campaigns.
The company said it had reported the bug to Google, whose engineers are now investigating the issue.
The bug allows malicious code hidden in online ads to break out of sandboxed iframes (a technology often used to load ad slots) and redirect the user to another site, or show an intrusive popup on top of a legitimate site.
The bug only impacts Chrome for iOS, and no other Chrome version, Eliya Stein, Confiant Senior Security Engineer, told ZDNet today in an email.
Chrome for iOS isn't a Chromium-based browser but runs on WebKit, which is Safari's internal browser rendering engine. However, Stein told us that Safari is not impacted either, meaning this is an issue with Google's Chrome for iOS WebKit implementation only.