Less than 24 hours ago o a security flaw discovered in Adblock Plus that allows malicious code to be executed. We published the news on the 16th and a day before, on April 15, the company already had published a blog post stating that they were already aware of the problem and are working on a solution that will come sooner rather than later So they let us know through our Twitter account.
The company that develops one of the most used advertising blockers on the planet assumes its responsibility, but not without first explaining that it is unlikely that someone exploited the mentioned vulnerabilityFirst, because they examine all contributing authors to create the filter lists that are activated by default in Adblock Plus, and second, because they regularly examine those lists. Although they have confirmed that the problem exists, they assure that no list has abused this filtering option, which means that no user has been harmed by this vulnerability.
Adblock Plus will fix the security flaw soon
We are already working on eliminating any risk for our users - find our full statement here: https://t.co/Kcl0sItrjE
- Adblock Plus (@AdblockPlus) April 17, 2019
"We are already working on eliminating any risk for our users - you have our full statement here: adblockplus.org/blog/potential ...".
The rewrite option was added for give list authors more control when dealing with automatically running videos (something that can block Firefox +66), but good intentions have led to a much more dangerous option, which is often said that the cure has been worse than the disease. For this reason, and although the risk appears to be low, Adblock Plus has removed this option and will release a new version of its content blocker "as soon as technically possible".
For all Adblock Plus users I have a question: do the words of the company reassure you?