date_range June 24, 2017

Redirected to https://chrome-updates.win/s.html in Chrome New Tab

If you are opening a new tab on Chrome and you are being redirected to the webpage chrome-updates.win/s.html that warns you of suspected website ahead then stop on your tracks, do not click anything, it's an adware page.


UPDATE 27/06/2017: All extensions that were affected i.e most of the VPN extensions that were affected have been fixed now. You can use it safely without any issues again.

The page with the warning "Warning: Suspected Phishing Site Ahead!" is an adware page and is meant to deceive the users and make them download malware on their browser.

Why does it show up?

Most probably the page (chrome-updates.win/s.html) is being caused by the extension "Betternet Unlimited Free VPN Proxy" which have been compromised. Other extensions similar to it were also reported to cause the same issue, namely "Touch VPN" (more to be updated soon).

The userbase is very huge, over a million users and that is why a lot of users are facing are seeing this pop-up.

Check the list of problematic extensions currently known to us, if you have any extension with the status "Active" on your Chrome consider uninstalling it.

How to fix it?

Remove the extension problematic extension from your Chrome browser
  1. Click on the Chrome menu icon on the top right
  2. More tools > Extensions
  3. Click on the delete icon next to the extension name. 
If you do not have any of the extension mentioned above then you may remove all of the extension and add them back one after one to identify which one is causing the problem.

What to do next?

Even if you haven't clicked on any links on the malware page you are suggested to do a malware check -
  1. Use Chrome Cleanup Tool on Windows. 
  2. Run a scan using Malwarebytes (Windows & Mac)
  3. Report the URL that it took you here on this Badware reporting page

When does it get fixed?

We're not sure. Many extensions, big extension were compromised recently and most of them were recovered in a day or two. We also maintain a list of compromised extensions here. 

Comment down below to discuss. Thanks. 
comments

No comments:

Post a Comment