This is an interesting story, when you search ‘download chrome‘ on Bing while using Edge browser it would show ‘google.com’ link which is marked as an AD and clicking on that link would take you to a SCAM website which is NOT Google Chrome Official website, rather a site giving out Malware.
The interesting find was shared by Gabriel Landau on Twitter, although the video quality was very poor but all the important aspects were shown by Landau
Brand new Win10 laptop. Attempt to install Chrome. Almost get owned with my very first action. Why is this still happening in 2018, @bing? Please explain. pic.twitter.com/uYJhu7xa9H
— Gabriel Landau (@GabrielLandau) October 25, 2018
If you click the link, you’ll be taken to a Google Chrome download page that looks like the real one, but it won’t take you to Google.com rather It takes you to “googleonline2018.com”, a scam website.
Bing Safe Browsing Detection
It turns out Bing safe browsing detection game is pretty weak, as opening the scam site in Firefox or Chrome alerts us that the site is marked as ‘Unsafe’ as per the Safe Browsing Site Status
Try Chrome Malware by Bing on Edge
If you like to live on the edge, try it yourself, head to this search address in Microsoft Edge and refresh a few times. The ad appears to some, it might be targeted to certain geo-locations which I am not certain about. . Bleeping Computer reported *almost* the exact advertisement over six months ago. Microsoft removed the ad at the time, but it’s now back with same attack vector. The most surprising element is that Bing is still letting this advertisement lie about going to “google.com” and allowing Advertisers to spoof URLs being shown on their search engine.
Microsoft fixes Bing *again*
Microsoft has removed the Malware ad. However, Bing Ads team has not explained how the advertisement was showing from “google.com” in the URL , nor have they said if the actual issue was fixed.
Hi Gabriel, protecting customers from malicious content is a top priority and we have removed the ads from Bing and banned the associated account. We encourage users to continue to report this type of content at https://t.co/Dh1KuF5O0t so we can take appropriate action. ^GC
— Microsoft Advertising (@MSFTAdvertising) October 26, 2018
Without a real fix that prevents advertisers from spoofing URLs, this problem will just pop up again in the near future.