Tell HN: Active XSS Attack on Reddit.com

44 points by haxiomic ↗ HN
When visiting reddit today some users (including me) have been experiencing a popup to a suspicious domain straight after load of reddit.com and when interacting with posts. I'm concerned such a high value XSS would be being used for something more serious than spam ad clicks

Reddit security team are aware

(I will avoid linking to relevant reddit posts for obvious reasons but you can find them on my account /u/haxiomic)

5 comments

[ 3.1 ms ] story [ 23.3 ms ] thread
I wish! Do you have any adblockers running or are you also seeing Reddit ads?
AdBlock was active and I didn't see any ads, however, I suspect they might still get the opportunity to execute js since I sometimes see them pop-in and disappear as AdBlock recognizes them
(comment deleted)