A new technique could be used for a twist on the URL hijacking attack. The tactic uses JavaScript to fool users into thinking they’re downloading content from a trusted site when, in fact, they re connected to a malicious site that s pushing an exploit to their machines. The attacker could use the JavaScript to force a pop-up window to launch on a legitimate site while a user is trying to download some software. Even security-conscious Web users might have a difficult time recognizing the attack when it happens.
Source: https://threatpost.com/browser-attacks-continue-evolve-122909/73309/