Chrome with Security Flaws Allows Attackers to Create Fake Address Bar

Chrome with Security Flaws Allows Attackers to Create Fake Address Bar

Cyber attacks can take place any time; they do not require to find secret technical faults to initiate phishing attacks. It just needs a screenshot and a set of smart web code, to trap people. Developer James Fisher has found a new type of probable phishing attack. Generally, a lock appearing on the browser’s address bar reveals whether a site is authentic or not. But the potential attack allows for a site to cheat a URL in the mobile version of Chrome. While surfing the user gets trapped in a false user interface. As per the website of James Fisher, the newly-found fault uses a fake UI and show up an HSBC URL.

The developer has explained an act that seems like a legal website by showing a fake version of Chrome. Post published on his personal blog reveals that a website can easily replace Chrome for Android’s address bar and tabs UI. Even more, it uses a few web designs tricks to cheat on a user. When a user scrolls down from the top of a page, the technique displays a fake address bar that appears until the user visits another site. The attacker can also design the page that could hide the actual address bar when a user scrolls up. Mainly when you scroll down any page in Chrome for Android, the top UI including your address bar and tabs button is not visible.

Fisher found that one could lock-up the scrolling of the page. After that, the user scrolls back up without Chrome for Android faking its UI. It also displays the lock icon which symbolises security. In his feasibility study, Fisher has screenshotted Chrome’s address bar on the HSBC website, then inserted than into the webpage. It is evident that a phishing attack can create a convincing site apart from engaging content. The developer says it is a security flaw in Chrome itself.

Leave a Comment

Your email address will not be published. Required fields are marked *