Chrome for Android is the most popular web browser on smartphones, at least those that do not use iOS. Which comes preinstalled in tens of thousands of phones which makes most users use it as an option to surf the Internet.
For this reason, when a new vulnerability is detected in this browser, it is extremely dangerous, as it is likely to affect millions of people.
Developer James Fisher discovered a new failure in a Chrome browser for the Android system that uses the option to hide the navigation bar when scrolling to deceive ourselves.
What happens is that when we go into websites and move down, the navigation bar disappears at the top, allowing more space on the screen to browse the content. The failure in Google Chrome makes the developer can activate a false second tape to deceive the victim.
In this second bar, you can see a different url that deceives the user because the theme is the same, and we can see the secure web lock in the link indicating it is safe, etc.
When you scroll up again, the address bar reappears with the real URL. However, the developer has been able to change it with a fake URL, including the HTTPS token to indicate that we are on the real web, so that the real tape is not displayed. In the video instead of being on the HSBC site, which is being displayed, we are in James Fisher's blog.
An attacker could take a step forward and create a fake interactive address bar, or ask the Web site to discover the user's browsing to show a custom fake bar.
Google has not made a decision on the problem yet, but it will be very difficult to fix it. The only solution that seems viable is having a static address bar at the top, but we may lose part of the screen. The truth is that we can see malicious ads and other malicious websites will benefit from this failure.
0 Comments