Chrome inception bar phishing method replaces real address bar with a fake one

SHARE:

Chrome is one of the most widely used browsers on mobile phones and is generally considered safe as it is developed and maintained by Google...

Chrome is one of the most widely used browsers on mobile phones and is generally considered safe as it is developed and maintained by Google. However, developer Jim Fisher has found a new exploit, which showcases how an attacker could emulate the browser’s address bar to impersonate a legit website. While this might not sound scary, the way Fisher demonstrated its application in a proof of concept video might make some privacy-centric users double check the address bar before entering any personal information on a website. Using few web designing skills and tricks, the developer created a website that replaces Chrome’s address bar and its UI. 

Fisher calls the new phishing method ‘The inception bar'. One can visit the developer's website on mobile phones here to experience how someone could modify their site to lock a user in. He explains that when one scrolls down on a webpage in Chrome, the URL bar is hidden and reappears when one scrolls back up. However, a phishing site can display its own fake URL bar when the user scrolls down and trick Chrome into not displaying the original address bar when a user scrolls up. Unfortunately, this too can be prevented with some clever programming as Fisher added extra tall padding element on top of the site so that users are scrolled back down to where the content starts and it looks like a page refresh. 

‘In my proof-of-concept, I’ve just screenshotted Chrome’s URL bar on the HSBC website, then inserted that into this webpage. With a little more effort, the page could detect which browser it’s in, and forge an inception bar for that browser. With yet more effort, the inception bar could be made interactive. Even if the user isn’t fooled by the current page, you can get another try after the user enters “gmail.com” in the inception bar!,” state’s Fisher’s blog post.  You can watch his proof of concept video here. 

The developer thinks this method can be a serious security flaw since he created it and accidentally used it a few times. Users can only verify the legitimacy of an address bar when the page loads, as when they scroll down, the address bar is replaced. As 9to5Google notes, one can lock and unlock their phone to force Chrome for Android to display the real address bar and the fake one. 



from Latest Technology News http://bit.ly/2PBJW72

COMMENTS

Name

7,1,Airtel,1,Andriod,1,Android,4,Android Q,1,apex,1,Apple,7,Apps,1,Asus Rog,1,Black Shark 2,2,Boeing 737 MAX,1,Bsnl,2,camera,2,CPU,3,Donald Trump,1,Earphone,1,Facebook,5,Fan,1,Fitbit,1,foldable Phone,2,Fortnite,1,Galaxy A40,1,Galaxy s10,1,Galaxy s10e,1,Games,10,gaming,1,Google,6,Google Pixel 2,1,Honor 10i,1,Huawe,1,Huawei,6,Huawei GT,1,IBM,1,Instagram,2,Internet,2,ios,2,iPad,2,iphone,2,Israel,1,jiomart,1,Laptop,1,Leica Q2,1,M20,1,mac,1,MacOS,1,Mi 9,1,Mi A2,1,Mi LED TV,1,MicroSoft,3,mobile,1,Moon,2,Mozilla,1,Nasa,2,News,1,Nokia,4,Nokia 62,1,Nvidias,1,OnePlus,4,Oppo,5,P30,3,Pixel,1,Poco F1,1,Pubg,12,Qualcomm,2,Redmi 3,1,Redmi 6 Pro,1,Redmi 7,1,Redmi Note 7,1,reliance,1,Reno,1,samsung,11,Skype,1,SmartPhone,56,Social,5,Spotify,1,Tech,35,Telecom,3,Touchpad,1,Tournament,1,TV,1,Twitter,1,Vivo,2,Watch,2,WhatsApp,1,Xbox,1,Xiaomi,16,y9li,1,
ltr
item
Genius Baba: Chrome inception bar phishing method replaces real address bar with a fake one
Chrome inception bar phishing method replaces real address bar with a fake one
https://static.digit.in/default/0e89a9f406f62768d6090f2bdb7a639672dc7382.jpeg
Genius Baba
https://geniusbabaa.blogspot.com/2019/04/chrome-inception-bar-phishing-method.html
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/2019/04/chrome-inception-bar-phishing-method.html
true
7104319406113350277
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy