Xiaomis Mi browser, Mint Browser reportedly affected with serious URL spoofing vulnerability

SHARE:

Twitter Facebook Google Pinterest
0 0 Monday, 8 April 2019 Edit this post

<p dir="ltr">Noting the lack of basic security features like XSS auditors, a researcher has found a URL spoofing vulnerabil...

<p dir="ltr">Noting the lack of basic security features like XSS auditors, a researcher has found a URL spoofing vulnerability on Xiaomi-made Mi Browser and the Mint Browser. The vulnerability, identified as CVE-2019-10875, originates due to a flaw in both the browsers and it reportedly enables a malicious website to control URLs in the address bar. The Mi Browser comes pre-installed in every Xiaomi device with MIUI and Mint Browser was launched globally via the Google Play Store.</p> <p>The researcher who discovered the flaw, Arif Khan, says that the Mi Security team (MiSRC) confirmed that the issue was present in their global versions and not in their domestic ones. Thus, “they inadvertently conveyed the fact that only International versions of their browsers were insecure to this vulnerability,” Khan said. He adds that the bug was accidentally spotted and it didn’t require much effort. He found the vulnerability while he decided to test “a certain feature in their browser.”</p> <p>The researcher apparently noticed the flaw when triying to open a Google query search link through the Mi Browser. “For a link such as http://bit.ly/2D2agly, the URL bar would display www.domain.com, and this is exactly where the problem arises, because the URL bar doesn't display the full URL, and this not only happens in case of popular search engine websites but also with other websites,” Khan said.</p> <p>Those who are using the Mi Browser or the Mint Browser as their default web browser, their device is vulnerable to phishing attacks. Khan adds that it is recommended not to use any of the browsers until the flaw is patched and instead use Google Chrome “because it has a good XSS filter.” As per the researcher, Mi Security team has acknowledged the security issue found by him and he has been awarded $198 ($99 for each browser) bounty rewards. However, it is not yet known whether the vulnerability is patched or not.</p> <p>Related Read:</p> <p>Global smartphone shipments expected to drop for third consecutive year in 2019: IDC</p>

from Latest Technology News http://bit.ly/2VuwUun

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
Name

7,1,Airtel,1,Andriod,1,Android,4,Android Q,1,apex,1,Apple,7,Apps,1,Asus Rog,1,Black Shark 2,2,Boeing 737 MAX,1,Bsnl,2,camera,2,CPU,3,Donald Trump,1,Earphone,1,Facebook,5,Fan,1,Fitbit,1,foldable Phone,2,Fortnite,1,Galaxy A40,1,Galaxy s10,1,Galaxy s10e,1,Games,10,gaming,1,Google,6,Google Pixel 2,1,Honor 10i,1,Huawe,1,Huawei,6,Huawei GT,1,IBM,1,Instagram,2,Internet,2,ios,2,iPad,2,iphone,2,Israel,1,jiomart,1,Laptop,1,Leica Q2,1,M20,1,mac,1,MacOS,1,Mi 9,1,Mi A2,1,Mi LED TV,1,MicroSoft,3,mobile,1,Moon,2,Mozilla,1,Nasa,2,News,1,Nokia,4,Nokia 62,1,Nvidias,1,OnePlus,4,Oppo,5,P30,3,Pixel,1,Poco F1,1,Pubg,12,Qualcomm,2,Redmi 3,1,Redmi 6 Pro,1,Redmi 7,1,Redmi Note 7,1,reliance,1,Reno,1,samsung,11,Skype,1,SmartPhone,56,Social,5,Spotify,1,Tech,35,Telecom,3,Touchpad,1,Tournament,1,TV,1,Twitter,1,Vivo,2,Watch,2,WhatsApp,1,Xbox,1,Xiaomi,16,y9li,1,
ltr
item
Genius Baba: Xiaomis Mi browser, Mint Browser reportedly affected with serious URL spoofing vulnerability
Xiaomis Mi browser, Mint Browser reportedly affected with serious URL spoofing vulnerability
https://static.digit.in/default/c8ea0bdbe0f7c3a3b191edc6f2b75420ef1839ec.png
Genius Baba
https://geniusbabaa.blogspot.com/2019/04/xiaomis-mi-browser-mint-browser.html
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/2019/04/xiaomis-mi-browser-mint-browser.html
true
7104319406113350277
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy