Skip to main content

Mobile version of Chrome vulnerable to phishing attacks

(Image credit: Image Credit: Earl Jeffson / Flickr)

Researchers have detected a vulnerability in mobile version of Google's Chrome browser which can allow hackers to trick unsuspecting victims into thinking they are vising a legitimate website instead of a fake one.

As you may imagine, if a person believes they are visiting their bank's website, they may end up sharing vital information such as bank account number, passwords and what else not.

The vulnerability was disclosed by security researcher James Fisher. Even though this is considered 'proof of concept', and we still don't have any reports of the vulnerability actually being used, that doesn't mean it hasn't, or can't happen.

As a matter of fact, this vulnerability may come from Chrome, but Fisher believes a multitude of browsers may be succeptible.

So how does the vulnerability work?

Newer versions of Chrome for mobile devices hide the address bar once the user scrolls through the page. This is an intended feature, whose goal is to give the website as much display real estate as possible. However, there's a way to trick the browser so that once it hides the address bar, it never shows it again. Instead, hackers can show their own address bar. Consequently, you may think you're visiting HSBC, but instead, you're on a hacker's website, just about to type in your password and try to make a payment.

Fisher believes there's no easy fix for this, and that Chrome's developers should not trade a little extra real estate for security.

Image Credit: Earl Jeffson / Flickr