Google Chrome bug can allow phishing attacks using 'inception bar'

ANI

Technology, In Other news

The bug leverages how the Chrome mobile app disappears the address bar when you scroll down.

The exploit, as Fisher calls ‘The Inception Bar’ method, can be used to display a fake address bar that won’t disappear until you go to another site.

A security vulnerability in Google Chrome browser reportedly allows malicious users to launch a phishing attack using a fake address bar.

The bug, as discovered by James Fisher, leverages how the Chrome mobile app disappears the address bar when you scroll down.

The exploit, as Fisher calls ‘The Inception Bar’ method, can be used to display a fake address bar that won’t disappear until you go to another site, Engadget reports.

The exploit goes further to restrict you from seeing the real address bar when you scroll up. Although Fisher has demonstrated a proof of concept, the bug could theoretically allow large-scale phishing campaign to steal user information.

Read more...