/>
X

Safari, Chrome hit by address bar spoofing bugs

Security researchers warn that it may make phishing far more effective.
zack-whittaker-hs2016-rtsquare-1.jpg
Written by Zack Whittaker, Writer-editor on
Although Android is now patched, Safari remains vulnerable to the spoofing flaw.
(Image: CNET/CBS Interactive)

Google has patched a bug in the Chrome browser on Android, which allowed an attacker to spoof a user into thinking they're accessing one website when they're actually visiting another.

Discovered in February by Rafay Baloch and disclosed Monday after it was fixed, the bug allowed the browser's address bar to be spoofed. That can be enough to convince a victim of a phishing email or text message to enter their usernames and passwords.

The bug was patched in early and then in later April. It affected Android 4.4 "KitKat" and Android 5.0 "Lollipop."

Rapid7, which detailed the flaw, said users should contact carriers or handset makers to ensure they received the patch.

But bad news for Apple, which now has to scramble to fix a similar flaw found in its Safari browser.

A proof-of-concept exploit was published Sunday that allows an attacker spoof the address bar in Safari on iPhones, iPads, and Macs. The exploit is far from perfect, as the browser can visibly be seen fighting the code to try to display the correct address.

It's not known if Apple, which did not immediately comment, is aware of the bug.

We reached out to the security researcher but did not hear back at the time of writing.

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
Microsoft Azure-certified roles are well-paid, and you can study for certification for $39
replace-this-image.jpg

Microsoft Azure-certified roles are well-paid, and you can study for certification for $39

Deals
Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some
A middle aged man in casual attire sat at his computer desk speaking to colleagues via a split-screen video chat application

Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some

Professional Development