Seven mobile browsers vulnerable to address bar spoofing attacks

[MagicSahar]

Quote

An "address bar spoofing" vulnerability refers to a bug in a web browser that allows a malicious website to modify its real URL and show a fake one instead — usually one for a legitimate site.

Address bar spoofing vulnerabilities have been around since the early days of the web, but they have never been so dangerous as they are today.

While on desktop browsers there are various signs and security features that could be used to detect when malicious code alters the address bar to display a bogus URL, this is not possible on mobile browsers where screen size is at a premium, and many of the security features found in desktop browsers are missing.

With the address bar being the only and last line of defense on mobile browsers, address bar spoofing vulnerabilities are many times more dangerous on smartphones and other mobile devices.

Pakistani security researcher Rafay Baloch to disclose ten new address bar spoofing vulnerabilities across seven mobile browser apps.

 

source : https://www.zdnet.com/article/seven-mobile-browsers-vulnerable-to-address-bar-spoofing-attacks/