2 min

Tags in this article


By exploiting the way Chrome displays the address bar on the smartphone, hackers can hide their malicious phishing URL. The bug was recently discovered by an investigator, and is not yet necessarily abused in the wild.

If you scroll down a website in Chrome on your smartphone, you will see the address bar and url disappear as part of the design. Normally it comes back when you scroll up, but a bug in Chrome now makes it possible to have a fake address bar with a fake url appear instead. It remains there until a victim surfs to another website.

With the exploit, a criminal may bypass one of the most important ways in which victims can detect phishing. After all, anyone who clicks on something and is not entirely sure of its legitimacy should look at the url. It can now be hidden behind the real url of an imitated website. Anyone who locks and unlocks their phone for a while can undo the bug.

Take a quick look.

The problem was discovered for security researcher James Fisher, who explains his discovery in a blog post. He notes that the existence of this approach means that you should immediately look at the url of an open website on your mobile browser. Once you scrolls, who, after all, can no longer be trusted. Google is aware of the problem, but did not comment yet.

The best way to stop a phishing attack is, of course, before you click on a link. Double check from whom an e-mail originates, and always wonder if the question and the content of an e-mail are logical. And if it’s really important, and you’re still working on your smartphone, lock and unlock your screen just to be on the safe side.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.