contador Saltar al contenido

Chrome, watch out for the fake address bar scam

A new and dangerous method that could cause quite a few problems to smartphones and tablets taking advantage of a browser weakness. Here's how to fix it

Chrome for Android danger(Photo: Jim Fisher)

Is called "Inception bar"The flaw discovered by the American developer Jim Fisher: this is a potential and very dangerous flaw in Chrome, the Google browser that would open the door to an exploit that would seriously endanger smartphones and tablets with Android operating system.

By exploit we mean an attempt to access through an expedient that can be more or less sophisticated by exploiting a vulnerability or a security bug of a computer product. In this case you can go to exploit as a bait fake address bar which appears instead of the real one at the top of the page.

A method that was immediately renamed "Inception bar" since, as in the famous film, a hidden duplication is created that reproduces a reality developed ad hoc.

One of the peculiarities in navigating the Chrome page on Android is the fact that the address bar disappears when you swipe downwards with the fingertip, with the so-called scroll which is used to read the rest of the page. However, one is enough swipe reverse to go upwards and to make the bar reappear, which "floats" available.

And this is where the catch happens since very simple and not at all elaborate tools are enough to deceive the user by showing a fake address bar that appears putting in a sort of "block" the real one.

The bar graphics are faithfully proposed with lots of mocking logo that certifies the security of the page, url, tab box and the three dots of the settings menu.

The danger soon said since you can go to leave a site without even having access to the address bar. In addition, many sites go to lock the back button which would allow you to exit the original page, therefore you will remain "trapped" in the loop.

The only method to find out if you really are on a specific page indicated by the address bar or unmask it lock the device with the on / off button and unlock it.

In doing so, Chrome is forced to show again the real address bar that will be (as seen from the video published by Fisher) shown immediately above the fake one. Although common sense and a little attention are the first defense weapon to avoid dangerous online pitfalls, these can often appear weaknesses on the software side, as always better to be very careful especially for delicate sites such as those that require personal data or for online payments.

))>

It may also interest you