Pakistani hacker, Rafay Baloch has Said that
All Omnibox browsers could be used to trick users into phishing scamsThe address bar spoofing in browsers works by employing a right-to-left language, like Urdu, Arabic or Persian, and forcing the browser to render it differently. Rafay stated that when a neutral right-to-left character (such as forward slash or any other special character) is used, it can flip a web address to display it in the right-to-left direction.
For example, 127.0.0.1/ا/http://google.com would appear as a right to left as http://google.com/ا/127.0.0.1.
The user would think that they are visiting google.com. However, they would in reality be visiting the web page from the IP address 127.0.0.1. Such links could be hidden in spam email, tweets or shortened links.
He has won a combined bug bounty of $5,000 in Finding a Bug in Chrome and Firefox.
Issue Will Be Fixed in upcoming Versions of Chrome 53 and Firefox 48.
0 Comments:
Post a Comment