A developer demonstrates how easy it is to replace its actual search bar Chrome for Android with a fake, through a series of tricks.
Η mobile version of Chrome was found vulnerable to an exploit that allows you to change the actual address bar with a fake one. As reported by 9To5Google, a developer named Jim Fisher, published the information about how he managed to fool the browser.
As you already know, in the mobile version of Chrome, the search bar disappears when you scroll down a webpage to allow more content to appear. When you scroll up the bar appears again. However, Fisher managed to trick the browser into never re-displaying the actual bar by putting the page content in a cell, which practically never allowed it to return to its original state. This allows a deceptive bar to appear, which the user "perceives" as true. Fisher also added that a site could detect the user's browser and display the corresponding bar without being limited to Chrome.
Of course the problem that arises is that a malicious site could redirect users anywhere without having to worry about what they type. And worst of all, there is no way to fix that. Fisher's solution is to keep a small area in the browser, where the search bar will be compressed, so that it is obvious if there is any misleading.
[the_ad_group id = ”966 ″]