Google Chrome browser has an ‘impossible to detect’ security vulnerability

Google Chrome browser has an ‘impossible to detect’ security vulnerability

A major security vulnerability on popular web browsers like Chrome, Firefox and Opera may be making users vulnerable to hackers looking to steal their confidential data and identities.

According to security researcher Xudong Zheng, the vulnerability allows hackers to display fake domain names of popular websites on their own sites. This way, hackers can trick users to believe that they are visiting original websites rather than fake ones.

For example, a hacker can use a fake domain name of Apple or Amazon on his/her website and then ask users to click on such fake links. The hacker can then use auto-fill forms to obtain users’ e-mail addresses and other details. What’s worse is that such phishing attacks are ‘almost impossible to detect’, claims Zheng.

Zheng built a demo page to demonstrate the vulnerability he discovered. He registered a new domain using foreign characters like “” which translated to on the website. He calls this a ‘homograph attack’ which is also known as script spoofing. In security parlance, the attack is defined as ‘a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike.’

Security vulnerability discovered in Chrome browser impossible to detect

The only way users can detect whether such websites are fake or not is by ‘inspecting the site’s URL or SSL certificate.’ Until the vulnerability is fixed, the best way to access genuine sites is by typing the URL manually or navigate to the site via a search engine when in doubt, he added.

“A simple way to limit the damage from bugs such as this is to always use a password manager. In general, users must be very careful and pay attention to the URL when entering personal information. Until this is fixed, concerned users should manually type the URL or navigate to sites via a search engine when in doubt. This is a serious vulnerability because it can even fool those who are extremely mindful of phishing,” he wrote in his blog post.

After Zheng reported the said vulnerability to Google, the company responded by creating a new update called Chrome 58 to fix it. The update is expected to roll out on April 25th, and all Chrome users need to update their browsers to prevent themselves from being victimised by the security vulnerability. “The problem remains in Firefox as they decided that it is a problem for domain registrars to deal with,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]