Google Chrome browser has an ‘impossible to detect’ security vulnerability

Google Chrome browser has an ‘impossible to detect’ security vulnerability

A major security vulnerability on popular web browsers like Chrome, Firefox and Opera may be making users vulnerable to hackers looking to steal their confidential data and identities.

According to security researcher Xudong Zheng, the vulnerability allows hackers to display fake domain names of popular websites on their own sites. This way, hackers can trick users to believe that they are visiting original websites rather than fake ones.

For example, a hacker can use a fake domain name of Apple or Amazon on his/her website and then ask users to click on such fake links. The hacker can then use auto-fill forms to obtain users’ e-mail addresses and other details. What’s worse is that such phishing attacks are ‘almost impossible to detect’, claims Zheng.

Zheng built a demo page to demonstrate the vulnerability he discovered. He registered a new domain using foreign characters like “” which translated to on the website. He calls this a ‘homograph attack’ which is also known as script spoofing. In security parlance, the attack is defined as ‘a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike.’

Security vulnerability discovered in Chrome browser impossible to detect

The only way users can detect whether such websites are fake or not is by ‘inspecting the site’s URL or SSL certificate.’ Until the vulnerability is fixed, the best way to access genuine sites is by typing the URL manually or navigate to the site via a search engine when in doubt, he added.

“A simple way to limit the damage from bugs such as this is to always use a password manager. In general, users must be very careful and pay attention to the URL when entering personal information. Until this is fixed, concerned users should manually type the URL or navigate to sites via a search engine when in doubt. This is a serious vulnerability because it can even fool those who are extremely mindful of phishing,” he wrote in his blog post.

After Zheng reported the said vulnerability to Google, the company responded by creating a new update called Chrome 58 to fix it. The update is expected to roll out on April 25th, and all Chrome users need to update their browsers to prevent themselves from being victimised by the security vulnerability. “The problem remains in Firefox as they decided that it is a problem for domain registrars to deal with,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”” /]