Due to the huge number of users, Android is increasingly the target of the attack. Therefore, people using the Google operating system must be extremely careful when downloading applications from the Play Store, as well as when using the Chrome browser.
Jim Fisher presented a new attack method in his blog that can be carried out on Chrome users on Android. It is worth noting that the exploit was discovered in the most popular web browser running on the most popular operating system. Therefore, the number of people at risk is really high.
Scan the websites you visit, check the noriskwebsite.com scanner
Just replace the address bar in Google Chrome
In Google Chrome in the Android edition, when we scroll down the page, the address bar may be hidden to provide more space for the website being viewed. It appears again when we return to the top of the page. It was this mechanism that Jim Fisher decided to use.
A properly prepared website can easily replace the real address bar in Google Chrome. The crafted interface is “hooked” at the top of the screen when the user scrolls up the web page. It looks identical to the chrome bar – it has an address input field, the number of tabs open and three vertical dots. The fake strip can be used for phishing.
Jim Fisher has released a short video that shows what the attack looks like. The original bar with jameshfisher.com is replaced with a new one that points to hsbc.com. To make matters worse, a few tricks are enough when designing a website so that Chrome does not restore the real bar and the user is detained in a “prison” with a fake interface.
Unfortunately, leaving the site without a real address bar can be quite difficult. The attacker may affect the operation of the Back button to block the user on the currently visited page. So how do you restore the real bar in your browser? Locking and re-unlocking your smartphone should help. Chrome should then restore the original interface.
Jim Fisher says Google should change the bar hiding mechanism. The solution, of course, is not removing this feature. The browser should simply inform you that the bar is hidden. For example, it could display the “shadow” of the original bar at the very top.