A number of specialized publications about a new type of phishing attack that targets users of the Chrome browser on mobile devices. Developer James Fisher has found a relatively simple web browser exploit that can fool a user or force them to go to a fake page. And it doesn't take much to do that.
The bottom line is that in the mobile version of Chrome, when you scroll down the screen, the address bar is hidden. However, an attacker can create a fake address bar that will not disappear until the user visits another site. And it can be fake or initiate the download of malicious code. It is also possible to replace the real address bar when scrolling up.
Fisher's approach is focused on Chrome and is only a proof of concept so far, but in theory it could display fake address bars for various browsers and even interactive elements. In other words, a group of hackers can create a completely convincing fake site that looks very much like the real one.
The media has already turned to Google for clarification, but so far there has been no comment from the search giant. However, it is not yet clear how many attackers are already using this approach. Note that the real address bar can be fixed so that it does not disappear while scrolling. Although this is not a panacea, it will still allow you to say whether there was an attempt to fake a string or not.
It is also not yet clear when appropriate protection against such a failure will appear. Most likely, this will be implemented in future versions of the browser.
Source: 3dnews.ru