Chrome exploit uses a fake address bar for “Inception Bar” phishing attacks

Must Read

President Ram Nath Kovind appoints new governor for Kerala, Telangana, Himachal Pradesh and Maharashtra

President Ram Nath Kovind appointed new governors for Maharashtra, Kerala, Telangana, Rajasthan, and Himachal Pradesh on Sunday. Former Union Minister Kalraj...

NRC list for Assam released; Fear looms as 19 lakh people face exclusion

NRC (National Register of Citizens) for Assam has been published at 10 am today. The final list excludes over...

Lateral Entry Era Begins as Union govt. appoints 9 professionals to Joint Secretary posts

The government has appointed its first batch of private professionals to the post of Joint Secretary in various ministries....
Saurabh Joshi
Hey Guys!!! I am a regular Content Writer here and I bring to you the latest and the hottest Tech related news and blogs. I hope you enjoy reading my content and are learning something new everyday. Thanks and have a nice day!!!

Phishing isn’t exactly a new topic in regards to cybersecurity, though new and creative ways of conducting this practice are found often. One such way is the newly discovered and cleverly titled “inception bar”. Recently, a new type of potential phishing attack has been discovered by developer James Fisher.

This phishing attack takes advantage of how the app is displaying the address bar. While you scroll down, in an effort to give more space to the webpage, Chrome likes to hide the address bar, and that’s exactly where this so-called “inception bar” comes in. The attacker can even craft the page to prevent you from seeing the real address bar when you scroll up. Therefore,  it is able to prevent the real bar from reappearing when you scroll back up as it should, using what the developer calls “scroll jail” by locking the user into an overflow container, complete with a fake page refresh if they scroll up too far.

The fake bar, in the above instance, is just another static image that spoofs the HSBC address as a proof of concept (and it bugs out on occasion, showing both bars), but nothing is preventing these more maliciously enterprising individuals from creating an interactive, dynamic bar using the same tools. The address bar and menu built into the fake UI could also offer interactivity for a more convincing effect. In which case, even trying to navigate to the proper URL if you pick up on any sketchiness wouldn’t matter, as you’d be using the fake URL bar. What’s even worse is that a truly well-engineered site could pull content a URL you manually enter to better spoof it. In other words, once you’ve loaded a site with the inception bar, there would be little way to know if or when you left — hence the name.

However, you can force the real address bar to show by locking and then unlocking your phone again. It’s not bullet-proof as a result, but many people won’t know to try this and might be fooled as a result.


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Left, Congress slam Mamata for not raising NRC with PM

Kolkata, Sep 18 (IANS) West Bengal's opposition Left parties and the Congress have lashed out against Chief Minister Mamata...

Death toll in Andhra boat tragedy rises to 34

Rajahmundry, Sep 18 (IANS) Bodies of six more tourists were pulled out from Godavari river in Andhra Pradesh's East Godavari district on Wednesday, taking...

Help me change state name to ‘Bangla’: Mamata to Modi (Lead)

New Delhi, Sep 18 (IANS) West Bengal Chief minister Mamata Banerjee, after a spell of 15 months, met Prime Minister Narendra Modi in New...

Snapchat introduces 3D Camera Mode

San Francisco, Sep 18 (IANS) Photo-messaging app Snapchat has announced a new 3D Camera Mode that will let users make and share images with...

Lamba says Speaker did not consider Twitter resignation

New Delhi, Sep 19 (IANS) The clash of rebel MLA Alka Lamba with the Aam Aadmi Party again erupted on Wednesday with the Chandni...
- Advertisement -

More Articles Like This