Google Chrome bug can allow phishing attacks using 'inception bar'

Apr 30, 2019

New Delhi, Apr 30 (ANI): A security vulnerability in Google Chrome browser reportedly allows malicious users to launch a phishing attack using a fake address bar. The bug, as discovered by James Fisher, leverages how the Chrome mobile app disappears the address bar when you scroll down. The exploit, as Fisher calls 'The Inception Bar' method, can be used to display a fake address bar that won't disappear until you go to another site, Engadget reports. The exploit goes further to restrict you from seeing the real address bar when you scroll up. Although Fisher has demonstrated a proof of concept, the bug could theoretically allow large-scale phishing campaign to steal user information.