Google Chrome’s browser is very popular. There’s a good chance you use it on your desktop, laptop, or mobile device, or have used it at one time or another. If you use it on your mobile device, this information is for you. A researcher has found a way to exploit the Chrome app on mobile devices that isn’t complicated at all. It just involves screenshots and how the app displays the website address in the address bar.
If you take a look a website in Google Chrome on your smartphone or tablet, you will notice that as you scroll, the website address sort of disappears under the banner at the top. Most of the time, we don’t notice the behavior because we are busy reading the website. However, in this case that’s what the attackers are hoping for. They can put a screenshot of a fake website there and prevent you from seeing the real one until you go to a different site. This allows them to steal information from you without you suspecting a thing.
For now, there is no knowledge of this being actively exploited. However, that may not be the case for long since the researcher let it out of the bag. The only way to catch this attack is to pay very close attention to the websites you’re visiting and confirm that the address remains the same you typed in or expect it to be. Take a quick look at it before you scroll and then make sure it remains that way before you go further. You can also show the real address by locking, then unlocking the device.
Google doesn’t have a fix for it, but it’ll likely come in a later update of Chrome. So make sure you update your apps as soon as it is released. In addition, this vulnerability may provide ample opportunities for phishing. So remember to be 100% certain that the site you’re typing personal information into is the one you intend to give it to.