Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Hacker wins $5,000 for Chrome, Firefox address bar spoofing flaw

(Image: file photo)

A vulnerability in how Chrome and Firefox render website addresses could allow an attacker to trick a user into visiting a spoof website that appears to be legitimate.

Rafay Baloch, a security researcher, won $5,000 in a combined bug bounty for finding the flaw.

In a blog post on Tuesday, he explained that the flaw could be used to trick users into supplying sensitive information to a malicious site, because the website appears to be legitimate in the browser's address box.

This address bar spoofing flaw works because some languages that display right-to-left, such as Arabic, are rendered differently. He explained that if you take a neutral right-to-left character (such as a forward slash), it can be used to flip a web address to also display right-to-left.

For example:ا/ would instead appear in the browser bar asا/

That means anyone clicking on the link, which could be masked in a spam email...(continued)

View All Trending Stories