This Loophole in Chrome for Android Allows Phishing Attackers to Trick Users with Fake Address Bar

Google Chrome
Download PC Repair

Special offer. See more information about Outbyte and uninstall instructions. Please review EULA and Privacy Policy.

Download and try Outbyte PC Repair right now to see what it can do for your Windows.

Reading time: 4 Minutes

In the browser world, Google Chrome tops, – and for a good reason. Besides being easy to use, Google Chrome has a thriving extension ecosystem, a robust feature set, and it has versions for nearly all major platforms. With Chrome being the most popular browser, some nefarious developers may see it as an avenue to get sensitive information from unsuspecting users.

Let’s face it. Most people hardly check the address bar on their browser for its authenticity. To make it even worse, Chrome for Android hides the address bar after a page has loaded. So if you have not been paying attention while browsing on your phone, beware of the fake address bar on Android.

According to a security analyst James Fisher, there is a lapse on Google Chrome that could allow phishing attackers to install a fake address bar on Chrome for Android and conceal the genuine one.

Fake Address Bar Trick on Android Has Been Exposed

Fisher showed on his blog how cybercriminals can cause the content to appear as if it is hosted on the website of HSBC, a reputable organization.

A phishing hacker would test potential victims’ alertness with a fake address bar on Chrome for Android. For this exploit to succeed, the attacker relies on the possibility that users are not paying attention after scrolling down. Normally when you scroll down in Chrome for Android, the uppermost section, which has the tabs button and the address bar, slides up from view to provide more space for the page.

The inception bar, as Fisher calls it, could also prevent you from viewing the real address bar when you scroll up. Fisher stressed that if the above trick doesn’t fool users, a phishing attacker could use a padding element that prevents Chrome on Android from displaying the address bar when users scroll. Ordinarily, when a user scrolls up, Chrome for Android will redisplay the real address bar.

Fisher found out that if Chrome doesn’t display the genuine address bar, it is easy for a phishing attacker to move the entire page content to a scroll jail. The outcome of this exploit is a webpage within a webpage. Since the webpage contains its own scroll bar, users can be tricked to think they are scrolling up the page, when in the real sense, they are scrolling up the scroll jail.

Perhaps a more worrying implication of the fake address bar trick on Android is that users can’t easily leave the web page without accessing the address bar.

So far, there are no reported cases of users losing sensitive information to cybercriminals using this bar-phishing trick, but now that Fisher has reported the exploit, these attackers could use it to carry out large-scale phishing campaigns.

How to Spot a Fake Address Bar in Chrome for Android?

As we wait on Google to release an update that prevents such browser takeovers, we have suggested several strategies to help you spot a fake address bar:

  • One of the most effective ways of spotting a fake address bar in Chrome for Android is to lock your smartphone, then unlock it. By doing this, your browser will be forced to display its real address bar. And if you are facing a phishing attack, you will notice the fake address bar below the genuine one. You can view these address bars even if you have scrolled down.
  • Another trick you can use to uncover the fake address bar trick on Android is to keep a close eye on the count displayed in the tabs icon when using multiple tabs. Here, the fake address bar will display an incorrect figure.
  • With the new dark mode in Chrome for Android, it is now easy to detect a fake address bar. When this feature is active, the genuine address bar and all the UI elements will turn black while the fake one will remain white, making it easier to distinguish the legitimate address bar from the fake one.

Stay Safe

Besides the above tips, it is also important to secure your phone against malicious attacks. Use a reliable booster app to wipe out junk and optimize your phone for top performance. Android cleaner tool takes care of your phone’s memory, performance, security, and battery life. Use this app to protect your sensitive information when browsing on your phone using public Wi-Fi.

A point to note is that the exploit is just a proof of concept for now. But keep in mind that there is nothing that stops phishing attackers from using such vectors to collect information from unsuspecting users.

Not long ago, Fisher raised an issue with Google’s policy for Gmail addresses. The ‘dots don’t matter’ policy presents a loophole that scammers can use to create several Gmail accounts using extra dots. While Google doesn’t distinguish dots in email addresses, other online services recognize them. Because of this loophole, scammers conned several Netflix account owners.

Final Thoughts

Google has yet to issue an official response to the fake address bar trick on Android, so there is no information on when the loophole will be fixed. Nonetheless, the above tips should help you spot a fake address bar in Chrome for Android and protect your phone from malicious attacks. In any case, it pays to protect yourself from all forms of phishing attacks. You should be more careful whenever you are browsing the web using Chrome for Android. Make sure to check back on this blog to learn more on how to protect and optimize your phone for top performance.

Give us some love and rate our post!
[Total: 0 Average: 0]
Spread the love
Notify of
Inline Feedbacks
View all comments
Featured Stories
How to Update UEFI BIOS in Windows: A Step-By-Step Guide

Reading time: 2 MinutesUpdating your BIOS can be beneficial but isn’t always required. This delicate…

Spread the love
Mouse Cursor Disappears on Windows 10: 13 Solutions

Reading time: 4 MinutesWhen your mouse disappears on Windows 10, it can significantly disrupt your…

Spread the love
Snipping Tool Not Working on Windows 11: Solutions

Reading time: 7 MinutesAfter the Windows 11 update, a range of challenges and issues have…

Spread the love
Windows 11 Mouse Click Not Working: Causes and Fixes

Reading time: 5 MinutesThe issue of the left mouse click not working is not exclusive…

Spread the love
Windows 11’s Wi-Fi Adapter Disappeared: Quick Fixes

Reading time: 3 MinutesWindows 11, the latest iteration of Microsoft’s widely used operating system, has…

Spread the love
How to Fix OneDrive error 0x80071129

Reading time: 8 MinutesOneDrive is a helpful feature in Windows; you can easily access your…

Spread the love
PC Repair
How to Fix Error Code 0xA00F429F on Windows 10/11

Reading time: 8 MinutesWindows 10 and 11 come with pre-installed UWP apps that are essential…

Spread the love
Error Copying File or Folder: The Requested Value Cannot Be Determined

Reading time: 8 MinutesIf you encounter the Windows 10/11 error message “The requested value cannot…

Spread the love
What to Do When a Deleted User Still Appears on the Windows 10/11 Login Screen?

Reading time: 8 MinutesWindows 10/11 allows you to create multiple user accounts – useful for…

Spread the love