A spoofing vulnerability in Google Chrome makes it possible for a malicious website to spoof the address bar, the browser also shows a valid SSL certificate. The attack last Tuesday on the Full Disclosure mailing list revealed by researcher David Leo.
Then was the demonstration of Leo adapted by Mustafa Al-Bassam , the HTTPS version of Facebook was spoofed. The security company which operates Leo reported the problem to Google, but the Internet giant announced that it will not fix the vulnerability, because this is actually a denial of service, even if the browser crashes.
In addition, the impact of spoofing vulnerability is limited because users can not do anything in the spoofed pop-up or page. A direct phishing attack via this vulnerability is not possible, Al-Bassam noted. Readers of Hacker News report that the spoofing problem is partly also present in Firefox, the browser only because it crashes.
No comments:
Post a Comment