November 4, 2022
Google Chrome inception bar phishing scam

Google Chrome ‘Inception Bar’ Phishing Vulnerability Discovered

A new method of attack, known as the Google Chrome ‘inception bar’ phishing vulnerability, can put users into a type of browser jail…

Developer James Fisher has stumbled onto a new online threat. It’s a kind of mobile exploit he calls “inception bar phishing.”

Google Chrome ‘Inception Bar’ Phishing Vulnerability Discovered

When people launch Chrome on a mobile device and call up a page, the browser hides the address bar to create more space on the page. 

What’s so dangerous about this, as Fisher notes, is it could well be used to trick people into thinking their on a genuine website. In other words, someone might visit their bank’s site. With the exploit, it can send him or here to another page, which looks real.

The user would never know it’s not the official site because there’s no way to return to the address bar to check. (Anyone who tries is put into “scroll jail,” a way of making it look like the page has refreshed when it’s merely to conceal the fake URL.)

What’s more, even if someone could get back the address bar, it too is faked, so it would still appear as the real thing. Think of it as a fake browser in a real browser, all disguised to look like the genuine article.

Here’s a quick clip of it in-action, courtesy of James Fisher:

Owen E. Richason IV

Covers social media, apps, search, and similar news. History buff, movie, and theme park lover. Blessed dad and husband.     

View all posts by Owen E. Richason IV →