A LOOPHOLE in Google Chrome exposes users to cyber crooks.
According to a cyber researcher, the browser’s “app mode” can be exploited to hit users with phishing attacks.
The feature removes websites so you can view them as apps and removes the address bar, toolbars, and other familiar elements.
It’s a useful way to display a clean, minimal interface for sites like YouTube — but hackers have found a way to exploit it.
This is because it can be used to generate a realistic looking login screen, which is actually a fake website operated by crooks.
The loophole was discovered by well-known cybersecurity researcher mr.d0x, who shared his finding in a recent article blog entry.
He showed that an attacker could easily send a user a message containing a link that launches a phishing website in app mode.
Since it opens in app mode, the user only sees what appears to be a login for a popular app like Facebook or Instagram.
Clearly, if the same link were opened in the regular version of Chrome, the user would see the address bar with a suspicious URL.
Attackers could therefore use the vulnerability to easily disguise their phishing websites as legitimate ones.
Users falling for the trick would inadvertently reveal their social media account logins or possibly their online banking credentials.
According to mr.d0x, the most likely way to launch such an attack would be via Windows shortcut files (.LNK).
Besides Google Chrome, App mode is available in all Chromium-based browsers, including Microsoft Edge.
The Sun reached out to Google for comment.
Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as B. a bank, a social media platform or another service.
However, the website is fake with fake content that aims to give a false sense of security to a victim.
The fake website may ask the victim to enter sensitive information like a password or email address.
Alternatively, it could encourage the user to download a seemingly harmless app that installs malware on their device.
Be suspicious of text messages or emails sent to you from unknown numbers or addresses.
Important: Do not click a link or download an attachment sent to you by someone you do not know.
If you think you have been the victim of a scam, you should contact your bank immediately to stop all outgoing payments.
You should also ask your bank to look into a possible refund.
If you shared a password for an online account, call the organization and have the account suspended. You may be able to re-enable it at a later date.
In the UK you can report a suspected fraudulent email to the National Cyber Security Centre here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at firstname.lastname@example.org
https://www.thesun.ie/tech/9515431/warning-millions-google-chrome-users-mistake/ Urgent warning to millions of Google Chrome users about a simple but dangerous bug