Google Chrome Address Spoofing Bug to be Repaired Soon

Google Chrome Address Spoofing Bug to be Repaired Soon


The Google Chrome team has finally decided to fix an address spoofing bug after keeping the issue under consideration for more than a month. This potential security threat was brought into notice in the start of June by a UK Security firm researcher, David Leo. According to Leo, when a new page is loaded by Chrome, the content of previous page remains for a while. Some other experts also indicated that the address spoofing bug can also be exploited for spoofing HTTPS websites.

When Google was initially informed, it did not consider it as a problem because according to them, users are unable to have any interaction with the spoofed content. The bug was said to be “render denial-of-service” by Chrome developers who claimed that it could not be exploited to carry a phishing attack.

Google was informed of this issue on June 7, but the search giant initially said it was not a security problem because users cannot interact with the spoofed content.
Security experts, however, are of a different view. According to Sijmen Ruwhof, an IT Security Consultant, this bug can enable the creation of a phishing page that is used for user interaction and exploiting the bug to momentarily put the targeted URL on display. The phishing page can then be reloaded after a few seconds, which allows cyber attackers to gather the user data.

Another possibility was suggested by IT security consultant Sijmen Ruwhof. It is to create a regular phishing page that allows user interaction and make it exploit the spoofing bug to temporarily display the targeted website’s official domain. After a few seconds, the original phishing page can be loaded again, allowing cybercriminals to harvest the user’s data. “After two seconds the impersonification process is stopped, enough time for a user to validate the URL bar and identity of the web site and start filling in forms,” Ruwhof said.
After a long debate of one month, chrome developers have agreed that the bug presents a security threat and should be fixed. The Chrome Address Spoofing Bug seems to have been there for many years as it was reported by a researcher in 2012 as well but could not get this bug fixed by Google at that time.