The good news is that since this exploit is now out in the wild, hopefully it will allow companies like Google, Apple, Microsoft, and other browser makers to come up with a way to address this issue to help users have a safer browsing experience. The problem with attacks like these is that in the past, more seasoned users might notice that something looks a little off in terms of the images, let alone the URL, but using the templates mr.d0x created, you would be hard pressed to tell the difference. Open Chrome and head back to Settings > Site Settings > Pop-ups and Redirects, or type chrome://settings/content/popups into the Omnibox and hit.
Speaking to BleepingComputer, mr.d0x told the publication that these templates are pretty easy to use and can be used for browsers like Google Chrome, which happens to be one of the most used browsers in the world. Here’s how you can take control and allow or block pop-ups in Chrome. You can also check URLs of popup windows used for single sign-ons like Google, Apple, Facebook, and so on, but thanks to security researcher mr.d0x, he has created a new Browser-in-the-Browser attack which in theory would let hackers recreate SSOs that display the “correct” URL, thus fooling users into possibly handing over their login credentials.
This is because if you’re trying to log into Facebook but the URL says something different, there is a very good chance that you’re being phished. One piece of advice that you usually hear and read to prevent yourself from being phished is to check the URL of the website you’re visiting.
0 kommentar(er)
