قالب وردپرس درنا توس
Home / Tips and Tricks / New Chrome for Android Attack parodies the Omnibox

New Chrome for Android Attack parodies the Omnibox



There's a new Chrome attack on the horizon, and man, it's an idiot. Referred to by the finder as an "inception bar," it replicates chrome's omnibox, allowing attackers to take full control of Chrome.

The Inception Bar was found by developer James Fisher and is an incredibly clever phishing attack that takes advantage of the fact Chrome for Android hides the omnibox ̵

1; the name of the address bar in Chrome – when scrolling. If you scroll down the page a bit, the omnibox disappears and is automatically replaced by the counterfeit bar. And it looks incredibly convincing – it can even lock the real omnibox in an overflow container, preventing it from reappearing as soon as the Inception Bar is installed.

Although it does not look like this attack has (yet) been found on the internet, Fisher has created a working proof-of-concept on its website, which you can review at the link. When you visit the site, scroll down the page a little bit and right after the omnibox disappears, the fake inception bar with a fake URL will appear in its place. The bar is not working at this time (as this is just a proof of the concept), but it's not hard to see how some extra code could become a very realistic clone. It's also worth noting that this is still broken: when you close and reopen Chrome, for example, both bars will be displayed.

Fisher notes in his post that he sees no easy way to fix this problem, which makes up a lot of sense. As the website itself generates the faux bar, it will be incredibly difficult for the Chome team to find a way to tackle the problem.

This should become a legitimate problem in terms of the potential ways for users to encounter this problem. The first is simple: use a different browser. Any page with the code to generate the inception bar will continue to do so, but it's unbelievably obvious because other browsers do not use Chrome's Omnibox. It's also worth emphasizing the fact that this works only on on Chrome for Android – Chrome for iOS uses a different interface that prevents this from being a persuasive attack. [via Android Police]

In less shocking news, Apple talks about why Apple pulled apps from the App Store. Zuck built his wife a nice "sleeping box". Facebook will be a necropolis in 50 years, Spotify reaches 100m subs and more.

  • Apple is using apps for the screen time: Apple has its own screen time system, which is integrated in iOS. It has recently begun to source competing products from the App Store, but Phil Schiller of the company says it is not competition – they misused corporate tools. Interesting. [AppleInsider, 9to5Mac]
  • Zuckerberg built his wife a "sleeping box": Zuck said that his wife Priscilla can hardly sleep – if she wakes up in the middle of the night and knows that the kids will wake up in just a few hours, she stays awake , So he built her a box of subtle light. When the light is off, she knows it's okay to fall asleep again. If it works, she can go on and get up. All without looking at a castle, so she is not afraid to know what time it is. How sweet. [Zuck on Insta]
  • Facebook will be a necropolis in 50 years: The researchers have come to the conclusion that it will take about 50 years for Facebook's dead users to outnumber the living. It will be like in Colma, California, where the dead outnumber the living at 1000: 1, but online (okay, maybe it's not that is extreme). [ZDNet]
  • Spotify hits a hundred mill: Spotify announced that there are now 100 million paid subscribers. Roll in this dough, yes. [The Verge]
  • TurboTax and H & R Block conceal the free deposit before Google search: tax declaration software wants your money, but only recently it became clear how much they really really want it – were supposedly TurboTax and H & R Block Hide the free archive level before Google search results. This means that users who were allowed to sign up for free were paid, and that's crap. Shady crap. [ProPublica]
  • Apple was considering buying the Intel smartphone modem business: According to a recent Wall Street Journal report, Apple was considering swallowing up the Intel smartphone business outside the Qualcomm office. [WSJ]
  • Google has discontinued the release of distribution numbers: For years Google announces Android's monthly adoption numbers. But in the last six months it was totally mum and that is worrying. [XDA Developers]
  • Nubia built a fan-cooled 8K gaming phone: Were you ever so intense in a game session on your phone that you needed an 8K display and fan cooling in addition to the integrated liquid cooling? Boy, we have the phone for you. [Engadget]
  • Derived penalties increased by 10,000%: Distracted driving has become a bigger problem in the past decade than ever, and as a result, insurance companies' penalties have risen by almost 10,000 percent, from $ 2 to $ 2,290 $. Well. Keep going until people stop texting and driving. [Digital Trends]

Speaking of distracted driving, it's time to talk about the best story of the weekend: A man spent 13 months and thousands of dollars to prove that a hash brown is actually not a phone.

Jason Stiber received $ 300 distracted ticket for eating a McDonald's hash brown while driving. An officer confused breakfast as a smartphone and gave Stiber a ticket. However, he fought it in court, revealing that the office was in the fifteenth hour of a sixteen-hour shift and its verdict might have been inferior. The case was lifted. Just unbelievable. [The Washington Post]


Source link