Internet

Chrome vulnerability: New Phishing Attack Exploits Chrome Application Mode

Google will phase out support for Chrome apps in favor of Progressive Web Apps (PWAs) and standard web technologies. A new attack scheme for phishing now shows that this is important for security reasons. Beginning with Chrome 109 or later, Google will completely phase out Chrome apps on Windows, macOS, and Linux.

Until then, users should be extra careful when signing up online for services and web apps. Hackers can use “app mode” in Chromium browsers for covert phishing attacks, as security researcher mr.d0x now explains.

It becomes extremely difficult for users to see through the scam. A new phishing technique exploits the “Application Mode” feature in Chromium-based web browsers to create “realistic desktop phishing applications”. Cybercriminals can use this to recreate login windows and obtain sensitive user data, warns mr.d0x.

Application mode is designed to launch the website in a separate browser window while simultaneously displaying the website’s favicon and hiding the address bar.

More attacks devised

According to security researcher mr.d0x, who also developed the browser-in-the-browser (BitB) attack method earlier this year, a malicious actor can exploit this behavior to use some HTML/CSS tricks to create a fake address bar at the top of the window and trick users into entering their credentials in deceptive login forms. “Although this technique is more intended for internal phishing, it can technically also be used in an external phishing scenario,” says mr.d0x.

Advanced Phishing Attacks

In addition, the attacker-controlled phishing site can use JavaScript to perform other actions, such as: For example, closing the window immediately after entering credentials, or resizing and positioning the window to achieve the desired effect.

The mechanism works for Windows, macOS, and Linux, making it a potential cross-platform threat. However, the success of the attack depends on the attacker already having access to the target’s machine

Share
Published by
Research Snipers

Recent Posts

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

6 hours ago

Pixel 11: Mega leak shows images and data from the new Google smartphones

Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…

6 hours ago

Top 10 Payment Card Tools for Everyday Digital Finance

A payment card is easiest to understand when users see how it fits into real…

11 hours ago

OnePlus is ‘dead’: Oppo wants to soon announce its withdrawal from the EU & USA

OnePlus will soon be history. At least in Europe and the USA. What has been…

11 hours ago

Switch 2 OLED: Nintendo is apparently planning a display upgrade after all

Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…

11 hours ago

Maps: Google launches major visual update with immersive navigation

Google appears to be starting to distribute the new immersive navigation for Google Maps. The…

12 hours ago