Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 26th, 2008

Address Spoofing Flaw Allows Google’s Chrome Websites Impersonation

A new vulnerability has been found in Google’s Chrome browser that allows attackers to impersonate websites of groups like the Better Business Bureau, PayPal and even Google.

Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California. According to The Register, Apple Safari is not vulnerable in the same way although same engine (webkit) is being used.

As researchers proof of concept demonstrates, it is in fact possible to send Chrome users to a page under his control while causing the browser’s address bar to display the domain name

A Google representative says Chrome’s spoofing vulnerability is a “known issue” that will be fixed in an update that will be pushed to end users soon.

Credit: Dan Goodin, The Register

Share this item with others:

More on CyberInsecure:
  • Microsoft Discovers Flaw In Google Plug-in For Internet Explorer
  • High-risk Vulnerabilities In Google Chrome
  • MS Internet Explorer 7 Popup Window Address Bar Spoofing Vulnerability
  • Google Chrome Browser Bug Could Leak Identity of Anonymously Surfing Users
  • Carpet-bombing Vulnerability In Google Chrome New Browser

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Address Spoofing Flaw Allows Google’s Chrome Websites Impersonation

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.