There has been news lately about address bar spoofing vulnerabilities in a couple of different Web browsers. What...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is the issue behind these vulnerabilities? What are the best ways to prevent my websites from being spoofed and my employees from falling victim to such attacks?
While clearly a misuse of the setInterval method, the rapid reloading of a webpage every hundredth of a second causes most devices to lock up or the webpage to become unusable. Also, there is a consistent flicker in the address field. A far more viable address bar spoofing vulnerability is present in the Android Stock Browser. This browser fails to handle a 204 No Content response when combined with the window.open event; a 204 No Content error means the server successfully processed the request, but is not returning any content. There is a proof of concept that shows the URL of a legitimate site, but the content is hosted on a different domain. The Android security team already released a patch, but it is up to each telecom carrier to distribute it.
To prevent employees from being phished by such vulnerabilities, they should attend security trainings that cover these types of attack so users don't idly click on links from unknown sources.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Check out the latest on Web security best practices from SearchSecurity
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises ...continue reading
Some malicious apps can hijack smartphones and expose those devices with open ports. Expert Michael Cobb explains how this happens and how users can ...continue reading
Smartphone users could be at risk of memory corruption attacks because of a baseband vulnerability. Expert Michael Cobb explains the attack and how ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.