Quantcast
Channel: Harry Pettit – all their articles – The Sun
Viewing all articles
Browse latest Browse all 101

Urgent warning for millions of Google Chrome users over simple but dangerous mistake

$
0
0

A LOOPHOLE in Google Chrome exposes users to cyber crooks.

According to a cyber researcher, the browser’s “App Mode” can be exploited to hit users with phishing attacks.

Getty
Hackers are exploiting a loophole in Google Chrome’s App Mode[/caption]

The feature strips back websites so you can view them as apps, removing the address bar, toolbars and other familiar elements.

It’s a useful way to view a clean, minimal interface for websites such as YouTube– but hackers have found a way to exploit it.

That’s because it can be used to generate a realistic-looking login screen that’s actually a fake website operated by crooks.

The loophole was discovered by prominent cybersecurity researcher mr.d0x, who shared his find in a recent blog post.

Read more about Google

GOOG AHEAD

Urgent Android alert issued by Google that means millions must now act

SEARCHING FOR CASH

Millions owed refunds from Google after app shutdown – how to claim it

He showed that an attacker can easily send a user a message containing a link that launches a phishing website in App Mode.

Because it opens in App Mode, the user will only see what appears to be a login for a popular app, such as Facebook or Instagram.

If the same link were opened in the regular version of Chrome, the user would clearly see the address bar with a suspicious URL.

Attackers could therefore use the loophole to easily disguise their phishing websites as legitimate ones.

Users who fall for the ploy would inadvertently surrender their social media account logins or possibly their online banking credentials.

According to mr.d0x, the most likely way to launch such an attack would be through Windows shortcut files (.LNK).

As well as Google Chrome, App Mode is available in all Chromium-based browsers, including Microsoft Edge.

The Sun has reached out to Google for comment.

Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, social media platform or other service.

The website, however, is phoney with fake content designed to trick a victim into a false sense of security.

The phoney site may ask the victim to enter sensitive information, such as a password or email address.

Alternatively, it might encourage the user to download a seemingly innocuous app that installs malware onto their device.

Be suspicious of texts or emails sent to you from unknown numbers or addresses.

Importantly, do not click on a link or download an attachment sent to you by someone who you don’t know.

If you think you’ve fallen victim to a scam, you should contact your bank immediately to stop any outgoing payments.

You should also get your bank to look into a possible refund.

If you’ve handed over a password for an online account, phone up the organisation and get the account locked down. You may be able to get it reinstated at a later date.

In the UK, you can report a suspected scam email to the National Cyber Security Centre here.


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk



Viewing all articles
Browse latest Browse all 101

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>