29 April 19, 14:13
(This post was last modified: 29 April 19, 14:13 by silversurfer.)
Quote:Why display the URL bar on a mobile device when you can give users more screen space by hiding it?
Google Chrome for Android does just that after a page has loaded, concealing information about the URL and expanding the screen space available to display content from the web page.
The feature is handy for users, but developer James Fisher is drawing attention to the possibility that phishing attackers can abuse it to catch users off guard when browsing.
As he demonstrates in a blogpost hosted on his website, the content can be made to convincingly look as if it were hosted on the website of UK banking giant HSBC, with the green HTTPS 'secure' padlock and all.
A phishing attacker would be relying on the chance that users aren't paying attention after clicking a link in a message and scroll down, at which point Chrome on Android hides the URL bar and gives that space to the web page. Chrome on iOS, which is based on Apple's WebKit, continues to display the original URL bar.
SOURCE: https://www.zdnet.com/article/chrome-on-...dress-bar/