Casa > cibernético Notícias > Spoofing Flaw Found in Chrome and Firefox Address Bar

Spoofing Flaw Encontrado em Chrome e Firefox Barra de Endereços


It’s no wonder that people are often wondering which o navegador mais seguro é. Browsers são muitas vezes aproveitados em vários cenários de ataque, e até mesmo um navegador atualizado pode ser vítima de agressores.

One of the recent serious security issues that involves both Google Chrome and Mozilla Firefox could lead to the compromise of several security features in the browsers and spoof URLs in the address bar via a simple trick. The discovery’s author is security researcher Rafay Baloch. Felizmente, the issues are already fixed but other vendors still need to work on fixing them. além do que, além do mais, Baloch said that he got paid a bug bounty in the size of $5,000 on behalf of Google.

The RTL-LTR URL Spoofing Issue Explained

The issue comes from the way browsers line up URLs written with mixed RTL (árabe) and LTR (romano) personagens.

Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL.

The researcher noticed that when he placed neutral characters like “/” in the filepath which caused the URL to flip and display from right to left. For the URL to be spoofed, the URL needs to begin with an IP address followed by neutral characters. This is because the omnibox recognizes the IP address as a combination of punctuation and numbers. Because the LTR (Left To Right) direction isn’t applied properly, this leads to the entire URL be rendered from RTL (Right To Left).

The RTL-LTR Spoofing Flaw Easy to Exploit

The worst part is that the spoofing issue is very easy to exploit, especially in phishing attacks. An attacker could take the server’s IP address, add some Arabic characters and affix the domain of a legitimate website. The produced URL can be embedded in spam and can be sent out in emails, SMS and IM messages. Upon clicking, the user will be redirected to a page that displays a credible domain but in fact is on a bad server.

Furthermore the address part can be easily hidden, especially on mobile browsers, by choosing a longer URL to make the attack more realistic, Baloch says.

No Firefox, the same issue has been identified as CVE-2016-5267. Contudo, the exploit itself is slightly different due to Mozilla’s different codebase.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar