Chrome M60 address bar spoofing
There was an address bar Spoofing vulnerability in chrome browser which allow an attacker to trick a user into visiting a spoof website that appears to be legitimate.
Recently, chromium team has a defense which gives the new page (apple.com in this case) 4 seconds to render after its URL appears in the omnibox for resolved these spoofing problem in general.If the 4 second timer expires then the display goes all white.
So unfortunately, this PoC cannot work in release M61,and then chromium ream closed this report on Aug 2.
chrome version < 61.0.3163.79 on macOS platform
- Report to chromium on Jul 31
- Report was closed by chromium on Aug 2
- Public disclosed on Dec 6