Chrome for Android exploit user tricks with fake address bar

In general, we have come to trust the address bar of our browser to find out if a site we are on is legitimate or not. A developer has demonstrated a feat that can make you believe that you are on a legitimate website by displaying a fake version of Chrome's full address bar for Android.

Posted on his personal blog, developer Jim Fisher was able to publicly demonstrate that a website could easily replace Chrome's address bar and user interface for Android, using only a few Web design tips.

Typically, when you scroll down a page in Chrome for Android, the top user interface with your address bar and the tabs button is hidden. What Fisher has discovered is that you can "trap" page scrolling, which allows you to go back without Chrome for Android redisplaying its user interface.

Then, when you try to scroll up the screen, the page may display an image of a fake address bar at the top of the screen, where normally the screen is located. Chrome's user interface for Android, with a completely different URL, including the lock icon. the page is "secure".

To help give an idea of ​​what this looks like, Fisher included a visual demonstration of the address bar feat in action. In the video of the exploit, you can see the actual address bar which indicates that "jameshfisher.com" is traded for a fake that says "hsbc.com".

One of the most worrying aspects of this feat is that you can not leave the page without accessing Chrome's address bar for Android. he should to be as simple as pressing the "Back" button on your device, but many websites have shown how easy it was to replace the back button on your browser (although Google does have a fix in the works).

Currently, the best way to check if your address bar has been tampered with is to lock your phone and then unlock it. This should force Chrome for Android to display its actual address bar and leave the fake, also exploited, displayed below. To test the exploit for yourself and learn more about how it works, be sure to check out Fisher's full blog in Chrome for Android.

Check out 9to5Google on YouTube for more information: