25th July 2017

Pakistan hacker rewarded $5,000 for identifying hacking bug in Chrome & Firefox

Yes, even Google & Firefox can be vulnerable to loopholes. Fortunately, they gave Pakistani talent to help them out!

Pakistani hacker, Rafay Baloch, found out a flaw in Firefox and Chrome browsers, which makes it possible for a malicious attacker to trick users into visiting fake websites that appear genuine. Baloch explained how the flaw allows any hacker to direct a user to its spoof website disguising as to be  legitimate in leading browser’s address bars. He added that this works in languages that display right to left, like Arabic. Here is how it works:

Legitimate (for example)
cherrycross.com/category/lifestyle

Fake (that can be used by hackers)
lifestyle /category/ cherrycross.com

By flipping the URLs, hackers could easily cheat anyone on such links and can take them to fake webpages and can get confidential information. Since the flaw still exists and leading browsers is working over to fixed it, he avoided sharing much details.

Google admitted the flaw and said the company is already working over the issue, which will be fixed in all versions by this September. Firefox has already fixed the flaw in its Android browsers.

So next time you go on to browse , make sure you check the URL and don’t get cheated.

If you like this blog, you might also like the next. That’s all here for you!

Be the first to comment

Leave a Reply

%d bloggers like this: