Developer James Fisher has come up with a new phishing method called ‘the inception bar.’ With this new technique, the developer aims to demonstrate how Chrome’s way of handling the address bar can be manipulated which in turn can put into a lot of trouble.
For those who didn’t notice, Google Chrome on Android hides the address bar while you scroll down any page, exactly the opposite happens when the browser sense that you are scrolling up the page. This is normal behavior.
Now, ‘the inception bar’ exploit can disrupt the whole experience. The exploit tricks Chrome and as a result of this, the browser is unable to re-display the address bar while scrolling up the page. Things could take a turn for the worse as it can also display a fake address bar wherein the URL would be different from the original, making you vulnerable to various security threats. You can watch the below video for a better understanding of how this works.
Furthermore, affected browsers won’t be able to switch to the previous pages using the back button. This will require you to access the address bar and type the whole thing every time you want to re-visit the history.
There isn’t any fix available but you can check whether you are among the victim. All you have to do is lock your phone and then unlock it again. This will let Chrome for Android display both the original and the fake address bar on top of each other.
Make sure to read the full blog of James Fisher.