A developer James Fisher has found a simple security bug in Chrome for mobiles which can be used to launch phishing attacks. To demonstrate how easy it is to use a fake address bar for malicious attacks, he created a proof-of-concept exploit for the Google Chrome Android web browser.
Fisher created the “inception bar” – a fake address bar – which shows up on Chrome’s mobile browser. The bar does not disappear until you end up visiting another website. But the bug allows more to happen as the fake address bar shows up over the original address bar. So, as the user assumes that he/she is scrolling safely they are actually unsafe.
There are several ways in which a user can spot these fake address bars. One of the ways you could do this is by using the dark mode of Chrome. The Chrome dark mode is of help as the fake address bars are usually white while the dark mode uses the color black for its URL bar. Another way to spot a fake is to keep an eye on the number of tabs displayed in the tabs icon as Inception bars tend to display incorrect number. According to 9to5 Google, you can also force the browser to show the real address bar by locking and then unlocking the phone.