New
#1
Your article pops up a download on my PC... d33wubrki0I68.cloudfront.net.
Welcome to HSBC, the world’s seventh-largest bank! Of course, the page you’re reading isn’t actually hosted onhsbc.com
; it’s hosted onjameshfisher.com
. But when you visit this page on Chrome for mobile and scroll a little way, the page is able to display itself ashsbc.com
- and worse, the page is able to jail you in this fake browser! In this post I show how the attack works, then suggest some ways Chrome can fix this vulnerability, then finally show you how to get out if you’re still stuck here. But first, the proof:
In Chrome for mobile, when the user scrolls down, the browser hides the URL bar, and hands the URL bar’s screen space to the web page. Because the user associates this screen space with “trustworthy browser UI”, a phishing site can then use it to pose as a different site, by displaying its own fake URL bar - the inception bar!
This is bad, but it gets worse. Normally, when the user scrolls up, Chrome will re-display the true URL bar. But we can trick Chrome so that it never re-displays the true URL bar! Once Chrome hides the URL bar, we move the entire page content into a “scroll jail” - that is, a new element withoverflow:scroll
. Then the user thinks they’re scrolling up in the page, but in fact they’re only scrolling up in the scroll jail! Like a dream in Inception, the user believes they’re in their own browser, but they’re actually in a browser within their browser. Here’s a video of the hack in use:
Read more: The inception bar: a new phishing method
Tweet
— Twitter API (@user) View on Twitter
The last image is blank. I'm guessing that's where the download comes up to me. It's 462kB from cloudfront.net. I'm using Edge.
Nope. All default and stock. I thought it was a virus first. Everytime I get in here that video wants to download. I don't use any other browsers. Does anyone else sees this or is it just me?
I've removed the embedded video to stop that. I'm not sure why it would prompt to download the video though.
Do you get the prompt at the news article source?
The video plays normal at the source, so it's only here where it prompts a download. Weird. I'm glad it was just the video and not a virus or something.