Google Chrome, Firefox и Safari did not hurry to warn users about fishing

During more than a year mobile versions of Google Chrome, Firefox and Safari browsers did not warn its users about fishing resources.

About this reported in the research, published by group of specialists from Arizona University and PayPal Company.

“We discovered a great hole in security of most popular mobile browsers. To our surprise, between 2017 and till the end of 2018 Google Chrome, Firefox and Safari did not show any notifications about websites from the black list, even with the enabled security settings that ensure protection from such resources” – reported researchers.

Issue involved not only browsers that are supported by Google Safe Browsing technology. It raised after transition on new mobile API where was optimized data consumption. As it turned out, API did not work as expected.

“At the same time, black list function was activated, so users expected that Internet-browser will notify them about fraudulent websites” – argued specialists.

Incorrect Google Safe Browsing work was discovered in the frameworks of PhishFarm research project that started in 2017.

During the research, specialists created 2380 fake authorization pages in PayPal service. Researchers realized in them mechanisms for bypassing browsers’ black lists and checked what time it took to transit them to black list (if they were transited at all).

Authors of the research notified Google about the issue and at the end of last year, it was fixed.

Read also: Google openly stored G Suite passwords for 14 years

Aside from Google Safe Browsing, specialists tested such technologies as Microsoft SmartScreen and mechanisms of adding websites to the blacklist as US-CERT, Anti-Phishing Working Group, PayPal, PhishTank, Netcraft, WebSense, McAfee and ESET.


About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Microsoft and control of scammers domains

Microsoft gained control over six domains of “Coronavirus” scammers

Microsoft through the court gained control over six domains of the so-called “Coronavirus” scammers. These …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.