News

Google Chrome, Firefox и Safari did not hurry to warn users about fishing

During more than a year mobile versions of Google Chrome, Firefox and Safari browsers did not warn its users about fishing resources.

About this reported in the research, published by group of specialists from Arizona University and PayPal Company.

“We discovered a great hole in security of most popular mobile browsers. To our surprise, between 2017 and till the end of 2018 Google Chrome, Firefox and Safari did not show any notifications about websites from the black list, even with the enabled security settings that ensure protection from such resources” – reported researchers.

Issue involved not only browsers that are supported by Google Safe Browsing technology. It raised after transition on new mobile API where was optimized data consumption. As it turned out, API did not work as expected.

“At the same time, black list function was activated, so users expected that Internet-browser will notify them about fraudulent websites” – argued specialists.

Incorrect Google Safe Browsing work was discovered in the frameworks of PhishFarm research project that started in 2017.

During the research, specialists created 2380 fake authorization pages in PayPal service. Researchers realized in them mechanisms for bypassing browsers’ black lists and checked what time it took to transit them to black list (if they were transited at all).

Authors of the research notified Google about the issue and at the end of last year, it was fixed.

Read also: Google openly stored G Suite passwords for 14 years

Aside from Google Safe Browsing, specialists tested such technologies as Microsoft SmartScreen and mechanisms of adding websites to the blacklist as US-CERT, Anti-Phishing Working Group, PayPal, PhishTank, Netcraft, WebSense, McAfee and ESET.

Source: https://www.adamoest.com

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago