Pakistani ethical hacker, Rafay Baloch, receives a $5,000 bounty for exposing Chrome, Firefox address bar flaw

Pakistani ethical hacker, Rafay Baloch, has exposed a vulnerability in Chrome and Firefox which essentially says that the way these browsers render website addresses could expose users to malicious websites that otherwise appear to be legitimate.

On Tuesday, Rafay Baloch published a blog on his website where he explained the address-bar spoofing bug. The bug could allow a hacker to trick the user by displaying a spoofed page for an invalid URL.

“Google security team themselves state that ‘We recognize that the address bar is the only reliable security indicator in modern browsers’ and if the only reliable security indicator could be controlled by an attacker it could carry adverse effects. For instance potentially tricking users into supplying sensitive information to a malicious website due to the fact that it could easily lead the users to believe that they are visiting is a legitimate website as the address bar points to the correct website. ”

This has earned him a $5000 bug bounty.

This address bar spoofing flaw works because several languages like Arabic and Hebrew are written from right to left. Due to mishandling of several Unicode characters and how they are rendered with a first strong character, let’s say, an IP address or an alphabet could lead to a spoofed URL. Rafay spotted this bug by placing neutral characters such as “/”, “ا” in the file path which, according to him, causes the URL to be flipped.

For example, 127.0.0.1/ا/http://example.com would instead appear in the browser bar as http://example.com/‭ا/127.0.0.1. This means that a person clicking on the link would assume to be going to example.com but the site would actually display data from 127.0.0.1. You can read about it in detail here.

According to Rafay, this vulnerability exists in some other browsers as well who are currently undergoing a fix which is why he refrained from mentioning them. However, Chrome and Firefox appear to have fixed the bug on his timely discovery and indication.

Rafay Baloch is a pretty accomplished penetration tester. Finding a bug with PayPal back in 2012, he managed to get a USD 10,000 bounty. In 2014, his work on a bug in Android got featured with Forbes and BBC. He also got featured on our 25 UNDER 25.

Editing by Muneeb Ahmad

Image — Hackread

The post Pakistani ethical hacker, Rafay Baloch, receives a $5,000 bounty for exposing Chrome, Firefox address bar flaw appeared first on TechJuice.



~ Shop by Category ~


Mens Fashion in Pakistan  Mens Latest Fashion in Pakistan  Mens Fashion Accessories Online Shopping in Pakistan  Mens Belts Online Shopping in Pakistan  Cufflinks Online Shopping in Pakistan  Mens Perfumes Online Shopping in Pakistan  Mens Sunglasses Online Shopping in Pakistan  Mens Wallets Online Shopping in Pakistan  Mens Watches Online Shopping in Pakistan  Mens Clothing Online Shopping in Pakistan Mens Wester Clothing Online Shopping in Pakistan  Export Stock Lot & Export Leftover in Pakistan  Mens Winter Collection 2019-2020  Mens Hoodies & Jackets Online Shopping in Pakistan  Mens Jeans Online Shopping in Pakistan  Mens Pants Online Shopping in Pakistan  Mens Shirts Online Shopping in Pakistan  Mens T-shirts Online Shopping in Pakistan  Mens Pakistani Clothing Online Shopping in Pakistan  Mens Nightwear & Undergarments Online Shopping in Pakistan  Mens Bathrobe Online Shopping in Pakistan  Mens Nightwear Online Shopping in Pakistan  Mens Pajamas Online Shopping in Pakistan  Mens Undergarments Online Shopping in Pakistan
Ladies Fashion Online Shopping in Pakistan  Ladies Latest Fashion Online Shopping in Pakistan  Womens Accessories Online Shopping in Pakistan  Ladies Handbags & Purses Online Shopping in PakistanLadies Perfumes Online Shopping in Pakistan  Ladies Sunglasses Online Shopping in Pakistan  Ladies Watches Online Shopping in Pakistan  Ladies Clothing Online Shopping in Pakistan  Pakistani Dresses Online Shopping in Pakistan  Pakistani Dresses Latest Designs & New Arrival  2018 Collection Pakistani Dresses in Pakistan  2019 Collection Pakistani Dresses Designs  Abaya & Hijab Online Shopping in Pakistan  Ladies Kurti Online Shopping in Pakistan  Original Dresses Online Shopping in Pakistan  Replica Dresses Online Shopping in Pakistan  Stitched Dresses Online Shopping in Pakistan  Unstitched Dresses Online Shopping in Pakistan  Bridal Dresses Online Shopping in Pakistan  Designer Dresses Online Shopping in Pakistan  Eid Collection Pakistani Dresses 2019-2020  Engagement Dresses Online Shopping in Pakistan  Mehandi Dresses Online Shopping in Pakistan  Nikah Dresses Online Shopping in Pakistan  Party Dresses Online Shopping in Pakistan  Walima Dresses Online Shopping in Pakistan  Wedding Dresses Online Shopping in Pakistan  Chiffon Dresses Online Shopping in Pakistan  Embroidered Dresses Online Shopping in Pakistan  Lawn Dresses Online Shopping in Pakistan  Linen Dresses Online Shopping in Pakistan  Net Dresses Online Shopping in Pakistan  Satin Dresses Online Shopping in Pakistan  Silk Dresses Online Shopping in Pakistan  Velvet Dresses Online Shopping in Pakistan  Indian Dresses Online Shopping in Pakistan  Ladies Summer Collection Pakistani Dresses 2019-2020  Ladies Winter Collection Online Shopping in Pakistan  Lingerie Online Shopping in Pakistan  Lingerie New Arrival 2019-2020 Collection  Ladies Bathrobe Online Shopping in Pakistan  Bikini Online Shopping in Pakistan  Bra Online Shopping in Pakistan  Bra Panty Sets Online Shopping in Pakistan  Panty & Thongs Online Shopping in Pakistan Bra by Color  Bra by Size  Bra by Types - Types of Bra  Body Shaper Online Shopping in Pakistan  Camisole Online Shopping in Pakistan  Sexy Lingerie Online Shopping in Pakistan  Nightwear Online Shopping in Pakistan  Nighty Online Shopping in Pakistan  Bridal Nighty Sets Online Shopping in Pakistan  Body Stocking & Leg Stocking Online Shopping in Pakistan  Tights Online Shopping in Pakistan  Ladies Undergarments Online Shopping in Pakistan