New vulnerability in the Chrome, Firefox and Opera web browsers?

[Sirius]

Sounds serious. :wtf::wtf:

http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

 

[Johnatan56]

Mitigation For Firefox Users (Not FIX For Chrome)
Firefox uses can follow below-mentioned steps to manually apply temporarily mitigation:

Type about:config in address bar and press enter.
Type Punycode in the search bar.
Browser settings will show parameter titled: network.IDN_show_punycode, double-click or right-click and select Toggle to change the value from false to true.

Unfortunately, there is no similar setting available in Chrome or Opera to disable Punycode URL conversions manually, so Chrome users have to wait for next few weeks to get patched Stable 58 release.

Well, for banks typing the url in directly would still act the same, links are going to be fun to follow.

 

[saor]

Link to the fake apple.com url for anyone who wants to see it in action: https://аррӏе.com/

If your web browser is displaying "apple.com" in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack.

 

[SYNERGY]

Link to the fake apple.com url for anyone who wants to see it in action: https://аррӏе.com/

Site cannot be reached.

Chrome Mobile.

 

[Thor]

Link to the fake apple.com url for anyone who wants to see it in action: https://аррӏе.com/

Holy shiat

 

[Adenoid Hynkel]

Safari on iOS

Chrome:

 

[DA-LION-619]

 

[Adenoid Hynkel]

Firefox, opera mini and opera coast on iOS all show the actual domain and not Apple.com. Seems it's only chrome on iOS. There are more browsers, but to lazy to test.

Is there a list somewhere that mentions all affected browsers?

 

[Adenoid Hynkel]

Snip

What browser is that?

Edit. Nvm. I see it's safari. Never seen the word done at the top left.

 

[DA-LION-619]

What browser is that?

Safari iOS