|Reported by jopem...@gmail.com, May 25 2010||Back to list|
Potential for phishing attack described here: http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ Just tried it in Chrome 6.0.408.1 dev and it works.
May 25 2010,
There isn't really anything to fix here. The hostname is the only authoritative identifier for a site, and we have measures like SafeBrowsing and hostname bolding to mitigate phishing attacks.
Mar 21 2011,
Oct 13 2012,
This issue has been closed for some time. No one will pay attention to new comments. If you are seeing this bug or have new data, please click New Issue to start a new bug.
Mar 10 2013,
Mar 11 2013,
Mar 13 2013,
Nov 18 2013,
Bulk release of old security bug reports.
Feb 6 2014,
Bulk update: removing view restriction from closed bugs.
Oct 2 2016,
Note that sites can protect themselves somewhat from this phishing method by using <a href="..." rel="noopener" target="_blank"> to block access to their window object from within the openee. It might be that not all browsers support noopener, but some do.
|► Sign in to add a comment|