1. Forums
  2. Security
  3. Common Vulnerabilities and Exposures
  4. chrome firefox package vulnerable from phishing attack

chrome firefox package vulnerable from phishing attack

1 post / 0 new
Log in or register to post comments
#1 Wed, 2017-04-26 16:31
mmix
  • mmix's picture
  • Offline
  • Last seen: 3 weeks 2 days ago
  • Joined: 2016-06-07

chrome and firefox package from alpine linux are not safe from phishing attack.

latest chrome version safe but the version from alpine linux is 57.0.2987.133 (64-bit) which is NOT safe.

https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

Quote:
Chrome has just released version 58.0.3029.81. We have confirmed that this resolves the issue and that our ‘epic.com’ test domain no longer shows as ‘epic.com’ and displays the raw punycode instead, which is ‘www.xn--e1awd7f.com’, making it clear that the domain is not ‘epic.com’. We encourage all Chrome users to immediately update to the above version of Chrome to resolve the issue.

At this moment(2017.04.26), don't click the link at the site that you don't trust in alpine linux environment

--
PS:
How to fix this in Firefox:
In your firefox location bar, type ‘about:config’ without quotes.
Do a search for ‘punycode’ without quotes.
You should see a parameter titled: network.IDN_show_punycode
Change the value from false to true.