每日新闻摘要：针对Android攻击的新型Chrome欺骗了多功能框

最新推荐文章于 2024-09-14 23:05:59 发布

culiuman3228

最新推荐文章于 2024-09-14 23:05:59 发布

阅读量164

点赞数

原文链接：https://www.howtogeek.com/fyi/daily-news-roundup-new-chrome-for-android-attack-spoofs-the-omnibox/

版权

There’s a new Chrome attack on the horizon, and man, it’s a doozy. Dubbed the “Inception Bar” by the finder, it replicates Chrome’s Omnibox, essentially giving attackers the potential to take control of Chrome completely.

即将出现新的Chrome攻击，伙计，这太难了。取景器称其为“ Inception Bar”，它复制了Chrome的多功能框，从根本上使攻击者有可能完全控制Chrome。

Found by developer James Fisher, the Inception Bar is an incredibly clever phishing attack that leverages the fact that Chrome for Android hides the Omnibox—that’s what the address bar on Chrome is called—as you scroll. Once you scroll down the page a bit, the Omnibox is hidden, and it’s automatically replaced with the spoofed bar. And it looks incredibly convincing—it can even lock the real Omnibox in an overflow container, preventing it from re-appearing once the Inception Bar is in place.

Inception Bar由开发人员James Fisher发现，是一种非常聪明的网络钓鱼攻击，它利用了Android版Chrome浏览器隐藏多功能框的事实，即滚动时会隐藏Chrome的地址栏。向下滚动页面后，多功能框就会隐藏起来，并且会自动替换为带有欺骗性的栏。而且看起来令人信服 -它甚至可以将真正的Omnibox锁定在溢出容器中，以防止Inception Bar安装到位后再次出现。

While it doesn’t look like this attack has been found present on the web (yet), Fisher built a working proof of concept on his site, which you can check out at the link. Once you visit the site, scroll down the page a bit, and right after the Omnibox disappears, you’ll see the spoofed Inception Bar—complete with a fake URL—appear in its place. The bar doesn’t work at this point (as it’s just a proof of concept), but it’s not hard to see how with a little bit of additional code it could become a very realistic clone. It’s also worth noting that this is still buggy—closing Chrome and reopening it will display both bars, for example.

尽管看起来还没有在网络上发现这种攻击(但是)，Fisher 在他的站点上构建了有效的概念证明，您可以在链接中查看。一旦您访问了该站点，请向下滚动页面，然后在多功能框消失之后，您会看到出现在其中的是伪造的Inception Bar(带有伪造的URL)。此刻此栏不起作用(因为这仅是概念证明)，但不难发现，通过少量的附加代码如何使其成为非常现实的克隆。还值得注意的是，这仍然是错误的-例如，关闭Chrome并重新打开它会显示两个条。

Fisher notes in his post that he doesn’t see an easy way to fix this issue, which makes a lot of sense. Since the website itself is generating the faux bar, it will be incredibly hard for the Chome team to find a way to combat the issue.

费舍尔(Fisher)在帖子中指出，他没有找到解决此问题的简便方法，这很有意义。由于网站本身正在生成人造条，因此Chome团队很难找到解决该问题的方法。

As for possible ways for users to prevent encountering this issue should it become a legitimate problem, the first one is easy: use a different browser. Any page with the code to generate the Inception Bar will still do so, but it will be hilariously obvious because other browsers don’t use Chrome’s Omnibox. It’s also worth reiterating the fact that this only works on Chrome for Android—Chrome for iOS uses a different interface that prevents this from being any sort of convincing attack. [via Android Police]

至于用户避免遇到此问题(如果是合法问题)的可能方法，第一个很简单：使用其他浏览器。任何带有生成Inception Bar的代码的页面都仍会这样做，但是由于其他浏览器不使用Chrome的多功能框，因此非常明显。还值得重申的事实是，这仅适用于Android的Chrome浏览器-iOS的Chrome浏览器使用不同的界面，可以防止这种攻击成为任何令人信服的攻击。 [通过Android警察 ]

In less terrifying news, Apple talks about why it pulled screen times apps from the App Store, Zuck built his wife a nifty “sleep box,” Facebook will be a necropolis in 50 years, Spotify hits 100m subs, and more.

在不那么令人恐惧的消息中，苹果公司谈论了为何从App Store中删除屏幕时间应用程序，扎克(Zuck)为其妻子打造了一个漂亮的“睡眠盒”，Facebook将在50年内成为大墓地，Spotify达到1亿用户。

Apple cracks down on screen time apps: Apple has its own screen time system built into iOS. Recently, it started pulling competing products from the App Store, but the company’s Phil Schiller says it’s not about competition—they were misusing enterprise tools. Interesting. [AppleInsider, 9to5Mac]
苹果严厉打击屏幕时间应用程序：苹果在iOS中内置了自己的屏幕时间系统。最近，它开始从App Store中提取竞争产品，但该公司的Phil Schiller表示，这与竞争无关，它们滥用了企业工具。有趣。 [ AppleInsider ， 9to5Mac ]
Zuckerberg built his wife a “sleep box”: Zuck said his wife Priscilla has a hard time sleeping—if she wakes in the middle of the night and knows the kids will be awake even in just a few hours, she stays awake. So he built her a box with a subtle light; if the light is off, she knows it’s okay to go back to sleep. If it’s on, she can go ahead and get up. All without looking at a clock, so she doesn’t have the anxiety associated with knowing what time it is. How sweet. [Zuck on Insta]
扎克伯格为妻子建造了一个“睡觉的盒子”：扎克说，妻子普里希拉(Priscilla)很难入睡-如果她在半夜醒来，并且知道孩子即使在几个小时内都会醒着，她会保持清醒。于是他给她盖了一个光线微弱的盒子。如果灯不亮，她知道可以回去睡觉。如果开启，她可以继续起床。所有人都无需看时钟，因此她不会因知道现在几点而感到焦虑。有多甜。 [ Insta上的Zuck ]
Facebook will be a necropolis in 50 years: Researchers have concluded that it will take about 50 years for Facebook’s dead users to outnumber the living ones. It’ll be like Colma, California—where the dead outnumber the living by 1000:1—but online (okay, maybe it won’t be that extreme). [ZDNet]
Facebook将在50年内成为大墓地：研究人员得出结论，Facebook的死用户数量要比活生生的用户大约需要50年。就像加利福尼亚的科尔马(Colma)，那里的死者人数比活着的人数多1000：1，但是却是在线的(好吧，也许不会那么极端)。 [ ZDNet ]
Spotify hits a hundy mill: Spotify announced that it now has 100 million paid subscribers. Rollin’ in that dough, y’all. [The Verge]
Spotify遇到了麻烦： Spotify宣布现在拥有1亿付费用户。你们都在那面团上滚来滚去。 [ 边缘 ]
TurboTax and H&R Block are hiding free filing from Google Search: Tax filing software wants your money, but it only recently became apparent how badly they really want it—TurboTax and H&R Block were reportedly hiding the free filing tier from Google search results. That means users who were eligible to file for free ended up paying, and that sucks. Shady crap. [ProPublica]
TurboTax和H＆R Block正在从Google搜索中隐藏免费备案：税务备案软件想要您的钱，但直到最近才变得很明显，他们真正想要的是多么糟糕-据报道，TurboTax和H＆R Block从Google搜索结果中隐藏了免费备案层。这意味着有资格免费申请的用户最终需要付费，这真是太糟糕了。黑幕废话。 [ ProPublica ]
Apple thought about buying Intel’s smartphone modems business: According to a new report from The Wall Street Journal, Apple was considering gobbling up Intel’s smartphone modem business before the Qualcomm settlement. [WSJ]
苹果考虑过收购英特尔的智能手机调制解调器业务：根据《华尔街日报》的最新报道，苹果正在考虑在高通达成和解之前吞并英特尔的智能手机调制解调器业务。 [ WSJ ]
Google has stopped publishing distribution numbers: For years, Google has been sharing Android’s monthly adoption numbers. But for the last six months, it’s been totally mum, and that’s troubling. [XDA Developers]
Google已停止发布发行数量： 多年来， Google一直在共享Android的每月采用率。但是在过去的六个月中，这完全是妈妈，这令人不安。 [ XDA开发人员 ]
Nubia built a fan-cooled 8K gaming phone: Have you ever been so deep into a gaming session on your phone that you needed an 8K display and fan-cooling alongside the built-in liquid cooling? Boy, do we have the phone for you. [Engadget]
努比亚(Nubia)打造了一款风扇冷却的8K游戏电话：您是否曾经在手机上玩过那么深的游戏，以至于需要8K显示屏和风扇冷却以及内置的液体冷却功能？男孩，我们有给您的电话吗？ [ Engadget ]
Distracted driving penalty fees have risen 10,000%: Distracted driving has become more of an issue over the last ten years than ever before, and as a result, insurance company penalty fees have jumped nearly 10,000 percent—from $2 to $290. Good. Keep ’em coming until people stop texting and driving. [Digital Trends]
分心驾驶罚款增加了10,000％：在过去十年中，分心驾驶比以往任何时候都更加成为一个问题，因此，保险公司的罚款增加了近10,000％，从2美元提高到290美元。好。让他们一直来，直到人们停止发短信和开车。 [ 数字趋势 ]

Speaking of distracted driving charges, it’s time to talk about the best story from the weekend: a man spent 13 months and thousands of dollars to prove that a hashbrown is indeed not a phone.

说到分散的驾车费用，是时候谈论周末最好的故事了：一个人花了13个月和数千美元来证明薯饼确实不是手机。

Jason Stiber received a $300 distracted driving ticket for eating a McDonald’s hashbrown while driving. An officer mistook the breakfast food as a smartphone and gave Stiber a ticket. But he fought it in court, which revealed that the officer was on the 15th hour of a 16-hour shift and his judgment may have been subpar. The case was overturned. Absolutely amazing. [The Washington Post]

杰森·斯特伯(Jason Stiber)因开车时吃了麦当劳的薯饼而领取了一张300美元的分心车票。一名官员误将早餐食品当作智能手机，并给了史蒂伯一张票。但是他在法庭上与之抗争，这表明该警官正处于16小时轮班的第15小时，他的判断可能不那么好。案子被推翻了。非常精彩。 [ 华盛顿邮报 ]