Apple Safari, Opera and Yandex found with address bar spoof vulnerability, not all are fixed
What’s more surprising (and dangerous) is that one of the malicious web address even shows a green padlock icon, indicating it as legitimate.
Looks like Apple's Safari browser along with a couple of others like Opera and Yandex have a vulnerability that than let the attacker trick you. Using the exploit, the attacker can let the browser show a different web address than the url of the actual website. Being termed as an address bar spoofing bug, this also makes it easier for attackers to make phishing pages look like legit websites, which may result you in revealing your password and other personal details.
As mentioned by security researcher Rafay Baloch and reported by TechCrunch, the bug acts up during the time it is taken to load the website on the browser. So, once the user opens the url from the email or the text message, the malicious web page replaces the malicious web address in the address bar with another one that the attacker choses and something that doesn't sound fake.
What's more surprising (and dangerous) is that one of the malicious web address even shows a green padlock icon, indicating it as legitimate.
It has been reported that only only Apple and Yandex have pushed out fixes to these in September and October updates. However, Opera spokesperson still says that the fixes for Opera Touch and Opera Mini browsers are “in gradual rollout.” What's worse is that UC Browser Bolt Browser, and RITS Browser have still not fixed the issue even after being approached by the researcher.
On a related note, Microsoft Edge recently got some new features that brings it close to Google Chrome. Besides the new features, Microsoft's Edge brings bug fixes and improvement as well.