Google Fixes Unicode Phishing Vulnerability in Chrome 58, Firefox Stands Pat

Google fixed a handful of issues when it released the latest version of its browser, Chrome 58, on Wednesday, including a vulnerability that could have made it easier for an attacker to carry out a phishing attack with Unicode domains. The vulnerability, based on Punycode – a way to represent...

Whole-script confusable domain label spoofing

Posted by Xudong Zheng Before I explain the details of the vulnerability, you should take a look at the proof-of-concept. Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. Fo...