Xiaomi Browsers Still Vulnerable After Failed Patches

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/xiaomi-browsers-still-vulnerable-after-failed-patches/

Xiaomi has trouble permanently patching its browsers against a vulnerability that enables spoofing URLs in a way that is difficult to detect by users.

The flaw affects the international versions of Mint Browser and Mi, the web browser that comes pre-installed on Xiaomi smartphones. It was patched and re-patched, and yet it still persists in the two products that are present on millions of devices.

The company sold 118.7 million smartphones last year. Mint Browser has over 500,000 installs on Google Play.
Cybercriminals leveraging this issue can create more credible phishing attacks with little interaction from the victim. All it takes is to lure them to follow a malicious link.

Patch, bypass, repeat

Security researcher Arif Khan on Friday disclosed that the flaw (CVE-2019-10875) works with both HTTP and HTTPS websites and it could be used to show any domain name in the address bar.
"When you try to open a link with a query portion with that URL, Xiaomi's browsers try to display it as search engines would display it in the search bar," the researcher explains.
...
.....

 

[jennifervanburen]

I'm trying not to use it, and use Chrome instead. Or should I delete Mi browser at all? and can I?

 

[shmu26]

I'm trying not to use it, and use Chrome instead. Or should I delete Mi browser at all? and can I?

Just ignore it and pretend it's not there. If you don't use it, there is no risk.

 

[Freki123]

Maybe also take a look at Blokada - the best ad blocker for Android, free and open source .Even with disabed "show recomendations" (in dozens of places) my adguard log still has entrys for ads from them. (Atleast how i understand the log)