GFF Sale
GFF Sale

Xiaomi's Mi browser, Mint Browser reportedly affected with serious URL spoofing vulnerability

By Digit NewsDesk | Published on 08 Apr 2019
  • ​Researcher finds vulnerability in Mi Browser and Mint Browser.

  • The Mi Security team has accepted the flaw.

Xiaomi's Mi browser, Mint Browser reportedly affected with serious URL spoofing vulnerability

Noting the lack of basic security features like XSS auditors, a researcher has found a URL spoofing vulnerability on Xiaomi-made Mi Browser and the Mint Browser. The vulnerability, identified as CVE-2019-10875, originates due to a flaw in both the browsers and it reportedly enables a malicious website to control URLs in the address bar. The Mi Browser comes pre-installed in every Xiaomi device with MIUI and Mint Browser was launched globally via the Google Play Store.

The researcher who discovered the flaw, Arif Khan, says that the Mi Security team (MiSRC) confirmed that the issue was present in their global versions and not in their domestic ones. Thus, “they inadvertently conveyed the fact that only International versions of their browsers were insecure to this vulnerability,” Khan said. He adds that the bug was accidentally spotted and it didn’t require much effort. He found the vulnerability while he decided to test “a certain feature in their browser.”

The researcher apparently noticed the flaw when triying to open a Google query search link through the Mi Browser. “For a link such as, the URL bar would display, and this is exactly where the problem arises, because the URL bar doesn't display the full URL, and this not only happens in case of popular search engine websites but also with other websites,” Khan said.

Those who are using the Mi Browser or the Mint Browser as their default web browser, their device is vulnerable to phishing attacks. Khan adds that it is recommended not to use any of the browsers until the flaw is patched and instead use Google Chrome “because it has a good XSS filter.” As per the researcher, Mi Security team has acknowledged the security issue found by him and he has been awarded $198 ($99 for each browser) bounty rewards. However, it is not yet known whether the vulnerability is patched or not.

Related Read:

Global smartphone shipments expected to drop for third consecutive year in 2019: IDC

Digit NewsDesk
Digit NewsDesk

Email Email Digit NewsDesk

Follow Us Facebook Logo Facebook Logo Facebook Logo

About Me: Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. Read More

Xiaomi Mi Browser Mint Browser Protection Status