Xiaomi's Mi, Mint browsers reportedly have a security flaw letting hackers spoof URLs

The flaw affects only international Xiaomi variants including India while China variants are safe.

Xiaomi fans beware! A new vulnerability found in the Xiaomi's default pre-installed Mi Browser app and Mint Browser allows malicious websites to take control of the URLs displayed in the address bar. The security threat affects only international variants which include the variants in India while China variants are safe.

Xiaomi logos are seen during a news conference. Image: Reuters

Xiaomi logos are seen during a news conference. Image: Reuters

Security researcher Arif Khan, first discovered this bug and notified Xiaomi about it, but the company as of writing this report has not taken any counter measures.

As per a report by thehackernews, the CVE-2019-10875 vulnerability appears to be spoofing issue that exists because of flaw in the browser UI.

Spoofing the address bar tricks the user into believing that they are entering a secure website when in reality they could be entering a website which could potentially be malicious in nature.

The report states that Khan was provided a bug bounty (about $99 for each browser) for bringing the flaw to Xiaomi's notice but as mentioned earlier Xiaomi has not fixed the issue.

The fact that China variants are not affected by this vulnerability but global variants are, is a troublesome matter. We have reached out to Xiaomi for a comment on the matter and will update the copy accordingly.

Users are now more than ever advised to use Chrome or Firefox as browsers on their devices.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.