Xiaomi's Mi, Mint browsers reportedly have a security flaw letting hackers spoof URLs

Xiaomi fans beware! A new vulnerability found in the Xiaomi’s default pre-installed Mi Browser app and **Mint Browser** allows malicious websites to take control of the URLs displayed in the address bar. The security threat affects only international variants which include the variants in India while China variants are safe. [caption id=“attachment_4723961” align=“alignnone” width=“1024”] Xiaomi logos are seen during a news conference. Image: Reuters[/caption] Security researcher Arif Khan, first discovered this bug and notified Xiaomi about it, but the company as of writing this report has not taken any counter measures. As per a report by thehackernews, the CVE-2019-10875 vulnerability appears to be spoofing issue that exists because of flaw in the browser UI. Spoofing the address bar tricks the user into believing that they are entering a secure website when in reality they could be entering a website which could potentially be malicious in nature. The report states that Khan was provided a bug bounty (about $99 for each browser) for bringing the flaw to Xiaomi’s notice but as mentioned earlier Xiaomi has not fixed the issue. The fact that China variants are not affected by this vulnerability but global variants are, is a troublesome matter. We have reached out to Xiaomi for a comment on the matter and will update the copy accordingly. Users are now more than ever advised to use Chrome or Firefox as browsers on their devices.