Trend Micro drops secure browser app following security fears

News
By published

Privacy Browser bug could have allowed attackers to trick users into believing malicious websites were legitimate

Privacy Browser
(Image credit: Trend Micro)

Trend Micro has made the decision to remove the Privacy Browser from its Dr Safety Android security suite after a reoccurring flaw was discovered in its software.

As reported by The Register, the vulnerability, which could be abused to trick users into believing that malicious web pages were legitimate, was first discovered by security consultant Dhiraj Mishra who responsibly reported it to the company back in April.

If exploited by an attacker, the bug could be used to alter the address bar on pages viewed in Trend Micro's Privacy Browser. For example, a phishing page designed to steal users' banking credentials could rewrite the URL bar to show the bank's real domain name as opposed to the URL used by the attackers.

Privacy Browser

Mishra explained that the flaw would be fairly easy to exploit and that an attacker would have plenty of targets to choose from given its install base of 10m people in an interview with The Register, saying:

"To exploit such flaws remotely, an attacker would host a malicious JavaScript packet and if a user visits a page hosting that malicious code, a new window or tab can be opened with a fake URL. There is no way of determining if the URL is authentic or not due to which this could result in capturing sensitive information such as username passwords. Additionally, along with address bar spoofing, attackers could also spoof SSL which makes the attack more difficult to determine the authenticity of the URL."

The vulnerability, tracked as CVE-2018-18334, has been confirmed by Trend Micro, though the company has decided to disable the browser outright instead of developing a patch for the flaw. Just by looking at the CVE assignment, you can see that the bug was first discovered in 2018 and the company has tried to deal with it in the past.

Back in January of last year, Trend Micro tried to patch the vulnerability but this year, Mishra was able to identify multiple address spoofing bugs of the same type that had not been fixed in the software. This explains why Trend Micro has now chosen to disable the Privacy Browser all together in its Dr Safety Android app.

  • Also check out our complete list of the best VPN services

Via The Register

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
More about security
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Ransomware

Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Google Gemini Flash 2.0 Images

I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
See more latest
Most Popular
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Dell Pro 75 Plus monitor pictured against a white background.
Dell just launched a $4,000 75-inch 4K touchscreen display - but I've found one rival that's 50% cheaper
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 14 (game #1145)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 14 (game #642)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 14 (game #376)
Verizon logo on a building with blue sky above
Millions of Americans are missing out on cheap unlimited cloud storage - how to check if you are one of them
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
The Toyota FT-Me Concept sitting in a car park
Toyota's self-charging concept EV could help you tackle the daily commute on solar power alone