The Hacker News reported on Friday that two browser apps created by Chinese phone maker Xiaomi have a critical vulnerability that has not yet been patched even after being privately reported to the company. The Mi Browser comes built-in with the company’s Mi and Redmi smartphones, while the Mint browser is available on Google Play for non-Xiaomi devices. The Hacker News report said that the vulnerability is an address bar spoofing issue that allows a malicious website to control the URLs displayed. The flaw can be used to easily trick users into thinking they are visiting a trusted website when actually being served with a phishing or malicious content. The issue only affects the international variants of both web browsers and versions distributed with Xiaomi smartphones in China do not contain this vulnerability. Xiaomi, it seems, rewarded the researcher who…
