The most recent version of Chrome is vulnerable to a devious phishing attack, one that is capable of spoofing a legitimate website in the address bar so that you could be tricked into forking over your login credentials and other sensitive data.
The flaw exploits Punycode, which uses specific ASCII characters in URLs to output Unicode in a browser.

In case you’re curious what has been done and what this means to you, read the link for the official announcement

This is important for regions with non-Latin alphabets, such as China.This Punycode help phishers to register fake domains that looks familiar to the real website. It is possible to register domains such as “”, which is equivalent to “а”.


No matter what browser you use, as always, avoid clicking on hyperlinks in emails. Instead, type the destination address directly into your browser.