Be the first to hear the mobile news. Enter your email to join.

browser security threat

New Browser Security Threat: What You Need to Know

Here's what you need to know about a new browser security threat. This information was originally covered by Mark Maunder on Wordfence.

The latest cybersecurity threat to you and your users may just lie on the very browser you are using to read this article.

A new attack is making the rounds on both Firefox and Chrome browsers (software details below). The threat uses Unicode to register domains that look completely identical to actual domains. Users can be fooled into signing into these fake websites, providing login credentials or other personal information and instantly exposing secure information to the attackers.


A new attack tricks users into logging into seemingly secure, fake websites, exposing secure information to attackers.

This attack is possible due to “Punycode” support in browsers. Punycode makes it possible to register a domain with foreign characters. For example, shows up as when launched in a browser. The xn-- prefix is what is known as an ASCII compatible encoding prefix. It lets the browser know that the domain uses Punycode encoding to represent Unicode characters.

Attackers can use the Unicode characters for popular sites and can also obtain SSL certificates for their fake sites, which would then appear as secure (indicated by a green padlock) to users. This affects the current version of Chrome browser, which is version 57.0.2987, and the current version of Firefox, which is version 52.0.2.

VMware BrowserFor security-conscious organizations, it is imperative to be protected against these types of threats. Deploying a secure browser, such as VMware Browser, helps to safeguard your organization and your employees from unpredictable threats such as this.

[Related: Productivity Apps Spotlight: Updates for VMware Boxer, Content Locker, Browser & Socialcast]

VMware Browser operates similarly to popular browsers such as Chrome and Safari. With a native user experience, users can securely access the information they need on the go. VMware Browser also integrates with secure backend networks to provide users with instant access to corporate web apps and intranet sites without manually connecting to VPN.

Please note: If you are a customer using VMware Browser today, you will not be affected by this threat.

The threat of a cyber attack is an ever-looming topic. Stay informed with cybersecurity news on the AirWatch Blog:


Kelly Masters

Kelly Masters

Kelly Masters is a product marketing specialist for VMware AirWatch.


  1. Alejandra

    Hi Kelly! Excelent info! I know VMware Boxer is very secure, but to explain this to our customers, it is important to me to clearly understand how this app avoids threats just like this one. So, how is it done?

    1. Ashley SpeagleAshley Speagle

      Hi, Alejandra! Are you looking for more information on VMware Browser (highlighted in this post) or VMware Boxer (our email app)?

      You can find a guide to each at myAirWatch.
      1) Click here for an introduction to VMware Browser:
      2) Click here for an introduction to VMware Boxer:


Leave a Reply

Your email address will not be published. Required fields are marked *


Blog By Region

Blog By Category: