Xiaomi’s MI Browser and Mint Browser are vulnerable to a critical vulnerability which has not yet been patched. The vulnerability, identified asand discovered by security researcher Arif Khan, is a browser address bar spoofing issue that originates because of a logical flaw in the browser’s interface, allowing a malicious website to control URLs displayed in the address bar. Xiaomi rewarded the researcher with a bug bounty, but left the vulnerability unpatched. A spokesperson for the tech giant confirmed today that the vulnerability has now been patched in the latest version of both browser apps.
Source: https://thehackernews.com/2019/04/xiaomi-browser-vulnerability.html