A security researcher has discovered a serious vulnerability that could allow attackers to spoof website addresses in the Microsoft Edge web browser for Windows and Apple Safari for iOS. The vulnerability (CVE-2018-8383) is due to a race condition type issue caused by the web browser allowing JavaScript to update the page address in the URL bar while the page is loading. Using this vulnerability, an attacker can impersonate any web page, including Gmail, Facebook, Twitter, or even bank websites, and create fake login screens.
Source: https://thehackernews.com/2018/09/browser-address-spoofing-vulnerability.html