A Pakistani Ethical Hacker wins $5,000 Bounty for identifying Firefox, Chrome address bar spoofing flaw.

Rafay Baloch, a Pakistani (Islamabad) based security researcher/ethical hacker has won US$ 5,000 in a combined bug bounty for identifying a huge bug. This bug exists in various browsers such as Chrome, Firefox etc covering 75% of whole internet traffic.

The bug is an Address-bar Spoofing bug, which means that a hacker can display whatever URL in address bar and the rest of the content would be controlled by them. In other words, Google.com would display their fake login page but the address bar would say google.com.

So when tricked into URL address-bar, any one clicking on the link can easily be taken to the hackers web page.

Rafay says the Chrome and Firefox are now working on fixing this bug. Rafay is recognized as one of the Top Ethical Hackers of 2014.

He has been offered attractive jobs, salaries outside Pakistan but prefers to stay in the country and establish a cyber security company to defend Pakistan from vulnerable attacks all over the world.

Rafay Baloch

“I love Pakistan, all I am today is because of my mother land and I want to give back everything this country has given me, to help my people and make Pakistan’s cyber space one of the most secured cyber spaces in the world”. Rafay Baloch


Written by Hisham Sarwar


That is all you ever need to know about me but let me warn you, freelancing for me is a journey, certainly not a destination :)