A security researcher had found a flaw which allows potential hackers to spoof URLs in Safari and Edge while visiting a malicious link. However. even weeks after disclosure, while Microsoft has patched the flaw, Apple hasn’t yet shown interest in patching it. The vulnerability is the result of what researcher Rafay Baloch describes as a race condition that would potentially allow the attacker to start loading a legit page, causing the page’s address to appear in the URL bar, and then quickly switch the code in the page to something malicious – without changing the URL displayed in the address bar.
Read about the vulnerability in Microsoft Edge and Apple’s Safari browsers on The Register.