A new security report says a feature built into all Chromium browsers – including Google Chrome and Microsoft Edge – is attracting a new type of phishing technique. Specifically, the Application Mode tool gives threat actors a way to show login forms that look like desktop apps.

Developed by Google for Chrome, but also available in Microsoft Edge and other browsers, Application Mode is an interesting feature. It allows the browser to run websites as if they are a native app.

When using the mode, a website will open in a new window and will provide a simpler UI. The URL address bar and toolbars are not visible. If you are on Windows, the taskbar also disappears and is replaced by the website’s favicon.


However, phishing attackers are using it to generate login screens that look legitimate. So much so, unwitting users may not be able to tell the difference between the fake pages and the real ones.

Bleeping Computer reports can use Application Mode to build realistic-looking login forms. However, an attacker would need to start with the threat actor tricking the user into using a Windows shortcut that evokes the infected URL in Application Mode.

People are used to interacting with browsers and are less cautious than they might be with other phishing attack vectors.

It is worth noting the danger of the potential attack is limited because Application Mode launches locally on a PC. In other words, only the target device can be compromised.

Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide we show you how to limit bandwidth for Windows Update downloads, so they won’t bother you again.