Caution! If you use Xiaomi Mi or Redmi smartphone, you should immediately stop using the built-in MI browser or Mint browser available in Google Play Store for devices Android not belonging to Xiaomi.
The two web browser apps created by Xiaomi are vulnerable to a critical vulnerability that has not yet been repaired.
The vulnerability, identified as CVE-2019-10875 and discovered by security researcher Arif Khan, is an issue that causes the browser's spoofing URL due to a logical flaw in the browser environment, allowing a malicious site to control the addresses URL that appear in the address bar.
Since the web browser's address bar is the most reliable and basic security indicator, the defect can be used to easily mislead Xiaomi users thinking that they are visiting a trustworthy site when they actually engage in Phishing or malicious content.
Phishing attacks today are more sophisticated and more and more difficult to locate and this URL spoofing vulnerability is quite worrying, allowing someone to bypass key indexes such as URLs and SSL, the first things the user checks to see if a site is a fake.
The most odd of the case is that affects only the international variations of the two web browsers, although domestic versions distributed with Xiaomi smartphones in China do not contain this vulnerability.
So the legitimate question arises if Chinese manufacturers deliberately leave international users vulnerable through vulnerable OS, applications and firmware.
It is even more surprising that Xiaomi rewarded the security researcher with bug bounty, but it has not yet taken care of the bug.
Whatever the continuation of the situation, those who use Android are highly recommended to use modern web browsers that are not affected by this vulnerability, such as the Chrome or Firefox.
Besides, if you're using the browser Microsoft Edge or Internet Explorer on your desktop, you should also avoid using them, and both browsers contain a critical vulnerability that has not yet been repaired by the giant.