Open redirect due to scanning QR code via Aloha Browser

The Aloha Browser's built-in QR code scanner is vulnerable to an Open Redirect vulnerability. The scanner fails to properly validate or sanitize the URL encoded within a QR code before execution. An attacker can craft a malicious QR code that, when scanned by the user, automatically redirects them to an external, untrusted domain without their consent or knowledge. This can be leveraged for phishing attacks, credential theft, or distributing malware by exploiting the user's trust in the browser's utility.

Video PoC : https://drive.google.com/file/d/1WhHu8MqRgASrhqwmaa9pn61FdlHAooBR/view?usp=sharing