Newly discovered vulnerability allows attackers to replace a malicious web address with a reputable one before the webpage has even loaded.