Safari browser has a function for viewing the thumbnail, the current page generated thumbnail should be consistent with its, such as the current page is google.com, then the generated thumbnail page also should be google.com. But there is a logical error on the thumbnail, an attacker can attack the thumbnail, when the user has access to a normal page, the attacker can replace the current page thumbnail.