How can I describe this critical vulnerability?
The attack enables “phishing” in the form of domain hijacking that would be impossible to detect. Imagine going to http://www.bankofamerica.com/ , logging in, only then to discover it was a hacker’s trap.
Even if you used a bookmark.
Even if you typed the URL in yourself.
Even if your ISP solves the problem, other ISPs may be slower. Can you trust that WiFi hotspot?
Terrifying might be the appropriate adjective.