Spoofing Vulnerability in Google Chrome Omnibox Affecting Multiple Platforms
CVE-2016-5222

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 55.0.2883.75 For Mac, Windows And Linux, And 55.0.2883.84 For Android
Vendor
CVE Published:
19 January 2017

Summary

A vulnerability exists in Google Chrome that improperly manages invalid URLs across various platforms, including Mac, Windows, Linux, and Android. This flaw enables remote attackers to exploit the browser's Omnibox, allowing them to manipulate the displayed URL. By crafting a specific HTML page, an attacker can deceive users into believing they are on a legitimate site, potentially leading to phishing attacks or other malicious activities.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android

References

http://rhn.redhat.com/errata/RHSA-2016-2919.html
vendor-advisoryx_refsource_REDHAT
https://crbug.com/657720
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94633
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.