Spoofing Vulnerability in Google Chrome by Google
CVE-2017-15386

6.5MEDIUM

Key Information:

Vendor

Google
Status
Google Chrome Prior To 62.0.3202.62
Vendor
CVE Published:
7 February 2018

What is CVE-2017-15386?

A security flaw in Google's Chrome browser prior to version 62.0.3202.62 created a means for attackers to manipulate the Omnibox or URL bar. By using a specially crafted HTML page, an attacker could deceive users by presenting malicious links as legitimate. This vulnerability highlights the importance of ensuring users are vigilant about the URLs they interact with, as they can be misled into believing a page is safe when it is not.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

https://crbug.com/752003
x_refsource_MISC
http://www.securityfocus.com/bid/101482
vdb-entryx_refsource_BID
https://chromereleases.googleblog.com/2017/10/stable-chan...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-15386 : Spoofing Vulnerability in Google Chrome by Google