Domain Spoofing Vulnerability in Google Chrome by Google
CVE-2017-15424

6.5MEDIUM

Key Information:

Vendor

Google
Status
Google Chrome Prior To 63.0.3239.84 Unknown
Vendor
CVE Published:
28 August 2018

What is CVE-2017-15424?

A vulnerability in Google Chrome prior to version 63.0.3239.84 allows for domain spoofing due to insufficient policy enforcement in the Omnibox. Attackers can exploit this weakness through crafted domain names that utilize IDN homographs, posing a significant risk of deception and phishing to unsuspecting users. Ensuring that users upgrade to the latest versions of Chrome can mitigate this threat.

Affected Version(s)

Google Chrome prior to 63.0.3239.84 unknown Google Chrome prior to 63.0.3239.84 unknown

References

https://crbug.com/756226
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:3401
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201801-03
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-15424 : Domain Spoofing Vulnerability in Google Chrome by Google