Domain Spoofing Vulnerability in Google Chrome Omnibox
CVE-2017-15425

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 63.0.3239.84 Unknown
Vendor
CVE Published:
28 August 2018

Summary

The vulnerability stems from insufficient policy enforcement in the Omnibox component of Google Chrome, which could allow a remote attacker to exploit IDN homographs. This exploit enables attackers to craft misleading domain names that appear similar to legitimate URLs, misleading users and potentially leading to phishing attacks. Users could unknowingly navigate to malicious sites that mimic trusted domains, compromising sensitive information and jeopardizing online security.

Affected Version(s)

Google Chrome prior to 63.0.3239.84 unknown Google Chrome prior to 63.0.3239.84 unknown

References

https://crbug.com/756456
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:3401
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201801-03
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.