Domain Spoofing Vulnerability in Google Chrome by Google
CVE-2017-15426

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 63.0.3239.84 Unknown
Vendor
CVE Published:
28 August 2018

Summary

A vulnerability in Google Chrome allows remote attackers to exploit insufficient policy enforcement in the Omnibox, leading to domain spoofing through crafted domain names using IDN homographs. This flaw enables malicious actors to mislead users into visiting harmful websites that appear legitimate, potentially compromising sensitive information. Users of affected versions are urged to update to secure their browsing experience.

Affected Version(s)

Google Chrome prior to 63.0.3239.84 unknown Google Chrome prior to 63.0.3239.84 unknown

References

https://crbug.com/756735
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:3401
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201801-03
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.