Insufficient Watchdog Timer in Google Chrome Can Lead to URL Spoofing
CVE-2017-5067

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 58.0.3029.81 For Linux, Windows And Mac
Vendor
CVE Published:
27 October 2017

Summary

A vulnerability in Google Chrome prior to version 58.0.3029.81 for Linux, Windows, and Mac allows attackers to manipulate the Omnibox content. This issue arises from an inadequate watchdog timer during navigation, enabling remote attackers to craft specific HTML pages to spoof URLs displayed in the address bar. Users may be misled into believing they are visiting a legitimate site, thereby posing significant security risks.

Affected Version(s)

Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac

References

https://access.redhat.com/errata/RHSA-2017:1124
vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201705-02
vendor-advisoryx_refsource_GENTOO
https://crbug.com/648117
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.