Domain Spoofing Vulnerability in Google Chrome for Android
CVE-2017-5072

6.5MEDIUM

Key Information:

Vendor

Google
Status
Google Chrome Prior To 59.0.3071.92 For Android
Vendor
CVE Published:
27 October 2017

What is CVE-2017-5072?

A vulnerability in the Omnibox of Google Chrome for Android prior to version 59.0.3071.92 allows remote attackers to exploit domain spoofing through the use of right-to-left (RTL) characters in crafted URLs. This flaw can mislead users into believing they are interacting with legitimate pages, potentially leading to phishing attacks and data theft. Proper notification and updates are essential to mitigate this risk.

Affected Version(s)

Google Chrome prior to 59.0.3071.92 for Android Google Chrome prior to 59.0.3071.92 for Android

References

http://www.securityfocus.com/bid/98861
vdb-entryx_refsource_BID
https://crbug.com/709417
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:1399
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.