Remote Spoofing Vulnerability in Google Chrome Omnibox for Multiple Platforms
CVE-2017-5101

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 60.0.3112.78 For Linux, Windows And Mac
Vendor
CVE Published:
27 October 2017

Summary

A remote spoofing vulnerability was identified in the Omnibox feature of Google Chrome, which impacted versions prior to 60.0.3112.78 across Linux, Windows, and Mac platforms. The flaw allowed attackers to manipulate the URL presented in the Omnibox through a specially crafted HTML page, potentially deceiving users into believing they were interacting with a legitimate site. This vulnerability posed risks related to phishing and social engineering attacks, emphasizing the importance of maintaining updated browser versions.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac

References

https://crbug.com/681740
x_refsource_MISC
https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.