Insufficient Policy Enforcement in Google Chrome Affecting Multiple Platforms
CVE-2017-5106

6.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 60.0.3112.78 For Mac, Windows, Linux And Android
Vendor
CVE Published:
27 October 2017

Summary

A vulnerability in Google Chrome prior to version 60.0.3112.78 on Mac, Windows, Linux, and Android can be exploited by a remote attacker to conduct domain spoofing attacks. This is accomplished through the manipulation of Internationalized Domain Names (IDN) using homographs, allowing attackers to present deceptive domain names that can mislead users into believing they are visiting legitimate websites. The flaw underscores the importance of robust policy enforcement measures in browser security to protect against such tactics.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android

References

https://crbug.com/714628
x_refsource_MISC
https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.