4.3
CVSSv2

CVE-2017-5015

Published: 17/02/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Google Chrome before 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote malicious user to perform domain spoofing via IDN homographs in a crafted domain name.

Affected Products

Vendor Product Versions
GoogleChrome55.0.2883.87

Vendor Advisories

Google Chrome prior to 560292476 for Linux, Windows and Mac, and 560292487 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name ...
An address spoofing flaw was found in the Omnibox component of the Chromium browser ...
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...

Github Repositories

security This repository will contain security-related stuff I'm doing (Also, @rawsec on Twitter) Recent: 2019-06-04 Vim/Neovim Arbitrary Code Execution via Modelines (CVE-2019-12735) More to come Some older bugs: 2017-01-25 Google Chrome: Address spoofing in Omnibox (CVE-2017-5015) 2017-01-24 Mozilla Firefox: Location bar spoofing with unicode characters (CVE-2

security This repository will contain security-related stuff I'm doing (Also, @rawsec on Twitter) Recent: 2019-06-04 Vim/Neovim Arbitrary Code Execution via Modelines (CVE-2019-12735) More to come CTF write-ups: Google CTF 2017 | Geokitties v2 Many more My answers on SecuritySE (many trivial, but also a few interestinig ones) Some older bugs: 2017-01-2