CVE-2014-1723Improper Input Validation in Google Chrome

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedApr 9
Latest updateMay 17

Description

The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome34.0.1847.115

🔴Vulnerability Details

2
GHSA
GHSA-4g2q-5g5w-fgqx: The UnescapeURLWithOffsetsImpl function in net/base/escape2022-05-17
OSV
CVE-2014-1723: The UnescapeURLWithOffsetsImpl function in net/base/escape2014-04-09