CVE-2015-1296Google Chrome vulnerability

CWE-2545 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedSep 3
Latest updateMay 17

Description

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome44.0.2403

🔴Vulnerability Details

2
GHSA
GHSA-4mrf-6r9m-9mcm: The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape2022-05-17
OSV
CVE-2015-1296: The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape2015-09-03

📋Vendor Advisories

1
Red Hat
chromium-browser: Character spoofing in omnibox2015-09-01

💬Community

1
Bugzilla
CVE-2015-1296 chromium-browser: Character spoofing in omnibox2015-09-02