CVE-2017-5015 — Insufficient Visual Distinction of Homoglyphs Presented to User in Google Chrome

CWE-1007 — Insufficient Visual Distinction of Homoglyphs Presented to User7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 31.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedFeb 17

Latest updateMay 13

Description

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDgoogle/chrome55.0.2883.87

🔴Vulnerability Details

GHSA

GHSA-8w3v-w456-hx88: Google Chrome prior to 56↗2022-05-13

▶

OSV

CVE-2017-5015: Google Chrome prior to 56↗2017-02-17

▶

📋Vendor Advisories

Red Hat

chromium-browser: address spoofing in omnibox↗2017-01-25

▶

📐Framework References

CWE

Insufficient Visual Distinction of Homoglyphs Presented to User↗

▶

💬Community

Bugzilla

CVE-2017-5015 chromium-browser: address spoofing in omnibox↗2017-01-26

▶

Bugzilla

chromium: various flaws [fedora-all]↗2017-01-26

▶