CVE-2017-5090Improper Input Validation in Google Chrome

CWE-20Improper Input Validation2 documents2 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedOct 27
Latest updateMay 13

Description

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome< 59.0.3071.115

🔴Vulnerability Details

1
GHSA
GHSA-wfqp-59fc-9w82: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 592022-05-13