CVE-2018-18357Google Chrome vulnerability

7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Linux+3 more
Timeline
PublishedDec 11
Latest updateMay 13

Description

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

CVEListV5google/chromeunspecified71.0.3578.80
NVDgoogle/chrome< 71.0.3578.80
Debianchromium/chromium< 71.0.3578.80-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-5mxq-qxj2-9q86: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 712022-05-13
CVEList
CVE-2018-18357: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 712018-12-11
OSV
CVE-2018-18357: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 712018-12-11

📋Vendor Advisories

2
Red Hat
chromium-browser: Insufficient policy enforcement in URL Formatter2018-12-04
Debian
CVE-2018-18357: chromium - Incorrect handling of confusable characters in URL Formatter in Google Chrome pr...2018

💬Community

1
Bugzilla
CVE-2018-18357 chromium-browser: Insufficient policy enforcement in URL Formatter2018-12-05
CVE-2018-18357 — Google Chrome vulnerability | cvebase