CVE-2018-6160Improper Input Validation in Google Chrome

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 40.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 9
Latest updateMay 14

Description

JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5google/chromeunspecified68.0.3440.75
NVDgoogle/chrome< 68.0.3440.75

🔴Vulnerability Details

1
GHSA
GHSA-6qcp-7hqx-rm6q: JavaScript alert handling in Prompts in Google Chrome prior to 682022-05-14

📋Vendor Advisories

1
Red Hat
chromium-browser: URL spoof in Chrome on iOS2018-07-24

💬Community

1
Bugzilla
CVE-2018-6160 chromium-browser: URL spoof in Chrome on iOS2018-07-25