Описание
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 45.0.2454.85-0ubuntu1.1198 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [45.0.2454.85-0ubuntu0.14.04.1.1097]] |
| precise | ignored | |
| trusty | released | 45.0.2454.85-0ubuntu0.14.04.1.1097 |
| trusty/esm | DNE | trusty was released [45.0.2454.85-0ubuntu0.14.04.1.1097] |
| upstream | released | 45.0.2454.85 |
| vivid | released | 45.0.2454.85-0ubuntu0.15.04.1.1181 |
| wily | released | 45.0.2454.85-0ubuntu1.1198 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid | not-affected | |
| wily | not-affected |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.c ...
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
Уязвимость браузера Google Chrome, позволяющая нарушителю подменить значок SSL
EPSS
5 Medium
CVSS2