CVE-2015-1296
N/A
N/A
Summary
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
- http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
- https://code.google.com/p/chromium/issues/detail?id=421332
- http://rhn.redhat.com/errata/RHSA-2015-1712.html
- http://www.securitytracker.com/id/1033472
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
- https://codereview.chromium.org/1189553002/
- https://codereview.chromium.org/1180393003/
- http://www.debian.org/security/2015/dsa-3351
- https://security.gentoo.org/glsa/201603-09
References
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
- http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
- https://code.google.com/p/chromium/issues/detail?id=421332
- http://rhn.redhat.com/errata/RHSA-2015-1712.html
- http://www.securitytracker.com/id/1033472
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
- https://codereview.chromium.org/1189553002/
- https://codereview.chromium.org/1180393003/
- http://www.debian.org/security/2015/dsa-3351
- https://security.gentoo.org/glsa/201603-09
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.