CVE-2018-6078

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
14/11/2018
Last modified:
07/11/2023

Description

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* 65.0.3325.146 (excluding)
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*