CVE-2015-1296

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:25

Type Values Removed Values Added
References () http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html - () http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html -
References () http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html - () http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html -
References () http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html - () http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html -
References () http://rhn.redhat.com/errata/RHSA-2015-1712.html - () http://rhn.redhat.com/errata/RHSA-2015-1712.html -
References () http://www.debian.org/security/2015/dsa-3351 - () http://www.debian.org/security/2015/dsa-3351 -
References () http://www.securitytracker.com/id/1033472 - () http://www.securitytracker.com/id/1033472 -
References () https://code.google.com/p/chromium/issues/detail?id=421332 - () https://code.google.com/p/chromium/issues/detail?id=421332 -
References () https://codereview.chromium.org/1180393003/ - () https://codereview.chromium.org/1180393003/ -
References () https://codereview.chromium.org/1189553002/ - () https://codereview.chromium.org/1189553002/ -
References () https://security.gentoo.org/glsa/201603-09 - () https://security.gentoo.org/glsa/201603-09 -

07 Nov 2023, 02:24

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/201603-09 - () https://security.gentoo.org/glsa/201603-09 -
References (CONFIRM) http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html - Patch, Vendor Advisory () http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html -
References (CONFIRM) https://codereview.chromium.org/1189553002/ - () https://codereview.chromium.org/1189553002/ -
References (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=421332 - () https://code.google.com/p/chromium/issues/detail?id=421332 -
References (SECTRACK) http://www.securitytracker.com/id/1033472 - () http://www.securitytracker.com/id/1033472 -
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1712.html - () http://rhn.redhat.com/errata/RHSA-2015-1712.html -
References (DEBIAN) http://www.debian.org/security/2015/dsa-3351 - () http://www.debian.org/security/2015/dsa-3351 -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html - () http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html -
References (CONFIRM) https://codereview.chromium.org/1180393003/ - () https://codereview.chromium.org/1180393003/ -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html - () http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html -

Information

Published : 2015-09-03 22:59

Updated : 2024-11-21 02:25


NVD link : CVE-2015-1296

Mitre link : CVE-2015-1296

CVE.ORG link : CVE-2015-1296


JSON object : View

Products Affected

google

  • chrome
CWE
CWE-254

7PK - Security Features