CVE-2017-5072

Published: Oct 27, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page.

Affected (1)

Products: Google: Chrome

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 59.0.3071.92

Running on/with	Platform Versions
Google Android	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://www.securityfocus.com/bid/98861

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1038622

Source: chrome-cve-admin@google.com

https://access.redhat.com/errata/RHSA-2017:1399

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

https://crbug.com/709417

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201706-20

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/98861

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1038622

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:1399

Source: af854a3a-2127-422b-91ae-364da2661108

https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/709417

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201706-20

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.