NVD

Id
23656  
Name
CVE-2015-1296  
Description
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-09-03  
Modified Date
2016-12-21  
Seq
2015-1296  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
125772 23656 CVE-2015-1296 http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html  View
125773 23656 CVE-2015-1296 openSUSE-SU-2015:1586  View
125774 23656 CVE-2015-1296 openSUSE-SU-2015:1873  View
125775 23656 CVE-2015-1296 RHSA-2015:1712  View
125776 23656 CVE-2015-1296 DSA-3351  View
125777 23656 CVE-2015-1296 1033472  View
125778 23656 CVE-2015-1296 https://code.google.com/p/chromium/issues/detail?id=421332  View
125779 23656 CVE-2015-1296 https://codereview.chromium.org/1180393003/  View
125780 23656 CVE-2015-1296 https://codereview.chromium.org/1189553002/  View
125781 23656 CVE-2015-1296 GLSA-201603-09  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9249 JVNDB-2015-004569 Google Chrome の net/base/escape.cc の UnescapeURLWithAdjustmentsImpl の実装における SSL ロックアイコンを偽装される脆弱性 Google Chrome の net/base/escape.cc の UnescapeURLWithAdjustmentsImpl の実装は、OmniBox 内の Unicode の LOCK 文字を適切に制限しないため、SSL ロックアイコンを偽装される脆弱性が存在します。 CVE-2015-1296 78521 CVE-2015-1296 23656 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004569.html 2015-09-01 2015-09-07 View