Announced: March 9, 2017
Reporter: Jordi Chancel
Products: Google Chrome
Fixed in: Google Chrome 57.0.2987.98
- Description :
Google Chrome before 57.0.2987.98 does not properly handle ********, which allows remote attackers to spoof the Location Bar (URL and SSL indicator) via unspecified vectors.
Note: This issue also affects Google Chrome for iOS.
Vulnerability demonstration (video):