[CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)


Titre: Google Chrome URL bar spoof in history handling (URL & SSL indicator Spoofing)


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2845


Author: Security researcher Jordi Chancel


UPDATE Link: http://googlechromereleases.blogspot.fr/2011/10/chrome-stable-release.html


Description:

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.


  • Vidéo de démonstration :

Location Bar Spoofing Vulnerability with URL & SSL indicator Spoofing.


-Security Researcher Jordi Chancel

Comments are closed.