[CVE-2017-5041] Google Chrome Location Bar URL & SSL Spoofing in Omnibox


Address spoofing in Omnibox (URL & SSL Spoofing)


Announced: March 9, 2017
Reporter: Jordi Chancel
Impact: Moderate
Products: Google Chrome
Fixed in: Google Chrome 57.0.2987.98


  • Description :

Google Chrome before 57.0.2987.98 does not properly handle ********, which allows remote attackers to spoof the Location Bar (URL and SSL indicator) via unspecified vectors.


Note: This issue also affects Google Chrome for iOS.


Vulnerability demonstration (video):


Comments are closed.