CVE-2018-17460: password in URL not properly elided in Omnibox
Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-6153
- CVE-2018-6154
- CVE-2018-6155
- CVE-2018-6156
- CVE-2018-6157
- CVE-2018-6158
- CVE-2018-6159
- CVE-2018-6160
- CVE-2018-6161
- CVE-2018-6162
- CVE-2018-6163
- CVE-2018-6164
- CVE-2018-6165
- CVE-2018-6166
- CVE-2018-6167
- CVE-2018-6168
- CVE-2018-6169
- CVE-2018-6170
- CVE-2018-6171
- CVE-2018-6172
- CVE-2018-6173
- CVE-2018-6174
- CVE-2018-6175
- CVE-2018-6176
- CVE-2018-6177
- CVE-2018-6178
- CVE-2018-6179
- CVE-2018-6044
- CVE-2018-4117
- CVE-2018-17461
- CVE-2018-6150
- CVE-2018-6151
- CVE-2018-6152
Frequently Asked Questions
What is vulnerability CVE-2018-17460?
Vulnerability CVE-2018-17460 is a vulnerability in Google Chrome prior to version 68.0.3440.75 that allows a remote attacker to spoof the contents of the Omnibox (URL bar) by using a crafted domain name.
How does the vulnerability CVE-2018-17460 impact users?
The vulnerability CVE-2018-17460 allows a remote attacker to spoof the contents of the Omnibox (URL bar) in Google Chrome, potentially leading users to believe they are visiting a trusted website when they are not.
What is the severity of vulnerability CVE-2018-17460?
The severity of vulnerability CVE-2018-17460 is medium with a CVSS score of 6.5.
How can I fix vulnerability CVE-2018-17460?
To fix vulnerability CVE-2018-17460, users should update their Google Chrome browser to version 68.0.3440.75 or later.
Where can I find more information about vulnerability CVE-2018-17460?
More information about vulnerability CVE-2018-17460 can be found on the Chrome Releases website and the Chromium Bug Tracker.