CVE-2018-6166: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=835554
External References:
https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
Other sources
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-6153
- CVE-2018-6154
- CVE-2018-6155
- CVE-2018-6156
- CVE-2018-6157
- CVE-2018-6158
- CVE-2018-6159
- CVE-2018-6160
- CVE-2018-6161
- CVE-2018-6162
- CVE-2018-6163
- CVE-2018-6164
- CVE-2018-6165
- CVE-2018-6167
- CVE-2018-6168
- CVE-2018-6169
- CVE-2018-6170
- CVE-2018-6171
- CVE-2018-6172
- CVE-2018-6173
- CVE-2018-6174
- CVE-2018-6175
- CVE-2018-6176
- CVE-2018-6177
- CVE-2018-6178
- CVE-2018-6179
- CVE-2018-6044
- CVE-2018-4117
- CVE-2018-17460
- CVE-2018-17461
- CVE-2018-6150
- CVE-2018-6151
- CVE-2018-6152
Frequently Asked Questions
What is the vulnerability ID for this URL spoof vulnerability?
The vulnerability ID for this URL spoof vulnerability is CVE-2018-6166.
What is the title of this vulnerability?
The title of this vulnerability is URL spoof in Omnibox.
What is the description of this vulnerability?
The description of this vulnerability is that it allows a remote attacker to perform domain spoofing via IDN homographs.
What software is affected by this vulnerability?
The affected software includes Google Chrome prior to version 68.0.3440.75, Chromium browser, and Debian and Redhat Linux.
What is the severity of vulnerability CVE-2018-6166?
The severity of vulnerability CVE-2018-6166 is medium with a CVSS score of 6.5.