CVE-2018-17459

Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: Jan 9, 2019
Updated: Nov 8, 2023
CVE: CVE-2018-17459
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
google / chrome	-	69.0.3497.92
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x

https://access.redhat.com/errata/RHSA-2018:2818
https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html
https://crbug.com/880759

Vulnerability Database

CVE-2018-17459

Deep Security Visibility Without the Complexity