CVE-2017-15394

MEDIUM

Google Chrome < 62.0.3202.62 - Domain Spoofing via IDN Homographs in Extension Permission Dialogs

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15394. PoCs published by sudosammy.

AI-analyzed exploit summary This repository describes an IDN homograph attack in Chromium's extensions UI, allowing URL spoofing through Unicode characters. The PoC demonstrates how an attacker could deceive users into granting permissions to a malicious domain.

Description

Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.

Exploits (1)

nomisec WRITEUP
by sudosammy · poc
https://github.com/sudosammy/CVE-2017-15394

This repository describes an IDN homograph attack in Chromium's extensions UI, allowing URL spoofing through Unicode characters. The PoC demonstrates how an attacker could deceive users into granting permissions to a malicious domain.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Chromium < 62.0.3202.62
No auth needed
Prerequisites: Unpacked extension loaded into Chrome
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101482
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4020
Issue Tracking x_refsource_misc
https://crbug.com/745580
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2997
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201710-24

Scores

CVSS v3 6.5
EPSS 0.0192
EPSS Percentile 77.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
debian/debian_linux 8.0
debian/debian_linux 9.0
google/chrome < 62.0.3202.62
Published Feb 07, 2018
Tracked Since Feb 18, 2026