CVE-2017-15394
MEDIUMGoogle Chrome < 62.0.3202.62 - Domain Spoofing via IDN Homographs in Extension Permission Dialogs
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-15394. PoCs published by sudosammy.
AI-analyzed exploit summary This repository describes an IDN homograph attack in Chromium's extensions UI, allowing URL spoofing through Unicode characters. The PoC demonstrates how an attacker could deceive users into granting permissions to a malicious domain.
Description
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
Exploits (1)
This repository describes an IDN homograph attack in Chromium's extensions UI, allowing URL spoofing through Unicode characters. The PoC demonstrates how an attacker could deceive users into granting permissions to a malicious domain.
References (6)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N