CVE-2018-17467

MEDIUM

Google Chrome <70.0.3538.67 - Info Disclosure

Title source: llm

Description

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

References (6)

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4330

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:3004

[Third Party Advisory] https://security.gentoo.org/glsa/201811-10

[Issue Tracking] https://crbug.com/844881

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105666

Scores

CVSS v3 4.3

EPSS 0.0091

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-459

Status published

Products (5)

debian/debian_linux 9.0

google/chrome < 70.0.3538.67

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

Published Nov 14, 2018

Tracked Since Feb 18, 2026