vendor:
Chrome
by:
Juan Pablo Lopez Yacubian and Michael Wood
7.5
CVSS
HIGH
URI-spoofing vulnerability
20
CWE
Product Name: Chrome
Affected Version From: Chrome 2.0.172.37
Affected Version To: Chrome 2.0.172.37
Patch Exists: YES
Related CWE: N/A
CPE: a:google:chrome
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
Chrome about:blank Spoof
An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.
Mitigation:
Ensure that all user-supplied input is validated before being used.
