CVE-2018-6166: URL spoof in Omnibox
First published: Sat Apr 21 2018(Updated: )
An url spoof flaw was found in the Omnibox component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=835554">https://code.google.com/p/chromium/issues/detail?id=835554</a> External References: <a href="https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html</a>
Credit: Lnyas Zhang cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/chromium-browser | <68.0.3440.75 | 68.0.3440.75 |
| debian/chromium-browser | ||
| Google Chrome | <68.0.3440.75 | |
| Debian Debian Linux | =9.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Google Chrome | <68.0.3440.75 | 68.0.3440.75 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html (Advisory)
- http://www.securityfocus.com/bid/104887
- https://access.redhat.com/errata/RHSA-2018:2282
- https://crbug.com/835554
- https://security.gentoo.org/glsa/201808-01
- https://www.debian.org/security/2018/dsa-4256
- https://code.google.com/p/chromium/issues/detail?id=835554
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1608211
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1608210
- https://bugzilla.redhat.com/show_bug.cgi?id=1608190
- https://security-tracker.debian.org/tracker/CVE-2018-6166
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-6153
- CVE-2018-6154
- CVE-2018-6155
- CVE-2018-6156
- CVE-2018-6157
- CVE-2018-6158
- CVE-2018-6159
- CVE-2018-6160
- CVE-2018-6161
- CVE-2018-6162
- CVE-2018-6163
- CVE-2018-6164
- CVE-2018-6165
- CVE-2018-6167
- CVE-2018-6168
- CVE-2018-6169
- CVE-2018-6170
- CVE-2018-6171
- CVE-2018-6172
- CVE-2018-6173
- CVE-2018-6174
- CVE-2018-6175
- CVE-2018-6176
- CVE-2018-6177
- CVE-2018-6178
- CVE-2018-6179
- CVE-2018-6044
- CVE-2018-4117
- CVE-2018-17460
- CVE-2018-17461
- CVE-2018-6150
- CVE-2018-6151
- CVE-2018-6152
Frequently Asked Questions
What is the vulnerability ID for this URL spoof vulnerability?
The vulnerability ID for this URL spoof vulnerability is CVE-2018-6166.
What is the title of this vulnerability?
The title of this vulnerability is URL spoof in Omnibox.
What is the description of this vulnerability?
The description of this vulnerability is that it allows a remote attacker to perform domain spoofing via IDN homographs.
What software is affected by this vulnerability?
The affected software includes Google Chrome prior to version 68.0.3440.75, Chromium browser, and Debian and Redhat Linux.
What is the severity of vulnerability CVE-2018-6166?
The severity of vulnerability CVE-2018-6166 is medium with a CVSS score of 6.5.
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/title
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-6166
- agent/software-canonical-lookup
- collector/chrome-releases
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- package-manager/redhat