<--

Insufficient validation of untrusted input in Omnibox

Aleph Research Advisory

Identifier

CVE-2020-6401

Severity

Moderate

Product

- Chromium

Vulnerable Version

- Chromium: Before 80.0.3987

Mitigation

- Chromium 80.0.3987

Technical Details

IDNPolicyResults.png

Click here to see it better.

The above shows numerous domains which could have been used for phishing attacks but were not displayed in Punycode form in Chrome’s Omnibox.

Timeline

  • 24-Oct-19
    : Reported to Chromium Team
  • 04-Feb-19
    : Patch
  • 04-Feb-20
    : CVE-2020-6401 assigned
  • 04-Feb-20
    : Public disclosure

Credit

  • tzachyh of Aleph Research, HCL Software