CVE-2018-6108 : Security Advisory and Response
Learn about CVE-2018-6108 where Google Chrome's URL Formatter flaw allowed domain spoofing via IDN homographs. Find out the impact, affected systems, and mitigation steps.
Google Chrome's URL Formatter vulnerability allowed domain spoofing through IDN homographs before version 66.0.3359.117.
Understanding CVE-2018-6108
Before version 66.0.3359.117, Google Chrome's URL Formatter had a flaw that enabled domain spoofing.
What is CVE-2018-6108?
Incorrect handling of confusable characters in Google Chrome's URL Formatter allowed a remote attacker to perform domain spoofing via IDN homographs.
The Impact of CVE-2018-6108
- Attackers could carry out domain spoofing by using IDN homographs via a specially crafted HTML page.
Technical Details of CVE-2018-6108
Google Chrome vulnerability details and affected systems.
Vulnerability Description
- Google Chrome's URL Formatter flaw allowed malicious attackers to carry out domain spoofing using IDN homographs.
Affected Systems and Versions
- Product: Chrome
- Vendor: Google
- Versions Affected: < 66.0.3359.117
Exploitation Mechanism
- Attackers exploited the flaw by using confusable characters in URLs to carry out domain spoofing.
Mitigation and Prevention
Steps to mitigate and prevent the CVE-2018-6108 vulnerability.
Immediate Steps to Take
- Update Google Chrome to version 66.0.3359.117 or newer.
- Be cautious while accessing URLs with confusable characters.
Long-Term Security Practices
- Regularly update browsers and security software.
- Educate users on the risks of domain spoofing and phishing attacks.
- Implement security policies to prevent similar vulnerabilities.
Patching and Updates
- Google released a patch addressing the URL Formatter vulnerability in version 66.0.3359.117.