Unrated severityNVD Advisory· Published Sep 3, 2015· Updated Jun 17, 2026
CVE-2015-1296
CVE-2015-1296
Description
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
10- googlechromereleases.blogspot.com/2015/09/stable-channel-update.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-09/msg00029.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-11/msg00013.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1712.htmlnvd
- www.debian.org/security/2015/dsa-3351nvd
- www.securitytracker.com/id/1033472nvd
- code.google.com/p/chromium/issues/detailnvd
- codereview.chromium.org/1180393003/nvd
- codereview.chromium.org/1189553002/nvd
- security.gentoo.org/glsa/201603-09nvd
News mentions
0No linked articles in our index yet.