Evil1M0

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 72.0.3626.81 **Description** The issue is related to incorrect handling of special characters in the Omnibox component of Google Chrome, allowing a remote attacker to spoof the contents of the Omnibox (URL bar) via a manipulated domain name. This can be achieved by exploiting the incorrect management of a confusable character in the Omnibox. **Recommendations** For versions prior to 72.0.3626.81, update to version 72.0.3626.81 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 72.0.3626.81 **Description** The issue is related to incorrect handling of a confusable character in the Omnibox component of Google Chrome, allowing a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. This can lead to the attacker manipulating the address bar to display a different URL than the one actually being accessed. **Recommendations** For Google Chrome versions prior to 72.0.3626.81, update to version 72.0.3626.81 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** The issue is related to the incorrect handling of confusable characters in the URL Formatter component of Google Chrome. This allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. The vulnerability is associated with errors in processing special symbols, which could be exploited by a remote attacker to fake the address bar content. **Recommendations** For Google Chrome versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** The issue is related to the incorrect handling of confusable characters in the URL Formatter component of Google Chrome, allowing a remote attacker to spoof the contents of the Omnibox (URL bar) via a manipulated domain name. This can be achieved by exploiting errors in the processing of special symbols, enabling the attacker to fake the address bar content. **Recommendations** For Google Chrome versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.87 **Description** The issue is related to insufficient policy enforcement in navigation, allowing a remote attacker to bypass authentication via spoofing. This can lead to unauthorized access to confidential data, disruption of data integrity, and denial of service. The attacker can confuse the user via a crafted domain name. **Recommendations** For Google Chrome versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and verifying the authenticity of domain names to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 68.0.3440.75 **Description** The issue is related to incorrect handling of data in the Navigation component of Google Chrome, allowing a remote attacker to spoof the contents of the Omnibox (URL bar) using a specially crafted HTML page. This can be achieved by exploiting the incorrect handling of reloads in the Navigation component. **Recommendations** For versions prior to 68.0.3440.75, update to version 68.0.3440.75 or later to resolve the issue.