UBUNTU-CVE-2015-1296

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2015-1296

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-1296.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-1296

Upstream

CVE-2015-1296

Published

2015-09-03T22:59:00Z

Modified

2025-09-08T16:43:19Z

Severity

Ubuntu - medium

Summary

[none]

Details

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.

References

Affected packages

Ubuntu:14.04:LTS / chromium-browser

Package

Name: chromium-browser
Purl: pkg:deb/ubuntu/chromium-browser@45.0.2454.85-0ubuntu0.14.04.1.1097?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

45.0.2454.85-0ubuntu0.14.04.1.1097

Affected versions

29.*

29.0.1547.65-0ubuntu2

31.*

31.0.1650.63-0ubuntu1~20131204.1

32.*

32.0.1700.107-0ubuntu1~20140204.977.1

33.*

33.0.1750.152-0ubuntu1~pkg995.1

34.*

34.0.1847.116-0ubuntu2

36.*

36.0.1985.125-0ubuntu1.14.04.0~pkg1029

37.*

37.0.2062.94-0ubuntu0.14.04.1~pkg1042

37.0.2062.120-0ubuntu0.14.04.1~pkg1049

38.*

38.0.2125.111-0ubuntu0.14.04.1.1061

39.*

39.0.2171.65-0ubuntu0.14.04.1.1064

40.*

40.0.2214.94-0ubuntu0.14.04.1.1068

40.0.2214.111-0ubuntu0.14.04.1.1069

41.*

41.0.2272.76-0ubuntu0.14.04.1.1076

43.*

43.0.2357.81-0ubuntu0.14.04.1.1089

43.0.2357.130-0ubuntu0.14.04.1.1092

44.*

44.0.2403.89-0ubuntu0.14.04.1.1095

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "45.0.2454.85-0ubuntu0.14.04.1.1097",
            "binary_name": "chromium-browser"
        },
        {
            "binary_version": "45.0.2454.85-0ubuntu0.14.04.1.1097",
            "binary_name": "chromium-browser-l10n"
        },
        {
            "binary_version": "45.0.2454.85-0ubuntu0.14.04.1.1097",
            "binary_name": "chromium-chromedriver"
        },
        {
            "binary_version": "45.0.2454.85-0ubuntu0.14.04.1.1097",
            "binary_name": "chromium-codecs-ffmpeg"
        },
        {
            "binary_version": "45.0.2454.85-0ubuntu0.14.04.1.1097",
            "binary_name": "chromium-codecs-ffmpeg-extra"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-1296.json"