A URL spoofing flaw has been found in the extensions UI of the Chromium browser < 62.0.3202.62.
An IDN homograph attack demo in Chromium through extensions.
- Load unpacked extension into Chrome
- View extension details and observe lack of punycode
An attacker would leverage this weakness to aid in deception attacks by coercing a victim into granting the extension permissions to an unexpected domain.
Released October 17, 2017: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html