Launchpad.net

CVE 2018-6166

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

See the CVE page on Mitre.org for more details.