Описание
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 43.0.2357.81-0ubuntu1.1179 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [43.0.2357.81-0ubuntu0.14.04.1.1089]] |
| precise | ignored | |
| trusty | released | 43.0.2357.81-0ubuntu0.14.04.1.1089 |
| trusty/esm | DNE | trusty was released [43.0.2357.81-0ubuntu0.14.04.1.1089] |
| upstream | released | 43.0.2357.65 |
| utopic | released | 43.0.2357.81-0ubuntu0.14.10.1.1131 |
| vivid | released | 43.0.2357.81-0ubuntu0.15.04.1.1170 |
| wily | released | 43.0.2357.81-0ubuntu1.1179 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| utopic | not-affected | |
| vivid | not-affected | |
| wily | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 ...
The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.
Уязвимость браузера Google Chrome, позволяющая нарушителю подменить данные
EPSS
4.3 Medium
CVSS2