Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | 0.2.149.27 | 0.2.149.27 | |
Chrome | 0.2.149.29 | 0.2.149.29 | |
Chrome | 0.2.149.30 | 0.2.149.30 | |
Chrome | 0.2.152.1 | 0.2.152.1 | |
Chrome | 0.2.153.1 | 0.2.153.1 | |
Chrome | 0.3.154.0 | 0.3.154.0 | |
Chrome | 0.3.154.3 | 0.3.154.3 | |
Chrome | 0.4.154.18 | 0.4.154.18 | |
Chrome | 0.4.154.22 | 0.4.154.22 | |
Chrome | 0.4.154.31 | 0.4.154.31 | |
Chrome | 0.4.154.33 | 0.4.154.33 | |
Chrome | 1.0.154.36 | 1.0.154.36 | |
Chrome | 1.0.154.39 | 1.0.154.39 | |
Chrome | 1.0.154.42 | 1.0.154.42 | |
Chrome | 1.0.154.43 | 1.0.154.43 | |
Chrome | 1.0.154.46 | 1.0.154.46 | |
Chrome | 1.0.154.48 | 1.0.154.48 | |
Chrome | 1.0.154.52 | 1.0.154.52 | |
Chrome | 1.0.154.53 | 1.0.154.53 | |
Chrome | 1.0.154.59 | 1.0.154.59 | |
Chrome | 2.0.156.1 | 2.0.156.1 | |
Chrome | 2.0.157.0 | 2.0.157.0 | |
Chrome | 2.0.157.2 | 2.0.157.2 | |
Chrome | 2.0.158.0 | 2.0.158.0 | |
Chrome | 2.0.159.0 | 2.0.159.0 | |
Chrome | 2.0.172 | 2.0.172 | |
Chrome | 2.0.172.30 | 2.0.172.30 | |
Chrome | 2.0.172.31 | 2.0.172.31 | |
Chrome | 2.0.172.33 | 2.0.172.33 | |
Chrome | * | 2.0.172.37 |