The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chrome | * | 42.0.2311.152 (including) | |
| Supplementary for Red Hat Enterprise Linux 6 | RedHat | chromium-browser-0:43.0.2357.65-1.el6_6 | * |
| Chromium-browser | Ubuntu | devel | * |
| Chromium-browser | Ubuntu | precise | * |
| Chromium-browser | Ubuntu | trusty | * |
| Chromium-browser | Ubuntu | upstream | * |
| Chromium-browser | Ubuntu | utopic | * |
| Chromium-browser | Ubuntu | vivid | * |
| Chromium-browser | Ubuntu | wily | * |
References
- http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
- http://www.debian.org/security/2015/dsa-3267
- http://www.securityfocus.com/bid/74723
- http://www.securitytracker.com/id/1032375
- https://code.google.com/p/chromium/issues/detail?id=479162
- https://codereview.chromium.org/1056103005
- https://security.gentoo.org/glsa/201506-04
- http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
- http://www.debian.org/security/2015/dsa-3267
- http://www.securityfocus.com/bid/74723
- http://www.securitytracker.com/id/1032375
- https://code.google.com/p/chromium/issues/detail?id=479162
- https://codereview.chromium.org/1056103005
- https://security.gentoo.org/glsa/201506-04