CVE Vulnerabilities

CVE-2015-1263

Published: May 20, 2015 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
6.8 LOW
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
LOW

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 42.0.2311.152 (including)
Supplementary for Red Hat Enterprise Linux 6 RedHat chromium-browser-0:43.0.2357.65-1.el6_6 *
Chromium-browser Ubuntu devel *
Chromium-browser Ubuntu precise *
Chromium-browser Ubuntu trusty *
Chromium-browser Ubuntu upstream *
Chromium-browser Ubuntu utopic *
Chromium-browser Ubuntu vivid *
Chromium-browser Ubuntu wily *

References