CVE-2015-1263

2015-05-20T10:59:00
ID CVE-2015-1263
Type cve
Reporter cve@mitre.org
Modified 2017-01-03T02:59:00

Description

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.