logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-1288

Description

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.


Affected Software


CPE Name Name Version
google:chrome google chrome 43.0.2357.134
debian:debian_linux debian debian linux 8.0
redhat:enterprise_linux_server_supplementary redhat enterprise linux server supplementary 6.0
redhat:enterprise_linux_desktop_supplementary redhat enterprise linux desktop supplementary 6.0
redhat:enterprise_linux_workstation_supplementary redhat enterprise linux workstation supplementary 6.0
redhat:enterprise_linux_server_supplementary_eus redhat enterprise linux server supplementary eus 6.7z
opensuse:opensuse opensuse 13.1
opensuse:opensuse opensuse 13.2

Related