logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-1288

Description

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.


Affected Package


OS OS Version Package Name Package Version
Debian 9 chromium-browser 70.0.3538.110-1~deb9u1

Related