Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-1263
HistoryMay 20, 2015 - 12:00 a.m.

CVE-2015-1263

2015-05-2000:00:00
ubuntu.com
ubuntu.com
12

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.9%

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does
not use an HTTPS session for downloading a Hunspell dictionary, which
allows man-in-the-middle attackers to deliver incorrect spelling
suggestions or possibly have unspecified other impact via a crafted file.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchchromium-browser< 43.0.2357.81-0ubuntu1.1179UNKNOWN
ubuntu14.10noarchchromium-browser< 43.0.2357.81-0ubuntu0.14.10.1.1131UNKNOWN
ubuntu15.04noarchchromium-browser< 43.0.2357.81-0ubuntu0.15.04.1.1170UNKNOWN
ubuntu15.10noarchchromium-browser< 43.0.2357.81-0ubuntu1.1179UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.9%

Related for UB:CVE-2015-1263