Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-1288
HistoryJul 23, 2015 - 12:00 a.m.

CVE-2015-1288

2015-07-2300:00:00
ubuntu.com
ubuntu.com
9

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.5%

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does
not use an HTTPS session for downloading a Hunspell dictionary, which
allows man-in-the-middle attackers to deliver incorrect spelling
suggestions or possibly have unspecified other impact via a crafted file, a
related issue to CVE-2015-1263.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchchromium-browser< 44.0.2403.89-0ubuntu0.14.04.1.1095UNKNOWN
ubuntu15.04noarchchromium-browser< 44.0.2403.89-0ubuntu0.15.04.1.1177UNKNOWN
ubuntu15.10noarchchromium-browser< 44.0.2403.89-0ubuntu1.1195UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.5%

Related for UB:CVE-2015-1288