Security Advisory

CVE-2015-1288

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-07-23 00:00:00

Last updated 2024-08-06 04:40:18

Assigner Chrome

State PUBLISHED

Description

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.

← Browse all CVEs View on cve.org ↗