CVE-2015-1288
Publication date 23 July 2015
Last updated 24 July 2024
Ubuntu priority
Description
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
Status
Package | Ubuntu Release | Status |
---|---|---|
chromium-browser | ||
14.04 LTS trusty |
Fixed 44.0.2403.89-0ubuntu0.14.04.1.1095
|
|
oxide-qt | ||
14.04 LTS trusty | Not in release | |
Patch details
Package | Patch details |
---|---|
chromium-browser |