Header Truncation Vulnerability in Google Chrome

Header Truncation Vulnerability in Google Chrome

CVE-2013-2853 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

Learn more about our Cis Benchmark Audit For Google Chrome.