Improper Handling of 407 Proxy Authentication Required Status Code in Google Chrome Allows for Cookie-Injection Attacks

Improper Handling of 407 Proxy Authentication Required Status Code in Google Chrome Allows for Cookie-Injection Attacks

CVE-2015-1229 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

Learn more about our Cis Benchmark Audit For Google Chrome.