Improper Handling of 407 Proxy Authentication Required Status Code in Google Chrome Allows for Cookie-Injection Attacks
CVE-2015-1229 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
Learn more about our Cis Benchmark Audit For Google Chrome.