Insecure Spellcheck API Implementation in Google Chrome

Insecure Spellcheck API Implementation in Google Chrome

CVE-2015-1263 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.

Learn more about our Cis Benchmark Audit For Google Chrome.