Groby-Ooo-7-16

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 44.0.2403.89 **Description** The issue is related to the Spellcheck API implementation in Google Chrome, which does not use an HTTPS session for downloading a Hunspell dictionary. This allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. **Recommendations** For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted networks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 43.0.2357.65 **Description** The issue is related to the implementation of the Spellcheck API in Google Chrome, which does not use an HTTPS session for downloading a Hunspell dictionary. This allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have other unspecified impacts via a crafted file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later to resolve the issue. As a temporary workaround, consider restricting access to the Spellcheck API until a patch is available. Avoid using the Spellcheck API in unsecured networks to minimize the risk of exploitation.