PT-2018-5809 · Google · Chrome Os+1
Yakov Shafranovich
·
Published
2018-02-07
·
Updated
2019-10-03
·
CVE-2017-15397
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Google Chrome OS versions prior to 62.0.3202.74
Description:
The issue is related to an inappropriate implementation in ChromeVox, which allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests.
Recommendations:
For versions prior to 62.0.3202.74, update to version 62.0.3202.74 or later to resolve the issue.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chrome Os
Chromevox