CVE-2014-7948 (retired)

Priority
Description
The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in
content/browser/appcache/appcache_update_job.cc in Google Chrome before
40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there
is an X.509 certificate error, which allows man-in-the-middle attackers to
spoof HTML5 application content via a crafted certificate.
Package
Upstream:released (40.0.2214.91)
Ubuntu 14.04 LTS (Trusty Tahr):released (40.0.2214.94-0ubuntu0.14.04.1.1068)
Ubuntu 16.04 LTS (Xenial Xerus):released (40.0.2214.94-0ubuntu1.1120)
Package
Upstream:released (1.4.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.2-0ubuntu1)
More Information

Updated: 2019-03-26 12:13:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)