CVE-2015-1244 (retired)

Priority
Description
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in
Google Chrome before 42.0.2311.90 does not replace the ws scheme with the
wss scheme whenever an HSTS Policy is active, which makes it easier for
remote attackers to obtain sensitive information by sniffing the network
for WebSocket traffic.
Notes
Package
Upstream:released (42.0.2311.90)
Ubuntu 16.04 LTS (Xenial Xerus):released (43.0.2357.81-0ubuntu1.1179)
Package
Upstream:released (1.6.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.7.7-0ubuntu0.15.04.1~ppa1)
More Information

Updated: 2019-10-09 07:52:14 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)