CVE-2017-15397
HIGHGoogle Chrome OS < 62.0.3202.74 - Missing Encryption
Title source: ruleDescription
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.
References (4)
Core 4
Core References
Issue Tracking x_refsource_misc
https://crbug.com/627300
Various Sources x_refsource_misc
https://wwws.nightwatchcybersecurity.com/2018/01/01/chromeos-doesnt-always-use-ssl-during-startup-cve-2017-15397/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102435
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html
Scores
CVSS v3
7.4
EPSS
0.0034
EPSS Percentile
56.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-311
Status
published
Products (1)
google/chrome_os
< 62.0.3202.74
Published
Feb 07, 2018
Tracked Since
Feb 18, 2026