CVE-2017-15397: Use of plaintext network protocols in ChromeVox

Q: What is the severity of CVE-2017-15397?

CVE-2017-15397 has a medium severity rating as it allows remote attackers to observe or tamper with cleartext HTTP requests.

Q: How do I fix CVE-2017-15397?

To fix CVE-2017-15397, users should update to Google Chrome OS version 62.0.3202.74 or later.

Q: Which versions of Chrome OS are affected by CVE-2017-15397?

CVE-2017-15397 affects all versions of Chrome OS prior to 62.0.3202.74.

Q: What type of attacks can exploit CVE-2017-15397?

CVE-2017-15397 allows attackers in a privileged network position to observe or tamper with certain HTTP requests.

Q: Is there a workaround for CVE-2017-15397?

There is no known workaround for CVE-2017-15397, and upgrading to the patched version is recommended.

Published Jul 12, 2016

Updated

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.

Credit

Nightwatch Cybersecurity Research

Affected Software

2 affected componentsFixes available

Google Chrome OS<62.0.3202.74

62.0.3202.74

Event History

Jul 12, 2016

CVE Published

12:00 AM

Data Sourced

12:00 AM

WeaknessAffected Software

Feb 7, 2018

CVE Published

via MITRE·11:00 PM

Data Sourced

via MITRE·11:00 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

3243422487019122956

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2017-15397?

CVE-2017-15397 has a medium severity rating as it allows remote attackers to observe or tamper with cleartext HTTP requests.

How do I fix CVE-2017-15397?

To fix CVE-2017-15397, users should update to Google Chrome OS version 62.0.3202.74 or later.

Which versions of Chrome OS are affected by CVE-2017-15397?