Endpoint Vulnerability

Security Vulnerability CVE-2013-2853 for Google Chrome

Description

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \\\\r\\\\n\\\\r\\\\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

Affected Products

Google Chrome

References

CVE-2013-2853,