Endpoint Vulnerability

Security Vulnerability CVE-2015-1229 for Google Chrome

Description

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

Affected Products

Google Chrome

References

CVE-2015-1229,