VYPR
Unrated severityNVD Advisory· Published Aug 9, 2011· Updated Jun 16, 2026

CVE-2008-7294

CVE-2008-7294

Description

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

60
  • Google/Chrome60 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 59 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=3.0.195.38
    • cpe:2.3:a:google:chrome:0.1.38.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.38.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.38.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.40.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.42.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.1.42.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.64:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.21:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.24:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.25:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:3.0.195.37:*:*:*:*:*:*:*
    • (no CPE)range: <4.0.211.0

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.