Unrated severityNVD Advisory· Published Apr 19, 2015· Updated Jun 17, 2026
CVE-2015-1244
CVE-2015-1244
Description
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-04/msg00040.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-11/msg00024.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0816.htmlnvd
- ubuntu.com/usn/usn-2570-1nvd
- www.debian.org/security/2015/dsa-3238nvd
- www.securitytracker.com/id/1032209nvd
- chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010nvd
- code.google.com/p/chromium/issues/detailnvd
- security.gentoo.org/glsa/201506-04nvd
News mentions
0No linked articles in our index yet.