VYPR
Unrated severityNVD Advisory· Published Jun 26, 2015· Updated Jun 17, 2026

CVE-2015-1269

CVE-2015-1269

Description

The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.