Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.
CPE | Name | Operator | Version |
---|---|---|---|
chrome | eq | 0.3.154.3 | |
chrome | eq | 0.2.149.30 | |
chrome | eq | 0.4.154.31 | |
chrome | eq | 1.0.154.39 | |
chrome | eq | 1.0.154.59 | |
chrome | eq | 0.2.149.27 | |
chrome | eq | 1.0.154.53 | |
chrome | eq | 0.4.154.33 | |
chrome | eq | 1.0.154.43 | |
chrome | eq | 1.0.154.42 |