Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2014-3160 | CWE-200 | $5,000 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Anonymous | High | Remote | 2014-08-14 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 0.02192 | 0.50148 |
Centralize the logic for checking public key pins from ClientSocketNSS and ProofVerifierChromium to TransportSecurityState::CheckPublicKeyPins. This required adding an is_issued_by_known_root argument to this method. In addition, CheckPublicKeyPins now only checks static pins if the TransportSecurityState's enable_static_pins_ member is true. This defaults to true only for official desktop builds. This also means that dynamic pins are now checked on mobile and on non-official builds. BUG=398925,391033 Review URL: https://codereview.chromium.org/433123003 Diff: https://src.chromium.org/viewvc/chrome?revision=288435&view=revision
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.