Description
Affected versions of chromedriver insecurely download resources over HTTP.
In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.
Recommendation
Update the chromedriver package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.25.2
- Patched version(s): 2.25.2
References
Related Issues
- appium-chromedriver downloads Resources over HTTP - CVE-2016-10557
- Downloads Resources over HTTP in product-monitor - CVE-2016-10567
- dalek-browser-chrome Downloads Resources over HTTP - CVE-2016-10604
- ibm_db downloads Resources over HTTP - CVE-2016-10577
You might also like:
- Tags:
- npm
- chromedriver
Anything's wrong? Let us know Last updated on July 11, 2025


