Advisory Database
  • Advisories
  • Dependency Scanning
  1. npm
  2. ›
  3. chromedriver
  4. ›
  5. CVE-2016-10579

CVE-2016-10579: chromedriver Downloads Resources over HTTP

February 18, 2019 (updated July 11, 2025)

Affected versions of chromedriver insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.

References

  • github.com/advisories/GHSA-jh5w-6964-x5cf
  • github.com/giggio/node-chromedriver
  • github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56
  • github.com/giggio/node-chromedriver/issues/78
  • nvd.nist.gov/vuln/detail/CVE-2016-10579

Code Behaviors & Features

Detect and mitigate CVE-2016-10579 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 2.25.2

Fixed versions

  • 2.25.2

Solution

Upgrade to version 2.25.2 or above.

Impact 8.1 HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS

Weakness

  • CWE-311: Missing Encryption of Sensitive Data

Source file

npm/chromedriver/CVE-2016-10579.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Sun, 07 Sep 2025 12:18:59 +0000.